This is your go-to reference when you need to exploit weak hash functions in CTFs or penetration tests. It covers the essentials: length extension attacks against Merkle-Damgard constructions (MD5, SHA-256), MD5 collision generation with fastcoll and hashclash, SHA-1's SHAttered attack, HMAC timing leaks, and birthday attacks on truncated hashes. The quick attack selection table is genuinely useful for mapping scenarios to tools. One thing worth noting is it correctly distinguishes which constructions are vulnerable to length extension (SHA-3 and HMAC are not, despite common misconceptions). The collision tricks section includes practical CTF bypasses like PHP's 0e magic hashes. If you're attacking hash-based authentication or need to forge colliding files, this gives you the theory and tooling in one place.
npx skills add https://github.com/yaklang/hack-skills --skill hash-attack-techniques