hashcat
advanced password recovery


Digg Del.icio.us Reddit Facebook Stumble Upon Twitter

Download latest version (older versions)

Name Version md5sum Date
hashcat v0.48 620790f469e41ca8f3f6897ed958c8c0 2014.11.01

Features

  • Multi-Threaded
  • Free
  • Multi-Hash (up to 24 million hashes)
  • Multi-OS (Linux, Windows and OSX native binaries)
  • Multi-Algo (MD4, MD5, SHA1, DCC, NTLM, MySQL, ...)
  • SSE2, AVX and XOP accelerated
  • All Attack-Modes except Brute-Force and Permutation can be extended by rules
  • Very fast Rule-engine
  • Rules compatible with JTR and PasswordsPro
  • Possible to resume or limit session
  • Automatically recognizes recovered hashes from outfile at startup
  • Can automatically generate random rules
  • Load saltlist from external file and then use them in a Brute-Force Attack variant
  • Able to work in an distributed environment
  • Specify multiple wordlists or multiple directories of wordlists
  • Number of threads can be configured
  • Threads run on lowest priority
  • Supports hex-charset
  • Supports hex-salt
  • 90+ Algorithms implemented with performance in mind
  • ... and much more

Hashcat Screenshot

Hashcat screenshot

Attack-Modes

  • Straight *
  • Combination *
  • Toggle-Case
  • Brute-Force
  • Permutation
  • Table-Lookup

* accept Rules

Algorithms

  • MD5
  • md5($pass.$salt)
  • md5($salt.$pass)
  • md5(unicode($pass).$salt)
  • md5($salt.unicode($pass))
  • HMAC-MD5 (key = $pass)
  • HMAC-MD5 (key = $salt)
  • SHA1
  • sha1($pass.$salt)
  • sha1($salt.$pass)
  • sha1(unicode($pass).$salt)
  • sha1($salt.unicode($pass))
  • HMAC-SHA1 (key = $pass)
  • HMAC-SHA1 (key = $salt)
  • MySQL323
  • MySQL4.1/MySQL5
  • phpass, MD5(Wordpress), MD5(phpBB3), MD5(Joomla)
  • md5crypt, MD5(Unix), FreeBSD MD5, Cisco-IOS MD5
  • SHA-1(Django)
  • MD4
  • NTLM
  • Domain Cached Credentials, mscash
  • SHA256
  • sha256($pass.$salt)
  • sha256($salt.$pass)
  • sha256(unicode($pass).$salt)
  • sha256($salt.unicode($pass))
  • HMAC-SHA256 (key = $pass)
  • HMAC-SHA256 (key = $salt)
  • md5apr1, MD5(APR), Apache MD5
  • SHA512
  • sha512($pass.$salt)
  • sha512($salt.$pass)
  • sha512(unicode($pass).$salt)
  • sha512($salt.unicode($pass))
  • HMAC-SHA512 (key = $pass)
  • HMAC-SHA512 (key = $salt)
  • SHA-512(Unix)
  • Cisco-PIX MD5
  • WPA/WPA2
  • Double MD5
  • bcrypt, Blowfish(OpenBSD)
  • MD5(Sun)
  • md5(md5(md5($pass)))
  • md5(md5($salt).$pass)
  • md5($salt.md5($pass))
  • md5($pass.md5($salt))
  • md5($salt.$pass.$salt)
  • md5(md5($pass).md5($salt))
  • md5($salt.md5($salt.$pass))
  • md5($salt.md5($pass.$salt))
  • md5($username.0.$pass)
  • md5(strtoupper(md5($pass)))
  • md5(sha1($pass))
  • Double SHA1
  • sha1(sha1(sha1($pass)))
  • sha1(md5($pass))
  • MD5(Chap), iSCSI CHAP authentication
  • SHA-3(Keccak)
  • Half MD5
  • Password Safe SHA-256
  • IKE-PSK MD5
  • IKE-PSK SHA1
  • NetNTLMv1-VANILLA / NetNTLMv1-ESS
  • NetNTLMv2
  • Cisco-IOS SHA256
  • Samsung Android Password/PIN
  • AIX {smd5}
  • AIX {ssha256}
  • AIX {ssha512}
  • AIX {ssha1}
  • GOST, GOST R 34.11-94
  • Fortigate (FortiOS)
  • OS X v10.8 / v10.9
  • GRUB 2
  • IPMI2 RAKP HMAC-SHA1
  • sha256crypt, SHA256(Unix)
  • scrypt
  • Cisco $9$
  • Plaintext
  • Joomla < 2.5.18
  • osCommerce, xt:Commerce
  • nsldap, SHA-1(Base64), Netscape LDAP SHA
  • nsldaps, SSHA-1(Base64), Netscape LDAP SSHA
  • Oracle 11g/12c
  • SMF > v1.1
  • OS X v10.4, v10.5, v10.6
  • EPi
  • MSSQL(2000)
  • MSSQL(2005)
  • EPiServer 6.x < v4
  • EPiServer 6.x > v4
  • SSHA-512(Base64), LDAP {SSHA512}
  • OS X v10.7
  • MSSQL(2012 & 2014)
  • vBulletin < v3.8.5
  • vBulletin > v3.8.5
  • IPB2+, MyBB1.2+
  • WebEdition CMS
  • Redmine Project Management Web App

Tested OS

  • All Linux, Windows and OSX versions should work on both 32 and 64 bit

Performance

  • Windows 7, 64 bit
  • Phenom II X6 T1090 @ 3.8 Ghz
  • hashcat v0.40, 64 bit
Name MD5
1 hash
NTLM
500k hashes
phpass
1 hash
hashcat (8 threads) 86.24M c/s 71.17M c/s 49.67k c/s
hashcat (1 thread) 12.90M c/s 10.58M c/s 7.79k c/s
  • Ubuntu 12.04.2 LTS, 64 bit
  • AMD FX(tm)-8120 Eight-Core Processor
  • hashcat v0.46, XOP version
Name SHA1
1 hash
NTLM
500k hashes
MySQL
1k hashes
hashcat (8 threads) 73.97 MH/s 79.83 MH/s 116.47 MH/s
hashcat (1 thread) 16.66 MH/s 15.15 MH/s 19.83 MH/s

Help

A detailed description of all commandline parameters is available by using --help. Hashcat is explained in some of the videos and in the forums. If you encounter a bug, report it in the forums where fixes and beta versions are announced as well.

Download older versions

This is a list of older hashcat versions, it's not always bad to grab the latest version.

Name Version md5sum Date
hashcat v0.47 ac5d37aac78d1e1400a2d4b0c8ecae68 2013.12.30