From Zero to “Not Too Bad” in Two Months
When I started working on Hash Master 1000, I had a vision of what I needed, but I lacked the capability to develop it myself. I wanted a single tool that could help our pentesters and consultants perform better password analysis and provide accurate, consistent, high-quality reports. I knew enough Python to be dangerous, but HTML, JavaScript, and CSS were foreign languages. What followed was an intense, two-month journey where I learned these technologies through trial and error, sheer determination, and an unlikely mentor: ChatGPT.
The Early Days: Prompts, Errors, and Lessons
The first thing I learned was that ChatGPT is not magic. It doesn’t just take your well-thought ideas and churn out working code. Writing the app required hundreds of hours, not just coding, but also learning how to ask the right questions. ChatGPT became an invaluable assistant, one that patiently explained concepts like the DOM, asynchronous JavaScript, and CSS positioning. But don’t think for a second that I didn’t have to work for those answers. Asking vague questions led to bad responses. Asking focused, specific questions and explaining exactly what I needed from the response, unlocked the help I needed.
I also found that ChatGPT (mostly ChatGPT 4o) was either unable or “too lazy” to handle modestly sized Python and HTML files without missing important components and subsequently making mistakes and offering poor responses. Likewise, simple interactions between files seemed difficult for ChatGPT to follow and understand. However, by stating specific goals and only including the relevant snippets of code, I could ask ChatGPT for help and it offered some amazing suggestions for my code.
One lesson I learned was that different GPTs (Generative Pre-trained Transformers) and models offered varying benefits. My ChatGPT Teams access included the HTML + CSS + JavaScript GPT for example, this occasionally solved issues that ChatGPT 4o or struggled to help with. There were also great benefits from creating a Project in ChatGPT as the `Project files` and `Instructions` are centralized and available for all project related chats.
Trial, Error, Frustration… Repeat
Every step of this project was iterative. I wrote code. It broke. I asked ChatGPT why. It explained. I asked ChatGPT why it kept offering code with mistakes and deleting or breaking previously working code?!?! And it apologized. But here’s the thing, every (frustrating) mistake was an opportunity to learn. By the end of the project, I wasn’t just writing code; I was writing decent code because I was understanding what I was doing. I was also catching mistakes that ChatGPT was making and calling them out in follow up prompts where I could explain how the code could be improved. This wasn’t a case of “AI wrote my application.” It was AI mentoring and helping me write decent code. I came out the other side with more than an app, I now have a few skills and a deeper understanding of web applications and programming concepts.
Who Doesn’t Like a Free Tool?
Hash Master 1000 wasn’t just a project to evaluate ChatGPT, or to learn to develop web apps, it was a project based on need. The cybersecurity industry was lacking a modern tool to help perform password (and hash) analysis and to report the results. Pipal and HashView both had their places over the years, but neither deliver the analysis or report quality necessary for a modern pentest or audit report. I’m happy to offer Hash Master 1000 for free to everyone who can benefit (under a C BY-NC 4.0 license). I hope to continue to expand the app’s functionality by adding analysis of account states (enabled/disabled, expired, locked) and incorporating machine learning to detect even more password security weaknesses. After this initial project, I’m feeling confident that ChatGPT and I are up to the task.
Learn More: Visit SynerComm’s AssureIT team’s blog.
