SkillAgentSearch skills...

Digestive

Dictionary cracking tool for HTTP Digest challenge/response hashes

GenerateConvertImprove

Install / Use

/learn @eric-conrad/Digestive
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

digestive

<img align="right" width="250" src="https://upload.wikimedia.org/wikipedia/commons/9/9c/Bowl_of_digestive_biscuits.jpg">

Dictionary cracking tool for HTTP Digest challenge/response hashes

Code based on: https://gist.github.com/yesecurity/5fb47f44e289e8bc9c35

  • Thank you, yessecurity!
  • https://gist.github.com/yesecurity

Launches dictionary attack vs. captured HTTP Digest credentials (taken from a PCAP, Burp or ZAP proxy, etc.)

Example credentials

<img src="media/digest-zap.png" width="600"/>

Authorization: Digest username="conrad", realm="Security542", nonce="q5mFt62KBQA=30b96361b3061fc88ad88a19170b873073ccb930", uri="/digest/", algorithm=MD5, response="36bf5df32af14d751ee901fcd2d72479", qop=auth, nc=00000001, cnonce="763eb7656a737513"

Resulting command line (using John the Ripper's wordlist)

digestive --username conrad --wordlist /opt/john/run/password.lst --method GET --uri /digest/ --nc 00000001 --qop auth --realm Security542 --cnonce 763eb7656a737513 --nonce q5mFt62KBQA=30b96361b3061fc88ad88a19170b873073ccb930 --response 36bf5df32af14d751ee901fcd2d72479

<img src="media/digestive-screenshot.png" width="600"/>

eric-conrad

View profile

View on GitHub
GitHub Stars32
CategoryDevelopment
Updated8mo ago
Forks7
eric-conrad/digestive

Languages

Python

Security Score

82/100

Audited on Jul 19, 2025

No findings