If it's your own system, it's okay, right? If you have been following APIs for a while, you know at the back of your mind that there must be an API to do almost anything in today’s world of interconnected systems. Once in a while though we do get hit by APIs that do something out of the normal. How about a cloud-powered API that tests your network vulnerability? Well, Thoughtcrime Labs, the developers behind CloudCracker have released their CloudCracker API to help you do just that.
CloudCracker is a Password Cracking Service that is aimed at penetration testers and auditors to check the security of the Protected Wireless Networks. It even provides services to help you crack password hashes or validate if your document encryption is strong enough. It provides a website where you can submit your files and they deliver the results to you via email for a fee.
The process to submit a job to the CloudCracker Service via the website is dead simple. Select from either a WPA/WPA2 or a LM/NTLM Network and upload the Handshake file for your network. Then select among their various plans starting from $17 to $136 and provide your contact details. The results will be emailed to you in under 30 minutes. The price ranges depending on the number of words that you want to test your network or document encryption against. For $17, you can get it tested against nearly 600 million+ words. The dictionaries have been built via various iterations over time.
The entire workflow of submitting a job to the CloudCracker Service is also automated via an API. The CloudCracker API is a REST based API that provides you methods for getting available dictionaries, submit a cracking job, pay for a job and even get back a status. The API supports the JSON data format. Payment for the job is done via the Stripe API that we earlier covered. Stripe delivers a one-time token from your credit card information that needs to be passed along when invoking the /payment method of the CloudCracker API. For more information on the CloudCracker API, refer to the Developer page.
The CloudCracker Service is definitely of value to network testers and security folks. It seems that a lot of services that qualified consultants give is likely to get automated and provided as a Service in the days ahead.