Is it effective for Active Directory security testing?

Yes, it includes specialized modules for Kerberoasting, ASREPRoasting, SMB password spraying, and Pass-the-Hash techniques used in AD environments.

Does this skill assist with targeted wordlist creation?

Absolutely. It provides specific commands for web scraping with CeWL, pattern-based generation with Crunch, and applying John mutation rules to existing lists.

Can I use it to optimize GPU-accelerated cracking?

Yes, it provides performance optimization flags and workload profile guidance for Hashcat to help you fully leverage your hardware's GPU power.

Which tools does the Password Attacks skill support?

It supports industry-standard security tools including Hashcat, John the Ripper, Hydra, Medusa, CeWL, Crunch, and the Impacket suite for various attack vectors.

Can it help identify unknown password hash formats?

Yes, it includes methodologies for using hashid, hash-identifier, and haiti to identify MD5, SHA, NTLM, bcrypt, and many other specialized hash formats.

Password Attacks & Credential Cracking

Name: Password Attacks & Credential Cracking
Author: trilwu

bytrilwu

0•

Security & Testing

Conducts professional password hash cracking, credential spraying, and authentication brute-force attacks using industry-standard tools.

This skill transforms Claude Code into a specialized penetration testing assistant for credential-based attacks and hash recovery. It provides expert guidance on hash identification, high-performance cracking with tools like Hashcat and John the Ripper, and sophisticated wordlist generation using CeWL and Crunch. Security professionals can leverage this skill to automate complex command-line patterns for various protocols—including SMB, Kerberos, RDP, and web-based authentication—while implementing lateral movement techniques like Pass-the-Hash and Kerberoasting with optimized methodology.

Key Features

01Detailed lateral movement assistance via Pass-the-Hash and Kerberoasting techniques

02Targeted wordlist generation via web scraping, pattern-based crunching, and mutation rules

03Optimized Hashcat and John the Ripper command generation for all attack modes

04Advanced hash identification for MD5, SHA, bcrypt, NTLM, and Kerberos formats

050 GitHub stars

06Automated credential spraying and brute-force strategies for RDP, SSH, and SMB

Use Cases

01Testing web application authentication resilience against automated brute-force attacks

02Auditing Active Directory environments for weak passwords using hash extraction and cracking

03Performing credential recovery for lost administrative accounts during security assessments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add trilwu/secskills password-attacks

For use in Claude.ai and ChatGPT