Hashcat
What is Hashcat?
HashcatAn open-source, GPU-accelerated password-recovery tool that cracks hundreds of hash and authentication algorithms using dictionary, rule, mask, and hybrid attacks.
Hashcat is the most widely used password-recovery tool, written by Jens Steube (atom) and developed as an open-source project. It runs on CPUs and GPUs via OpenCL/CUDA, supports more than 300 hash modes (NTLM, bcrypt, scrypt, Kerberos AS-REP, WPA2, KeePass, etc.), and offers wordlist, rule-based, brute-force, mask, hybrid, and association attacks. Penetration testers and red teams use it to crack stolen hashes during engagements, while defenders use it to audit password strength, validate KDF parameters, and benchmark detection of offline cracking attempts. Cracking hashes obtained without authorization or relating to third-party users may violate computer-misuse and privacy laws.
● Examples
- 01
Running hashcat -m 1000 against extracted NTLM hashes with a rockyou+rules wordlist.
- 02
Auditing internal password policy by replaying captured corporate hashes in a sandboxed cracking rig.
● Frequently asked questions
What is Hashcat?
An open-source, GPU-accelerated password-recovery tool that cracks hundreds of hash and authentication algorithms using dictionary, rule, mask, and hybrid attacks. It belongs to the Defense & Operations category of cybersecurity.
What does Hashcat mean?
An open-source, GPU-accelerated password-recovery tool that cracks hundreds of hash and authentication algorithms using dictionary, rule, mask, and hybrid attacks.
How do you defend against Hashcat?
Defences for Hashcat typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Hashcat?
Common alternative names include: oclHashcat.