Hash Extender
A command-line utility for performing hash length extension attacks against vulnerable cryptographic hash functions.
What is Hash Extender?
Hash Extender is a command-line utility that automates hash length extension attacks against vulnerable cryptographic hash functions like MD5, SHA-1, and SHA-256. It solves the problem of manually exploiting applications that construct signatures by hashing a secret concatenated with user data, allowing attackers to append arbitrary data and generate valid signatures without knowing the secret.
Security researchers, penetration testers, and CTF (Capture The Flag) participants who need to identify and exploit cryptographic vulnerabilities in web applications and authentication systems.
Developers choose Hash Extender because it's the first free, comprehensive tool that automates this specific attack across multiple algorithms, saving hours of error-prone manual calculation and handling complex details like padding, block sizes, and endianness correctly.
Overview
Hash Extender is a specialized security tool that automates hash length extension attacks, a cryptographic vulnerability affecting many common hash functions. It enables security researchers and penetration testers to exploit weaknesses in applications that improperly construct message authentication codes.
Key Features
- Multi-Algorithm Support — Attacks MD4, MD5, RIPEMD-160, SHA-0, SHA-1, SHA-256, SHA-512, and WHIRLPOOL hash functions.
- Flexible Input/Output Formats — Handles raw, hex, HTML, and C-style string encodings for both data and signatures.
- Automated Padding Calculation — Correctly handles block sizes, endianness, and length fields for each algorithm.
- Secret Length Discovery — Supports brute-forcing unknown secret lengths with min/max ranges.
- Batch Testing — Can test multiple hash algorithms simultaneously with table output.
Philosophy
Hash Extender aims to make complex cryptographic attacks accessible by automating the tedious and error-prone manual calculations involved in length extension attacks, allowing security professionals to focus on vulnerability discovery rather than implementation details.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
