keep-guessing + rules?
#1
Is there a way to log *all* of the rules that would have cracked a given hash?

Would/should --keep-guessing and --debug-mode be combine-able?  It could be quite chatty - being able to ignore ':' would probably be useful. Smile
~
#2
I kinda feel like that if you don't know the answer to something that it is likely unknowable.
#3
Ha! I'm only about one chapter ahead of you in the book. Wink

And guess what? I should have tried it first! Smile

--keep-guessing  works fine with --debug-mode (for at least some attacks):

Code:
$ cat test.hash
8743b52063cd84097a65d1633f5c74f5

$ cat test.dict
hashca
hashcas
hashcau
hashcate
hashcatz
tachsah
HASHCAT

$ hashcat --quiet -O -w 4 --keep-guessing -D1 --session=test --potfile-path=./test.potfile \
   --debug-mode=4 --debug-file=./test.log --outfile=test.out --outfile-format=15 \
   -r multi.rule \
   test.hash test.dict

$

$ wc -l test.potfile
1635 test.potfile

$ cat test.potfile
8743b52063cd84097a65d1633f5c74f5:hashcat
[...]
8743b52063cd84097a65d1633f5c74f5:hashcat

$ wc -l test.out
1635 test.out

$ cat test.out
8743b52063cd84097a65d1633f5c74f5:hashcat:68617368636174:1805914
[...]
8743b52063cd84097a65d1633f5c74f5:hashcat:68617368636174:3007570

$ wc -l test.log
1635 test.log

$ cat test.log
hashcate:$$ O72:hashcat
hashcate:$$ O72:hashcat
hashcate:$) *0B O72:hashcat
hashcate:$) K '7:hashcat
hashcate:$* O72:hashcat
[...]
hashcatz:} } D1 {:hashcat

The applications should be obvious (and are well-known to password researchers) - that for a given target list of hashes, a given input dictionary, and a given set of rules, the rules that are most universally applicable, and the base words that were the most useful, can be analyzed. It's highly dependent on its inputs.
~