Hashtabula is a password-cracking system designed to help penetration testers crack passwords in seconds rather than days or weeks. It works by taking advantage of the time-space trade-off made possible by modern storage technology.

Hashtabula supports any hashing algorithm supported by the Java platform on which it runs. By default, Java 6 supports SHA-256, SHA-512, SHA, SHA-384, MD5, and MD2 hash algorithms, while other algorithms can be added and will work seamlessly with Hashtabula.

Downloads

Demonstration Screenshots

Here, the "generate" command is used to create an SHA-512 hashtable using lowercase letters up to three characters in length. This operation takes only a few minutes due to the shortness of the passwords.

Note that the hashtable is 2.4 MiB in size.

The next example shows the use of the "search" command. It took over twenty hours to generate this hashtable (totaling over 12 GB), but the password hash is cracked in only a few seconds.

In conjunction with inexpensive 2TB hard drives, and after allowing for a few months of initial generation time, Hashtabula could crack even long, complex passwords in a matter of seconds.

License

This software is provided for demonstration purposes only. If you would like to use it commercially, please contact me. My email address is nick@nick-brown.com.