So today I decided to write a JavaScript password cracker, built on Web Workers. I use JavaScript Object Notation (JSON) to pass hashes and results back and forth. The code currently supports MD5, SHA-1, SHA-256, SHA-512, and SHA-3, however doesn't do anything with salts at the moment.
I use Web Workers to post back over JSON so I can distribute the search space over however many users are actively on the page. This currently doesn't perform as well as I would like, since there is some computational overlap to cut back down on network traffic. But it seems like a reasonable trade off to make. I would like to add the ability to do smarter attacks such as having different computers run over dictionaries while others brute force.