HashCracker is an advanced, multi-threaded password recovery tool written in Python. It is designed to be fast, efficient, and versatile, supporting multiple attack modes (Dictionary, Mask, Hybrid) and over 20 different hashing algorithms including MD5, SHA-series, NTLM, MySQL, and specialized formats like WinZip and Bcrypt.
- Multi-Core Processing: Utilizes Python's
multiprocessingto maximize CPU usage. - Auto-Detection: Automatically identifies common hash types (MD5, SHA1, SHA256, etc.).
- 5 Attack Modes:
- Straight (Dictionary): Standard wordlist attack.
- Combination: Combines words from two different wordlists.
- Mask: Brute-force using specific patterns (e.g., 4 lowercase letters + 2 digits).
- Hybrid: Combines Wordlists with Masks (append or prepend).
- Salt Support: robust support for salted hashes in
hash:saltformat. - Live Statistics: Real-time progress bar showing speed (hashes/sec) and estimated completion.
- Python 3.x
- OS: Linux
- Optional Modules:
bcrypt(for Bcrypt support)
# Clone the repository
git clone https://github.com/ajayyanshu/HashCracker.git
cd HashCracker
# Execution
chmod +x password.py
# Insatll Python3 package
apt install python3
# (Optional) Install bcrypt for Mode 3200 support
pip3 install bcrypt
Basic Syntax
python3 password.py [HASH] [OPTIONS]
| Argument | Description |
|---|---|
| Positional | |
hash |
The target hash or hash:salt string. |
| Configuration | |
-m, --mode |
The Hash Type ID (see list below). Auto-detected if omitted. |
-a, --attack-mode |
Attack mode: 0 (Dict), 1 (Combo), 3 (Mask), 6/7 (Hybrid). |
-t, --threads |
Number of CPU threads to use (Default: 4). |
| Input Sources | |
-d, --wordlist |
Path to the primary wordlist (Required for Modes 0, 1, 6, 7). |
--wordlist2 |
Path to secondary wordlist (Required for Mode 1). |
--mask |
Pattern mask (Required for Modes 3, 6, 7). |
| Info | |
--list |
List all supported hash types and IDs. |
--info |
Show detailed tool information. |
Reads passwords line-by-line from a wordlist.
python3 password.py -m 0 -d rockyou.txt '5d41402abc4b2a76b9719d911017c592'
Brute-forces based on a specific character pattern.
Mask Placeholders:
?l= Lowercase (a-z)?u= Uppercase (A-Z)?d= Digits (0-9)?s= Special (!@#$...)?a= All printable?h/?H= Hex (lower/upper)
Example: Crack a password known to be 4 lowercase letters followed by 2 digits (e.g., "pass12"):
python3 password.py -m 0 -a 3 --mask "?l?l?l?l?d?d" <hash>
Combines words from two files (e.g., names.txt + dates.txt).
python3 password.py -m 0 -a 1 -d words1.txt --wordlist2 words2.txt hash:salt
- Mode 6 (Wordlist + Mask): Appends mask to word (e.g., Password + 123).
- Mode 7 (Mask + Wordlist): Prepends mask to word (e.g., 123 + Password).
# Appends 3 digits to every word in rockyou.txt
python3 password.py -m 0 -a 6 -d words.txt --mask "?d?d?s" hash
Use --list to see the full table of 20+ algorithms.
| ID | Algorithm | Example Format |
|---|---|---|
| 0 | MD5 | 5d4140... |
| 10 | MD5(Pass.Salt) | hash:salt |
| 100 | SHA1 | a9993e... |
| 1000 | NTLM | b4b9b0... |
| 1400 | SHA2-256 | ef797c... |
| 3200 | Bcrypt | $2a$10$... |
| 13600 | WinZip (AES) | $zip2$*... |
Ajay Kumar Security Engineer & Developer 
