hashsmith-cli 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 s4l1hs
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/MANIFEST.in

@@ -0,0 +1,2 @@
+prune wordlists
+recursive-exclude wordlists *

package/README.md

@@ -0,0 +1,256 @@
+```
+ _   _           _     ____            _ _   _
+| | | | __ _ ___| |__ / ___| _ __ ___ (_) |_| |__
+| |_| |/ _` / __| '_ \\___ \| '_ ` _ \| | __| '_ \
+|  _  | (_| \__ \ | | |___) | | | | | | | |_| | | |
+|_| |_|\__,_|___/_| |_|____/|_| |_| |_|_|\__|_| |_|
+```
+
+# Hashsmith
+
+Hashsmith is a modular, terminal-first toolkit for encoding, decoding, hashing, cracking, and identification. It’s designed for security-focused workflows, quick experiments, and automation in scripts or pipelines.
+
+## Highlights ⚡
+- Clean CLI with guided interactive mode
+- Extensive encoding/decoding support (base* formats, morse, url, classical ciphers, and more)
+- Modern hash support (MD5/SHA/NTLM/Bcrypt/Argon2/Scrypt, etc.)
+- Identify mode for best-guess detection of encoding and hash types
+- File input/output and clipboard copy support
+- Themed UI with Rich
+
+## Installation 🔐
+
+**From source**
+```bash
+pip install -r requirements.txt
+```
+
+**Run as module**
+```bash
+python -m hashsmith --help
+```
+
+## Quick Start ⚡
+```bash
+hashsmith encode -t base64 -i "hello"
+hashsmith decode -t base64 -i "aGVsbG8="
+hashsmith hash -t sha256 -i "secret" -c
+hashsmith identify -i "aGVsbG8="
+```
+
+## Global Options 🛡️
+- `-N`, `--no-banner`: Disable banner
+- `-T`, `--theme`: Accent color (cyan, green, magenta, blue, yellow, red, white)
+- `-A`, `--help-all`: Show help for all commands
+- `-id`, `--identify`: Shortcut for identify (use with `-i/-f`)
+
+## Common Input/Output Options 🧬
+These options are shared across commands that accept input and output:
+- `-i`, `--text`: Text input
+- `-f`, `--file`: Read input from file
+- `-o`, `--out`: Write output to file
+- `-c`, `--copy`: Copy output to clipboard
+
+## Commands 🛡️
+
+### 1) Encode
+Encode text with a selected algorithm.
+
+**Usage**
+```bash
+hashsmith encode -t <type> [-i <text> | -f <file>] [-o <file>] [-c]
+```
+
+**Examples**
+```bash
+hashsmith encode -t base64 -i "hello"
+hashsmith encode -t caesar -s 5 -f input.txt -o output.txt
+hashsmith encode -t hex -i "hello" -c
+```
+
+---
+
+### 2) Decode
+Decode text with a selected algorithm.
+
+**Usage**
+```bash
+hashsmith decode -t <type> [-i <text> | -f <file>] [-o <file>] [-c]
+```
+
+**Examples**
+```bash
+hashsmith decode -t base64 -i "aGVsbG8="
+hashsmith decode -t morse -i ".... . .-.. .-.. ---"
+hashsmith decode -t hex -i "68656c6c6f" -c
+```
+
+---
+
+### 3) Hash
+Hash text using a selected algorithm.
+
+**Usage**
+```bash
+hashsmith hash -t <type> [-i <text> | -f <file>] [--salt <s>] [--salt-mode prefix|suffix] [-o <file>] [-c]
+```
+
+**Examples**
+```bash
+hashsmith hash -t sha256 -i "hello"
+hashsmith hash -t md5 -i "secret" -s "pepper" -S suffix
+hashsmith hash -t sha256 -i "hello" -c
+```
+
+---
+
+### 4) Crack
+Crack hashes using dictionary or brute-force attacks.
+
+**Usage**
+```bash
+hashsmith crack -t <type|auto> -H <hash> -M <dict|brute> [options]
+```
+
+**Examples**
+```bash
+hashsmith crack -t md5 -H 5f4dcc3b5aa765d61d8327deb882cf99 -M dict -w wordlists/common.txt
+hashsmith crack -t sha1 -H 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed -M brute -n 1 -x 4
+hashsmith crack -t md5 -H 5f4dcc3b5aa765d61d8327deb882cf99 -M dict -w wordlists/common.txt -c
+```
+
+---
+
+### 5) Identify
+Detect probable encoding and hash types. Prioritizes reliable results and avoids false positives for raw text.
+
+**Usage**
+```bash
+hashsmith identify -i <text>
+hashsmith identify -f <file>
+hashsmith -id -i <text>
+```
+
+**Examples**
+```bash
+hashsmith identify -i "aGVsbG8="
+hashsmith identify -i 5f4dcc3b5aa765d61d8327deb882cf99
+hashsmith -id -i "aGVsbG8="
+```
+
+---
+
+### 6) Interactive Mode
+Guided prompt flow for encoding/decoding/hashing/cracking/identify.
+
+**Usage**
+```bash
+hashsmith
+hashsmith interactive
+```
+
+## Algorithms 🔐
+
+### Hashing Algorithms
+| Category | Algorithms |
+| --- | --- |
+| Cryptographic | md5, md4, sha1, sha224, sha256, sha384, sha512, sha3_224, sha3_256, sha3_512 |
+| Modern/Alt | blake2b, blake2s, ntlm, mysql323, mysql41 |
+| Password | bcrypt, argon2, scrypt, mssql2000, mssql2005, mssql2012, postgres |
+
+### Encoding/Decoding Algorithms
+| Category | Algorithms |
+| --- | --- |
+| Base Encodings | base64, base64url, base32, base85, base58 |
+| Numeric | hex, binary, decimal, octal |
+| Text/URL | morse, url, unicode |
+| Ciphers | caesar, rot13, vigenere, xor, atbash, baconian, leet, reverse, railfence, polybius |
+| Esoteric | brainf*ck |
+
+### Cracking Modes
+| Mode | Description |
+| --- | --- |
+| dict | Dictionary attack using a wordlist |
+| brute | Brute-force with a chosen charset and length range |
+
+## Clipboard Support 🔐
+When `-c/--copy` is set, output is copied to the clipboard using platform-native tools:
+- macOS: `pbcopy`
+- Windows: `clip`
+- Linux: `xclip`, `xsel`, or `wl-copy`
+
+## Themes 🛡️
+Set the accent color globally:
+```bash
+hashsmith -T magenta
+```
+
+## Troubleshooting 🧬
+- If hashing output in `base58` fails, ensure the hash is hex-based.
+- For dictionary cracking, validate your wordlist path.
+
+## Security Notice 🛡️
+Hashsmith is intended for educational and authorized security testing only. You are responsible for compliance with applicable laws.
+
+## License
+See [LICENSE](LICENSE).
+Hashsmith is a modular, terminal-based Swiss Army knife for encoding, decoding, hashing, and password cracking. Built for security enthusiasts 🛠️🔐
+
+## Features
+- Encoding/Decoding: Base64, Hex, Binary, Morse, URL, Caesar, ROT13
+- Hashing: MD5, SHA-1, SHA-256, SHA-512
+- Cracking: Dictionary attack and basic brute-force
+- File input/output support
+- Optional salt support for hashing and cracking
+
+## Installation
+1. Create a virtual environment (optional)
+2. Install dependencies:
+
+```
+pip install -r requirements.txt
+```
+
+## Usage
+Run via module:
+
+```
+python -m hashsmith --help
+```
+
+### Encode
+```
+python -m hashsmith encode --type base64 --text "hello"
+python -m hashsmith encode --type caesar --shift 5 --file input.txt --out output.txt
+python -m hashsmith encode --type hex --text "hello" --copy
+```
+
+### Decode
+```
+python -m hashsmith decode --type base64 --text "aGVsbG8="
+python -m hashsmith decode --type morse --text ".... . .-.. .-.. ---"
+python -m hashsmith decode --type hex --text "68656c6c6f" --copy
+```
+
+### Hash
+```
+python -m hashsmith hash --type sha256 --text "hello"
+python -m hashsmith hash --type md5 --text "secret" --salt "pepper" --salt-mode suffix
+python -m hashsmith hash --type sha256 --text "hello" --copy
+```
+
+### Crack
+```
+python -m hashsmith crack --type md5 --hash 5f4dcc3b5aa765d61d8327deb882cf99 --mode dict --wordlist wordlists/common.txt
+python -m hashsmith crack --type sha1 --hash 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed --mode brute --min-len 1 --max-len 4
+python -m hashsmith crack --type md5 --hash 5f4dcc3b5aa765d61d8327deb882cf99 --mode dict --wordlist wordlists/common.txt --copy
+```
+
+## Notes
+- Dictionary cracking uses the provided wordlist file.
+- Brute-force is intentionally small by default; adjust `--min-len` and `--max-len` carefully.
+
+## Roadmap
+- Multithreading for cracking
+- Additional encodings and hash types
+- Better progress indicators

package/bin/index.js

@@ -0,0 +1,10 @@
+#!/usr/bin/env node
+const { spawn } = require('child_process');
+
+// Terminalden gelen argümanları yakala ve python paketine ilet
+const args = process.argv.slice(2);
+const child = spawn('hashsmith', args, { stdio: 'inherit', shell: true });
+
+child.on('exit', (code) => {
+  process.exit(code);
+});

package/hashsmith/__init__.py

@@ -0,0 +1,3 @@
+"""Hashsmith package."""
+
+__all__ = ["cli"]

package/hashsmith/__main__.py

@@ -0,0 +1,4 @@
+from .cli import main
+
+if __name__ == "__main__":
+    main()

package/hashsmith/algorithms/__init__.py

@@ -0,0 +1 @@
+"""Algorithm implementations for Hashsmith."""

package/hashsmith/algorithms/cracking.py

@@ -0,0 +1,276 @@
+import hashlib
+import itertools
+import string
+import time
+from concurrent.futures import ProcessPoolExecutor, as_completed
+from dataclasses import dataclass
+from typing import Iterable, Optional, Tuple, List, Callable
+
+try:
+    import bcrypt  # type: ignore
+except Exception:  # pragma: no cover
+    bcrypt = None
+
+from .hashing import hash_text
+from ..utils.metrics import RateCounter
+
+
+@dataclass
+class CrackResult:
+    found: bool
+    password: Optional[str]
+    attempts: int
+    elapsed: float
+    rate: float
+
+
+def _parse_scrypt_hash(target_hash: str) -> Tuple[int, int, int, bytes, bytes]:
+    parts = target_hash.split("$")
+    if len(parts) != 6 or parts[0] != "scrypt":
+        raise ValueError("Invalid scrypt hash format")
+    n = int(parts[1])
+    r = int(parts[2])
+    p = int(parts[3])
+    salt = bytes.fromhex(parts[4])
+    digest = bytes.fromhex(parts[5])
+    return n, r, p, salt, digest
+
+
+def _parse_mssql_2005_salt(target_hash: str) -> bytes:
+    value = target_hash.strip()
+    if not value.lower().startswith("0x0100") or len(value) < 6 + 8:
+        raise ValueError("Invalid MSSQL 2005/2012 hash format")
+    return bytes.fromhex(value[6:14])
+
+
+def _dictionary_worker(words: List[str], target_hash: str, algorithm: str, salt: str, salt_mode: str) -> Tuple[Optional[str], int]:
+    attempts = 0
+    scrypt_params = None
+    if algorithm == "scrypt":
+        scrypt_params = _parse_scrypt_hash(target_hash)
+    mssql_salt = None
+    if algorithm in {"mssql2005", "mssql2012"}:
+        mssql_salt = _parse_mssql_2005_salt(target_hash)
+    hasher = None
+    verify_mismatch = None
+    invalid_hash = None
+    if algorithm == "argon2":
+        try:
+            from argon2 import PasswordHasher  # type: ignore
+            from argon2.exceptions import VerifyMismatchError, InvalidHash  # type: ignore
+        except Exception:  # pragma: no cover
+            return None, attempts
+        hasher = PasswordHasher()
+        verify_mismatch = VerifyMismatchError
+        invalid_hash = InvalidHash
+    for word in words:
+        attempts += 1
+        if algorithm == "bcrypt":
+            if bcrypt is None:
+                continue
+            if bcrypt.checkpw(word.encode("utf-8"), target_hash.encode("utf-8")):
+                return word, attempts
+        elif algorithm == "argon2":
+            try:
+                hasher.verify(target_hash, word)
+                return word, attempts
+            except (verify_mismatch, invalid_hash):
+                continue
+            except Exception:
+                continue
+        elif algorithm == "scrypt":
+            n, r, p, salt_bytes, digest = scrypt_params
+            candidate = hashlib.scrypt(word.encode("utf-8"), salt=salt_bytes, n=n, r=r, p=p, dklen=len(digest))
+            if candidate == digest:
+                return word, attempts
+        elif algorithm in {"mssql2005", "mssql2012"}:
+            digest = hashlib.sha1(mssql_salt + word.encode("utf-16le")).hexdigest().upper()
+            if target_hash.lower().startswith("0x0100") and target_hash[14:].upper() == digest:
+                return word, attempts
+        else:
+            if hash_text(word, algorithm, salt, salt_mode) == target_hash:
+                return word, attempts
+    return None, attempts
+
+
+def dictionary_attack(
+    target_hash: str,
+    algorithm: str,
+    words: Iterable[str],
+    salt: str = "",
+    salt_mode: str = "prefix",
+    workers: int = 1,
+    progress_callback: Optional[Callable[[int], None]] = None,
+) -> CrackResult:
+    start = time.perf_counter()
+    counter = RateCounter()
+    attempts = 0
+
+    if algorithm == "bcrypt" and bcrypt is None:
+        raise ValueError("bcrypt library is required for bcrypt cracking")
+    if algorithm == "argon2":
+        try:
+            from argon2 import PasswordHasher  # type: ignore
+            from argon2.exceptions import VerifyMismatchError, InvalidHash  # type: ignore
+        except Exception as exc:  # pragma: no cover
+            raise ValueError("argon2-cffi library is required for argon2 cracking") from exc
+        argon2_verify = (PasswordHasher(), VerifyMismatchError, InvalidHash)
+    else:
+        argon2_verify = None
+
+    if workers > 1:
+        batch = []
+        futures = []
+        with ProcessPoolExecutor(max_workers=workers) as executor:
+            for word in words:
+                batch.append(word)
+                if len(batch) >= 500:
+                    futures.append(executor.submit(_dictionary_worker, batch, target_hash, algorithm, salt, salt_mode))
+                    batch = []
+            if batch:
+                futures.append(executor.submit(_dictionary_worker, batch, target_hash, algorithm, salt, salt_mode))
+
+            for future in as_completed(futures):
+                found, count = future.result()
+                attempts += count
+                if progress_callback:
+                    progress_callback(count)
+                if found:
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, found, attempts, elapsed, rate)
+    else:
+        scrypt_params = None
+        if algorithm == "scrypt":
+            scrypt_params = _parse_scrypt_hash(target_hash)
+        mssql_salt = None
+        if algorithm in {"mssql2005", "mssql2012"}:
+            mssql_salt = _parse_mssql_2005_salt(target_hash)
+        for word in words:
+            attempts += 1
+            if progress_callback:
+                progress_callback(1)
+            if algorithm == "bcrypt":
+                if bcrypt.checkpw(word.encode("utf-8"), target_hash.encode("utf-8")):
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, word, attempts, elapsed, rate)
+            elif algorithm == "argon2":
+                hasher, verify_mismatch, invalid_hash = argon2_verify
+                try:
+                    hasher.verify(target_hash, word)
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, word, attempts, elapsed, rate)
+                except (verify_mismatch, invalid_hash):
+                    pass
+            elif algorithm == "scrypt":
+                n, r, p, salt_bytes, digest = scrypt_params
+                candidate = hashlib.scrypt(word.encode("utf-8"), salt=salt_bytes, n=n, r=r, p=p, dklen=len(digest))
+                if candidate == digest:
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, word, attempts, elapsed, rate)
+            elif algorithm in {"mssql2005", "mssql2012"}:
+                digest = hashlib.sha1(mssql_salt + word.encode("utf-16le")).hexdigest().upper()
+                if target_hash.lower().startswith("0x0100") and target_hash[14:].upper() == digest:
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, word, attempts, elapsed, rate)
+            else:
+                if hash_text(word, algorithm, salt, salt_mode) == target_hash:
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, word, attempts, elapsed, rate)
+            if attempts % 1000 == 0:
+                counter.rate(attempts)
+
+    elapsed = time.perf_counter() - start
+    rate = counter.rate(attempts)
+    return CrackResult(False, None, attempts, elapsed, rate)
+
+
+def brute_force(
+    target_hash: str,
+    algorithm: str,
+    charset: str = string.ascii_lowercase + string.digits,
+    min_len: int = 1,
+    max_len: int = 4,
+    salt: str = "",
+    salt_mode: str = "prefix",
+    progress_callback: Optional[Callable[[int], None]] = None,
+) -> CrackResult:
+    start = time.perf_counter()
+    counter = RateCounter()
+    attempts = 0
+    if algorithm == "argon2":
+        try:
+            from argon2 import PasswordHasher  # type: ignore
+            from argon2.exceptions import VerifyMismatchError, InvalidHash  # type: ignore
+        except Exception as exc:  # pragma: no cover
+            raise ValueError("argon2-cffi library is required for argon2 cracking") from exc
+        argon2_verify = (PasswordHasher(), VerifyMismatchError, InvalidHash)
+    else:
+        argon2_verify = None
+
+    scrypt_params = None
+    if algorithm == "scrypt":
+        scrypt_params = _parse_scrypt_hash(target_hash)
+
+    mssql_salt = None
+    if algorithm in {"mssql2005", "mssql2012"}:
+        mssql_salt = _parse_mssql_2005_salt(target_hash)
+
+    for length in range(min_len, max_len + 1):
+        for combo in itertools.product(charset, repeat=length):
+            attempts += 1
+            if progress_callback:
+                progress_callback(1)
+            candidate = "".join(combo)
+            if algorithm == "bcrypt":
+                if bcrypt is None:
+                    raise ValueError("bcrypt library is required for bcrypt cracking")
+                if bcrypt.checkpw(candidate.encode("utf-8"), target_hash.encode("utf-8")):
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, candidate, attempts, elapsed, rate)
+            elif algorithm == "argon2":
+                hasher, verify_mismatch, invalid_hash = argon2_verify
+                try:
+                    hasher.verify(target_hash, candidate)
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, candidate, attempts, elapsed, rate)
+                except (verify_mismatch, invalid_hash):
+                    pass
+            elif algorithm == "scrypt":
+                n, r, p, salt_bytes, digest = scrypt_params
+                value = hashlib.scrypt(candidate.encode("utf-8"), salt=salt_bytes, n=n, r=r, p=p, dklen=len(digest))
+                if value == digest:
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, candidate, attempts, elapsed, rate)
+            elif algorithm in {"mssql2005", "mssql2012"}:
+                digest = hashlib.sha1(mssql_salt + candidate.encode("utf-16le")).hexdigest().upper()
+                if target_hash.lower().startswith("0x0100") and target_hash[14:].upper() == digest:
+                    elapsed = time.perf_counter() - start
+                    rate = counter.rate(attempts)
+                    return CrackResult(True, candidate, attempts, elapsed, rate)
+            elif hash_text(candidate, algorithm, salt, salt_mode) == target_hash:
+                elapsed = time.perf_counter() - start
+                rate = counter.rate(attempts)
+                return CrackResult(True, candidate, attempts, elapsed, rate)
+            if attempts % 1000 == 0:
+                counter.rate(attempts)
+
+    elapsed = time.perf_counter() - start
+    rate = counter.rate(attempts)
+    return CrackResult(False, None, attempts, elapsed, rate)
+
+
+def format_rate(rate: float) -> str:
+    if rate >= 1_000_000:
+        return f"{rate / 1_000_000:.2f} M/s"
+    if rate >= 1_000:
+        return f"{rate / 1_000:.2f} K/s"
+    return f"{rate:.2f} /s"