Hashcat is a password recovery tool. It had a proprietary code base until 2015, but was then released as open source software. Versions are available for Linux, OS X, and Windows.

What is Hashcat


is the quickest password recovery tool. It was designed to break the high complex passwords in a short amount of time. And this tool is also capable of both wordlist and brute force attacks.

Hashcat has two variants. CPU and GPU (Graphical Processing Unit) based. The GPU-based tool can crack the hashes in less time than the CPU. You can check the GPU driver requirements on their official website.

What is a Hash function?

Hashing is the process of converting a normal input text into a fixed-size string of text using some mathematical function which is known as the Hash Function. Any text, regardless of length, can be turned into a random combination of integers and alphabets using an algorithm.

  • Input refers to the message that will be hashed.
  • The hash function is the encryption algorithm like MD5 and SHA-256 that converts a string into a hash value.
  • And finally, the hash value is the result.

Features of Hashcat

  1. It is worlds fastest password cracker.
  2. It is free to use.
  3. Multiple OS (Linux, Windows and macOS).
  4. Multiple Hash (CPU, GPU, APU, etc., everything that comes with an OpenCL runtime).
  5. Supports distributed cracking networks (using overlay).
  6. Supports reading password candidates from file and stdin.
  7. Hex-salt and hex-charset files are supported, along with the automatic performance tuning.

Installation of Hashcat

First, make sure your Linux system is up to date with the newest programs and tools.

For this, open a terminal and type:

 $ sudo apt update && sudo apt upgrade

Hashcat is usually pre-installed in Kali Linux. You can find the tool under the password cracking section. But if you need to install it manually in any Linux distribution, type the following command in the terminal.

$ sudo apt-get install hashcat

Attack types

Hashcat offers multiple attack modes for obtaining effective and complex coverage over a hash’s key space. These modes are:

  • Brute-Force attack
  • Combinator attack
  • Dictionary attack
  • Fingerprint attack
  • Hybrid attack
  • Mask attack
  • Permutation attack
  • Rule-based attack
  • Table-Lookup attack
  • Toggle-Case attack
  • PRINCE attack

Tool usage

To get started with Hashcat, we’ll need some password hashes. If you don’t have a hash to crack, we will create some hashes first.

To create hashes using the command line, just follow the below format.

echo -n "input" | algorithm | tr -d "-">>outputfiename

For example, you can see I turned some words into hashes using the md5 algorithm below:

└─# echo -n "geekflare" | md5sum | tr -d "-">>crackhash.txt
echo -n "password123" | md5sum | tr -d "-">>crackhash.txt
echo -n "Webtechnology" | md5sum | tr -d "-">>crackhash.txt
echo -n "microsoftteams" | md5sum | tr -d "-">>crackhash.txt
echo -n "recyclebin" | md5sum | tr -d "-">>crackhash.txt

And the output will be saved in the crackhash.txt file.

Now we will check the hashes which were saved in the given file.

└─# cat crackhash.txt

You can see, now we have some hashes to crack. This is the procedure to create a hash by using the algorithm of your choice.

The next step is to kick start a Hashcat tool in your Linux machine. Just use the following command to use Hashcat.

The general form of the command is:

$ hashcat -a num -m num hashfile wordlistfile

Here the ‘num’ represents a specific attack and hash mode to use. If you scroll the terminal, you can find the exact numbers for every attack and hash mode, like for md4 – the number is 0, and for sha256 algorithm – the number is 1740.

The wordlist I am going to use is rockyou wordlist. You can easily find that wordlist in the path /usr/share/wordlists.

You can even use the locate command to find that wordlist path.

└─# locate rockyou.txt

And finally, to crack the hashes using the wordlist file, use the following command:

$ hashcat -a 0 -m 0 ./crackhash.txt rockyou.txt

After running this command, you may get a runtime error ( Token length exception error ) which can be resolved easily.


To resolve this, save each hash separately in a different file. This error occurs if you have a low CPU or GPU speed. If your computer has a high-speed processor, you can easily crack all the hashes at the same time as a single file itself.

So after fixing the error and everything, the result will be like this:


In the above result, after the dictionary cache details, you can notice, the hash was cracked, and the password was revealed.






Share your love
Drashta Shukla
Drashta Shukla

I am a Cyber Security student. I am interested in Website-Testing, Hacking, Linux, Networking and Web-Development. Love to learn new things and working on projects.

Articles: 19