Need help with wavecrack?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

139 Stars 40 Forks 28 Commits 1 Opened issues


Wavestone's web interface for password cracking with hashcat

Services available


Need anything else?

Contributors list



A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options.


  • The homepage The homepage
  • Adding an hash to crack Adding an hash to crack
  • Seeing the results and some stats Seeing the results and some stats


  • This Web application can be used to launch asynchronous password cracks with hashcat.
  • The interface tries to be as user-friendly as possible and facilitates the password cracking method choice and to automate the succession of various attack modes.
  • It also displays statistics regarding the cracked passwords and allows to export the cracked password list in CSV.
  • The application is designed to be used in a multi-user environment with a strict segregation between the cracking results of different users: the user authentication can be done through an LDAP directory or basic auth.


Wavecrack can be used to do the following: * Add new password hashes, choose the attack mode and the crack duration * View the past and current cracks for your user with statistics and graphs * View the overall load of the platform * Upload a password-protected file and extract its hash

The attack modes are followed in the order they are displayed on the hash submit form.
It is also possible to stop a crack. However, every cancelation is final.
A limit to the amount of concurrent cracks can be defined in the settings in order not to reduce the current cracks performance.


  • hashcat: follow these instructions for CPU only usage on a Kali linux host
  • flask (>=0.10.1)
  • celery (>=3.1.18)
  • SQLite (>=
  • rabbitmq-server (>= 3.4.3)
  • Rules for hashcat (examples)
  • Wordlists (examples)


  • Install the RabbitMQ server and

    $ apt-get install libsasl2-dev libldap2-dev libssl-dev rabbitmq-server
  • Install the python requirements

    $ pip install -r requirements.txt
  • Create a

    configuration file from the
    file and notably edit the
    Mandatory settings
    • The path of hashcat
    • The RabbitMQ connection string: by default, the guest/guest account is used. Be sure to harden your installation
    • The path of the SQLite database
    • The path of the hashcat rules
    • The path of the wordlists
    • The LDAP parameters:
      • IP address
      • port
      • LDAP database for the users
      • Base DN
  • Initialize the local database linked in the

    configuration file
    $ sqlite3 base.db < base_schema.sql
  • Start the RabbitMQ server

    $ sudo service rabbitmq-server start
  • Start Celery from the application folder

    $ celery worker -A cracker.celery
  • Launch the Flask Web server

  • In order to stop the cracks after a certain amount of time, you can use the

    provided cron script

  • If you want to update the list of hashes supported, you can use the

    dedicated script
    which will parse hashcat's wiki and generate an updated To do so, you need to have BeautifulSoup installed on your system.

Finally, if you don't want to setup your own VM, you can use the Docker-based process described in the


Copyright and license

All product names, logos, and brands are property of their respective owners.
All resources published in wavecrack are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. See the GNU General Public License for more details.


  • Cyprien Oger < cyprien.oger at wavestone d0t com >
  • CERT-W < cert at wavestone d0t com >

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.