Hashcat-legacy is the world’s fastest CPU-based password recovery tool.

While it's not as fast as its unified OpenCL CPU/GPU counterpart hashcat, large lists can be easily split in half with a good dictionary and a bit of knowledge of the command-line switches.

Hashcat, starting with version 2.00, is released as open source software under the MIT license.

Current Version

Last version was 2.00 before it was replaced by hashcat.



Hashcat was written somewhere in the middle of 2009. Yes, there were already close-to-perfect working tools supporting rule-based attacks like “PasswordsPro”, “John The Ripper”. However for some unknown reason, both of them did not support multi-threading. That was the only reason to write Hashcat: To make use of the multiple cores of modern CPUs.

Granted, that was not 100% correct. John the Ripper already supported MPI using a patch, but at that time it worked only for Brute-Force attack. There was no solution available to crack plain MD5 which supports MPI using rule-based attacks.

Hashcat, from its first version, v0.01, was called “atomcrack”. This version was very poor, but at least the MD5 kernel was written in assembler utilizing SSE2 instructions and of course it was multi-threaded. It was a simple dictionary cracker, nothing more. But it was fast. Really fast. Some guys from the scene become interested in it and after one week there were around 10 beta testers. Everything worked fine and so requests for more algorithm types, a rule-engine for mutation of dictionaries, a windows version and different attack modes were added. These developments took around half a year, and were completely non-public.

Then, with version 0.29, “atomcrack” was renamed to “Dr. Hash”. Then with the release of version 0.30 to “hashcat”.

The first official hashcat release was v0.30, released on 24.12.2009.

Starting with hashcat release v0.40, released on 05.08.2012, binaries for Mac OSX were added.