Hashtabula is a password-cracking system designed to help penetration testers crack passwords in seconds rather than days or weeks. It works by taking advantage of the time-space trade-off made possible by modern storage technology.
Hashtabula supports any hashing algorithm supported by the Java platform on which it runs. By default, Java 6 supports SHA-256, SHA-512, SHA, SHA-384, MD5, and MD2 hash algorithms, while other algorithms can be added and will work seamlessly with Hashtabula.
Demonstration ScreenshotsHere, the "generate" command is used to create an SHA-512 hashtable using lowercase letters up to three characters in length. This operation takes only a few minutes due to the shortness of the passwords.
Note that the hashtable is 2.4 MiB in size.
The next example shows the use of the "search" command. It took over twenty hours to generate this hashtable (totaling over 12 GB), but the password hash is cracked in only a few seconds.
In conjunction with inexpensive 2TB hard drives, and after allowing for a few months of initial generation time, Hashtabula could crack even long, complex passwords in a matter of seconds.