pentest-credentialslisted

Credential testing methodology — hash crack selection, wordlist generation, password spray (advisory), default cred audit. Triggers on credential testing, hash crack, Hashcat, John the Ripper, password spray, wordlist generation, cupp, CeWL, Crunch, hashid, default password, credential stuffing.
fatihkan/badi · ★ 5 · AI & Automation · score 76

Install: claude install-skill fatihkan/badi

# pentest-credentials Credential testing methodology. Offline hash crack + targeted wordlist + default cred audit. Online brute requires a scope declaration and account-lockout-policy awareness. ## Triggers - "I found a hash, how do I crack it" - "crack with hashcat / john" - "generate a wordlist" - "password spray" - "default cred audit" - "credential stuffing test" ## Hash Identification ```bash # hashid (offline) hashid "$2y$12$abcd..." # bcrypt detect hashid "5f4dcc3b5aa765d61d8327deb882cf99" # MD5 # haiti (modern alt) haiti "$2y$12$abcd..." ``` Common hash modes (hashcat): | Hash | Mode | Command Example | |------|------|-------------| | MD5 | 0 | `hashcat -m 0 hash.txt wordlist.txt` | | SHA1 | 100 | `hashcat -m 100 ...` | | bcrypt | 3200 | `hashcat -m 3200 ...` (slow) | | NTLM | 1000 | `hashcat -m 1000 ...` | | NetNTLMv2 | 5600 | from Responder | | Kerberos AS-REP | 18200 | from GetNPUsers.py | | Kerberos TGS-REP | 13100 | from GetUserSPNs.py | | WPA2 (hash22000) | 22000 | from hcxpcapngtool | | MS-SQL 2012+ | 1731 | T-SQL hash | | LSA secrets | 5500 (NetNTLMv1) | Responder | ## Wordlist Strategy ### Ready-Made Wordlists ``` rockyou.txt — 14M (classic baseline) SecLists/Passwords/* — 1500+ specialized Probable-Wordlists/ — statistically ordered WeakPass dataset — large merged set ``` ### Target-Specific Generation ```bash # CeWL — scrape words from the site (QUIET) cewl https://example.com -m 5 -w cewl