Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple group management. The application has two parts:
- Agent Multiple clients (C#, Python), easily customizable to suit any need.
- Server several PHP/CSS files operating on two endpoints: an Admin GUI and an Agent Connection Point
Aiming for high usability even on restricted networks, Hashtopolis communicates over HTTP(S) using a human-readable, hashing-specific dialect of JSON.
The server part runs on PHP using MySQL as the database back end. It is vital that your MySQL server is configured with performance in mind. Queries can be very expensive and proper configuration makes the difference between a few milliseconds of waiting and disastrous multi-second lags. The database schema heavily profits from indexing. Therefore, if you see a hint about pre-sorting your hashlist, please do so.
The web admin interface is the single point of access for all client agents. New agent deployments require a one-time password generated in the New Agent tab. This reduces the risk of leaking hashes or files to rogue or fake agents.
There are parts of the documentation and wiki that are not up-to-date. If you see anything wrong or have questions on understanding descriptions, feel free to contact us on Twitter (@s3inlc, @winxp5421), join our Discord server (https://discord.gg/S2NTxbz) or join our Forum (https://hashtopolis.org).
To report a bug, please create an issue and try to describe the problem as accurately as possible. This helps us to identify the bug and see if it is reproducible.
In an effort to make the Hashtopussy project conform to a more politically neutral name it was rebranded to "Hashtopolis" in March 2018.
- Easy and comfortable to use
- Accessible from anywhere via the web interface
- Server component highly compatible with common web hosting setups
- Unattended agents
- File management for word lists, rules, ...
- Self-updating of both Hashtopolis and Hashcat
- Cracking multiple hashlists of the same hash type as though they were a single hashlist
- Running the same client on Windows, Linux and OS X
- Files and hashes marked as "secret" are only distributed to agents marked as "trusted"
- Many data import and export options
- Rich statistics on hashes and running tasks
- Visual representation of chunk distribution
- Multi-user support
- User permission levels
- Various notification types
- Small and/or CPU-only tasks
- Group assignment for agents and users for fine-grained access-control
- Compatible with crackers supporting certain flags
- Report generation for executed attacks and agent status
- Multiple file distribution variants
Setup and Usage
Please visit the wiki for more information on setup and upgrade.
Some screenshots of Hashtopolis (by winxp5421 and s3in!c): Imgur1 Imgur2
We are open to all kinds of contributions. If it's a bug fix or a new feature, feel free to create a pull request. Please consider some points:
- Just include one feature or one bugfix in one pull request. In case you have two new features please also create two pull requests.
- Try to stick with the code style used (especially in the PHP parts). IntelliJ/PHPStorm users can get a code style XML here.
The pull request will then be reviewed by at least one member and merged after approval. Don't be discouraged just because the first review is not approved, often these are just small changes.
BTC: 15gi3X5L4VPa5S2yygztYaN7MF7VA26Zaf ETH: 0x06B3Ae7561AD763eF58Df9C37deB6757bDA2BC0c
- winxp5421 for testing, writing help texts and a lot of input ideas
- blazer for working on the csharp agent and hops for working on the python agent
- Cynosure Prime for testing
- atom for hashcat
- curlyboi for the original Hashtopus code
- 7zip binaries are compiled from here
- uftp binaries are compiled from here
Main page: https://github.com/s3inlc/hashtopolis
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky