BN+ Brute Force Hash Attacker

This page is about a tool I wrote during my highschool years, between 2008 and 2010. Both the contents of this page and the tool it describes have not been updated since.

BN+ Brute Force Hash Attacker is a tool for the recovery of passwords stored in hash formats, using brute force methods. It's completely open source and available under the GNU General Public License. This application uses BN+ Library, an open source .Net utilities library.


BN+ Brute Force Hash Attacker



NOTICE: these docs are for version 1.0.5, and might not be accurate for the current version.

Installation, start-up

You can choose to download the direct run files, or the fully integrated setup. When downloading the direct run files, just un-archive it (with WinRar), and run the .exe file. The application will start without any further user interaction needed. You can put the direct run files on your usb, and run the application anywhere you like, without needing administration privileges. Note that all files need to be placed in the same folder for the application to work. If you download the fully integrated setup, you should un-archive it (with WinRar), and run the setup file. The setup will show you several dialogues, including one where you can choose the installation location. When finishing the setup, a short cut to the application will be placed on your desktop, and in your start menu, from which you can run it.

Use of the interface

The interface can be divided into 4 regions: charset configuration, password configuration, control panel and statistics. Sections 3, 4, 5 and 6 describe the functions of these regions in greater detail.

Charset configuration (Brute force charset)

Only combinations with symbols that are in the charset will be created during the attack. Passwords with characters that are not part of the charset will therefore not be found. It is however important that you keep the charset as small as possible, as it's seize has a drastic result on the amount of possible passwords. The check boxes provide some basic combinations, but custom charsets can also be used by entering them into the custom character set field.

Password configuration (Password configuration)

This section enables you to set the minimum and maximum length of the password, the hash format used, and a known format. When setting the length, keep in mind that covering a large range, especially big numbers, will increase the amount of possible passwords exponentially, and consequently also the time it will take to complete the attack. The format can be used in cases where characters at the start and/or end of the password are known. The more characters known, the smaller the amount of passwords will become. Note that using this functionality decreases the attack speed notably, in some cases up to 70% or more.

Control panel (Attack control panel)

The control panel contains a field where you have to enter the hash you want to attack, and buttons to start, pauze, resume, stop and restart the attack. Note that the start button will only be enabled when the attack can start. This means that the amount of possible passwords needs to be greater then 0, and the entered hash needs to be valid.

Statistics (Attack statistics)

This section does not contain any control elements, but provides you with data on the progress of the current attack. Note that the 'time remaining' is only an estimation based on the passed time and the percentage of attack completion, and can vary depending on the use of system resources by other applications.


The speed of the attack depends on many factors, including the clock rate of your cpu, the amount of available memory, the amount of resources required by other applications, and the nature of the attack itself. Basic attacks (password amounts to 9223372036854775807) have a better performance then larger attacks, which will run up to 40% slower. As described in section 4, the use of the password format option will also have a negative effect on the attack speed.


This is an overview of the performance of the application during various attacks. This data was tested on a 2.1Ghz single core laptop.


Change log

Version 1.2.0 - 2010-02-15

Version 1.1.0 - 2009-03-21

Version 1.0.8 - 2009-02-16

Version 1.0.5 - 2008-12-16

Version 1.0.3 - 2008-10-29

Version 1.0.0 - September 2008