New tool helps in the fight against weak passwords
Poor passwords frequently provide hackers with a way into networks. In order to help security teams and penetration testers identify them, Trustwave is launching a new cracking tool.
CrackQ is a queuing system to manage password cracking that works with the Hashcat tool which uses the power of GPUs to crack passwords.
Dan Turner, principal consultant at Trustwave writing on the company's blog says, "I've been managing internal password cracking rigs at Trustwave for a number of years and in various different incarnations, though I've never been happy with the efficiency of whichever process or application we have used to this end. Initially, I just wanted something written in Python, so I could easily add features as and when the team needed them, and it evolved from there."
CrackQ can generate a password analysis report from the results of a password cracking job, a Windows Active Directory domain store for example. This includes information relating to the timings and speed of the operation, but also highlights insecure password choices and patterns within an organization which should help eliminate them and reinforce the message about poor password choice.
CrackQ is in its initial, alpha, release and is available from the Github site.