Analysis updated 2026-06-24
Attempt recovery of a forgotten Bitcoin Core or Electrum wallet password you own
Try to reconstruct a partial BIP39 mnemonic for a self-owned wallet
Audit password strength for wallets in a controlled security review
| doisargis-eng/carnom-recovery-framework | 0xsha/cve-2026-6307 | 1061700625/github_vps | |
|---|---|---|---|
| Stars | 38 | 38 | 38 |
| Language | — | HTML | Shell |
| Setup difficulty | moderate | hard | moderate |
| Complexity | 3/5 | 5/5 | 2/5 |
| Audience | ops devops | developer | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Quick start tells you to download a binary from an external MediaFire link rather than GitHub Releases, and no source is published in the repo, which is a serious red flag for a wallet tool.
Carnom Recovery Framework is described in its README as a GPU accelerated tool for cryptocurrency wallet recovery. The stated purpose is to help users recover access to wallets they own when they have lost a password or part of a mnemonic seed phrase, and to support password auditing and security research. The repo lists Python 3.11, CUDA for GPU acceleration, and Windows or Linux as the supported platforms. The feature list on the README names: a GPU accelerated recovery engine, mnemonic recovery workflows, password recovery, multi wallet compatibility, distributed recovery, an optimized pipeline, and automated workflows. The supported wallet list includes Bitcoin Core, Electrum, MetaMask, Ethereum keystore files, and BIP39 compatible wallets in general. A benchmark table mentions the RTX 4090, RTX 3080, and RTX 2080 with vague performance labels rather than concrete throughput numbers. The quick start instructions are unusual for a code repository. They tell the user to download the latest release, extract the archive, and launch the executable. The download links in the README point to a MediaFire folder rather than the GitHub releases page, and the repo itself does not appear to host the source code, since GitHub detects no primary language. Usage is left as one line that says to configure the recovery workflow through the interface. The legal notice limits the software to wallet recovery, password recovery, security auditing, and authorized research, and says unauthorized access to third party wallets is prohibited. The licensing in the README is contradictory: a badge near the top claims MIT while the footer states All Rights Reserved.
README markets a GPU-accelerated crypto wallet recovery tool, but the repo ships no source and links to an external MediaFire download instead of GitHub releases.
License is contradictory: a badge says MIT but the footer says All Rights Reserved, so the real terms are unclear.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.