hashID - identify your hashes
#1
Hello community!
Some months ago I started working on a "hash-identifier", now since it got included in the latest The-Distribution-Which-Does-Not-Handle-OpenCL-Well (Kali) linux release, I feel its time to share it with the community here too: hashID | hash-identifier | github

Taken from my github page:
Quote:Identify the different types of hashes used to encrypt data and especially passwords.

This tool replaces hash-identifier, which is outdated!

hashID is a tool written in Python 3.x which supports the identification of over 205 unique hash types using regular expressions. A detailed list of supported hashes can be found here.
It is able to identify a single hash, parse a file or read multiple files in a directory and identify the hashes within them.
hashID is also capable of including the corresponding hashcat mode and/or JohnTheRipper format in its output.
Altough hashID is written in Python 3.x it should also work using Python 2.7.

Note: When identifying a hash on *nix operating systems use single quotes to prevent interpolation

If you supply the parameter "-m" hashID will include the corresponding hashcat mode in its output
(no need to remember hashcat modes anymore!)

I have also included a spreadsheet which holds all my research information on the specific hash algorithms
I need some community help on this spreadsheet, some entries are marked with "information needed" or "correct regex?", so if you can provide online resources on the hashtype or found a bug in the current regex please let me know and I'll try to update asap

I hope it makes your hash identification process easier!
#2
GJ, the majority of similar tools out there are binary and not scripts, so it's a win.
#3
(05-21-2014, 06:55 AM)Rolf Wrote: GJ, the majority of similar tools out there are binary and not scripts, so it's a win.

thank you! also hashID supports by far the most algorithms than any other tool out there
if you find any errors or need an algorithm added feel free to contact me here or create pull request on my github
#4
i got error:

File "D:\Download\hashid.py", line 669
"""HashID with configurable prototypes"""
^
IndentationError: expected an indented block


how i can solve?
thanks
#5
Indent correctly the script or use http://pythoniter.appspot.com/
#6
(12-24-2014, 11:15 PM)Mem5 Wrote: Indent correctly the script or use http://pythoniter.appspot.com/

tried that url, but it not correct error, tried also reintend.py script inside toots/script dir of phyton, nothing Sad

at end i intended manually and works

thanks
#7
I like it!
Any chance you'll be adding JTR modes as well?

also a few hashes it didn't recognized from the hashcat examples
http://hashcat.net/wiki/doku.php?id=example_hashes

Code:
Analyzing '{smd5}a5/yTL/u$VfvgyHx1xUlXZYBocQpQY0'
[+] Unknown hash
Analyzing 'user$c8b48f26b87b7ea7'
[+] Unknown hash
Analyzing 'user$abcad719b17e7f794df7e686e563e9e2d24de1d0'
[+] Unknown hash
Analyzing '$cram_md5$PG5vLXJlcGx5QGhhc2hjYXQubmV0Pg==$dXNlciA0NGVhZmQyMmZlNzY2NzBmNmIyODc5MDgxYTdmNWY3MQ=='
[+] Unknown hash
Analyzing '{x-issha, 1024}C0624EvGSdAMCtuWnBBYBGA0chvqAflKY74oEpw/rpY='
[+] Unknown hash
#8
Sorry for the late reply, I've been kinda busy!

(12-29-2014, 10:41 PM)forumhero Wrote: Any chance you'll be adding JTR modes as well?

I will add JTR formats in the future, I would have done it earlier but sadly JTR doesnt provide a example_hashes document like hashcat does, so it will be kind of hard to collect them all :/

(12-29-2014, 10:41 PM)forumhero Wrote: also a few hashes it didn't recognized from the hashcat examples
http://hashcat.net/wiki/doku.php?id=example_hashes

Code:
Analyzing '{smd5}a5/yTL/u$VfvgyHx1xUlXZYBocQpQY0'
[+] Unknown hash
Analyzing 'user$c8b48f26b87b7ea7'
[+] Unknown hash
Analyzing 'user$abcad719b17e7f794df7e686e563e9e2d24de1d0'
[+] Unknown hash
Analyzing '$cram_md5$PG5vLXJlcGx5QGhhc2hjYXQubmV0Pg==$dXNlciA0NGVhZmQyMmZlNzY2NzBmNmIyODc5MDgxYTdmNWY3MQ=='
[+] Unknown hash
Analyzing '{x-issha, 1024}C0624EvGSdAMCtuWnBBYBGA0chvqAflKY74oEpw/rpY='
[+] Unknown hash

Thanks for the heads up, i fixed the regexes for SAP CODVN B (BCODE), SAP CODVN F/G (PASSCODE) and AIX(smd5).

I'll also add Cram-MD5 and SAP CODVN H (PWDSALTEDHASH) iSSHA-1 in a future update. For now I'll added them to the Issue tracker on github.
#9
Not sure if this would be helpful but check this out for JTR example hashes

https://github.com/magnumripper/jtrTestSuite
#10
(01-06-2015, 12:17 AM)forumhero Wrote: Not sure if this would be helpful but check this out for JTR example hashes

https://github.com/magnumripper/jtrTestSuite

Thanks but as kindly mentioned by magnumripper on github you can dump all supported formats using latest bleeding-jumbo Wink
Code:
$ ../run/john --list=format-details | cut -f1,14
a currently list (some ciphertext will be truncated to 256 characters) can be found here