Update app.py

app.py

@@ -1,150 +1,263 @@
 import gradio as gr
 import hashlib
-import bcrypt
-import base64
 import re
+import bcrypt
+
+from passlib.hash import (
+    md5_crypt,
+    sha256_crypt,
+    sha512_crypt,
+    pbkdf2_sha256,
+    pbkdf2_sha512,
+    argon2,
+    bcrypt as passlib_bcrypt,
+)
+
+# -----------------------------------
+# HASH IDENTIFICATION
+# -----------------------------------
+
+HASH_SIGNATURES = [
+    ("bcrypt", r"^\$2[aby]?\$"),
+    ("argon2", r"^\$argon2"),
+    ("sha512_crypt", r"^\$6\$"),
+    ("sha256_crypt", r"^\$5\$"),
+    ("md5_crypt", r"^\$1\$"),
+]
+
+HASHCAT_MODES = {
+    "MD5": 0,
+    "SHA1": 100,
+    "SHA256": 1400,
+    "SHA512": 1700,
+    "NTLM": 1000,
+    "bcrypt": 3200,
+    "sha256_crypt": 7400,
+    "sha512_crypt": 1800,
+    "argon2": 22300,
+    "pbkdf2_sha256": 10900,
+    "pbkdf2_sha512": 12100,
+}
 
-# -----------------------------
-# HASH DETECTION
-# -----------------------------
 
 def identify_hash(hash_value):
     possible = []
 
-    if hash_value.startswith("$2a$") or hash_value.startswith("$2b$") or hash_value.startswith("$2y$"):
-        possible.append("bcrypt")
-
-    if hash_value.startswith("$argon2"):
-        possible.append("Argon2")
-
-    if hash_value.startswith("$6$"):
-        possible.append("SHA512-Crypt")
-
-    if hash_value.startswith("$5$"):
-        possible.append("SHA256-Crypt")
+    # Prefix-based detection
+    for name, pattern in HASH_SIGNATURES:
+        if re.match(pattern, hash_value):
+            possible.append(name)
 
+    # Raw hex hashes
     if re.fullmatch(r"[a-fA-F0-9]{32}", hash_value):
         possible.extend(["MD5", "NTLM"])
 
-    if re.fullmatch(r"[a-fA-F0-9]{40}", hash_value):
+    elif re.fullmatch(r"[a-fA-F0-9]{40}", hash_value):
         possible.append("SHA1")
 
-    if re.fullmatch(r"[a-fA-F0-9]{64}", hash_value):
+    elif re.fullmatch(r"[a-fA-F0-9]{64}", hash_value):
         possible.append("SHA256")
 
-    if re.fullmatch(r"[a-fA-F0-9]{128}", hash_value):
+    elif re.fullmatch(r"[a-fA-F0-9]{128}", hash_value):
         possible.append("SHA512")
 
+    # PBKDF2 patterns
+    if "pbkdf2" in hash_value.lower():
+        if "sha256" in hash_value.lower():
+            possible.append("pbkdf2_sha256")
+        elif "sha512" in hash_value.lower():
+            possible.append("pbkdf2_sha512")
+
     if not possible:
         possible.append("Unknown")
 
-    return possible
+    return list(dict.fromkeys(possible))
 
 
-# -----------------------------
-# HASH VERIFICATION
-# -----------------------------
+# -----------------------------------
+# VERIFY HASH
+# -----------------------------------
 
 def verify_hash(password, hash_value):
-    results = []
-
+    matches = []
     possible = identify_hash(hash_value)
 
     for alg in possible:
 
         try:
+
+            # -----------------
+            # RAW HASHES
+            # -----------------
+
             if alg == "MD5":
-                generated = hashlib.md5(password.encode()).hexdigest()
-                if generated.lower() == hash_value.lower():
-                    results.append("✅ MD5 match")
+                h = hashlib.md5(password.encode()).hexdigest()
+                if h.lower() == hash_value.lower():
+                    matches.append("✅ MD5")
 
             elif alg == "SHA1":
-                generated = hashlib.sha1(password.encode()).hexdigest()
-                if generated.lower() == hash_value.lower():
-                    results.append("✅ SHA1 match")
+                h = hashlib.sha1(password.encode()).hexdigest()
+                if h.lower() == hash_value.lower():
+                    matches.append("✅ SHA1")
 
             elif alg == "SHA256":
-                generated = hashlib.sha256(password.encode()).hexdigest()
-                if generated.lower() == hash_value.lower():
-                    results.append("✅ SHA256 match")
+                h = hashlib.sha256(password.encode()).hexdigest()
+                if h.lower() == hash_value.lower():
+                    matches.append("✅ SHA256")
 
             elif alg == "SHA512":
-                generated = hashlib.sha512(password.encode()).hexdigest()
-                if generated.lower() == hash_value.lower():
-                    results.append("✅ SHA512 match")
+                h = hashlib.sha512(password.encode()).hexdigest()
+                if h.lower() == hash_value.lower():
+                    matches.append("✅ SHA512")
 
             elif alg == "NTLM":
-                generated = hashlib.new(
-                    'md4',
-                    password.encode('utf-16le')
+                h = hashlib.new(
+                    "md4",
+                    password.encode("utf-16le")
                 ).hexdigest()
 
-                if generated.lower() == hash_value.lower():
-                    results.append("✅ NTLM match")
+                if h.lower() == hash_value.lower():
+                    matches.append("✅ NTLM")
+
+            # -----------------
+            # BCRYPT
+            # -----------------
 
             elif alg == "bcrypt":
                 if bcrypt.checkpw(
                     password.encode(),
                     hash_value.encode()
                 ):
-                    results.append("✅ bcrypt match")
+                    matches.append("✅ bcrypt")
+
+            # -----------------
+            # PASSLIB HASHES
+            # -----------------
+
+            elif alg == "sha256_crypt":
+                if sha256_crypt.verify(password, hash_value):
+                    matches.append("✅ sha256_crypt")
+
+            elif alg == "sha512_crypt":
+                if sha512_crypt.verify(password, hash_value):
+                    matches.append("✅ sha512_crypt")
+
+            elif alg == "md5_crypt":
+                if md5_crypt.verify(password, hash_value):
+                    matches.append("✅ md5_crypt")
+
+            elif alg == "argon2":
+                if argon2.verify(password, hash_value):
+                    matches.append("✅ argon2")
+
+            elif alg == "pbkdf2_sha256":
+                if pbkdf2_sha256.verify(password, hash_value):
+                    matches.append("✅ pbkdf2_sha256")
 
-        except Exception as e:
-            results.append(f"Error testing {alg}: {str(e)}")
+            elif alg == "pbkdf2_sha512":
+                if pbkdf2_sha512.verify(password, hash_value):
+                    matches.append("✅ pbkdf2_sha512")
 
-    return possible, "\n".join(results) if results else "No matches found."
+        except Exception:
+            pass
 
+    return possible, matches
 
-# -----------------------------
-# MAIN FUNCTION
-# -----------------------------
+
+# -----------------------------------
+# MAIN ANALYSIS
+# -----------------------------------
 
 def analyze(password, hash_value):
-    possible, verification = verify_hash(password, hash_value)
 
-    return (
-        "\n".join(possible),
-        verification
-    )
+    possible, matches = verify_hash(password, hash_value)
+
+    alg_text = "\n".join(possible)
+
+    if matches:
+        verification = "\n".join(matches)
+    else:
+        verification = "❌ No verified match found."
+
+    # Hashcat suggestions
+    modes = []
+
+    for alg in possible:
+        if alg in HASHCAT_MODES:
+            modes.append(
+                f"{alg} → Hashcat mode {HASHCAT_MODES[alg]}"
+            )
+
+    mode_text = "\n".join(modes) if modes else "No suggestions."
+
+    return alg_text, verification, mode_text
 
 
-# -----------------------------
-# GRADIO UI
-# -----------------------------
+# -----------------------------------
+# UI
+# -----------------------------------
+
+css = """
+footer {
+    visibility: hidden;
+}
+"""
+
+with gr.Blocks(css=css, theme=gr.themes.Soft()) as demo:
 
-with gr.Blocks(title="Hash Analyzer Lab") as demo:
-    gr.Markdown("# Hash Analyzer / Verification Tool")
     gr.Markdown(
-        "Educational hash identification and password verification utility."
+        """
+# Pentest Hash Analyzer
+
+Educational utility for:
+- Hash identification
+- Password verification
+- Hashcat mode mapping
+- CTF / TryHackMe workflows
+"""
     )
 
-    password_input = gr.Textbox(
-        label="Known Password",
-        type="password",
-        placeholder="Enter known plaintext password"
-    )
+    with gr.Row():
 
-    hash_input = gr.Textbox(
-        label="Hash",
-        lines=4,
-        placeholder="Paste hash here"
-    )
+        password_input = gr.Textbox(
+            label="Known Password",
+            type="password",
+            placeholder="Enter plaintext password"
+        )
 
-    analyze_btn = gr.Button("Analyze")
+        hash_input = gr.Textbox(
+            label="Hash",
+            lines=6,
+            placeholder="Paste hash"
+        )
 
-    possible_output = gr.Textbox(
-        label="Possible Algorithms"
-    )
+    analyze_btn = gr.Button("Analyze Hash")
+
+    with gr.Row():
+
+        alg_output = gr.Textbox(
+            label="Possible Algorithms",
+            lines=8
+        )
+
+        verify_output = gr.Textbox(
+            label="Verification Results",
+            lines=8
+        )
 
-    verification_output = gr.Textbox(
-        label="Verification Results",
-        lines=10
+    hashcat_output = gr.Textbox(
+        label="Hashcat Modes",
+        lines=6
     )
 
     analyze_btn.click(
         fn=analyze,
         inputs=[password_input, hash_input],
-        outputs=[possible_output, verification_output]
+        outputs=[
+            alg_output,
+            verify_output,
+            hashcat_output
+        ]
     )
 
 demo.launch()