- HTML 54.5%
- Go 24.9%
- Julia 19.1%
- Makefile 1.5%
|
|
||
|---|---|---|
| cmd/entropisite | ||
| internal | ||
| worker | ||
| .gitignore | ||
| go.mod | ||
| hashes.txt.example | ||
| LICENSE | ||
| Makefile | ||
| README.md | ||
ENTROPISITE (ノ◕ヮ◕)ノ*:・゚✧
open source password security research and education platform. analyzes cracked hashes for behavioral patterns to support authorized penetration testing and security research.
entropy death observatory — human behavior analysis. password security research tool. feed it hashed credentials and a wordlist. julia cracks them at SIMD speed. go serves a live cyberpunk dashboard. the point isnt the cracking -- its the why. every cracked hash gets classified by the human behavior that produced it, building a behavioral fingerprint of the dataset over time.
authorized use only. this tool is for security research, pentest reporting, and education on datasets you own or have explicit written permission to analyze. dont be a dick (ಠ_ಠ)
what it does
Julia worker(s) Go server Browser
---------------- ---------- -------
SIMD hash engine HTTP POST /ingest -> WebSocket ws:// live dashboard
wordlist + mutations ----------> /api/stats event feed
behavior classifier /api/recent behavior charts
pattern fingerprint / entropy narrative
Julia does the compute -- SIMD inner loops, wordlist mutations, behavior classification, multi-algorithm support, reports to Go over HTTP.
Go is the brain -- single stdlib-only binary, receives worker events, persists records, broadcasts live to all connected dashboards via WebSocket. no CGO, no external deps.
ヽ(・∀・)ノ
quick start
1. build the server
make build
./entropisite
# -> http://localhost:7777
2. prep your targets
copy hashes.txt.example to hashes.txt and put your authorized target hashes in there, one per line:
cp hashes.txt.example hashes.txt
3. get a wordlist
# rockyou.txt is the standard research wordlist
wget https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
4. set up julia worker
make julia-setup
# or manually:
julia --project=worker -e 'using Pkg; Pkg.instantiate()'
5. start cracking (ง'̀-'́)ง
julia -t auto --project=worker worker/crack.jl crack \
--algo sha256 \
--wordlist rockyou.txt \
--hashes hashes.txt \
--server http://localhost:7777
open http://localhost:7777 and watch the observatory come alive
julia worker
usage: julia -t auto worker/crack.jl [mode] [options]
modes:
crack run wordlist attack against target hashes (default)
bench benchmark hash throughput across all algorithms
options:
--server go dashboard URL (default: http://localhost:7777)
--algo algorithms to use (default: sha256)
comma-separated: md5,sha1,sha256,sha512
--wordlist path to wordlist (default: rockyou.txt)
--hashes file with target hashes (default: hashes.txt)
multi-algorithm sweep:
julia -t auto --project=worker worker/crack.jl crack \
--algo md5,sha1,sha256,sha512 \
--wordlist rockyou.txt \
--hashes hashes.txt
multiple parallel workers: (`・ω・´)
WORKER_ID=w1 julia -t auto worker/crack.jl crack --algo sha256 &
WORKER_ID=w2 julia -t auto worker/crack.jl crack --algo md5 &
benchmark:
make julia-bench
behavior classification
every cracked password gets classified into a behavioral category. this is the good stuff (◕‿◕)
| tag | description |
|---|---|
keyboard_walk |
qwerty, asdf, 1234, zxcv, qazwsx... |
date_pattern |
1990, 0623, jan, birth years... |
name_number |
alice123, bob99, sarah2024... |
leet_speak |
p4ssw0rd, 4dm1n, s3cur1ty... |
repeated_chars |
aaaa, 1111, !!!!, abcabc... |
common_word |
password, admin, welcome, dragon... |
dictionary |
pure alphabetic dictionary words |
uncategorized |
everything else (╯°□°)╯︵ ┻━┻ |
the behavior fingerprint panel accumulates these across your whole dataset and generates a narrative -- what patterns dominated, what policy changes would have prevented them. its genuinely interesting to watch.
mutations
each wordlist entry gets tested with these rule-based mutations before hashing:
- original
- capitalized first letter
- common suffix append (
1,12,123,1234,!,2024,99,00,#) - capitalized + suffix
- leet substitution (
a->4,e->3,o->0,s->5) - leet + capitalized
- reversed
- doubled (
wordword)
API
POST /ingest worker event ingestion endpoint
GET /api/stats current observatory snapshot
GET /api/recent last 50 cracked records (JSON)
GET /ws WebSocket broadcast stream
GET / dashboard UI
worker event payload:
{
"type": "crack",
"worker_id": "worker-1",
"algorithm": "sha256",
"hash": "5e884898...",
"input": "password",
"pattern": "8char+alpha-only",
"behavior_tag": "common_word",
"attempt_num": 14392,
"hash_rate": 284000.0
}
building
# dev
make build
# cross-compile
make release-linux
make release-darwin
make release-windows
# clean
make clean
requirements: Go 1.21+, Julia 1.9+
legal
authorized use only. do not use against systems, credentials, or datasets you dont own or have explicit written authorization to test. the authors accept no liability for misuse. see LICENSE.
the observatory does not judge. it only observes the patterns people leave behind. (´・ω・`)