Hashcat 🐈‍⬛

Good blog:
https://medium.com/@1200km/breaking-the-code-how-to-use-hashcat-for-effective-password-cracking-15f8da8facb8

Crack NTLM Hashes:

-a 3 to specify Brute force attack mode.

hashat -a3 -m 3000 hashes.txt /usr/share/wordlists/rockyou.txt

Crack Linux shadow hashes:

-a0 to specify dictionary attack mode:

hashcat -a0 -m 1800 hash.txt /usr/share/wordlists/metasploit/unix_passwords.txt

1. Attack Mode (`-a`):

Usage: -a <attack-mode>
Description: Sets the attack mode. Common modes include 0 for straight (dictionary attack), 3 for brute force, and 1 for combination.
Example:
Full list is here

hashcat -a 3 -m 0 hashes.txt ?a?a?a?a?a?a

-a 0: Straight (Dictionary attack)

Description: This mode uses a list of known words (dictionary) to attempt to crack passwords. It’s the simplest form of password recovery and relies on trying words directly from the wordlist without any modifications.
Common Use: Effective against passwords that are common words or straightforward combinations of dictionary words.
More about dictionary brute force attacks here

-a 1: Combination attack

Description: This attack combines words from two separate wordlists to form passwords. It concatenates words from the first list with words from the second, essentially multiplying the potential guesses based on the contents of both lists.
Common Use: Useful when passwords are expected to be compound words or when two common words are combined as a single password.

-a 3: Brute-force attack

Description: In this mode, Hashcat tries all possible combinations of characters until the password is found. This method is comprehensive but can be time-consuming, especially for long passwords with a wide range of possible characters.
Common Use: Employed when there is no clue about the potential password, ensuring that all possible combinations are tested.
More about brute force attacks here

-a 6: Hybrid Wordlist + Mask

Description: This mode appends or prepends characters to words from a specified wordlist according to a mask. A mask defines a pattern of characters to add to the words, allowing for customized alterations like adding numbers or symbols at the beginning or end of dictionary words.
Common Use: Ideal for scenarios where passwords are known to follow common structures, such as a word followed by numbers (e.g., password2023).

-a 7: Hybrid Mask + Wordlist

Description: Similar to mode 6 but reverses the order; it starts with the mask and then appends or prepends words from the wordlist. This approach allows for prefixing words with characters specified by the mask.
Common Use: Useful when passwords are likely structured with a prefix followed by a common word (e.g., 123password).

2. Show (`--show`):

Usage: --show
Description: Displays the cracked passwords from a result file without retesting the hashes.
Example:

hashcat -m 1000 --show hashes.txt

- Hash modes -

To specify a hash use -m:
-m <hash_number>

| Name | Category

900 | MD4 | Raw Hash
0 | MD5 | Raw Hash
100 | SHA1 | Raw Hash
1300 | SHA2-224 | Raw Hash
1400 | SHA2-256 | Raw Hash
10800 | SHA2-384 | Raw Hash
1700 | SHA2-512 | Raw Hash
17300 | SHA3-224 | Raw Hash
17400 | SHA3-256 | Raw Hash
17500 | SHA3-384 | Raw Hash
17600 | SHA3-512 | Raw Hash
6000 | RIPEMD-160 | Raw Hash
600 | BLAKE2b-512 | Raw Hash
11700 | GOST R 34.11-2012 (Streebog) 256-bit, big-endian | Raw Hash
11800 | GOST R 34.11-2012 (Streebog) 512-bit, big-endian | Raw Hash
6900 | GOST R 34.11-94 | Raw Hash
17010 | GPG (AES-128/AES-256 (SHA-1( $p a s s))) | R a w H a s h 5100 | H a l f M D 5 | R a w H a s h 17700 | K e c c a k - 224 | R a w H a s h 17800 | K e c c a k - 256 | R a w H a s h 17900 | K e c c a k - 384 | R a w H a s h 18000 | K e c c a k - 512 | R a w H a s h 6100 | W h i r l p o o l | R a w H a s h 10100 | S i p H a s h | R a w H a s h 70 | m d 5 (u t f 16 l e ($ pass)) | Raw Hash
170 | sha1(utf16le( $p a s s)) | R a w H a s h 1470 | s h a 256 (u t f 16 l e ($ pass)) | Raw Hash
10870 | sha384(utf16le( $p a s s)) | R a w H a s h 1770 | s h a 512 (u t f 16 l e ($ pass)) | Raw Hash
610 | BLAKE2b-512( $p a s s .$ salt) | Raw Hash salted and/or iterated
620 | BLAKE2b-512( $s a l t .$ pass) | Raw Hash salted and/or iterated
10 | md5( $p a s s .$ salt) | Raw Hash salted and/or iterated
20 | md5( $s a l t .$ pass) | Raw Hash salted and/or iterated
3800 | md5( $s a l t .$ pass. $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 3710 | m d 5 ($ salt.md5( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 4110 | m d 5 ($ salt.md5( $p a s s .$ salt)) | Raw Hash salted and/or iterated
4010 | md5( $s a l t . m d 5 ($ salt. $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 21300 | m d 5 ($ salt.sha1( $s a l t .$ pass)) | Raw Hash salted and/or iterated
40 | md5( $s a l t . u t f 16 l e ($ pass)) | Raw Hash salted and/or iterated
2600 | md5(md5( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 3910 | m d 5 (m d 5 ($ pass).md5( $s a l t)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 3500 | m d 5 (m d 5 (m d 5 ($ pass))) | Raw Hash salted and/or iterated
4400 | md5(sha1( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 4410 | m d 5 (s h a 1 ($ pass). $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 20900 | m d 5 (s h a 1 ($ pass).md5( $p a s s) . s h a 1 ($ pass)) | Raw Hash salted and/or iterated
21200 | md5(sha1( $s a l t) . m d 5 ($ pass)) | Raw Hash salted and/or iterated
4300 | md5(strtoupper(md5( $p a s s))) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 30 | m d 5 (u t f 16 l e ($ pass). $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 110 | s h a 1 ($ pass. $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 120 | s h a 1 ($ salt. $p a s s) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 4900 | s h a 1 ($ salt. $p a s s .$ salt) | Raw Hash salted and/or iterated
4520 | sha1( $s a l t . s h a 1 ($ pass)) | Raw Hash salted and/or iterated
24300 | sha1( $s a l t . s h a 1 ($ pass. $s a l t)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 140 | s h a 1 ($ salt.utf16le( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 19300 | s h a 1 ($ salt1. $p a s s .$ salt2) | Raw Hash salted and/or iterated
14400 | sha1(CX) | Raw Hash salted and/or iterated
4700 | sha1(md5( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 4710 | s h a 1 (m d 5 ($ pass). $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 21100 | s h a 1 (m d 5 ($ pass. $s a l t)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 18500 | s h a 1 (m d 5 (m d 5 ($ pass))) | Raw Hash salted and/or iterated
4500 | sha1(sha1( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 4510 | s h a 1 (s h a 1 ($ pass). $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 5000 | s h a 1 (s h a 1 ($ salt. $p a s s .$ salt)) | Raw Hash salted and/or iterated
130 | sha1(utf16le( $p a s s) .$ salt) | Raw Hash salted and/or iterated
1410 | sha256( $p a s s .$ salt) | Raw Hash salted and/or iterated
1420 | sha256( $s a l t .$ pass) | Raw Hash salted and/or iterated
22300 | sha256( $s a l t .$ pass. $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 20720 | s h a 256 ($ salt.sha256( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 21420 | s h a 256 ($ salt.sha256_bin( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 1440 | s h a 256 ($ salt.utf16le( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 20800 | s h a 256 (m d 5 ($ pass)) | Raw Hash salted and/or iterated
20710 | sha256(sha256( $p a s s) .$ salt) | Raw Hash salted and/or iterated
21400 | sha256(sha256_bin( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 1430 | s h a 256 (u t f 16 l e ($ pass). $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 10810 | s h a 384 ($ pass. $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 10820 | s h a 384 ($ salt. $p a s s) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 10840 | s h a 384 ($ salt.utf16le( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 10830 | s h a 384 (u t f 16 l e ($ pass). $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 1710 | s h a 512 ($ pass. $s a l t) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 1720 | s h a 512 ($ salt. $p a s s) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 1740 | s h a 512 ($ salt.utf16le( $p a s s)) | R a w H a s h s a l t e d a n d / o r i t e r a t e d 1730 | s h a 512 (u t f 16 l e ($ pass).$salt) | Raw Hash salted and/or iterated
50 | HMAC-MD5 (key = $pass) | Raw Hash authenticated
60 | HMAC-MD5 (key = $salt) | Raw Hash authenticated
150 | HMAC-SHA1 (key = $pass) | Raw Hash authenticated
160 | HMAC-SHA1 (key = $salt) | Raw Hash authenticated
1450 | HMAC-SHA256 (key = $pass) | Raw Hash authenticated
1460 | HMAC-SHA256 (key = $salt) | Raw Hash authenticated
1750 | HMAC-SHA512 (key = $pass) | Raw Hash authenticated
1760 | HMAC-SHA512 (key = $salt) | Raw Hash authenticated
11750 | HMAC-Streebog-256 (key = $pass), big-endian | Raw Hash authenticated
11760 | HMAC-Streebog-256 (key = $salt), big-endian | Raw Hash authenticated
11850 | HMAC-Streebog-512 (key = $pass), big-endian | Raw Hash authenticated
11860 | HMAC-Streebog-512 (key = $salt), big-endian | Raw Hash authenticated
28700 | Amazon AWS4-HMAC-SHA256 | Raw Hash authenticated
11500 | CRC32 | Raw Checksum
27900 | CRC32C | Raw Checksum
28000 | CRC64Jones | Raw Checksum
18700 | Java Object hashCode() | Raw Checksum
25700 | MurmurHash | Raw Checksum
27800 | MurmurHash3 | Raw Checksum
14100 | 3DES (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
14000 | DES (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
26401 | AES-128-ECB NOKDF (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
26402 | AES-192-ECB NOKDF (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
26403 | AES-256-ECB NOKDF (PT = $salt, key = $pass) | Raw Cipher, Known-plaintext attack
15400 | ChaCha20 | Raw Cipher, Known-plaintext attack
14500 | Linux Kernel Crypto API (2.4) | Raw Cipher, Known-plaintext attack
14900 | Skip32 (PT = $salt, key = $p a s s) | R a w C i p h e r, K n o w n - p l a i n t e x t a t t a c k 11900 | P B K D F 2 - H M A C - M D 5 | G e n e r i c K D F 12000 | P B K D F 2 - H M A C - S H A 1 | G e n e r i c K D F 10900 | P B K D F 2 - H M A C - S H A 256 | G e n e r i c K D F 12100 | P B K D F 2 - H M A C - S H A 512 | G e n e r i c K D F 8900 | s c r y p t | G e n e r i c K D F 400 | p h p a s s | G e n e r i c K D F 16100 | T A C A C S + | N e t w o r k P r o t o c o l 11400 | S I P d i g e s t a u t h e n t i c a t i o n (M D 5) | N e t w o r k P r o t o c o l 5300 | I K E - P S K M D 5 | N e t w o r k P r o t o c o l 5400 | I K E - P S K S H A 1 | N e t w o r k P r o t o c o l 25100 | S N M P v 3 H M A C - M D 5 - 96 | N e t w o r k P r o t o c o l 25000 | S N M P v 3 H M A C - M D 5 - 96 / H M A C - S H A 1 - 96 | N e t w o r k P r o t o c o l 25200 | S N M P v 3 H M A C - S H A 1 - 96 | N e t w o r k P r o t o c o l 26700 | S N M P v 3 H M A C - S H A 224 - 128 | N e t w o r k P r o t o c o l 26800 | S N M P v 3 H M A C - S H A 256 - 192 | N e t w o r k P r o t o c o l 26900 | S N M P v 3 H M A C - S H A 384 - 256 | N e t w o r k P r o t o c o l 27300 | S N M P v 3 H M A C - S H A 512 - 384 | N e t w o r k P r o t o c o l 2500 | W P A - E A P O L - P B K D F 2 | N e t w o r k P r o t o c o l 2501 | W P A - E A P O L - P M K | N e t w o r k P r o t o c o l 22000 | W P A - P B K D F 2 - P M K I D + E A P O L | N e t w o r k P r o t o c o l 22001 | W P A - P M K - P M K I D + E A P O L | N e t w o r k P r o t o c o l 16800 | W P A - P M K I D - P B K D F 2 | N e t w o r k P r o t o c o l 16801 | W P A - P M K I D - P M K | N e t w o r k P r o t o c o l 7300 | I P M I 2 R A K P H M A C - S H A 1 | N e t w o r k P r o t o c o l 10200 | C R A M - M D 5 | N e t w o r k P r o t o c o l 16500 | J W T (J S O N W e b T o k e n) | N e t w o r k P r o t o c o l 29200 | R a d m i n 3 | N e t w o r k P r o t o c o l 19600 | K e r b e r o s 5, e t y p e 17, T G S - R E P | N e t w o r k P r o t o c o l 19800 | K e r b e r o s 5, e t y p e 17, P r e - A u t h | N e t w o r k P r o t o c o l 28800 | K e r b e r o s 5, e t y p e 17, D B | N e t w o r k P r o t o c o l 19700 | K e r b e r o s 5, e t y p e 18, T G S - R E P | N e t w o r k P r o t o c o l 19900 | K e r b e r o s 5, e t y p e 18, P r e - A u t h | N e t w o r k P r o t o c o l 28900 | K e r b e r o s 5, e t y p e 18, D B | N e t w o r k P r o t o c o l 7500 | K e r b e r o s 5, e t y p e 23, A S - R E Q P r e - A u t h | N e t w o r k P r o t o c o l 13100 | K e r b e r o s 5, e t y p e 23, T G S - R E P | N e t w o r k P r o t o c o l 18200 | K e r b e r o s 5, e t y p e 23, A S - R E P | N e t w o r k P r o t o c o l 5500 | N e t N T L M v 1 / N e t N T L M v 1 + E S S | N e t w o r k P r o t o c o l 27000 | N e t N T L M v 1 / N e t N T L M v 1 + E S S (N T) | N e t w o r k P r o t o c o l 5600 | N e t N T L M v 2 | N e t w o r k P r o t o c o l 27100 | N e t N T L M v 2 (N T) | N e t w o r k P r o t o c o l 29100 | F l a s k S e s s i o n C o o k i e ($ salt. $s a l t .$ pass) | Network Protocol
4800 | iSCSI CHAP authentication, MD5(CHAP) | Network Protocol
8500 | RACF | Operating System
6300 | AIX {smd5} | Operating System
6700 | AIX {ssha1} | Operating System
6400 | AIX {ssha256} | Operating System
6500 | AIX {ssha512} | Operating System
3000 | LM | Operating System
19000 | QNX /etc/shadow (MD5) | Operating System
19100 | QNX /etc/shadow (SHA256) | Operating System
19200 | QNX /etc/shadow (SHA512) | Operating System
15300 | DPAPI masterkey file v1 (context 1 and 2) | Operating System
15310 | DPAPI masterkey file v1 (context 3) | Operating System
15900 | DPAPI masterkey file v2 (context 1 and 2) | Operating System
15910 | DPAPI masterkey file v2 (context 3) | Operating System
7200 | GRUB 2 | Operating System
12800 | MS-AzureSync PBKDF2-HMAC-SHA256 | Operating System
12400 | BSDi Crypt, Extended DES | Operating System
1000 | NTLM | Operating System
9900 | Radmin2 | Operating System
5800 | Samsung Android Password/PIN | Operating System
28100 | Windows Hello PIN/Password | Operating System
13800 | Windows Phone 8+ PIN/password | Operating System
2410 | Cisco-ASA MD5 | Operating System
9200 | Cisco-IOS $8$ (PBKDF2-SHA256) | Operating System
9300 | Cisco-IOS $9$ (scrypt) | Operating System
5700 | Cisco-IOS type 4 (SHA256) | Operating System
2400 | Cisco-PIX MD5 | Operating System
8100 | Citrix NetScaler (SHA1) | Operating System
22200 | Citrix NetScaler (SHA512) | Operating System
1100 | Domain Cached Credentials (DCC), MS Cache | Operating System
2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2 | Operating System
7000 | FortiGate (FortiOS) | Operating System
26300 | FortiGate256 (FortiOS256) | Operating System
125 | ArubaOS | Operating System
501 | Juniper IVE | Operating System
22 | Juniper NetScreen/SSG (ScreenOS) | Operating System
15100 | Juniper/NetBSD sha1crypt | Operating System
26500 | iPhone passcode (UID key + System Keybag) | Operating System
122 | macOS v10.4, macOS v10.5, macOS v10.6 | Operating System
1722 | macOS v10.7 | Operating System
7100 | macOS v10.8+ (PBKDF2-SHA512) | Operating System
3200 | bcrypt $2 *$ , Blowfish (Unix) | Operating System
500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) | Operating System
1500 | descrypt, DES (Unix), Traditional DES | Operating System
29000 | sha1( $s a l t . s h a 1 (u t f 16 l e ($ username).':'.utf16le($pass))) | Operating System
7400 | sha256crypt $5$ , SHA256 (Unix) | Operating System
1800 | sha512crypt $6$ , SHA512 (Unix) | Operating System
24600 | SQLCipher | Database Server
131 | MSSQL (2000) | Database Server
132 | MSSQL (2005) | Database Server
1731 | MSSQL (2012, 2014) | Database Server
24100 | MongoDB ServerKey SCRAM-SHA-1 | Database Server
24200 | MongoDB ServerKey SCRAM-SHA-256 | Database Server
12 | PostgreSQL | Database Server
11100 | PostgreSQL CRAM (MD5) | Database Server
28600 | PostgreSQL SCRAM-SHA-256 | Database Server
3100 | Oracle H: Type (Oracle 7+) | Database Server
112 | Oracle S: Type (Oracle 11+) | Database Server
12300 | Oracle T: Type (Oracle 12+) | Database Server
7401 | MySQL $A$ (sha256crypt) | Database Server
11200 | MySQL CRAM (SHA1) | Database Server
200 | MySQL323 | Database Server
300 | MySQL4.1/MySQL5 | Database Server
8000 | Sybase ASE | Database Server
8300 | DNSSEC (NSEC3) | FTP, HTTP, SMTP, LDAP Server
25900 | KNX IP Secure - Device Authentication Code | FTP, HTTP, SMTP, LDAP Server
16400 | CRAM-MD5 Dovecot | FTP, HTTP, SMTP, LDAP Server
1411 | SSHA-256(Base64), LDAP {SSHA256} | FTP, HTTP, SMTP, LDAP Server
1711 | SSHA-512(Base64), LDAP {SSHA512} | FTP, HTTP, SMTP, LDAP Server
24900 | Dahua Authentication MD5 | FTP, HTTP, SMTP, LDAP Server
10901 | RedHat 389-DS LDAP (PBKDF2-HMAC-SHA256) | FTP, HTTP, SMTP, LDAP Server
15000 | FileZilla Server >= 0.9.55 | FTP, HTTP, SMTP, LDAP Server
12600 | ColdFusion 10+ | FTP, HTTP, SMTP, LDAP Server
1600 | Apache $a p r 1$ MD5, md5apr1, MD5 (APR) | FTP, HTTP, SMTP, LDAP Server
141 | Episerver 6.x < .NET 4 | FTP, HTTP, SMTP, LDAP Server
1441 | Episerver 6.x >= .NET 4 | FTP, HTTP, SMTP, LDAP Server
1421 | hMailServer | FTP, HTTP, SMTP, LDAP Server
101 | nsldap, SHA-1(Base64), Netscape LDAP SHA | FTP, HTTP, SMTP, LDAP Server
111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA | FTP, HTTP, SMTP, LDAP Server
7700 | SAP CODVN B (BCODE) | Enterprise Application Software (EAS)
7701 | SAP CODVN B (BCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS)
7800 | SAP CODVN F/G (PASSCODE) | Enterprise Application Software (EAS)
7801 | SAP CODVN F/G (PASSCODE) from RFC_READ_TABLE | Enterprise Application Software (EAS)
10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1 | Enterprise Application Software (EAS)
133 | PeopleSoft | Enterprise Application Software (EAS)
13500 | PeopleSoft PS_TOKEN | Enterprise Application Software (EAS)
21500 | SolarWinds Orion | Enterprise Application Software (EAS)
21501 | SolarWinds Orion v2 | Enterprise Application Software (EAS)
24 | SolarWinds Serv-U | Enterprise Application Software (EAS)
8600 | Lotus Notes/Domino 5 | Enterprise Application Software (EAS)
8700 | Lotus Notes/Domino 6 | Enterprise Application Software (EAS)
9100 | Lotus Notes/Domino 8 | Enterprise Application Software (EAS)
26200 | OpenEdge Progress Encode | Enterprise Application Software (EAS)
20600 | Oracle Transportation Management (SHA256) | Enterprise Application Software (EAS)
4711 | Huawei sha1(md5( $p a s s) .$ salt) | Enterprise Application Software (EAS)
20711 | AuthMe sha256 | Enterprise Application Software (EAS)
22400 | AES Crypt (SHA256) | Full-Disk Encryption (FDE)
27400 | VMware VMX (PBKDF2-HMAC-SHA1 + AES-256-CBC) | Full-Disk Encryption (FDE)
14600 | LUKS v1 (legacy) | Full-Disk Encryption (FDE)
29541 | LUKS v1 RIPEMD-160 + AES | Full-Disk Encryption (FDE)
29542 | LUKS v1 RIPEMD-160 + Serpent | Full-Disk Encryption (FDE)
29543 | LUKS v1 RIPEMD-160 + Twofish | Full-Disk Encryption (FDE)
29511 | LUKS v1 SHA-1 + AES | Full-Disk Encryption (FDE)
29512 | LUKS v1 SHA-1 + Serpent | Full-Disk Encryption (FDE)
29513 | LUKS v1 SHA-1 + Twofish | Full-Disk Encryption (FDE)
29521 | LUKS v1 SHA-256 + AES | Full-Disk Encryption (FDE)
29522 | LUKS v1 SHA-256 + Serpent | Full-Disk Encryption (FDE)
29523 | LUKS v1 SHA-256 + Twofish | Full-Disk Encryption (FDE)
29531 | LUKS v1 SHA-512 + AES | Full-Disk Encryption (FDE)
29532 | LUKS v1 SHA-512 + Serpent | Full-Disk Encryption (FDE)
29533 | LUKS v1 SHA-512 + Twofish | Full-Disk Encryption (FDE)
13711 | VeraCrypt RIPEMD160 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13712 | VeraCrypt RIPEMD160 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13713 | VeraCrypt RIPEMD160 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
13741 | VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13742 | VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13743 | VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29411 | VeraCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE)
29412 | VeraCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE)
29413 | VeraCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE)
29441 | VeraCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29442 | VeraCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29443 | VeraCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13751 | VeraCrypt SHA256 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13752 | VeraCrypt SHA256 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13753 | VeraCrypt SHA256 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
13761 | VeraCrypt SHA256 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13762 | VeraCrypt SHA256 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13763 | VeraCrypt SHA256 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29451 | VeraCrypt SHA256 + XTS 512 bit | Full-Disk Encryption (FDE)
29452 | VeraCrypt SHA256 + XTS 1024 bit | Full-Disk Encryption (FDE)
29453 | VeraCrypt SHA256 + XTS 1536 bit | Full-Disk Encryption (FDE)
29461 | VeraCrypt SHA256 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29462 | VeraCrypt SHA256 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29463 | VeraCrypt SHA256 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13721 | VeraCrypt SHA512 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13722 | VeraCrypt SHA512 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13723 | VeraCrypt SHA512 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29421 | VeraCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
29422 | VeraCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
29423 | VeraCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
13771 | VeraCrypt Streebog-512 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13772 | VeraCrypt Streebog-512 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13773 | VeraCrypt Streebog-512 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
13781 | VeraCrypt Streebog-512 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13782 | VeraCrypt Streebog-512 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
13783 | VeraCrypt Streebog-512 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29471 | VeraCrypt Streebog-512 + XTS 512 bit | Full-Disk Encryption (FDE)
29472 | VeraCrypt Streebog-512 + XTS 1024 bit | Full-Disk Encryption (FDE)
29473 | VeraCrypt Streebog-512 + XTS 1536 bit | Full-Disk Encryption (FDE)
29481 | VeraCrypt Streebog-512 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29482 | VeraCrypt Streebog-512 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29483 | VeraCrypt Streebog-512 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
13731 | VeraCrypt Whirlpool + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
13732 | VeraCrypt Whirlpool + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
13733 | VeraCrypt Whirlpool + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29431 | VeraCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE)
29432 | VeraCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE)
29433 | VeraCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE)
23900 | BestCrypt v3 Volume Encryption | Full-Disk Encryption (FDE)
16700 | FileVault 2 | Full-Disk Encryption (FDE)
27500 | VirtualBox (PBKDF2-HMAC-SHA256 & AES-128-XTS) | Full-Disk Encryption (FDE)
27600 | VirtualBox (PBKDF2-HMAC-SHA256 & AES-256-XTS) | Full-Disk Encryption (FDE)
20011 | DiskCryptor SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
20012 | DiskCryptor SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
20013 | DiskCryptor SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
22100 | BitLocker | Full-Disk Encryption (FDE)
12900 | Android FDE (Samsung DEK) | Full-Disk Encryption (FDE)
8800 | Android FDE <= 4.3 | Full-Disk Encryption (FDE)
18300 | Apple File System (APFS) | Full-Disk Encryption (FDE)
6211 | TrueCrypt RIPEMD160 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
6212 | TrueCrypt RIPEMD160 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
6213 | TrueCrypt RIPEMD160 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
6241 | TrueCrypt RIPEMD160 + XTS 512 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
6242 | TrueCrypt RIPEMD160 + XTS 1024 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
6243 | TrueCrypt RIPEMD160 + XTS 1536 bit + boot-mode (legacy) | Full-Disk Encryption (FDE)
29311 | TrueCrypt RIPEMD160 + XTS 512 bit | Full-Disk Encryption (FDE)
29312 | TrueCrypt RIPEMD160 + XTS 1024 bit | Full-Disk Encryption (FDE)
29313 | TrueCrypt RIPEMD160 + XTS 1536 bit | Full-Disk Encryption (FDE)
29341 | TrueCrypt RIPEMD160 + XTS 512 bit + boot-mode | Full-Disk Encryption (FDE)
29342 | TrueCrypt RIPEMD160 + XTS 1024 bit + boot-mode | Full-Disk Encryption (FDE)
29343 | TrueCrypt RIPEMD160 + XTS 1536 bit + boot-mode | Full-Disk Encryption (FDE)
6221 | TrueCrypt SHA512 + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
6222 | TrueCrypt SHA512 + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
6223 | TrueCrypt SHA512 + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29321 | TrueCrypt SHA512 + XTS 512 bit | Full-Disk Encryption (FDE)
29322 | TrueCrypt SHA512 + XTS 1024 bit | Full-Disk Encryption (FDE)
29323 | TrueCrypt SHA512 + XTS 1536 bit | Full-Disk Encryption (FDE)
6231 | TrueCrypt Whirlpool + XTS 512 bit (legacy) | Full-Disk Encryption (FDE)
6232 | TrueCrypt Whirlpool + XTS 1024 bit (legacy) | Full-Disk Encryption (FDE)
6233 | TrueCrypt Whirlpool + XTS 1536 bit (legacy) | Full-Disk Encryption (FDE)
29331 | TrueCrypt Whirlpool + XTS 512 bit | Full-Disk Encryption (FDE)
29332 | TrueCrypt Whirlpool + XTS 1024 bit | Full-Disk Encryption (FDE)
29333 | TrueCrypt Whirlpool + XTS 1536 bit | Full-Disk Encryption (FDE)
12200 | eCryptfs | Full-Disk Encryption (FDE)
10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4) | Document
10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 | Document
10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 | Document
10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8) | Document
25400 | PDF 1.4 - 1.6 (Acrobat 5 - 8) - user and owner pass | Document
10600 | PDF 1.7 Level 3 (Acrobat 9) | Document
10700 | PDF 1.7 Level 8 (Acrobat 10 - 11) | Document
9400 | MS Office 2007 | Document
9500 | MS Office 2010 | Document
9600 | MS Office 2013 | Document
25300 | MS Office 2016 - SheetProtection | Document
9700 | MS Office <= 2003 $0/$1, MD5 + RC4 | Document
9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 | Document
9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 | Document
9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1 | Document
9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2 | Document
9800 | MS Office <= 2003 $3/ $4, S H A 1 + R C 4 | D o c u m e n t 18400 | O p e n D o c u m e n t F o r m a t (O D F) 1.2 (S H A - 256, A E S) | D o c u m e n t 18600 | O p e n D o c u m e n t F o r m a t (O D F) 1.1 (S H A - 1, B l o w f i s h) | D o c u m e n t 16200 | A p p l e S e c u r e N o t e s | D o c u m e n t 23300 | A p p l e i W o r k | D o c u m e n t 6600 | 1 P a s s w o r d, a g i l e k e y c h a i n | P a s s w o r d M a n a g e r 8200 | 1 P a s s w o r d, c l o u d k e y c h a i n | P a s s w o r d M a n a g e r 9000 | P a s s w o r d S a f e v 2 | P a s s w o r d M a n a g e r 5200 | P a s s w o r d S a f e v 3 | P a s s w o r d M a n a g e r 6800 | L a s t P a s s + L a s t P a s s s n i f f e d | P a s s w o r d M a n a g e r 13400 | K e e P a s s 1 (A E S / T w o f i s h) a n d K e e P a s s 2 (A E S) | P a s s w o r d M a n a g e r 29700 | K e e P a s s 1 (A E S / T w o f i s h) a n d K e e P a s s 2 (A E S) - k e y f i l e o n l y m o d e | P a s s w o r d M a n a g e r 23400 | B i t w a r d e n | P a s s w o r d M a n a g e r 16900 | A n s i b l e V a u l t | P a s s w o r d M a n a g e r 26000 | M o z i l l a k e y 3. d b | P a s s w o r d M a n a g e r 26100 | M o z i l l a k e y 4. d b | P a s s w o r d M a n a g e r 23100 | A p p l e K e y c h a i n | P a s s w o r d M a n a g e r 11600 | 7 - Z i p | A r c h i v e 12500 | R A R 3 - h p | A r c h i v e 23700 | R A R 3 - p (U n c o m p r e s s e d) | A r c h i v e 13000 | R A R 5 | A r c h i v e 17220 | P K Z I P (C o m p r e s s e d M u l t i - F i l e) | A r c h i v e 17200 | P K Z I P (C o m p r e s s e d) | A r c h i v e 17225 | P K Z I P (M i x e d M u l t i - F i l e) | A r c h i v e 17230 | P K Z I P (M i x e d M u l t i - F i l e C h e c k s u m - O n l y) | A r c h i v e 17210 | P K Z I P (U n c o m p r e s s e d) | A r c h i v e 20500 | P K Z I P M a s t e r K e y | A r c h i v e 20510 | P K Z I P M a s t e r K e y (6 b y t e o p t i m i z a t i o n) | A r c h i v e 23001 | S e c u r e Z I P A E S - 128 | A r c h i v e 23002 | S e c u r e Z I P A E S - 192 | A r c h i v e 23003 | S e c u r e Z I P A E S - 256 | A r c h i v e 13600 | W i n Z i p | A r c h i v e 18900 | A n d r o i d B a c k u p | A r c h i v e 24700 | S t u f f i t 5 | A r c h i v e 13200 | A x C r y p t 1 | A r c h i v e 13300 | A x C r y p t 1 i n - m e m o r y S H A 1 | A r c h i v e 23500 | A x C r y p t 2 A E S - 128 | A r c h i v e 23600 | A x C r y p t 2 A E S - 256 | A r c h i v e 14700 | i T u n e s b a c k u p < 10.0 | A r c h i v e 14800 | i T u n e s b a c k u p >= 10.0 | A r c h i v e 8400 | W B B 3 (W o l t l a b B u r n i n g B o a r d) | F o r u m s, C M S, E - C o m m e r c e 2612 | P H P S | F o r u m s, C M S, E - C o m m e r c e 121 | S M F (S i m p l e M a c h i n e s F o r u m) > v 1.1 | F o r u m s, C M S, E - C o m m e r c e 3711 | M e d i a W i k i B t y p e | F o r u m s, C M S, E - C o m m e r c e 4521 | R e d m i n e | F o r u m s, C M S, E - C o m m e r c e 24800 | U m b r a c o H M A C - S H A 1 | F o r u m s, C M S, E - C o m m e r c e 11 | J o o m l a < 2.5 .18 | F o r u m s, C M S, E - C o m m e r c e 13900 | O p e n C a r t | F o r u m s, C M S, E - C o m m e r c e 11000 | P r e s t a S h o p | F o r u m s, C M S, E - C o m m e r c e 16000 | T r i p c o d e | F o r u m s, C M S, E - C o m m e r c e 7900 | D r u p a l 7 | F o r u m s, C M S, E - C o m m e r c e 4522 | P u n B B | F o r u m s, C M S, E - C o m m e r c e 2811 | M y B B 1.2 +, I P B 2 + (I n v i s i o n P o w e r B o a r d) | F o r u m s, C M S, E - C o m m e r c e 2611 | v B u l l e t i n < v 3.8 .5 | F o r u m s, C M S, E - C o m m e r c e 2711 | v B u l l e t i n >= v 3.8 .5 | F o r u m s, C M S, E - C o m m e r c e 25600 | b c r y p t (m d 5 ($ pass)) / bcryptmd5 | Forums, CMS, E-Commerce
25800 | bcrypt(sha1( $p a s s)) / b c r y p t s h a 1 | F o r u m s, C M S, E - C o m m e r c e 28400 | b c r y p t (s h a 512 ($ pass)) / bcryptsha512 | Forums, CMS, E-Commerce
21 | osCommerce, xt:Commerce | Forums, CMS, E-Commerce
18100 | TOTP (HMAC-SHA1) | One-Time Password
2000 | STDOUT | Plaintext
99999 | Plaintext | Plaintext
21600 | Web2py pbkdf2-sha512 | Framework
10000 | Django (PBKDF2-SHA256) | Framework
124 | Django (SHA-1) | Framework
12001 | Atlassian (PBKDF2-HMAC-SHA1) | Framework
19500 | Ruby on Rails Restful-Authentication | Framework
27200 | Ruby on Rails Restful Auth (one round, no sitekey) | Framework
30000 | Python Werkzeug MD5 (HMAC-MD5 (key = $salt)) | Framework
30120 | Python Werkzeug SHA256 (HMAC-SHA256 (key = $salt)) | Framework
20200 | Python passlib pbkdf2-sha512 | Framework
20300 | Python passlib pbkdf2-sha256 | Framework
20400 | Python passlib pbkdf2-sha1 | Framework
24410 | PKCS#8 Private Keys (PBKDF2-HMAC-SHA1 + 3DES/AES) | Private Key
24420 | PKCS#8 Private Keys (PBKDF2-HMAC-SHA256 + 3DES/AES) | Private Key
15500 | JKS Java Key Store Private Keys (SHA1) | Private Key
22911 | RSA/DSA/EC/OpenSSH Private Keys ( $0$ ) | Private Key
22921 | RSA/DSA/EC/OpenSSH Private Keys ( $6$ ) | Private Key
22931 | RSA/DSA/EC/OpenSSH Private Keys ($1, $3$ ) | Private Key
22941 | RSA/DSA/EC/OpenSSH Private Keys ( $4$ ) | Private Key
22951 | RSA/DSA/EC/OpenSSH Private Keys ( $5$ ) | Private Key
23200 | XMPP SCRAM PBKDF2-SHA1 | Instant Messaging Service
28300 | Teamspeak 3 (channel hash) | Instant Messaging Service
22600 | Telegram Desktop < v2.1.14 (PBKDF2-HMAC-SHA1) | Instant Messaging Service
24500 | Telegram Desktop >= v2.1.14 (PBKDF2-HMAC-SHA512) | Instant Messaging Service
22301 | Telegram Mobile App Passcode (SHA256) | Instant Messaging Service
23 | Skype | Instant Messaging Service
29600 | Terra Station Wallet (AES256-CBC(PBKDF2($pass))) | Cryptocurrency Wallet
26600 | MetaMask Wallet | Cryptocurrency Wallet
21000 | BitShares v0.x - sha512(sha512_bin(pass)) | Cryptocurrency Wallet
28501 | Bitcoin WIF private key (P2PKH), compressed | Cryptocurrency Wallet
28502 | Bitcoin WIF private key (P2PKH), uncompressed | Cryptocurrency Wallet
28503 | Bitcoin WIF private key (P2WPKH, Bech32), compressed | Cryptocurrency Wallet
28504 | Bitcoin WIF private key (P2WPKH, Bech32), uncompressed | Cryptocurrency Wallet
28505 | Bitcoin WIF private key (P2SH(P2WPKH)), compressed | Cryptocurrency Wallet
28506 | Bitcoin WIF private key (P2SH(P2WPKH)), uncompressed | Cryptocurrency Wallet
11300 | Bitcoin/Litecoin wallet.dat | Cryptocurrency Wallet
16600 | Electrum Wallet (Salt-Type 1-3) | Cryptocurrency Wallet
21700 | Electrum Wallet (Salt-Type 4) | Cryptocurrency Wallet
21800 | Electrum Wallet (Salt-Type 5) | Cryptocurrency Wallet
12700 | Blockchain, My Wallet | Cryptocurrency Wallet
15200 | Blockchain, My Wallet, V2 | Cryptocurrency Wallet
18800 | Blockchain, My Wallet, Second Password (SHA256) | Cryptocurrency Wallet
25500 | Stargazer Stellar Wallet XLM | Cryptocurrency Wallet
16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 | Cryptocurrency Wallet
15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256 | Cryptocurrency Wallet
15700 | Ethereum Wallet, SCRYPT | Cryptocurrency Wallet
22500 | MultiBit Classic .key (MD5) | Cryptocurrency Wallet
27700 | MultiBit Classic .wallet (scrypt) | Cryptocurrency Wallet
22700 | MultiBit HD (scrypt) | Cryptocurrency Wallet
28200 | Exodus Desktop Wallet (scrypt) | Cryptocurrency Wallet