A short post for Ravan this time. It is a JavaScript based Distributed Computing system that can perform brute force attacks on salted hashes by distributing the task across several browsers. Salted and plain versions of the following hashing algorithms are currently supported:
  • MD5
  • SHA1
  • SHA256
  • SHA512
How to use?
Using Ravan is very simple, just follow these steps:


  1. Go to http://www.andlabs.org/tools/ravan.html
  2. Enter the value of the hash that must be cracked
  3. Enter the value of the salt, if it is not a salted hash then leave it blank
  4. Enter the charset. Only these characters will be use in the brute force attack
  5. Select the hashing algorithm (MD5, SHA1, SHA256, SHA512)
  6. Select the position of the salt. (clear-text+salt or salt+clear-text)
  7. Hit ‘Submit Hash’.
  8. If hash is successfully submitted it would return a URL. Send this URL to all the workers and get them to click ‘start’ on that page.
  9. Keep the main page open without reloading till the hash is cracked.
That is all! Once the HTML5 WebWorkers start, they would be doing pieces of the work and submitting results back. The main page would constantly monitor the progress of the cracking process and manage it across all the workers. You would be able to see the stats throughout the process, once the hash is cracked the clear-text value is displayed. Ravan uses HTML5 WebWorkers to start background JavaScript threads in the browsers of the workers, each worker computes a part of the hash cracking activity.


Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.