This script was written by @tekwizz123 with a very extremely small contribute from me. So really the credit goes to him. Extremely useful to quickly test for a known hash.
It takes your hash list, compares to hashes.org and outputs a file if it was found on the site
It takes your hash list, compares to hashes.org and outputs a file if it was found on the site
Code:
#!/usr/bin/python
# Hashes.org list checking script for checking passwords
# against hashes.org's list of cracked passwords.
# Created by tekwizz123
# @tekwizz123
# Shoutout to @giveen for bug testing and pointing me in the right direction :)
import urllib, sys, threading, time
import httplib
from httplib import HTTPConnection, HTTPS_PORT
import ssl, socket
class HTTPSConnection(HTTPConnection):
"This class allows communication via SSL."
default_port = HTTPS_PORT
def __init__(self, host, port=None, key_file=None, cert_file=None,
strict=None, timeout=socket._GLOBAL_DEFAULT_TIMEOUT,
source_address=None):
HTTPConnection.__init__(self, host, port, strict, timeout,
source_address)
self.key_file = key_file
self.cert_file = cert_file
def connect(self):
"Connect to a host on a given (SSL) port."
sock = socket.create_connection((self.host, self.port),
self.timeout, self.source_address)
if self._tunnel_host:
self.sock = sock
self._tunnel()
# this is the only line we modified from the httplib.py file
# we added the ssl_version variable
self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)
#now we override the one in httplib
httplib.HTTPSConnection = HTTPSConnection
# ssl_version corrections are done
result = open(sys.argv[1] + "__cracked", "wb")
password = ''
class lookup(threading.Thread):
# Override Thread's __init__ method to accept the parameters needed:
def __init__ ( self, password ):
self.password = password
threading.Thread.__init__ ( self )
def run ( self ):
response = urllib.urlopen("https://www.hashes.org/api.php?do=check&hash1=" + self.password.strip("\n"))
text = response.readline()
if "<plain>" in text:
if "</plain>" in text:
#Get the password
text = text.split("<plain>")[1]
password = text.split("</plain>")[0]
text = text.split("</plain>")[1]
#Get the hash
text = text.split("<hash>")[1]
hash = text.split("</hash>")[0]
text = text.split("</hash>")[1]
# Grab the hash type
text = text.split("<type>")[1]
type = text.split("</type>")[0]
text = text.split("</type>")[1]
# Generate the resulting output, neatly formatted :)
result.write(hash + ":" + password + " Type=(" + type + ") \n")
response.close()
count = 0
with open(sys.argv[1], "r", 200) as file:
for password in file:
lookup(password).start()
count = count + 1
if (count >= 20):
time.sleep(.8)
count = 0
# Poor man's thread handling
time.sleep(5)
file.close()
result.close()