#!/usr/bin/php * @version: 0.2 * @name: MD5/SHA1 BruteForcer * @description: * A simple brute forcer for MD5 and SHA1 hashes. */ define( 'VERSION', 0.2 ); require_once( 'function.brute_force.php' ); require_once( 'function.getopt.php' ); echo "MD5/SHA1 Bruteforcer v" . VERSION . "\n". "by Zapotek \n" . "\n\n"; // get input options $args = @getopt( 'h:m:s:', $argv ); // read the hash $hash = $args['h']; // get the maximum string length $max_len = $args['m']; // get stats preference $stats = $args['s'] == 'on' ? 1 : 0 ; // check for sufficient input if( !$hash ){ echo "Usage:\n\t" . $argv[0] . " -h -m -s \n\n" . "\t MD5/SHA1 hash\n" . "\t The maximum length the encrypted string [optional]\n" . "\t Output stats while cracking [on/off]\n\n"; exit; } // decide the hash algorithm based on hash size switch( strlen( $hash ) ){ case 32; $algo = "MD5"; break; case 40; $algo = "SHA1"; break; default; echo "Could not determine the encryption algorithm.\n"; echo "Ensure that the Hash is correct and try again.\n"; exit; } echo "\n$algo hash:\t$hash\n" . str_repeat( "-", 65 ); $start = strtotime( "now" ); $len = 0; // loop until we crack the hash or reach the user defined limit while( ++$len && ( $max_len-- || !$max_len ) ){ echo "\nAttacking with $len byte strings\n" . str_repeat( "-", 65 ) . "\nEstimated string pool:\t" . pow( 75, $len ) . " strings\n" . str_repeat( "-", 65 ) . "\n"; $str = brute_force( $hash, $algo, $len, $stats ); if( $str ){ echo "\nDecrypted string:\t$str\n" . str_repeat( "-", 65 ) . "\nOperation took:\t\t". date( "H:i:s", mktime( 0, 0, strtotime( "now" ) - $start ) ) . "\n" . str_repeat( "-", 65 ) . "\n"; exit; } echo "\n[ $len byte keyspace exhausted. Moving on... ]\n\n"; } // if we exhausted the keyspace something's wrong... echo "\nKeyspace exhausted.\n". "If you got here before the end of *TIME* " . "you provided either an invalid hash or an invalid max string length...\n" ?>