name-that-hash
Overview
Sezione intitolata “Overview”name-that-hash is a modern hash identification tool designed as the successor to hashid. It automatically identifies hash types from their string format and suggests appropriate cracking methodologies. Essential for penetration testers, forensic analysts, and security professionals who need to identify and crack password hashes during authorized security assessments.
Installation
Sezione intitolata “Installation”Prerequisites
Sezione intitolata “Prerequisites”# Python 3.6+ required
python3 --version
# Install system dependencies
sudo apt-get update
sudo apt-get install python3-pip gitFrom PyPI
Sezione intitolata “From PyPI”# Install via pip
pip3 install name-that-hash
# Verify installation
name-that-hash --version
# Update to latest version
pip3 install --upgrade name-that-hashFrom Source
Sezione intitolata “From Source”# Clone repository
git clone https://github.com/HashPals/Name-That-Hash.git
cd Name-That-Hash
# Install dependencies
pip3 install -r requirements.txt
# Install package
python3 setup.py install
# Run directly
python3 -m name_that_hash --helpDocker Installation
Sezione intitolata “Docker Installation”# Build Docker image
docker build -t name-that-hash .
# Run in container
docker run -it name-that-hash name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# Mount local directory
docker run -it -v $(pwd):/work name-that-hash \
name-that-hash --hashfile /work/hashes.txtBasic Usage
Sezione intitolata “Basic Usage”Simple Hash Identification
Sezione intitolata “Simple Hash Identification”| Command | Description |
|---|---|
-H, --hash | Single hash to identify |
-f, --hashfile | File containing multiple hashes |
-g, --grep | Grep pattern for hash extraction |
-t, --type | Specify hash type (skip identification) |
-c, --crack | Attempt to crack hash |
-e, --esearch | Use extended search for rare hashes |
Identifying Single Hashes
Sezione intitolata “Identifying Single Hashes”# Basic hash identification
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# With verbose output
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v
# Extended search for obscure hashes
name-that-hash --hash "abc123xyz" --esearch
# Show all possible matches
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --allBatch Identification
Sezione intitolata “Batch Identification”# Identify hashes from file
name-that-hash --hashfile hashes.txt
# Extract hashes with grep
name-that-hash --hashfile cracked.txt --grep ".*"
# Show summary statistics
name-that-hash --hashfile passwords.txt --summary
# Export results
name-that-hash --hashfile hashes.txt --json > results.jsonHash Type Recognition
Sezione intitolata “Hash Type Recognition”Common Hash Formats
Sezione intitolata “Common Hash Formats”| Hash Type | Length | Example | Algorithm |
|---|---|---|---|
| MD5 | 32 | 5d41402abc4b2a76b9719d911017c592 | Cryptographic (deprecated) |
| SHA1 | 40 | aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d | Cryptographic (deprecated) |
| SHA256 | 64 | 2c26b46911185131006ba2c65476db3e5a4ed7e3 | Cryptographic (modern) |
| SHA512 | 128 | 48eae3f87f51b56602d3d64b7e8819eee7759c09 | Cryptographic (strong) |
| bcrypt | 60 | $2b$12$R9h/cIPz0gi.URNN… | Password hash |
| scrypt | Variable | $7$C6…/… | Memory-hard hash |
| Argon2 | Variable | $argon2id$v=19$m=65536… | Modern password hash |
| NTLM | 32 | 209c6174da490caeb422f3fa5a7ae634 | Windows password hash |
| LM Hash | 32 | E52CAC67419A6A51667F688DF07D0B48 | Legacy Windows |
| DES | Variable | $1$salt$… | Unix crypt |
Hash Type Detection
Sezione intitolata “Hash Type Detection”# MD5 hashes
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# Output: MD5
# SHA1 hashes
name-that-hash --hash "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d"
# Output: SHA1
# SHA256 hashes
name-that-hash --hash "2c26b46911185131006ba2c65476db3e5a4ed7e3"
# Output: SHA256
# bcrypt hashes
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN3OlCe'
# Output: bcrypt / blowfish
# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634"
# Output: NTLMAdvanced Identification
Sezione intitolata “Advanced Identification”Contextual Identification
Sezione intitolata “Contextual Identification”# Identify with context hints
name-that-hash --hash "hash_value" --wordlist rockyou.txt
# Narrow by application/OS
name-that-hash --hash "hash" --platform windows
name-that-hash --hash "hash" --platform linux
# Filter by strength
name-that-hash --hash "hash" --min-strength high
# Find weak hashes
name-that-hash --hash "hash" --weak-onlyMultiple Hash Types
Sezione intitolata “Multiple Hash Types”# Identify mixture of hash types
name-that-hash --hashfile mixed_hashes.txt --auto
# Categorize by type
name-that-hash --hashfile hashes.txt --group-by-type
# Show statistics
name-that-hash --hashfile hashes.txt --statisticsCracking Strategies
Sezione intitolata “Cracking Strategies”Suggested Attack Methods
Sezione intitolata “Suggested Attack Methods”# Get cracking suggestions
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --strategies
# MD5 cracking with hashcat
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" \
--crack --wordlist rockyou.txt
# bcrypt with john
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN...' \
--crack --tool john
# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634" \
--crack --tool hashcat --wordlist passwords.txtIntegration with Cracking Tools
Sezione intitolata “Integration with Cracking Tools”# Extract hashcat mode
name-that-hash --hash "hash" --hashcat-mode
# Get john format
name-that-hash --hash "hash" --john-format
# Prepare for hashcat
name-that-hash --hashfile hashes.txt --hashcat-mode | \
xargs -I {} hashcat -m {} hashes.txt rockyou.txt
# Prepare for john
name-that-hash --hashfile hashes.txt --john-format | \
xargs -I {} john --format={} hashes.txtHash Format Recognition
Sezione intitolata “Hash Format Recognition”Container Formats
Sezione intitolata “Container Formats”# WordPress hashes (wp_hash)
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1"
# Joomla hashes
name-that-hash --hash "d3d9446802a44259755d38e6d163e820:trd7lHwQtFCFjuzQWemTEYmCK9h0M0Na"
# Django hashes
name-that-hash --hash "pbkdf2_sha256$260000$salt$hash"
# Drupal hashes
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7m7W6.oJgVWzMUa2z7gsS"System Password Hashes
Sezione intitolata “System Password Hashes”# Linux /etc/shadow hashes
name-that-hash --hashfile /etc/shadow
# Windows SAM hashes
name-that-hash --hashfile dumped_sam.txt
# macOS password hashes
name-that-hash --hashfile macos_hashes.txt
# Cisco device hashes
name-that-hash --hash "cisco_hash_value"Batch Processing
Sezione intitolata “Batch Processing”File Processing
Sezione intitolata “File Processing”# Process hash file
name-that-hash --hashfile hashes.txt
# Process with specific format
name-that-hash --hashfile hashes.txt --filter md5
# Case insensitive matching
name-that-hash --hashfile hashes.txt --case-insensitive
# Skip empty lines
name-that-hash --hashfile hashes.txt --skip-emptyExtraction from Mixed Text
Sezione intitolata “Extraction from Mixed Text”# Extract hashes from file
name-that-hash --grep "^[a-f0-9]{32}$" --hashfile data.txt
# Extract SHA256 hashes
name-that-hash --grep "^[a-f0-9]{64}$" --hashfile data.txt
# Extract from logs
cat apache.log | name-that-hash --stdin
# Extract from password dumps
cat dump.txt | grep -oE "[a-f0-9]{32,128}" | \
name-that-hash --stdinOutput Formats
Sezione intitolata “Output Formats”# JSON output
name-that-hash --hashfile hashes.txt --json > results.json
# CSV output
name-that-hash --hashfile hashes.txt --csv > results.csv
# Pretty print
name-that-hash --hashfile hashes.txt --pretty
# Machine-readable format
name-that-hash --hashfile hashes.txt --machine-readableAdvanced Analysis
Sezione intitolata “Advanced Analysis”Hash Algorithm Characteristics
Sezione intitolata “Hash Algorithm Characteristics”# Get algorithm strength assessment
name-that-hash --hash "hash" --strength
# Check for known weaknesses
name-that-hash --hash "hash" --vulnerabilities
# GPU cracking capability
name-that-hash --hash "hash" --gpu-crackable
# CPU cracking capability
name-that-hash --hash "hash" --cpu-crackablePerformance Metrics
Sezione intitolata “Performance Metrics”# Estimated crack time (MD5)
name-that-hash --hash "hash" --crack-time
# Compare hash algorithms
name-that-hash --hashfile hashes.txt --compare-speed
# Memory requirements
name-that-hash --hash "hash" --memory-requirements
# Parallelization potential
name-that-hash --hash "hash" --parallelizableIntegration with Other Tools
Sezione intitolata “Integration with Other Tools”With Hashcat
Sezione intitolata “With Hashcat”# Export hashcat mode
mode=$(name-that-hash --hash "hash" --hashcat-mode)
# Crack with exported mode
hashcat -m $mode hashes.txt rockyou.txt
# Batch processing with hashcat
for hash in $(cat hashes.txt); do
mode=$(name-that-hash --hash "$hash" --hashcat-mode)
echo "$mode,$hash"
done > hashcat_input.csvWith John the Ripper
Sezione intitolata “With John the Ripper”# Detect format for john
format=$(name-that-hash --hash "hash" --john-format)
# Crack with john
john --format=$format hashes.txt
# Dictionary attack
john --format=$format --wordlist=rockyou.txt hashes.txt
# Mask attack
john --format=$format --mask='?a?a?a?a' hashes.txtWith hashcat-utils
Sezione intitolata “With hashcat-utils”# Extract hashcat mode for batch
name-that-hash --hashfile hashes.txt --hashcat-mode | \
sort -u | while read mode; do
grep "$mode" hashes.txt | hashcat -m $mode rockyou.txt
doneReal-World Scenarios
Sezione intitolata “Real-World Scenarios”Web Application Testing
Sezione intitolata “Web Application Testing”# WordPress password crack
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1" \
--crack --tool john
# Drupal credential identification
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7..." \
--strategies
# Joomla user database
name-that-hash --hashfile joomla_users.txt --group-by-typeSystem Auditing
Sezione intitolata “System Auditing”# Linux password audit
sudo cat /etc/shadow | cut -d: -f2 | \
name-that-hash --stdin --analyze
# Windows registry audit
name-that-hash --hashfile sam_hashes.txt --platform windows
# macOS audit
name-that-hash --hashfile macos_hashes.txt --strengthIncident Response
Sezione intitolata “Incident Response”# Identify hashes in intrusion evidence
name-that-hash --hashfile evidence.txt --summary
# Timeline correlation
name-that-hash --hashfile hashes.txt --group-by-type > timeline.csv
# Hash comparison with IOCs
name-that-hash --hashfile unknown.txt --compare database.txtScripting and Automation
Sezione intitolata “Scripting and Automation”Bash Integration
Sezione intitolata “Bash Integration”#!/bin/bash
# Automated hash analysis
HASHFILE="$1"
OUTPUT="analysis_$(date +%Y%m%d).txt"
{
echo "Hash Analysis Report - $(date)"
echo "================================"
echo ""
echo "Summary:"
name-that-hash --hashfile "$HASHFILE" --summary
echo ""
echo "By Type:"
name-that-hash --hashfile "$HASHFILE" --group-by-type
echo ""
echo "Detailed Results:"
name-that-hash --hashfile "$HASHFILE" --pretty
} > "$OUTPUT"
echo "Report saved to $OUTPUT"Python Integration
Sezione intitolata “Python Integration”import subprocess
import json
def identify_hash(hash_value):
"""Identify hash type using name-that-hash"""
result = subprocess.run(
['name-that-hash', '--hash', hash_value, '--json'],
capture_output=True,
text=True
)
return json.loads(result.stdout)
def batch_identify(hash_file):
"""Process file of hashes"""
result = subprocess.run(
['name-that-hash', '--hashfile', hash_file, '--json'],
capture_output=True,
text=True
)
return json.loads(result.stdout)
# Usage
hashes = identify_hash('5d41402abc4b2a76b9719d911017c592')
print(f"Hash Type: {hashes['name']}")
print(f"Crackable: {hashes['crackable']}")PowerShell Integration
Sezione intitolata “PowerShell Integration”# PowerShell hash identification
function Get-HashType {
param([string]$Hash)
$result = & name-that-hash --hash $Hash --json | ConvertFrom-Json
return $result
}
function Analyze-HashFile {
param([string]$FilePath)
& name-that-hash --hashfile $FilePath --pretty
}
# Usage
$hashes = Get-Content 'hashes.txt'
foreach ($hash in $hashes) {
$type = Get-HashType $hash
Write-Host "$hash : $($type.name)"
}Output Analysis
Sezione intitolata “Output Analysis”Understanding Results
Sezione intitolata “Understanding Results”# Detailed output explanation
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v
# Sample output:
# Hash: 5d41402abc4b2a76b9719d911017c592
# Type: MD5
# Hashcat Mode: 0
# John Format: raw-md5
# Crackable: True
# GPU Capable: True
# Strength: Weak
# Estimated Time (RTX 3090): 0.001 secondsInterpreting Recommendations
Sezione intitolata “Interpreting Recommendations”# Get recommended tools
name-that-hash --hash "hash" --recommend-tools
# Speed ratings
name-that-hash --hash "hash" --speed-rating
# Best practices
name-that-hash --hash "hash" --best-practicesTroubleshooting
Sezione intitolata “Troubleshooting”Common Issues
Sezione intitolata “Common Issues”# Hash not recognized
name-that-hash --hash "unknown" --esearch # Extended search
# Wrong identification
name-that-hash --hash "hash" --all # Show all possibilities
# File encoding issues
file hashes.txt # Check encoding
iconv -f iso-8859-1 -t utf-8 hashes.txt > hashes_utf8.txtDebug Mode
Sezione intitolata “Debug Mode”# Verbose output
name-that-hash --hash "hash" -vvv
# Debug logging
name-that-hash --hash "hash" --debug
# Profile execution
time name-that-hash --hashfile large_file.txtPerformance Optimization
Sezione intitolata “Performance Optimization”Batch Processing
Sezione intitolata “Batch Processing”# Process large files efficiently
name-that-hash --hashfile hashes.txt --parallel 4
# Skip extended search for speed
name-that-hash --hashfile hashes.txt --no-esearch
# Use pre-filtered input
grep -oE "^[a-f0-9]{32}$" data.txt | \
name-that-hash --stdinReferences
Sezione intitolata “References”- name-that-hash GitHub: https://github.com/HashPals/Name-That-Hash
- Hash Database: https://hashpals.com/
- Hashcat Modes: https://hashcat.net/wiki/doku.php?id=example_hashes
- John the Ripper: https://www.openwall.com/john/
Legal Notice
Sezione intitolata “Legal Notice”name-that-hash is designed for authorized password auditing, forensic analysis, and security research. Unauthorized password cracking is illegal. Always obtain written authorization before testing password systems or analyzing hashes.