JBrute - An Open Source Security Tool To Audit Hashed Passwords
JBrute is an open source tool written in Java to audit security and stronghold of stored password for several open source and commercial apps. It provides multi-platform support and flexible parameters to cover most of the possible password-auditing scenarios.
Note: It requires Java Runtime version 1.7 or higher.
Features:
- Both brute force and dictionary decryption methods supported
- Built-in rule pre-processor for dictionary decryption
- Flexible chained hashes decryption (like MD5(SHA1(MD5())))
- Muli-platform support (by Java VM)
- Multi-threading support for both brute force decryption and dictionary decryption
- Several hashing algorithms supported
HOW TO USE JBRUTE
First, download the latest version of JBrute (JBrute_v0-99.zip). Then extract it.[Download links are at the end of this article]
Then execute jbrute.bat with arguments using the command prompt.
Examples:
jbrute --test --algorithm=1
jbrute --decrypt --hash=01F777A3310086F3F4FC28CC4B1ED900 --algorithm=1
Available parameters:
- --decrypt: decrypt a hash.
- --algorithm=
: specify the code of the algoritm to use (multiple codes accepted)
- Available codes:
-
- 1: MD5
- 2: MD4
- 5: SHA-256
- 6: SHA-512
- 8: MD5CRYPT
- 9: SHA-1
- A: ORACLE-10G
- B: ORACLE-11G
- C: NTLM
- D: LM
- E: MSSQL-2000
- F: MSSQL-2005
- G: MSSQL-2012
- H: MYSQL-322
- I: MYSQL-411
- J: POSTGRESQL
- K: SYBASE-ASE1502
- L: INFORMIX-1170
- --chained_case=
: binary, lower case or upper case for chained hashing (multiple values accepted)
- --charset=
: specify an available charset (default loweralpha)
- --dict_file=
: specify the file name of the dictionary to use with --method=dictionary (default wordlist.txt)
- --hash or --hash_file=
: specify one hash or the name of a file containing hashes.
- --maxlength=
: max password length (default 7)
- --method=
: 'brute' or 'dictionary' (default brute)
- --minlength=
: min password length (default 1)
- --postsalt=
: specify a post-salt to use only for no-special algorithms (default empty)
- --presalt=
: specify a pre-salt to use only for no-special algorithms (default empty)
- --rule_file=
: specify the file name of the rule's file to use with --method=dictionary (default rules.txt)
- --salt_type=
: specify salt type.
- --stdout: show rules application for --method=dictionary (default false)
- --threads=
: number of threads to use (default 1)
- --encrypt: encrypt a word.
- --algorithm=
: specify the code of the algorithm to use (multiple codes accepted, default 1).
- --base64: specify the final hash in base64 too.
- --chained_case=
: binary, lower case or upper case for chained hashing (multiple values accepted)
- --presalt=
: specify a pre-salt to use only for no-special algorithms (default empty)
- --postsalt=
: specify a post-salt to use only for no-special algorithms (default empty)
- --salt_type=
: specify salt type.
- --upper: specify the final hash in uppercase.
- --word=
: specify a word to encrypt
- --expected: print hash example for each supported algorithm.
- --guess: try to identify the algorithm of a hash (can return multiple algorithms).
- --hash=
or --hash_file= : specify one hash or the name of a file containing hashes.
- --lucky: determinate the most probably algorithm for the hash (just one).
- --list_charsets: print available charsets.
- --test: estimate number of hashes that you could process with your actual hardware.
- --algorithm=
: specify the code of the algoritm to use (multiple codes accepted, default 1).
- --chained_case=
: binary, lower case or upper case for chained hashing (multiple values accepted)
- --hashcount=
: number of hashes to use (default 1)
- --time=
: number of seconds to use (default 5)
- --threads=
: number of threads to use (default 1)
- --salt: use a random salt for each hash (default false)
- --version: print current version
You might also like:
from Effect Hacking full article here