Find and notify users in your Active Directory with weak passwords.

Features:

• Linux-based
• Flask-based web app
• Hashcat or John cracker
• Automated e-mails
• Graphical reports
• Privacy preserving

Read the docs for more information.

If you're a developer and want to run the tests, you need to edit tests/.env and define the following variables according to your environment:

# path to `john` binary
JOHN_PATH=/opt/john/run/john
# path to `hashcat` binary
HASHCAT_PATH=/usr/bin/hashcat
# FQDN of a test domain
DOMAIN=crack.local
# name of one of its domain admins
DOMAINUSER=Administrator
# domain admin password
DOMAINPASS=
# FQDN of a domain controller in the test domain
HOST=localdc.crack.local

If you don't have a test domain, you can use the docker-compose file in tests/docker to run a Samba DC (docker-compose run --service-ports dc). Inside the file you will find the values you need. You should also create an entry for the FQDN in your /etc/hosts.

MIT, Copyright 2021 Adrian Vollmer

See LICENSE for the full license text.