Github Repo: https://github.com/ChrisTruncer/Hasher
I have made some changes to Hasher, ideally I’d like to think for the better. Hasher was originally a single, large, python script that was used to hash plaintext strings, and compare a hash value to a plaintext string. Hasher still performs the same actions, generates hashes or compares them with a plaintext string, but Hasher now has been converted into a framework which will allow myself, or anyone else, to easily add in support for different hashes.
Usage is still essentially the same, however there is no longer an interactive menu. Hasher is now completely command line based.
To see a list of all hash-types that Hasher currently supports, simply run ./Hasher.py –list
Once you have the hash-type you want to generate a hash for, it’s fairly simple to generate. For example, if you were looking to generate (-G) a md5 hash for the string “password123”, you would do it this way:
./Hasher.py -G --plaintext password123 --hash-type md5
You should see output similar to the following:
Harmj0y provided me with a great idea when using Hasher. He had a use case where he just wanted Hasher to dump out all possible hashes for a specific plaintext string, but didn’t want to have to generate all hashes manually. I added in the ability to generate all possible hash types based on the information provided. To do this, you would run the following command:
./Hasher.py --plaintext password123 --hash-type all -G
When you run this, you should see output similar to the following:
Another capability that Hasher has, is it can take a plaintext string and hash, and then compare (-C) the the plaintext string to ensure it matches the hash. This has been useful for me when needing to check if a hash and string “equal” each other, without submitting any of the information online. So, lets continue the previous example. If you wanted to verify that the plaintext string “password123” matches the md5 hash “482c811da5d5b4bc6d497ffa98491e38”, your command should look like this:
./Hasher.py -C --plaintext password123 --hash 482c811da5d5b4bc6d497ffa98491e38 --hash-type md5
For testing purposes, if the hash and plaintext string didn’t match up, it would look like the following:
Hash Module Development
Adding in support for new hash types is significantly easier now. Every *.py file within the “hash_ops” folder is automatically picked up and parsed by Hasher. Within the hash_ops folder, is a text file called “hash_template.txt”. To add in a new hash-type, simply copy the template file and rename it with a .py extension. There’s only two required methods within each module:
- __init__ – This method needs to contained a self.hash_type attribute. This is what is used by the user from the command line to select a specific hash. Any other information within the __init__ method is optional.
- generate – The generate method is called by Hasher to generate a hash. This method has complete access to all options passed in from the command line by the user. It must return the hash of the plaintext string.
For a sample, this is what the md5 module looks like:
Hopefully, this helps explain the minor usability changes to Hasher, and elaborates on how it’s now easier to add support for new hashes. If anyone has any questions, feel free to reach out to me on twitter (@ChrisTruncer) or in #Veil on Freenode!