JBrute - An Open Source Security Tool To Audit Hashed Passwords

JBrute Open Source Security Tool For Auditing Hashed Passwords

JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It provides multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.

Note: It requires Java Runtime version 1.7 or higher.

Features:

  • Both brute force and dictionary decryption methods supported
  • Built-in rule pre-processor for dictionary decryption
  • Flexible chained hashes decryption (like MD5(SHA1(MD5())))
  • Muli-platform support (by Java VM)
  • Multi-threading support for both brute force decryption and dictionary decryption
  • Several hashing algorithms supported

HOW TO USE JBRUTE

First, download the latest version of JBrute (JBrute_v0-99.zip). Then extract it.

[Download links are at the end of this article]

Then execute jbrute.bat with arguments using the command prompt.

Examples:
jbrute --test --algorithm=1
JBrute test run snapshot

jbrute --decrypt --hash=01F777A3310086F3F4FC28CC4B1ED900  --algorithm=1
JBrute decrypting hash Image

Available parameters:
  • --decrypt: decrypt a hash.
  • --algorithm=<CODE>: specify the code of the algoritm to use (multiple codes accepted)
    • Available codes:
      • 1: MD5
      • 2: MD4
      • 5: SHA-256
      • 6: SHA-512
      • 8: MD5CRYPT
      • 9: SHA-1
      • A: ORACLE-10G
      • B: ORACLE-11G
      • C: NTLM
      • D: LM
      • E: MSSQL-2000
      • F: MSSQL-2005
      • G: MSSQL-2012
      • H: MYSQL-322
      • I: MYSQL-411
      • J: POSTGRESQL
      • K: SYBASE-ASE1502
      • L: INFORMIX-1170
Multiple codes accepted: combinations of codes 1, 2, 5, 6, 9.

  • --chained_case=<STRING>: binary, lower case or upper case for chained hashing (multiple values accepted)
Accepted values: [R|L|U] (Raw, Lower or Upper, default L)

  • --charset=<CHARSET_NAME>: specify an available charset (default loweralpha)
  • --dict_file=<FILE_NAME>: specify the file name of the dictionary to use with --method=dictionary (default wordlist.txt)
  • --hash or --hash_file=<FILE_NAME>: specify one hash or the name of a file containing hashes.
  • --maxlength=<NUMBER>: max password length (default 7)
  • --method=<STRING>: 'brute' or 'dictionary' (default brute)
  • --minlength=<NUMBER>: min password length (default 1)
  • --postsalt=<STRING>: specify a post-salt to use only for no-special algorithms (default empty)
  • --presalt=<STRING>: specify a pre-salt to use only for no-special algorithms (default empty)
  • --rule_file=<FILE_NAME>: specify the file name of the rule's file to use with --method=dictionary (default rules.txt)
Available rules: similar to in John the Ripper (masking partially supported).

  • --salt_type=<STRING>: specify salt type.
Accepted values: [hex|int64|utf8] (default utf8)

  • --stdout: show rules application for --method=dictionary (default false)
  • --threads=<NUMBER>: number of threads to use (default 1)
  • --encrypt: encrypt a word.
  • --algorithm=<CODE>: specify the code of the algorithm to use (multiple codes accepted, default 1).
Available codes: same ones as --decrypt --algorithm option.

  • --base64: specify the final hash in base64 too.
  • --chained_case=<STRING>: binary, lower case or upper case for chained hashing (multiple values accepted)
Accepted values: [R|L|U] (Raw, Lower or Upper, default L)

  • --presalt=<STRING>: specify a pre-salt to use only for no-special algorithms (default empty)
  • --postsalt=<STRING>: specify a post-salt to use only for no-special algorithms (default empty)
  • --salt_type=<STRING>: specify salt type.
Accepted values: [hex|int64|utf8] (default utf8)

  • --upper: specify the final hash in uppercase.
  • --word=<STRING>: specify a word to encrypt
  • --expected: print hash example for each supported algorithm.
  • --guess: try to identify the algorithm of a hash (can return multiple algorithms).
  • --hash=<HASH> or --hash_file=<FILE_NAME>: specify one hash or the name of a file containing hashes.
  • --lucky: determinate the most probably algorithm for the hash (just one).
  • --list_charsets: print available charsets.
  • --test: estimate number of hashes that you could process with your actual hardware.
  • --algorithm=<CODE>: specify the code of the algoritm to use (multiple codes accepted, default 1).
Available codes: same ones as --decrypt --algorithm option.

  • --chained_case=<STRING>: binary, lower case or upper case for chained hashing (multiple values accepted)
Accepted values: [R|L|U] (Raw, Lower or Upper, default L)

  • --hashcount=<NUMBER>: number of hashes to use (default 1)
  • --time=<NUMBER>: number of seconds to use (default 5)
  • --threads=<NUMBER>: number of threads to use (default 1)
  • --salt: use a random salt for each hash (default false)
  • --version: print current version

No comments

Powered by Blogger.