Hashcat is one of the most powerful and widely used password-cracking tools in cybersecurity. Here’s a comprehensive overview:
🔍 What Is Hashcat?
Hashcat is a free, open-source password recovery tool designed for ethical hacking, penetration testing, and digital forensics. It’s known for its speed, versatility, and GPU acceleration, making it ideal for cracking password hashes efficiently.
-
Supports over 300 hashing algorithms, including:
- MD5, SHA-1, SHA-256, SHA-512
- NTLM, bcrypt, WPA/WPA2
- Kerberos, LM, and many more
-
Compatible with Windows, Linux, and macOS
-
Can run on CPUs and GPUs (NVIDIA/AMD)
⚔️ Attack Modes
Hashcat offers multiple cracking strategies:
| Mode | Description |
|---|---|
| Brute-force | Tries every possible combination |
| Dictionary | Uses a wordlist of common passwords |
| Rule-based | Applies transformations to dictionary entries (e.g., adding numbers) |
| Mask | Targets passwords with known patterns (e.g., ?l?l?l?d?d) |
| Hybrid | Combines dictionary and mask approaches |
| Combinator | Merges two dictionaries to form password guesses |
🚀 Why Is Hashcat So Fast?
Hashcat leverages GPU acceleration, allowing it to process millions of password attempts per second. This makes it ideal for large-scale password audits or recovery tasks.
🖥️ Example Usage
To crack an NTLM hash using a dictionary:
hashcat -m 1000 -a 0 hash.txt rockyou.txt
-m 1000: NTLM hash mode-a 0: Dictionary attackhash.txt: File containing the hashrockyou.txt: Wordlist file
🧰 Installation
Hashcat doesn’t require installation—just download and extract:
