name-that-hash

Overview

name-that-hash is a modern hash identification tool designed as the successor to hashid. It automatically identifies hash types from their string format and suggests appropriate cracking methodologies. Essential for penetration testers, forensic analysts, and security professionals who need to identify and crack password hashes during authorized security assessments.

Installation

Prerequisites

# Python 3.6+ required
python3 --version

# Install system dependencies
sudo apt-get update
sudo apt-get install python3-pip git

From PyPI

# Install via pip
pip3 install name-that-hash

# Verify installation
name-that-hash --version

# Update to latest version
pip3 install --upgrade name-that-hash

From Source

# Clone repository
git clone https://github.com/HashPals/Name-That-Hash.git
cd Name-That-Hash

# Install dependencies
pip3 install -r requirements.txt

# Install package
python3 setup.py install

# Run directly
python3 -m name_that_hash --help

Docker Installation

# Build Docker image
docker build -t name-that-hash .

# Run in container
docker run -it name-that-hash name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"

# Mount local directory
docker run -it -v $(pwd):/work name-that-hash \
  name-that-hash --hashfile /work/hashes.txt

Basic Usage

Simple Hash Identification

Command	Description
`-H, --hash`	Single hash to identify
`-f, --hashfile`	File containing multiple hashes
`-g, --grep`	Grep pattern for hash extraction
`-t, --type`	Specify hash type (skip identification)
`-c, --crack`	Attempt to crack hash
`-e, --esearch`	Use extended search for rare hashes

Identifying Single Hashes

# Basic hash identification
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"

# With verbose output
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v

# Extended search for obscure hashes
name-that-hash --hash "abc123xyz" --esearch

# Show all possible matches
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --all

Batch Identification

# Identify hashes from file
name-that-hash --hashfile hashes.txt

# Extract hashes with grep
name-that-hash --hashfile cracked.txt --grep ".*"

# Show summary statistics
name-that-hash --hashfile passwords.txt --summary

# Export results
name-that-hash --hashfile hashes.txt --json > results.json

Hash Type Recognition

Common Hash Formats

Hash Type	Length	Example	Algorithm
MD5	32	5d41402abc4b2a76b9719d911017c592	Cryptographic (deprecated)
SHA1	40	aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d	Cryptographic (deprecated)
SHA256	64	2c26b46911185131006ba2c65476db3e5a4ed7e3	Cryptographic (modern)
SHA512	128	48eae3f87f51b56602d3d64b7e8819eee7759c09	Cryptographic (strong)
bcrypt	60	$2b$12$R9h/cIPz0gi.URNN…	Password hash
scrypt	Variable	$7$C6…/…	Memory-hard hash
Argon2	Variable	$argon2id$v=19$m=65536…	Modern password hash
NTLM	32	209c6174da490caeb422f3fa5a7ae634	Windows password hash
LM Hash	32	E52CAC67419A6A51667F688DF07D0B48	Legacy Windows
DES	Variable	$1$salt$…	Unix crypt

Hash Type Detection

# MD5 hashes
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# Output: MD5

# SHA1 hashes
name-that-hash --hash "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d"
# Output: SHA1

# SHA256 hashes
name-that-hash --hash "2c26b46911185131006ba2c65476db3e5a4ed7e3"
# Output: SHA256

# bcrypt hashes
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN3OlCe'
# Output: bcrypt / blowfish

# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634"
# Output: NTLM

Advanced Identification

Contextual Identification

# Identify with context hints
name-that-hash --hash "hash_value" --wordlist rockyou.txt

# Narrow by application/OS
name-that-hash --hash "hash" --platform windows
name-that-hash --hash "hash" --platform linux

# Filter by strength
name-that-hash --hash "hash" --min-strength high

# Find weak hashes
name-that-hash --hash "hash" --weak-only

Multiple Hash Types

# Identify mixture of hash types
name-that-hash --hashfile mixed_hashes.txt --auto

# Categorize by type
name-that-hash --hashfile hashes.txt --group-by-type

# Show statistics
name-that-hash --hashfile hashes.txt --statistics

Cracking Strategies

Suggested Attack Methods

# Get cracking suggestions
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --strategies

# MD5 cracking with hashcat
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" \
  --crack --wordlist rockyou.txt

# bcrypt with john
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN...' \
  --crack --tool john

# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634" \
  --crack --tool hashcat --wordlist passwords.txt

Integration with Cracking Tools

# Extract hashcat mode
name-that-hash --hash "hash" --hashcat-mode

# Get john format
name-that-hash --hash "hash" --john-format

# Prepare for hashcat
name-that-hash --hashfile hashes.txt --hashcat-mode | \
  xargs -I {} hashcat -m {} hashes.txt rockyou.txt

# Prepare for john
name-that-hash --hashfile hashes.txt --john-format | \
  xargs -I {} john --format={} hashes.txt

Hash Format Recognition

Container Formats

# WordPress hashes (wp_hash)
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1"

# Joomla hashes
name-that-hash --hash "d3d9446802a44259755d38e6d163e820:trd7lHwQtFCFjuzQWemTEYmCK9h0M0Na"

# Django hashes
name-that-hash --hash "pbkdf2_sha256$260000$salt$hash"

# Drupal hashes
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7m7W6.oJgVWzMUa2z7gsS"

System Password Hashes

# Linux /etc/shadow hashes
name-that-hash --hashfile /etc/shadow

# Windows SAM hashes
name-that-hash --hashfile dumped_sam.txt

# macOS password hashes
name-that-hash --hashfile macos_hashes.txt

# Cisco device hashes
name-that-hash --hash "cisco_hash_value"

Batch Processing

File Processing

# Process hash file
name-that-hash --hashfile hashes.txt

# Process with specific format
name-that-hash --hashfile hashes.txt --filter md5

# Case insensitive matching
name-that-hash --hashfile hashes.txt --case-insensitive

# Skip empty lines
name-that-hash --hashfile hashes.txt --skip-empty

Extraction from Mixed Text

# Extract hashes from file
name-that-hash --grep "^[a-f0-9]{32}$" --hashfile data.txt

# Extract SHA256 hashes
name-that-hash --grep "^[a-f0-9]{64}$" --hashfile data.txt

# Extract from logs
cat apache.log | name-that-hash --stdin

# Extract from password dumps
cat dump.txt | grep -oE "[a-f0-9]{32,128}" | \
  name-that-hash --stdin

Output Formats

# JSON output
name-that-hash --hashfile hashes.txt --json > results.json

# CSV output
name-that-hash --hashfile hashes.txt --csv > results.csv

# Pretty print
name-that-hash --hashfile hashes.txt --pretty

# Machine-readable format
name-that-hash --hashfile hashes.txt --machine-readable

Advanced Analysis

Hash Algorithm Characteristics

# Get algorithm strength assessment
name-that-hash --hash "hash" --strength

# Check for known weaknesses
name-that-hash --hash "hash" --vulnerabilities

# GPU cracking capability
name-that-hash --hash "hash" --gpu-crackable

# CPU cracking capability
name-that-hash --hash "hash" --cpu-crackable

Performance Metrics

# Estimated crack time (MD5)
name-that-hash --hash "hash" --crack-time

# Compare hash algorithms
name-that-hash --hashfile hashes.txt --compare-speed

# Memory requirements
name-that-hash --hash "hash" --memory-requirements

# Parallelization potential
name-that-hash --hash "hash" --parallelizable

Integration with Other Tools

With Hashcat

# Export hashcat mode
mode=$(name-that-hash --hash "hash" --hashcat-mode)

# Crack with exported mode
hashcat -m $mode hashes.txt rockyou.txt

# Batch processing with hashcat
for hash in $(cat hashes.txt); do
  mode=$(name-that-hash --hash "$hash" --hashcat-mode)
  echo "$mode,$hash"
done > hashcat_input.csv

With John the Ripper

# Detect format for john
format=$(name-that-hash --hash "hash" --john-format)

# Crack with john
john --format=$format hashes.txt

# Dictionary attack
john --format=$format --wordlist=rockyou.txt hashes.txt

# Mask attack
john --format=$format --mask='?a?a?a?a' hashes.txt

With hashcat-utils

# Extract hashcat mode for batch
name-that-hash --hashfile hashes.txt --hashcat-mode | \
  sort -u | while read mode; do
    grep "$mode" hashes.txt | hashcat -m $mode rockyou.txt
  done

Real-World Scenarios

Web Application Testing

# WordPress password crack
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1" \
  --crack --tool john

# Drupal credential identification
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7..." \
  --strategies

# Joomla user database
name-that-hash --hashfile joomla_users.txt --group-by-type

System Auditing

# Linux password audit
sudo cat /etc/shadow | cut -d: -f2 | \
  name-that-hash --stdin --analyze

# Windows registry audit
name-that-hash --hashfile sam_hashes.txt --platform windows

# macOS audit
name-that-hash --hashfile macos_hashes.txt --strength

Incident Response

# Identify hashes in intrusion evidence
name-that-hash --hashfile evidence.txt --summary

# Timeline correlation
name-that-hash --hashfile hashes.txt --group-by-type > timeline.csv

# Hash comparison with IOCs
name-that-hash --hashfile unknown.txt --compare database.txt

Scripting and Automation

Bash Integration

#!/bin/bash
# Automated hash analysis

HASHFILE="$1"
OUTPUT="analysis_$(date +%Y%m%d).txt"

{
  echo "Hash Analysis Report - $(date)"
  echo "================================"
  echo ""
  echo "Summary:"
  name-that-hash --hashfile "$HASHFILE" --summary
  echo ""
  echo "By Type:"
  name-that-hash --hashfile "$HASHFILE" --group-by-type
  echo ""
  echo "Detailed Results:"
  name-that-hash --hashfile "$HASHFILE" --pretty
} > "$OUTPUT"

echo "Report saved to $OUTPUT"

Python Integration

import subprocess
import json

def identify_hash(hash_value):
    """Identify hash type using name-that-hash"""
    result = subprocess.run(
        ['name-that-hash', '--hash', hash_value, '--json'],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

def batch_identify(hash_file):
    """Process file of hashes"""
    result = subprocess.run(
        ['name-that-hash', '--hashfile', hash_file, '--json'],
        capture_output=True,
        text=True
    )
    return json.loads(result.stdout)

# Usage
hashes = identify_hash('5d41402abc4b2a76b9719d911017c592')
print(f"Hash Type: {hashes['name']}")
print(f"Crackable: {hashes['crackable']}")

PowerShell Integration

# PowerShell hash identification

function Get-HashType {
    param([string]$Hash)
    
    $result = & name-that-hash --hash $Hash --json | ConvertFrom-Json
    return $result
}

function Analyze-HashFile {
    param([string]$FilePath)
    
    & name-that-hash --hashfile $FilePath --pretty
}

# Usage
$hashes = Get-Content 'hashes.txt'
foreach ($hash in $hashes) {
    $type = Get-HashType $hash
    Write-Host "$hash : $($type.name)"
}

Output Analysis

Understanding Results

# Detailed output explanation
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v

# Sample output:
# Hash: 5d41402abc4b2a76b9719d911017c592
# Type: MD5
# Hashcat Mode: 0
# John Format: raw-md5
# Crackable: True
# GPU Capable: True
# Strength: Weak
# Estimated Time (RTX 3090): 0.001 seconds

Interpreting Recommendations

# Get recommended tools
name-that-hash --hash "hash" --recommend-tools

# Speed ratings
name-that-hash --hash "hash" --speed-rating

# Best practices
name-that-hash --hash "hash" --best-practices

Troubleshooting

Common Issues

# Hash not recognized
name-that-hash --hash "unknown" --esearch  # Extended search

# Wrong identification
name-that-hash --hash "hash" --all  # Show all possibilities

# File encoding issues
file hashes.txt  # Check encoding
iconv -f iso-8859-1 -t utf-8 hashes.txt > hashes_utf8.txt

Debug Mode

# Verbose output
name-that-hash --hash "hash" -vvv

# Debug logging
name-that-hash --hash "hash" --debug

# Profile execution
time name-that-hash --hashfile large_file.txt

Performance Optimization

Batch Processing

# Process large files efficiently
name-that-hash --hashfile hashes.txt --parallel 4

# Skip extended search for speed
name-that-hash --hashfile hashes.txt --no-esearch

# Use pre-filtered input
grep -oE "^[a-f0-9]{32}$" data.txt | \
  name-that-hash --stdin

References

name-that-hash GitHub: https://github.com/HashPals/Name-That-Hash
Hash Database: https://hashpals.com/
Hashcat Modes: https://hashcat.net/wiki/doku.php?id=example_hashes
John the Ripper: https://www.openwall.com/john/

Legal Notice

name-that-hash is designed for authorized password auditing, forensic analysis, and security research. Unauthorized password cracking is illegal. Always obtain written authorization before testing password systems or analyzing hashes.