SecurityMaster CLI is a .NET-based power tool for penetration testers and blue teams who need fast access to LM hash cracking utilities and GnuPG literal packet parsing without leaving the terminal. It ships with a lightweight command framework, an interactive REPL, and batteries-included implementations of the most common workflows used across this repository. 💪
- Interactive REPL – launch
dotnet run --project CliProgramand type commands with auto-registered help support. - Password cracking – feed individual LM hashes or an entire dump file and iterate through dictionaries, leet substitutions, spell-check suggestions, and numeric suffix brute force attempts.
- GPG literal packet parsing – decrypt S2K3 3DES packets and optionally write the literal content to disk.
- Composable runtime – commands are plain C# classes that inherit from
Cli.Runtime.Command, so extending the tool is straightforward.
| Path | Description |
|---|---|
Cli/ |
Command implementations (Cli/Commands) plus the reusable runtime (Cli/Runtime). |
CliProgram/ |
Console host (Program.cs) that spins up the REPL and wires the runtime together. |
GnuPrivacyGuard/, WinPassProject/, DES_Section/ |
Supporting libraries for packet parsing and LM hash math. |
PasswordCracker/ |
Legacy project files; logic was extracted into the CLI command. |
- .NET SDK 9.0 (see
global.json). - Optional: dictionary text file for the password cracker (default:
pwdict.txtin the repo root).
# 1. Restore dependencies (first-time only)
dotnet restore
# 2. Build the solution
dotnet build
# 3. Launch the interactive shell
dotnet run --project CliProgramYou will see the welcome banner and prompt:
=== CLI Console ===
Type 'help' to see available commands. Type 'exit' to quit.
>
Type help to list commands or help <command> for detailed usage. Below is a quick guide to the built-ins:
Repeat any text back to you.
> echo "Hello, SecurityMaster!"Crack LM hashes using dictionary, leetspeak, spell-check suggestions, and numeric suffix brute force.
Required arguments:
-hash <value>– either a single 32-character LM hash, auser:rid:hashstyle colon-delimited line, or a file path containing one hash per line.
Optional arguments:
-dict <path>– dictionary text file (defaultpwdict.txt). Each line should contain one candidate word.
Example single hash run:
> password-cracker -hash 5D41402ABC4B2A76B9719D911017C592Example batch run with a file and custom dictionary:
> password-cracker --hash=hashdump.txt --dict=./wordlists/pwdict.txtOutput highlights:
- Loads the dictionary and target hash set.
- Tests dictionary entries (with optional leet permutations) using the
WinPassProjectLM hashing implementation. - When a first-half candidate matches, runs multiple refinement phases: exact match search, optional Hunspell-powered suggestions (
WeCantSpell.Hunspell), and numeric suffix brute force (0000-9999). - Writes per-hash results plus a final summary of recovered passwords.
Tips:
- Ensure the dictionary file is encoded as UTF-8 or ASCII.
- The command automatically recognizes colon-delimited dump formats and extracts the LM hash column.
- Missing files or malformed hashes produce actionable error codes/messages.
Decrypt and inspect a GnuPG literal data packet that was protected with S2K3 + TripleDES.
Arguments:
-passphrase <value>– passphrase used to decrypt the packet.-path <file>– path to the.gpg(or compatible) file.-o [true|<path>]– optional output control:- omit the flag to only print metadata/content length;
-o truewrites the literal content to the same folder as the input file, using the literal filename from the packet header;-o <path>writes to an explicit directory or file path (directories are created automatically).
Example:
> gpg-parse -passphrase "correct horse" -path ./samples/message.gpg -o trueDisplays the literal header (FileName, timestamps, etc.) and saves the decrypted bytes.
help shows every registered command, while help password-cracker renders per-argument descriptions plus any extended help text baked into the command class.
Type exit at the prompt to stop the REPL (the exit command itself just reminds you of that behavior).
SecurityMaster CLI is structured around a minimal runtime living in Cli/Runtime:
Commandis the abstract base class; concrete commands overrideName,Summary,Arguments, and implementRunAsync.Argumentdescribes an input flag/positional (name,title, description, required/default values). The runtime understands-key value,-key=value, and positional fallbacks.CommandRegistryuses reflection to find allCommandsubclasses in the assembly and exposes them to the REPL.CommandApphandles parsing, validation, and dispatch. It also implements global and per-command help printers.
CliProgram/Program.cs wires everything together:
- Builds the registry from the current assembly.
- Writes the banner and loops, reading user input.
- Splits input into command + arguments, runs
CommandApp.RunAsync, and keeps the session alive untilexitis typed.
- Create a new class in
Cli/Commands/that derives fromCommand. - Override
Name,Summary, andArgumentsto describe how it should be invoked. - Implement
RunAsync(ParsedArgs args, CancellationToken ct)with your logic. - Rebuild/run – the command registry auto-discovers new commands at startup, so no additional wiring is needed.
- Unknown command – use
helpto confirm the command name; remember arguments are-key value(single-letter flags aren’t supported). - Dictionary file not found – double-check the path you passed to
-dictor createpwdict.txtalongside the repo root. - GPG parse errors – confirm the file uses the S2K3+TripleDES format expected by
GPG.ParseFromFile_S2K3Des.
- Fork/clone the repo.
- Create a feature branch and add or adjust commands.
- Run
dotnet buildanddotnet run --project CliProgramto verify behavior. - Submit a PR with details about the new functionality.
Have fun exploring SecurityMaster CLI! ✨