Himitsu is a Online/Offline Red Team tool focused on Password Cracking and Web Vulnerabilities

DISCLAIMER

This tool is intented only for educational and testing purposes only. I do not assume any liability for any bad/illegal usage of this tool.

Password Folder

In order to make the password modules works is necessary to add to 'Passwords/Default' a wordlist with .txt extension ex (Example.txt)

File-Cracker

Before using this option make sure to add the file that you want to crack in the folder named 'Files'

Screenshot:

Installation:

git clone https://github.com/Lucksi/Himitsu
cd Himitsu
sudo apt-get update
sudo chmod +x install.sh
sudo bash install.sh
pip3 install -r requirements.txt

Installation (Venv):

if you encounter some errors in the python libraries installation use this method:

git clone https://github.com/Lucksi/Himitsu
sudo apt-get update
cd Himitsu
python3 -m venv .lib_venv
sudo chmod +x install.sh
sudo bash install.sh
source .lib_venv/bin/activate
pip3 install -r requirements.txt

Execution:

cd Himitsu
python3 main.py

Execution (Venv)

cd Himitsu
source .lib_venv/bin/activate
python3 main.py

Configuration Options:

Option name	Type	Description	Default Value
`USERAGENT_PATH`	String	File path of the Useragent list	Useragent/List.txt
`TOR_PROXY`	True/False	Making web request throught Tor network	False
`USERAGENT_CHANGE`	True/False	Making your Useragent different after a certain number of requests	False
`BREAK_TIME`	Number	Number of requests to reach in order to change Useragent	5

Features:

Option name	Description
`Algorithm Recognition`	Automatic recognition of the algorithm that have been used to hash or encode a password
`Useragent changing`	After a certain number of request your useragent will change in to a new one
`Tor Proxies`	Run your connections throught Tor
`Html Forms Detection`	Gathering all the html forms in a webpage
`Automated http request`	Creation of the url and setting the comunication method for making a web request

Current Form info Gathered:

Option name	Description
`Action Detection`	Recognition of the action url
`Method Detection`	Recognition of the method used in order to transfer data (POST/GET)
`Parameters`	Recognition of Parameter name (and description when possible)

Form Detecion	Parameters Detection

Current Hashing and Encoding Algorithm Supported:

Name	Recognition
`BASE64`	✔️
`BASE32`	✔️
`MD5`	✔️
`SHA1`	✔️
`SHA224`	✔️
`SHA3-224`	✔️
`SHA256`	✔️
`SHA3-256`	✔️
`SHA384`	✔️
`SHA3-384`	✔️
`SHA512`	✔️
`SHA3-512`	✔️

Current Offline Cracking Options:

Options
`Password`
`Zip File`
`Rar File`
`7zip File`
`Pdf File`

Current Attacks/Decoding:

Option name	Mode
`Password Cracking`	Offline/Online
`Xss Injection`	Offline/Online
`Base64 Decoding`	Offline

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Readme.md

Readme.md

DISCLAIMER

Password Folder

File-Cracker

Screenshot:

Installation:

Installation (Venv):

Execution:

Execution (Venv)

Configuration Options:

Features:

Current Form info Gathered:

Current Hashing and Encoding Algorithm Supported:

Current Offline Cracking Options:

Current Attacks/Decoding:

STARGAZERS OVER TIME

ORIGINAL CREATOR: LUCA GAROFALO (Lucksi)

LICENSE: GPL-3.0 License
COPYRIGHT: (C) 2024-2025 Lucksi

Files

Readme.md

Latest commit

History

Readme.md

File metadata and controls

DISCLAIMER

Password Folder

File-Cracker

Screenshot:

Installation:

Installation (Venv):

Execution:

Execution (Venv)

Configuration Options:

Features:

Current Form info Gathered:

Current Hashing and Encoding Algorithm Supported:

Current Offline Cracking Options:

Current Attacks/Decoding:

STARGAZERS OVER TIME

ORIGINAL CREATOR: LUCA GAROFALO (Lucksi)

LICENSE: GPL-3.0 License COPYRIGHT: (C) 2024-2025 Lucksi

LICENSE: GPL-3.0 License
COPYRIGHT: (C) 2024-2025 Lucksi