hashcat
advanced password recovery

Digg Del.icio.us Reddit Facebook Stumble Upon Twitter

Navigation

Download latest version (older versions)

Name Version md5sum Date
hashcat v0.38 16865cacd0da73b010c6da4501c0e1be 2011.12.18
User Manual v1.2 a2b1080a9b78c844dd9554991fb173bd 2011.08.09

Features

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux & Windows native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
  • SSE2 accelerated
  • All Attack-Modes except Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatible with JTR and PasswordsPro
  • Possible to resume or limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generate random rules
  • Load saltlist from external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlists or multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • 30+ Algorithms implemented with performance in mind
  • ... and much more

Hashcat Screenshot

Hashcat screenshot

Attack-Modes

  • Straight *
  • Combination *
  • Toggle-Case
  • Brute-Force
  • Permutation
  • Table-Lookup

* accept Rules

Algorithms

  • MD5
  • md5($pass.$salt)
  • md5($salt.$pass)
  • md5(md5($pass))
  • md5(md5(md5($pass)))
  • md5(md5($pass).$salt)
  • md5(md5($salt).$pass)
  • md5($salt.md5($pass))
  • md5($salt.$pass.$salt)
  • md5(md5($salt).md5($pass))
  • md5(md5($pass).md5($salt))
  • md5($salt.md5($salt.$pass))
  • md5($salt.md5($pass.$salt))
  • md5($username.0.$pass)
  • md5(strtoupper(md5($pass)))
  • SHA1
  • sha1($pass.$salt)
  • sha1($salt.$pass)
  • sha1(sha1($pass))
  • sha1(sha1(sha1($pass)))
  • sha1(strtolower($username).$pass)
  • MySQL
  • MySQL4.1/MySQL5
  • MD5(Wordpress)
  • MD5(phpBB3)
  • MD5(Unix)
  • SHA-1(Base64)
  • SSHA-1(Base64)
  • SHA-1(Django)
  • MD4
  • NTLM
  • Domain Cached Credentials
  • MD5(Chap)
  • MSSQL
  • SHA256
  • MD5(APR)
  • SHA512
  • SHA-512(Unix)

Tested OS

  • All Windows and Linux versions should work on both 32 and 64 bit

Performance

  • Windows 7, 64 bit
  • Phenom II X6 T1090 @ 3.8 Ghz
  • hashcat v0.37, 64 bit
Name MD5
1 hash		 MD5
500k hashes		 Wordpress
1 hash
hashcat (6 threads) 64.00M c/s 52.89M c/s 9.99k c/s
hashcat (1 thread) 10.66M c/s 8.86M c/s 1.67k c/s
  • Ubuntu 11.04, 64 bit
  • AMD Athlon(tm) 64 X2 Dual Core Processor 6000+
  • hashcat v0.37, 64 bit
Name SHA1
1 hash		 NTLM
500k hashes		 MySQL
1k hashes
hashcat (2 threads) 10.23M c/s 12.25M c/s 22.65M c/s
hashcat (1 thread) 5.22M c/s 6.35M c/s 12.03M c/s

Help

A detailed description of all commandline parameters is available by using --help. Hashcat is explained in some of the videos and in the forums. If you encounter a bug, report it in the forums where fixes and beta versions are announced as well.

Download older versions

This is a list of older hashcat versions, it's not always bad to grab the latest version.

Name Version md5sum Date
hashcat v0.37 ba919dad346ac98b27b154e178250199 2011.07.06