Frequently asked questions

NOTE: You cannot use hashcat to recover online accounts (like Gmail, Instagram, Facebook, Twitter, etc.), because hashcat has no way to work on online accounts.

Source code

Hashcat suite

Beyond hashcat itself, there are other useful utilities from the same team, maintained in separate repositories.

Documentation for older hashcat versions like hashcat-legacy, oclHashcat, … can be found by using the Sitemap button.

Core attack modes

Other attacks

  • Rule-based attack - applying rules to words from wordlists; combines with wordlist-based attacks (attack modes 0, 6, and 7)
  • Toggle-case attack - toggling case of characters; now accomplished with rules

Most important wiki pages

Patches, tips and tricks

Howtos, Videos, Papers, Articles, etc. in the wild

If your hashcat article is not listed, tell us. We would love to link it here.

General guides


Common issues

Specific attacks

Specific targets

Input sources

Cloud and scale


Other commmon tools

  • hashcat-utils - many small utilities useful in advanced password cracking
  • hashcat's - generate hashes from wordlists
  • hashgen - quickly generate some common hash types from wordlists
  • hcxdumptool and hcxtools - the modern way to capture and process Wi-Fi hashes
  • John the Ripper - supports some hash types hashcat does not
  • MDXfind - supports multiple iterations of many hash types (CPU only)
  • PACK - tools to analyze founds, generate masks that match policy, etc.
  • pack2 - split strings on character boundaries, filter by mask, generate stats, unhex HEX
  • rling - fast dedupe and sorting of large lists
  • RuleProcessorY - apply rules to wordlists - supports multibyte; slower than direct GPU rules
  • rurasort - wordlist processing
  • slider - get sliding window of substrings from a wordlist


Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain