This is probably not hashcat specific, but the people here know the problem domain probably the best 
I am looking into various ways to determine password weakness - length, categories, entropy, breach-status, etc.
One thing that I'm trying to look into is measuring "crackability".
Now if we go for a bruteforce, we can estimate the length of time to crack via the solution space for the length/categories vs the the hashrate of modern GPUs..... BUT, is there an efficient way to determine if a password will be included in a crack (e.g. rockyou+onerule) without just running hashcat to see if it's cracked?
I am looking into various ways to determine password weakness - length, categories, entropy, breach-status, etc.
One thing that I'm trying to look into is measuring "crackability".
Now if we go for a bruteforce, we can estimate the length of time to crack via the solution space for the length/categories vs the the hashrate of modern GPUs..... BUT, is there an efficient way to determine if a password will be included in a crack (e.g. rockyou+onerule) without just running hashcat to see if it's cracked?