Skip to content

Find and notify users in your Active Directory with weak passwords

License

Notifications You must be signed in to change notification settings

AdrianVollmer/Crack-O-Matic

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Crack-O-Matic

Find and notify users in your Active Directory with weak passwords.

Features:

  • Linux-based
  • Flask-based web app
  • Hashcat or John cracker
  • Automated e-mails
  • Graphical reports
  • Privacy preserving

Read the docs for more information.

Screenshots

Report 1

Report 2

Tests

If you're a developer and want to run the tests, you need to edit tests/.env and define the following variables according to your environment:

# path to `john` binary
JOHN_PATH=/opt/john/run/john
# path to `hashcat` binary
HASHCAT_PATH=/usr/bin/hashcat
# FQDN of a test domain
DOMAIN=crack.local
# name of one of its domain admins
DOMAINUSER=Administrator
# domain admin password
DOMAINPASS=
# FQDN of a domain controller in the test domain
HOST=localdc.crack.local

If you don't have a test domain, you can use the docker-compose file in tests/docker to run a Samba DC (docker-compose run --service-ports dc). Inside the file you will find the values you need. You should also create an entry for the FQDN in your /etc/hosts.

License and Copyright

MIT, Copyright 2021 Adrian Vollmer

See LICENSE for the full license text.