Hashcat
Hashcat is a high-performance password recovery and hash-cracking toolkit used by security professionals, digital forensics teams, and researchers. It leverages CPU and GPU acceleration (OpenCL / CUDA / ROCm) to run dictionary, mask, combinator, rule-based and brute-force attacks across hundreds of hash algorithms. Built for speed and flexibility, Hashcat is the de-facto tool for large-scale password auditing, security assessments, and legitimate recovery tasks.
Hashcat’s architecture is optimized for modern hardware: it can fully utilize GPUs to drastically reduce time-to-crack for many hash types while still offering efficient CPU-only modes for environments without GPU acceleration. The project maintains extensive documentation, example rule sets, and community-contributed wordlists and masks to help practitioners craft targeted and efficient attacks.
Common use cases include corporate password policy testing, incident response (recovering encrypted data when authorized), pen-testing engagements (with explicit permission), and academic research into password strength and hashing resilience. Because Hashcat supports a very wide range of algorithms (NTLM, bcrypt, SHA variants, PBKDF2, WPA/WPA2, Kerberos, LM and others), it is suitable for both modern and legacy systems.
Hashcat includes advanced features such as detailed benchmarking, session save/restore, a powerful rule engine for transforming wordlists, a mask engine for custom brute-force patterns, and support for distributed cracking setups. Its command-line interface provides fine-grained control over workload tuning, kernel selection, and performance diagnostics — allowing experienced users to squeeze maximum throughput from their hardware.
For SEO and discoverability: Hashcat pages typically include guidance on selecting hash modes (the -m parameter), choosing attack modes (-a), tuning workload profiles, and links to canonical resources (official site, wiki, GitHub). Good on-page content covers supported hash types, example commands, driver/runtime requirements, and legal/ethical usage guidance — all of which are included below.
Key features:
- GPU-accelerated cracking with OpenCL / CUDA / ROCm for high throughput
- Support for hundreds of hash algorithms (NTLM, bcrypt, SHA-family, PBKDF2, WPA/WPA2, etc.)
- Multiple attack modes: dictionary + rules, mask, combinator, hybrid and brute-force
- Powerful rule engine and mask engine for targeted attacks
- Session save/restore, benchmarking and performance tuning options
- Extensive documentation, examples, and community rule/wordlist collections
Download Options
| Version | Platform | Download |
|---|---|---|
| 7.1.2 | Windows (portable archive) | Download |
Installation & quick start
Windows (portable archive): download and extract hashcat-7.1.2.7z with 7-Zip. Open an elevated Command Prompt in the extracted folder and run hashcat.exe or hashcat64.exe with your chosen options. Install the latest NVIDIA or AMD drivers for GPU acceleration and ensure the appropriate runtime (CUDA or OpenCL) is available.
Driver & runtime checklist: confirm your GPU driver version, install the correct CUDA toolkit for NVIDIA cards if using CUDA kernels, or ensure OpenCL runtime is available for AMD/Intel devices. Use hashcat -b to run a quick benchmark and verify that your device(s) are recognized before starting a cracking session.
Usage examples
Dictionary attack (MD5):
hashcat64.exe -m 0 -a 0 hashes.txt wordlist.txt --session=myrun
Mask attack (example for 8-character lowercase passwords):
hashcat64.exe -m 0 -a 3 hashes.txt ?l?l?l?l?l?l?l?l
Use rules to extend wordlists:
hashcat64.exe -m 0 -a 0 hashes.txt wordlist.txt -r rules/best64.rule
Documentation, community & safety
Official documentation and the Hashcat wiki provide mode tables (-m values), detailed examples, and community best practices. Community forums and GitHub issues contain practical tips for tuning rules, masks, and distributed setups. Always verify checksums of downloaded archives and prefer official sources.
Useful Links
License: Open-source — check the project repository for exact license details. Verify checksums and prefer official releases.
Legal & ethical: Use Hashcat only for authorized password recovery and security testing. Unauthorized cracking of passwords or protected data may be illegal.