You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A tool to exploit the hash length extension attack in various hashing algorithms
Currently supported algorithms: MD5, SHA1, SHA256, SHA512
Help Menu
./HashPump -h
HashPump [-h help] [-t test] [-s signature] [-d data] [-a additional] [-k keylength]
HashPump generates strings to exploit signatures vulnerable to the Hash Length Extension Attack.
-h --help Display this message.
-t --test Run tests to verify each algorithm is operating properly.
-s --signature The signature from known message.
-d --data The data from the known message.
-a --additional The information you would like to add to the known message.
-k --keylength The length in bytes of the key being used to sign the original message with.
Version 1.0 with MD5, SHA1, SHA256 and SHA512 support.
<Developed by bwall(@botnet_hunter)>
git clone https://github.com/bwall/HashPump.git
apt-get install g++ libssl-dev
make
make install
apt-get and make install require root privileges to run correctly. The actual requirement is for -lcrypto, so depending on your operating system, your dependencies may vary.
About
A tool to exploit the hash length extension attack in various hashing algorithms
