A powerful and secure Python-based command-line tool for password hashing, verification, and recovery using the industry-standard bcrypt algorithm. Features a beautiful interactive interface with multiprocessing-powered password cracking capabilities.
- π Secure Password Hashing: Generate bcrypt hashes with customizable cost factors (4-31)
- β Password Verification: Verify passwords against bcrypt hashes instantly
- β‘ Multi-threaded Password Recovery: High-performance password cracking with multiprocessing
- π¨ Beautiful CLI Interface: Rich console output with progress bars and styled panels
- π Wordlist Support: Load password lists from files for dictionary attacks
- π‘οΈ Robust Error Handling: Comprehensive error management and validation
- βοΈ Configurable Cost Factors: Adjustable security levels from 4 to 31
- π Performance Monitoring: Real-time progress tracking and timing statistics
- π Large File Support: Efficient handling of large password wordlists
- π» Cross-Platform: Works on Windows, macOS, and Linux
- Industry Standard: Uses bcrypt with salt for maximum security
- Configurable Rounds: Adjustable cost factors to balance security vs performance
- Memory Safe: Secure password handling with proper encoding
- Attack Resistance: Built-in protection against rainbow table attacks
- Educational Purpose: Designed for ethical security testing and learning
- Python 3.6+
- Required packages:
bcrypt- Secure password hashingrich- Beautiful terminal interfaces
# Clone the repository
git clone https://github.com/mahdidevlp/Bcrypt-Password-Tool.git
cd Bcrypt-Password-Tool
# Install dependencies
pip install -r requirements.txt
# Run the tool
python hash_password.py# Clone and setup
git clone https://github.com/mahdidevlp/Bcrypt-Password-Tool.git
cd Bcrypt-Password-Tool
# Create virtual environment
python -m venv bcrypt_env
# Activate virtual environment
source bcrypt_env/bin/activate # Linux/Mac
# or
bcrypt_env\Scripts\activate # Windows
# Install dependencies
pip install -r requirements.txt
# Run the tool
python hash_password.py# Make script executable
chmod +x hash_password.py
# Create symbolic link (optional)
sudo ln -s $(pwd)/hash_password.py /usr/local/bin/bcrypt-tool
# Run from anywhere
bcrypt-toolSimply run the script and follow the beautiful interactive menu:
python hash_password.py- π Hash a Password - Generate secure bcrypt hashes
- β Verify a Password - Check password against hash
- π Guess Password from Hash - Dictionary attack with wordlist
- πͺ Exit - Close the application
Welcome to Bcrypt Password Tool!
Main Menu:
[1] Hash a password
[2] Verify a password
[3] Guess password from hash using file
[4] Exit
Enter your choice: 1
Enter the password to hash: mysecurepassword
Enter bcrypt cost factor (4-31, default 10): 12
Generated Bcrypt Hash:
$2b$12$rXKqA7h9F2k8B3mN5pQ1e.vY8ZhG6tM9NcP2sR4uV7wX1yE3qA9sB
Enter your choice: 2
Enter the bcrypt hash to verify against: $2b$12$rXKqA7h9F2k8B3mN5pQ1e.vY8ZhG6tM9NcP2sR4uV7wX1yE3qA9sB
Enter the password to verify: mysecurepassword
β
Password matches the hash!
Enter your choice: 3
Enter the bcrypt hash to guess: $2b$12$rXKqA7h9F2k8B3mN5pQ1e.vY8ZhG6tM9NcP2sR4uV7wX1yE3qA9sB
Enter the path to the password list file: wordlists/common_passwords.txt
Starting password cracking process with multiprocessing boost...
Cracking in progress ββββββββββββββββββββ 100% β’ 10,000/10,000 passwords tested β’ 0:02:30 β’ 0:00:00
π Match found! Password: mysecurepassword
Time elapsed: 150.32 seconds
| Cost Factor | Iterations | Time (approx) | Security Level |
|---|---|---|---|
| 4 | 16 | ~1ms | Minimum |
| 8 | 256 | ~15ms | Low |
| 10 | 1,024 | ~60ms | Default |
| 12 | 4,096 | ~250ms | High |
| 15 | 32,768 | ~2s | Very High |
| 18 | 262,144 | ~15s | Maximum |
The tool automatically detects your CPU cores and optimizes performance:
- Multiprocessing: Uses up to 4 worker processes
- Chunk Processing: Processes passwords in optimized batches
- Memory Efficient: Handles large wordlists without memory issues
- Progress Tracking: Real-time progress with ETA calculations
Create a password wordlist file with one password per line:
# Example: common_passwords.txt
password
123456
password123
admin
qwerty
letmein
welcome
monkey- rockyou.txt - Popular password list (14M passwords)
- SecLists - Comprehensive security wordlists
- Custom Lists - Industry-specific or targeted wordlists
You can also use the tool programmatically:
from hash_password import hash_password, verify_password, guess_password
# Hash a password
hashed = hash_password("mypassword", cost=12)
print(f"Hash: {hashed}")
# Verify a password
is_valid = verify_password("mypassword", hashed)
print(f"Valid: {is_valid}")
# Load wordlist and attempt recovery
passwords = ["password", "123456", "mypassword"]
found = guess_password(hashed, passwords)
print(f"Found: {found}")-
"Module not found" errors
pip install bcrypt rich
-
Permission denied errors
chmod +x hash_password.py
-
Large wordlist performance
- Use cost factor 10 or lower for testing
- Consider smaller, targeted wordlists
- Ensure sufficient RAM for large files
-
Multiprocessing issues on Windows
- Run from command prompt (not IDLE)
- Ensure proper if
__name__ == "__main__"protection
- Lower cost factors for testing/development
- Targeted wordlists instead of massive files
- SSD storage for better I/O performance
- More CPU cores = faster cracking
This tool is designed for:
- Educational purposes - Learning about password security
- Penetration testing - Authorized security assessments
- Personal use - Testing your own passwords
- Research - Academic security research
- Unauthorized password cracking
- Illegal access attempts
- Malicious activities
- Violating terms of service
- Use high cost factors (12+) for production systems
- Implement rate limiting in applications
- Use strong, unique passwords with proper entropy
- Regular security audits of password policies
- Multi-factor authentication where possible
Typical Performance (Intel i7, 8 cores):
| Operation | Cost Factor 10 | Cost Factor 12 | Cost Factor 15 |
|---|---|---|---|
| Single Hash | ~60ms | ~250ms | ~2s |
| Verification | ~60ms | ~250ms | ~2s |
| 1K passwords | ~1 min | ~4 min | ~30 min |
| 10K passwords | ~10 min | ~40 min | ~5 hours |
Contributions are welcome! Please feel free to submit issues, feature requests, or pull requests.
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Install development dependencies:
pip install -r requirements-dev.txt - Make your changes and add tests
- Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow PEP 8 guidelines
- Use type hints where appropriate
- Add docstrings to functions
- Include comprehensive error handling
- Write unit tests for new features
This project is licensed under the MIT License - see the LICENSE file for details.
- bcrypt - Secure password hashing library
- rich - Beautiful terminal interfaces library
- Security Community - For promoting ethical security practices
If you encounter any issues or have questions:
- Check the Issues page
- Create a new issue with:
- Python version and OS
- Error messages or stack traces
- Steps to reproduce the issue
- Expected vs actual behavior
- GUI application using tkinter/PyQt
- REST API interface
- Custom wordlist generators
- Hash type detection and support
- Progress save/resume functionality
- Distributed cracking support
- Integration with popular password managers
- Advanced attack patterns (hybrid, rule-based)
- Docker containerization
- Web interface
Real-world Performance:
- Hash Generation: 60ms (cost 10) to 2s (cost 15)
- Password Verification: Same as generation
- Dictionary Attacks: 100-1000 passwords/second (depends on cost)
- Memory Usage: ~50MB base + wordlist size
- CPU Utilization: Up to 100% across all cores
Made with β€οΈ for security professionals and enthusiasts