Thursday, June 18, 2015

Hash Algorithm Identifier | Identify CryptoHash Types

Hash Algorithm Identifier is a tool which can be used to identify almost all types of hashes. This tool can detect the password hash of various forums like MyBB, phpBB3, Drupal, Joomla, wordpress etc.

I wrote a tutorial earlier on how to identify the different types of hashes and you can see that tutorial here. If you don’t know what a Hash Function is then I recommend you to read about it  here


Those who have used Kali Linux for different puposes, they might have come across a tool named hash-identifier and the link to the source of the tool :- https://code.google.com/p/hash-identifier/

But the tool is poorly programmed with a huge if-else-if ladder and method construct and some of them are not correct, exceeding 500+ LOC.


Here’s my version of HashIdentifier. (# of lines of code : 210 [With New lines and docstrings])

Screenshot

[Image: yuiiCFV.png]

Installing Required Packages using requirements.txt, Starting HashIdentifier Server on localhost, using the webservice
[Image: F2X5btc.png]

Using Hash Identifier Web Service

Python Code and Demonstration to Use Hash Identifier Web Service
[Image: NPs3Q60.png]
 
The style and design of the code has been kept same as the original hash-identifier in the Google-code project link given above.

How to Use [Instructions for Linux/Mac users] ?

To use this simply run (The app will start):-

python HashIdentifier.py

To give executable permissions, run :-
 
chmod +x HashIdentifier.py

and then starting it by executing (One’s the executable is made you can start it by typing the following text only):-
 
./HashIdentifier.py

If you don’t understand the steps above then don’t worry. I have included a start.sh [for Linux] and a start.bat [for Windows] files to make your life more easier

To execute the start.sh, type the following in the terminal :-
 
sh start.sh
 
Hash-Algorithm-Identifier Web Service

Hash-Algorithm-Identifier is now on Cloud and provides a web service to use it directly in your apps or so and so. The wrapper for web service is provided asweb.py. The Cloud app service is hosted at http://hashid.badwith.computer/

Usage instructions

./web.py or see --help for more options
 
To use the cloud service send a get (for single hash) or post (for multiple hash) request with the hash appended at the end of the url given above. In case you want the result for multiple hashes then in such cases send the hashes as JSON data.

Javascript

var hash = "3da541559918a808c2402bba5012f6c60b27661c";
 cors_request = new XMLHttpRequest();
 cors_request.onreadystatechange = function() {
 if (cors_request.readyState == 4) {
    console.log(cors_request.responseText);
    }
 }
 cors_request.open("GET", "http://hashid.badwith.computer/" + hash);
 cors_request.send();

Python Sample Example

import requests
hsh = "3da541559918a808c2402bba5012f6c60b27661c"
resp = requests.get("http://hashid.badwith.computer/%s" % hsh)
print(resp.text)

Python Example : Multiple hashes

import json
import requests
hashes = {'hashes': [
 "3da541559918a808c2402bba5012f6c60b27661c",
 "912ec803b2ce49e4a541068d495ab570"
 ]}
resp = requests.post("http://hashid.badwith.computer/", data=json.dumps(hashes))
print(resp.text)

The response is received as JSON data. The Demo usage has been already shown above under the screenshots header..

Thanks to moloch for contributing to the cloud app.

About the Code

As it is evident from the code that I have used regular expressions to identify the hashes. The hashes are being identified because they have certain characteristics and when matched properly they will produce the proper results. Using regular expressions to identify the hash makes the code neat and easy to understand. To understand the regex expressions used in the code, VISIT THIS SITE and paste the Regex Expression in its proper place and thereby you get the explanation. 

Suggestion and feedback are welcome. The tool will be updated with more new features and hashes for identification.

Quick Links


Thank you,
Sincerely,
Psycho_Coder

0 comments :

Post a Comment

Follow Me!

Blog Archive

Followers

Visitor Map