Table of Contents
Fetching ...

HashKitty: Distributed Password Analysis

Pedro Antunes, Tomás Santos, Daniel Fuentes, Luís Frazão

TL;DR

HashKitty tackles the challenge of efficient password analysis by delivering a distributed platform that leverages Hashcat across heterogeneous nodes via a central, web-based API. The system uses a modular architecture with a Python-based middleware and agent layer, real-time websocket communication, and power-aware workload distribution to scale across CPUs, GPUs, and SBCs. Key contributions include proportional load balancing for hashes and dictionaries, support for multiple attack types (Brute Force, Dictionary, Rule-Based, Combinator), and an open-source implementation validated on a diverse hardware suite. The work demonstrates effective scalability and edge computing capabilities, enabling robust password analysis in both defensive and offensive security contexts with potential for broader algorithm support and system enhancements. The practical impact lies in providing a flexible, open framework for distributed security testing and password analysis across heterogeneous environments.

Abstract

This article documents the HashKitty platform, a distributed solution for password analysis based on the hashcat tool, designed to improve efficiency in both offensive and defensive security operations. The main objectives of this work are to utilise and characterise the hashcat tool, to develop a central platform that connects various computational nodes, to allow the use of nodes with different equipment and manufacturers, to distribute tasks among the nodes through a web platform, and to perform distributed password analysis. The results show that the presented solution achieves the proposed objectives, demonstrating effectiveness in workload distribution and password analysis using different types of nodes based on various operating systems and architectures. The architecture of HashKitty is based on a scalable and modular distributed architecture, composed of several components such as computational nodes, integration and control software, a web platform that implements our API, and database servers. In order to achieve a fast and organised development process for our application we used multiple frameworks, runtimes and libraries. For the communication between the computational nodes and the other software we made use of websockets so that we have real-time updates between them.

HashKitty: Distributed Password Analysis

TL;DR

HashKitty tackles the challenge of efficient password analysis by delivering a distributed platform that leverages Hashcat across heterogeneous nodes via a central, web-based API. The system uses a modular architecture with a Python-based middleware and agent layer, real-time websocket communication, and power-aware workload distribution to scale across CPUs, GPUs, and SBCs. Key contributions include proportional load balancing for hashes and dictionaries, support for multiple attack types (Brute Force, Dictionary, Rule-Based, Combinator), and an open-source implementation validated on a diverse hardware suite. The work demonstrates effective scalability and edge computing capabilities, enabling robust password analysis in both defensive and offensive security contexts with potential for broader algorithm support and system enhancements. The practical impact lies in providing a flexible, open framework for distributed security testing and password analysis across heterogeneous environments.

Abstract

This article documents the HashKitty platform, a distributed solution for password analysis based on the hashcat tool, designed to improve efficiency in both offensive and defensive security operations. The main objectives of this work are to utilise and characterise the hashcat tool, to develop a central platform that connects various computational nodes, to allow the use of nodes with different equipment and manufacturers, to distribute tasks among the nodes through a web platform, and to perform distributed password analysis. The results show that the presented solution achieves the proposed objectives, demonstrating effectiveness in workload distribution and password analysis using different types of nodes based on various operating systems and architectures. The architecture of HashKitty is based on a scalable and modular distributed architecture, composed of several components such as computational nodes, integration and control software, a web platform that implements our API, and database servers. In order to achieve a fast and organised development process for our application we used multiple frameworks, runtimes and libraries. For the communication between the computational nodes and the other software we made use of websockets so that we have real-time updates between them.
Paper Structure (19 sections, 4 equations, 3 figures, 2 tables, 2 algorithms)

This paper contains 19 sections, 4 equations, 3 figures, 2 tables, 2 algorithms.

Figures (3)

  • Figure 1: JtR vs Hashcat
  • Figure 2: Hashkitty Architecture
  • Figure 3: Benchmark of Nodes Used