hashcat
advanced password recovery

• FAQ

NOTE: You cannot use hashcat to recover online accounts (like Gmail, Instagram, Facebook, Twitter, etc.), because hashcat has no way to work on online accounts.

• Github repositories

Beyond hashcat itself, there are other useful utilities from the same team, maintained in separate repositories.

• hashcat - World's fastest and most advanced password recovery utility (source)
• hashcat-utils - Small utilities that are useful in advanced password cracking (source)
• maskprocessor - High-performance word generator with a per-position configurable charset (source)
• statsprocessor - Word generator based on per-position Markov chains (source)
• princeprocessor - Standalone password candidate generator using the PRINCE algorithm (source)
• kwprocessor - Advanced keyboard-walk generator with configureable basechars, keymap and routes (source)

Documentation for older hashcat versions like hashcat-legacy, oclHashcat, … can be found by using the Sitemap button.

• Dictionary attack - trying all words in a list; also called “straight” mode (attack mode 0, -a 0)
• Combinator attack - concatenating words from multiple wordlists (-a 1)
• Brute-force attack and Mask attack - trying all characters from given charsets, per position (-a 3)
• Hybrid attack - combining wordlists+masks (-a 6) and masks+wordlists (-a 7); can also be done with rules
• Association attack - use an username, a filename, a hint, or any other pieces of information which could have had an influence in the password generation to attack one specific hash (-a 9)

• Rule-based attack - applying rules to words from wordlists; combines with wordlist-based attacks (attack modes 0, 6, and 7)
• Toggle-case attack - toggling case of characters; now accomplished with rules

• Example hashes
• Brute-Force attack (aka mask attack)
• When I click on hashcat.exe a black window flashes up and then disappears
• Timeout Patch
• HCCAPX format description
• Resuming cracking jobs and .restore file format description
• Cracking WPA/WPA2 with hashcat
• Using maskprocessor to generate rules
• Using rules to emulate hybrid attack
• Using rules to emulate toggle attack
• Using machine-readable output
• Distributing work
• Hash type categories
• Ubuntu Server + AMD Catalyst + hashcat HOWTO (not up-to-date)
• HOWTO: Upgrading AMD Drivers on Windows (not up-to-date)
• hashcat and the drivers: Catalyst and ForceWare (not up-to-date)
• Table-Lookup Attack beginner guide - only available in hashcat-legacy
• Distributing workload in oclHashcat-lite - now accomplished with -s/--skip and -l/--limit
• VCL Cluster HOWTO
• Distributing workload in oclHashcat
• Using maskprocessor to emulate brute-force attack - now implemented directly in hashcat
• Using maskprocessor to emulate mask attack in hashcat - now implemented directly in hashcat

* Strike-through = Outdated article

• Calculating total combinations for masks
• SSH into running terminal - using screen
• I use hashcat on Windows and want to access it through ssh
• Changing fan speed of ATI under linux
• WPA Clean and Convert Script

* Strike-through = Outdated article

If your hashcat article is not listed, tell us. We would love to link it here.

• A cheat-sheet for password crackers
• A guide to password cracking with Hashcat
• Introduction to Hashcat
• Passwords: A step-by-step analysis of breaking them
• A Practical Guide to Cracking Password Hashes
• Passwordscon: Advanced Password Cracking: Hashcat Techniques for the Last 20%
• Cracking Story – How I Cracked Over 122 Million SHA1 and MD5 Hashed Passwords
• HASHCAT: GPU PASSWORD CRACKING FOR MAXIMUM WIN
• In.security cracking introduction videos “(Password Cracking 101+1)”
• Intro to Hash Cracking (cyclone)
• Awesome Password Cracking (n0kovo)

• Building a Password Cracking Rig for Hashcat
• Building a Password Cracking Rig for Hashcat - Part II
• Password Village hardware guide

• Hashcat Line Length Exceptions
• Also see our FAQ

• Custom charsets and rules with John The Ripper and oclhashcat
• Efficient Password Cracking Where LM Hashes Exist for Some Users
• Hashcat Per Position Markov Chains
• Passwordscon: I have the hashcat, I make the rules
• Rule-Fu: The art of word mangling
• Passwords^12: Exploiting a SHA-1 weakness in password cracking
• Cracking an MD5 of an IP address
• Tool Deep Dive: PRINCE
• Video introduction to Hashcat v3 and Debug-Rules example
• Exploiting masks in Hashcat for fun and profit
• Statistics Will Crack Your Password
• n0kovo's hashcat rules collection
• Password shucking attack - DEF CON talk (Chick3nman)

• Agilebits 1Password support and Design Flaw?
• Cracking Android passwords, a how-to
• Android Pin/Password Cracking
• CheckPoint Security Gateway (firewall) and Security Management password hashes
• Cracking IKE Mission:Improbable (Part 1)
• Cracking IKE Mission:Improbable (Part 2)
• known_hosts hash cracking with hashcat
• Convert metasploit cachedump files to Hashcat format for cracking
• Colliding password protected MS office 97-2003 documents
• Cracking Netgear default WPA passwords with oclHashcat
• How to Extract OS X Mavericks Password Hash for Cracking With Hashcat
• Colliding password protected PDF documents
• Explaining the PostgreSQL pass-the-hash vulnerability
• Cracking eight different TrueCrypt ciphers for the price of three
• Cracking TrueCrypt: container, non-system, system, hidden (archived on archive.org, current version contains adware)
• How to crack WPA2-Enterprise EAP-MD5 with hashcat

• weakpass cyclone+hashesorg+hashkiller combined wordlist
• Facebook full directory of first and lastnames, 8GB, sorted with counts, latin and non-latin
• n0kovo subdomains - wordlist from Internet-wide list of SSL certs
• Leipzig word corpora
• Google ngrams

• Hashtopolis - multi-rig clustering server software
• Confessions of a crypto cluster operator (EvilMog)
• GPU Based Password Cracking with Amazon EC2 and oclHashcat
• dizcsza/docker-hashcat - hashcat-specific Docker image

• Team Hashcat - team list, event writeups, and tools
• PHDays 2014, "Hashrunner challenge" Writeup - Team Hashcat
• PHDays 2015, "Hashrunner challenge" Writeup - Team Hashcat
• DEFCON 2010, "Crack Me If You Can" Writeup - Team Hashcat
• DEFCON 2011, "Crack Me If You Can" Writeup - Team Hashcat
• DEFCON 2014, "Crack Me If You Can" Writeup - Team Hashcat
• DEFCON 2015, "Crack Me If You Can" Writeup - Team Hashcat

• hashcat-utils - many small utilities useful in advanced password cracking
• hashcat's test.pl - generate hashes from wordlists
• hashgen - quickly generate some common hash types from wordlists
• hcxdumptool and hcxtools - the modern way to capture and process Wi-Fi hashes
• John the Ripper - supports some hash types hashcat does not
• MDXfind - supports multiple iterations of many hash types (CPU only)
• PACK - tools to analyze founds, generate masks that match policy, etc.
• pack2 - split strings on character boundaries, filter by mask, generate stats, unhex HEX
• rling - fast dedupe and sorting of large lists
• RuleProcessorY - apply rules to wordlists - supports multibyte; slower than direct GPU rules
• rurasort - wordlist processing
• slider - get sliding window of substrings from a wordlist

• How not to salt a hash
• Cracking Suite Algorithm Rosetta Stone - which software support which algorithms - WIP
• Troy Hunt: Our password hashing has no clothes
• Passwordscon: Optimizing the Computation of Hash Algorithms as an Attacker
• Avoid "dehashing", "reversing", "decrypting", etc. when talking about password hashes