sha1_cracker - simple dictionary-based SHA-1 hash cracker written in Rust
sha1_cracker <wordlist.txt> <sha1_hash>
sha1_cracker is a minimal command-line utility that performs a
dictionary attack
against a SHA-1 hash.
The program reads a wordlist file line by line, computes the SHA-1 hash of each candidate password, and compares it against the target hash provided via the command line.
Execution stops immediately when a matching password is found.
This project is intended for:
- focus on writing good Rust.
- understanding hashing primitives.
- a tool for ctf challanges(fast and rusty).
It is NOT intended for production use.
The following steps are performed:
1. Validate CLI arguments
2. Ensure SHA-1 hash length is 40 hexadecimal characters
3. Decode target hash from hex into raw bytes (once)
4. Open wordlist using buffered I/O
5. For each line in wordlist:
a. Trim whitespace
b. Compute SHA-1 digest
c. Compare raw digest bytes to target bytes
6. Exit early on match
Comparison is performed on raw bytes rather than hex strings in order to avoid repeated allocations and improve performance.
Requires:
- Rust (stable)
- cargo
Build the project:
cargo build --release
The optimized binary will be located at:
target/release/sha1_cracker
Example:
./sha1_cracker wordlist.txt 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
If the password exists in the wordlist, output will be:
Password Found: <password>
Otherwise:
Password not found in wordlist :(
- Uses BufReader for efficient file reading
- Avoids per-iteration hex encoding
- Exits immediately when match is found
For large wordlists, compile in release mode.
- Single-threaded
- Dictionary attack only (no brute force)
- No progress reporting
- No benchmarking support
SHA-1 is cryptographically broken and must NOT be used for secure password storage in modern systems.
This tool exists strictly for educational purposes.
Possible extensions:
- multithreading
- progress indicators
- benchmarking mode
- support for additional hash algorithms
Bobby
Educational use only.