Anyone who’s taken a SANS SEC504 or now SEC587 class with me knows I love password cracking.
But here’s the thing about password cracking – it’s a game of patience. Sure, sometimes you’ll crack a password in seconds. Other times, you’re playing the long game, watching your GPU churn through combinations for days. During my government days, this led to a frustrating ritual: start a crack on my home gaming computer, head to the office, and leave a powerhouse machine sitting idle for hours after the job finished.
Enter Cat Sitter, my solution to squeeze every ounce of productivity from those lonely machines. Named with a touch of cryptographic humor (because who doesn’t love a good Hashcat pun?), it’s a Python script that transforms your idle system into a relentless password-cracking machine.
How It Works
Cat Sitter starts with a custom, target-specific wordlist. When that well runs dry, it escalates to the RockYou wordlist, before bringing out the big guns with the Have I Been Pwned V2 dataset from the now defunct hashes.org.
But straight wordlists are just the beginning. Cat Sitter pairs these lists with rule-based mutations – first with best64, then with d3ad0ne. Still no luck? It’ll start combining words, using RockYou with itself in a combinator attack. And if all else fails, it falls back to brute forcing.
Getting Started
You place Cat Sitter in your Hashcat directory, make a few quick variable tweaks for your wordlist paths and then feed it a hash file and an algorithm number (think: 1000 for NTLM), and it’ll take care of the rest. Whether you’re heading to the office, grabbing lunch, or calling it a night, your machine keeps working, methodically moving through each technique until it cracks those hashes or exhausts all options.
The source code is yours to hack, modify, and improve. Want to add another wordlist? Go for it. Need to tweak the attack sequence? It’s all there in clean, commented Python.
This isn’t just about automation – it’s about working smarter. Because in the world of password cracking, persistence and methodology trump brute force every time.
https://github.com/ArgeliusLabs/cat_sitter
P.S. Yes, the name is a dad joke. No, I’m not sorry.
