Overview
hashID is a Python-based hash identification tool that recognizes 220+ hash types and formats. It helps pentesters, forensics analysts, and security researchers quickly identify hash algorithms before selecting appropriate cracking tools like Hashcat or John the Ripper.
Installation
From Source
git clone https://github.com/psneuzil/hashID.git
cd hashID
python3 hashid.py --help
Via pip
pip install hashid
Docker
docker run -it --rm psneuzil/hashid <hash>
Basic Usage
Identify Single Hash
# Interactive mode - paste hash at prompt
python3 hashid.py
# Identify specific hash
python3 hashid.py "5f4dcc3b5aa765d61d8327deb882cf99"
# Identify from file
python3 hashid.py -f hashes.txt
# Quiet mode - minimal output
python3 hashid.py "hash_here" -q
Output Example
$ python3 hashid.py "5f4dcc3b5aa765d61d8327deb882cf99"
Analyzing '5f4dcc3b5aa765d61d8327deb882cf99'
[+] MD5
[+] MD4
[+] Double MD5
[+] LM
[+] RIPEMD-128
[+] Haval-128
[+] Tiger-128
[+] Skein-256(128)
[+] Skein-512(128)
Common Hash Types Reference
| Hash Type | Length | Example |
|---|
| MD5 | 32 hex | 5f4dcc3b5aa765d61d8327deb882cf99 |
| SHA-1 | 40 hex | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA-256 | 64 hex | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA-512 | 128 hex | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
| NTLM | 32 hex | 5f4dcc3b5aa765d61d8327deb882cf99 |
| bcrypt | Variable | $2a$10$Dex8PPccx92u8.jVewYM2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW |
| Kerberos 5 TGT | Special format | $krb5tgs$23$*user$realm$spn*$... |
| NetNTLMv2 | Special format | user::DOMAIN:... |
| MySQL | 40 hex | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| MSSQL (2000/2005) | 40 hex | 0x0100A607BA7C54A24D17B565BAFCC390F216C8CCB |
| Oracle 10g+ | 32 hex | S:8F2D9E8F8F2D9E8F8F2D9E8F8F2D9E8FA1B2C3D4 |
| PostgreSQL | Variable | md5abcd1234... |
| WordPress | 32 hex | 5f4dcc3b5aa765d61d8327deb882cf99 |
| WPA-PBKDF2 | 256+ hex | ESSID:... |
| LM Hash | 32 hex | AABBCCDD... |
| DES Crypt | Variable | $1$... |
Identifying Hashes from Files
Batch Processing
# Identify all hashes in a file (one per line)
python3 hashid.py -f hashes.txt
# Save results to file
python3 hashid.py -f hashes.txt > results.txt
# Identify and show hashcat modes
python3 hashid.py -f hashes.txt -m
# One hash per line
cat hashes.txt
5f4dcc3b5aa765d61d8327deb882cf99
356a192b7913b04c54574d18c28d46e6395428ab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Advanced Options
Display Hashcat Modes
# Show Hashcat mode numbers for cracking
python3 hashid.py "hash" -m
# Example output:
# [+] MD5 [Hashcat Mode: 0]
# [+] MD4 [Hashcat Mode: 900]
# [+] Double MD5 [Hashcat Mode: 2600]
# Show John format identifiers
python3 hashid.py "hash" -j
# Example output:
# [+] MD5 [JtR Format: raw-md5]
# [+] SHA-1 [JtR Format: raw-sha1]
Extended Mode (All Algorithms)
# Show all possible algorithms including unlikely ones
python3 hashid.py "hash" -e
# Useful when standard identification is ambiguous
JSON Output
# Output in JSON format for scripting
python3 hashid.py "hash" --json
# Example:
# {"hash": "5f4dcc3b5aa765d61d8327deb882cf99", "algorithms": ["MD5", "MD4", ...]}
Integration with Password Cracking
Hashcat Workflow
# 1. Identify hash type
python3 hashid.py "hash" -m
# Output: [Hashcat Mode: 0]
# 2. Crack with identified mode
hashcat -m 0 -a 0 hash.txt wordlist.txt
# 3. Crack with rules
hashcat -m 0 -a 0 hash.txt wordlist.txt -r rules.txt
# 4. Brute force (small mode space)
hashcat -m 0 -a 3 hash.txt ?a?a?a?a
John the Ripper Workflow
# 1. Identify hash type
python3 hashid.py "hash" -j
# Output: [JtR Format: raw-md5]
# 2. Crack with identified format
john --format=raw-md5 hash.txt --wordlist=wordlist.txt
# 3. Show cracked passwords
john --format=raw-md5 hash.txt --show
# 4. Brute force attempt
john --format=raw-md5 hash.txt --incremental
Practical Examples
Identify Windows NTLM Hash
# NTLM (Windows password hashes)
python3 hashid.py "aabbccdd1234567890abcdef12345678"
# Output will show NTLM, MD4, MD5 possibilities
# Use -m to get Hashcat mode 1000 (NTLM)
Identify Salted Bcrypt
# bcrypt format (automatically detected by $2a/$2b/$2y)
python3 hashid.py '$2b$12$R9h/cIPz0gi.URNNX3kh2OPST9/PgBkqquzi.Ss7KIUgO2t0jWMUW'
# [+] bcrypt [JtR Format: bcrypt] [Hashcat Mode: 3200]
Identify Kerberos Hash
# Kerberos 5 TGT format
python3 hashid.py '$krb5tgs$23$*user$REALM$service*$hash...'
# [+] Kerberos 5 TGT [Hashcat Mode: 13100]
Identify SQL Server Hash
# MSSQL 2012+ (SHA2-based)
python3 hashid.py '0x0200...'
# [+] MSSQL (2012, 2014) [Hashcat Mode: 1731]
Batch Identify Domain Hashes
# NetNTLMv2 from Responder capture
python3 hashid.py -f responder_hashes.txt -m
# Quickly identify all captured hashes with Hashcat modes
Troubleshooting
Hash Not Recognized
# 1. Try extended mode to see all possibilities
python3 hashid.py "hash" -e
# 2. Check hash format/length - ensure it's complete
echo "hash" | wc -c
# 3. Try online tools as secondary check
# https://hashes.com/en/tools/hash_identifier
Too Many Possibilities
# Use context clues:
# - Source (Windows = NTLM likely)
# - Length (64 chars = SHA-256 or bcrypt header)
# - Format ($2a$ = bcrypt, $krb5 = Kerberos)
# Use Hashcat mode testing
hashcat -m 0 hash.txt wordlist.txt --workload-profile=1
hashcat -m 900 hash.txt wordlist.txt --workload-profile=1
# Try different modes until one cracks
| Feature | hashID | hash-identifier | name-that-hash |
|---|
| Hash Types | 220+ | 100+ | Similar to hashID |
| Hashcat Modes | Yes | No | Yes |
| John Formats | Yes | No | Yes |
| Installation | pip/git | perl script | pip |
| Speed | Fast | Fast | Fast |
| GUI | No | No | GUI available |
Tips & Best Practices
Identify Before Cracking
# Always identify hash type first
python3 hashid.py "hash" -m > modes.txt
# Prevents wasting time on wrong attack modes
# Hashcat mode mismatch = no cracks
Use Extended Mode for Ambiguous Hashes
# 32-character hex strings are common for multiple algorithms
python3 hashid.py "5f4dcc3b5aa765d61d8327deb882cf99" -e
# Extended mode shows LM, DES, Snefru, Tiger, etc.
Validate Hash Before Cracking
# Ensure hash format is valid
echo "hash" | grep -E '^[a-fA-F0-9]+$'
# Remove formatting, extra whitespace
cat hashes.txt | tr -d ' ' > hashes_clean.txt
# Chain with Hashcat
python3 hashid.py -f hashes.txt -m | \
awk -F': ' '{print $NF}' | \
xargs -I {} hashcat -m {} hashes.txt wordlist.txt
# Pipe to JtR
python3 hashid.py -f hashes.txt -j | \
grep "JtR Format" | \
awk -F': ' '{print $NF}' | \
xargs -I {} john --format={} hashes.txt
Supported Hash Types (Selection)
- MD5, MD4, MD2, MD1
- SHA-1, SHA-224, SHA-256, SHA-384, SHA-512
- RIPEMD-128, RIPEMD-160, RIPEMD-256, RIPEMD-320
- Whirlpool, Tiger, Haval
- bcrypt, scrypt, Argon2, PBKDF2
- Kerberos (TGT, AS-REQ)
- NTLM, NetNTLM, NetNTLMv2
- MySQL, PostgreSQL, MSSQL, Oracle
- WordPress, Joomla, Drupal
- WPA, WPA2, WPA3
- DES, 3DES, Blowfish
- And 170+ more algorithm variations
Resources
