Kraker - Distributed Password Brute-Force System That Focused On Easy Use

Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and workstations, focused on easy of use. There were two main goals during the design and development: to create the most simple tool for distributed hash cracking and make it fault-tolerant.

Kraker consists of two main components - a server and an agent, which communicate through a REST API. You can read about their installation and configuration below.

Kraker continues to be in development, so the new functionality, documentation, and updates will be released as they become available. If you have suggestions for improvement or want to participate in the development or find bugs - feel free to open issues, pull requests, or contact us: @_w34kp455 and @_asSheShouldBe.


Here you can find a manual on how to setup your own server, build an agent from the source and run it. You always can download a Release that is already built and run it.


Server is written on Laravel and provides a web interface for creating brute force tasks and also serves for managing agents.

sudo apt updatecurl -fsSL https://get.docker.com -o get-docker.shsh get-docker.shrm get-docker.shsudo curl -L "https://github.com/docker/compose/releases/download/1.25.3/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composesudo chmod +x /usr/local/bin/docker-composesudo systemctl enable dockersudo docker-compose build appsudo docker-compose up -dsudo docker-compose exec app composer installsudo docker-compose exec app php artisan key:generatesudo docker-compose exec app php artisan migratesudo docker-compose exec app php artisan db:seed --class=HashtypeSeedersudo docker-compose exec app php artisan db:seed --class=UserSeeder

Navigate the server IP address and enter the next credentials:

  • Login: admin
  • Password: kraker


It is written in .NET Core 5 and works on any OS where this framework is available - Linux, Windows, MacOS (not tested yet). The agent is responsible for performing brute-force tasks that it receives from the server.


For the agent to work on the host, you need to install .NET Core 5, which can be downloaded from the following link:


Build from source
  1. Install .NET Core 5 SDK. Linux example:
wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb -O packages-microsoft-prod.debsudo dpkg -i packages-microsoft-prod.debsudo apt-get update sudo apt-get install -y apt-transport-httpssudo apt-get updatesudo apt-get install -y dotnet-sdk-5.0
  1. To compile agent from source code, go to agent folder and run the next command: dotnet build --configuration Release. After that in Kracker.App/bin/Release/net5.0 folder you will get the built project.
  2. You need to download hashcat from the official page at https://hashcat.net/hashcat/, unpack it into the agent's folder.
  3. Modify appsettings.json in Kracker.App/bin/Release/net5.0 and put ServerURL and Hashcat.Path like:
{        "HashCat":{        "Path": "/home/admin/Kraker/agent/Kracker.App/bin/Release/net5.0/hashcat/hashcat.bin", //hashcat path                 "SilencePeriodBeforeKill": 5, //default - 60 minutes                "RepeatedStringsBeforeKill": 100, //defaut 1000 strings                "NeedForce": true,                "Options": "--quiet --status --status-timer=1 --machine-readable --logfile-disable --restore-disable --outfile-format=2"        },        "ServerUrl": "", //server url        "InventoryCheckPeriod": 600,        "HearbeatPeriod": 15}
  1. Create a folder wordlist and rule and put there your favorite wordlist and rules.
  2. Run Kraker.app.exe or use command dotnet run Kraker.app.dll
  3. You can copy-paste the agent folder from server to server for easy setup. Happy cracking!

Using release

In release you can find:

Running agent from release:

  1. Install .NET Core 5 runtime.
  2. Modify appsettings.json in Kracker.App/bin/Release/net5.0 and put ServerURL and Hashcat.Path.
  3. Put your favorite wordlist and rules in wordlist and rule folders. You can find lots of wordlists on https://weakpass.com.
  4. Run Kraker.app.exe or use command dotnet Kraker.app.dll


Disqus Comments