name-that-hash
Overview
Section titled “Overview”name-that-hash is a modern hash identification tool designed as the successor to hashid. It automatically identifies hash types from their string format and suggests appropriate cracking methodologies. Essential for penetration testers, forensic analysts, and security professionals who need to identify and crack password hashes during authorized security assessments.
Installation
Section titled “Installation”Prerequisites
Section titled “Prerequisites”# Python 3.6+ required
python3 --version
# Install system dependencies
sudo apt-get update
sudo apt-get install python3-pip gitFrom PyPI
Section titled “From PyPI”# Install via pip
pip3 install name-that-hash
# Verify installation
name-that-hash --version
# Update to latest version
pip3 install --upgrade name-that-hashFrom Source
Section titled “From Source”# Clone repository
git clone https://github.com/HashPals/Name-That-Hash.git
cd Name-That-Hash
# Install dependencies
pip3 install -r requirements.txt
# Install package
python3 setup.py install
# Run directly
python3 -m name_that_hash --helpDocker Installation
Section titled “Docker Installation”# Build Docker image
docker build -t name-that-hash .
# Run in container
docker run -it name-that-hash name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# Mount local directory
docker run -it -v $(pwd):/work name-that-hash \
name-that-hash --hashfile /work/hashes.txtBasic Usage
Section titled “Basic Usage”Simple Hash Identification
Section titled “Simple Hash Identification”| Command | Description |
|---|---|
-H, --hash | Single hash to identify |
-f, --hashfile | File containing multiple hashes |
-g, --grep | Grep pattern for hash extraction |
-t, --type | Specify hash type (skip identification) |
-c, --crack | Attempt to crack hash |
-e, --esearch | Use extended search for rare hashes |
Identifying Single Hashes
Section titled “Identifying Single Hashes”# Basic hash identification
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# With verbose output
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v
# Extended search for obscure hashes
name-that-hash --hash "abc123xyz" --esearch
# Show all possible matches
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --allBatch Identification
Section titled “Batch Identification”# Identify hashes from file
name-that-hash --hashfile hashes.txt
# Extract hashes with grep
name-that-hash --hashfile cracked.txt --grep ".*"
# Show summary statistics
name-that-hash --hashfile passwords.txt --summary
# Export results
name-that-hash --hashfile hashes.txt --json > results.jsonHash Type Recognition
Section titled “Hash Type Recognition”Common Hash Formats
Section titled “Common Hash Formats”| Hash Type | Length | Example | Algorithm |
|---|---|---|---|
| MD5 | 32 | 5d41402abc4b2a76b9719d911017c592 | Cryptographic (deprecated) |
| SHA1 | 40 | aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d | Cryptographic (deprecated) |
| SHA256 | 64 | 2c26b46911185131006ba2c65476db3e5a4ed7e3 | Cryptographic (modern) |
| SHA512 | 128 | 48eae3f87f51b56602d3d64b7e8819eee7759c09 | Cryptographic (strong) |
| bcrypt | 60 | $2b$12$R9h/cIPz0gi.URNN… | Password hash |
| scrypt | Variable | $7$C6…/… | Memory-hard hash |
| Argon2 | Variable | $argon2id$v=19$m=65536… | Modern password hash |
| NTLM | 32 | 209c6174da490caeb422f3fa5a7ae634 | Windows password hash |
| LM Hash | 32 | E52CAC67419A6A51667F688DF07D0B48 | Legacy Windows |
| DES | Variable | $1$salt$… | Unix crypt |
Hash Type Detection
Section titled “Hash Type Detection”# MD5 hashes
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# Output: MD5
# SHA1 hashes
name-that-hash --hash "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d"
# Output: SHA1
# SHA256 hashes
name-that-hash --hash "2c26b46911185131006ba2c65476db3e5a4ed7e3"
# Output: SHA256
# bcrypt hashes
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN3OlCe'
# Output: bcrypt / blowfish
# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634"
# Output: NTLMAdvanced Identification
Section titled “Advanced Identification”Contextual Identification
Section titled “Contextual Identification”# Identify with context hints
name-that-hash --hash "hash_value" --wordlist rockyou.txt
# Narrow by application/OS
name-that-hash --hash "hash" --platform windows
name-that-hash --hash "hash" --platform linux
# Filter by strength
name-that-hash --hash "hash" --min-strength high
# Find weak hashes
name-that-hash --hash "hash" --weak-onlyMultiple Hash Types
Section titled “Multiple Hash Types”# Identify mixture of hash types
name-that-hash --hashfile mixed_hashes.txt --auto
# Categorize by type
name-that-hash --hashfile hashes.txt --group-by-type
# Show statistics
name-that-hash --hashfile hashes.txt --statisticsCracking Strategies
Section titled “Cracking Strategies”Suggested Attack Methods
Section titled “Suggested Attack Methods”# Get cracking suggestions
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --strategies
# MD5 cracking with hashcat
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" \
--crack --wordlist rockyou.txt
# bcrypt with john
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN...' \
--crack --tool john
# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634" \
--crack --tool hashcat --wordlist passwords.txtIntegration with Cracking Tools
Section titled “Integration with Cracking Tools”# Extract hashcat mode
name-that-hash --hash "hash" --hashcat-mode
# Get john format
name-that-hash --hash "hash" --john-format
# Prepare for hashcat
name-that-hash --hashfile hashes.txt --hashcat-mode | \
xargs -I {} hashcat -m {} hashes.txt rockyou.txt
# Prepare for john
name-that-hash --hashfile hashes.txt --john-format | \
xargs -I {} john --format={} hashes.txtHash Format Recognition
Section titled “Hash Format Recognition”Container Formats
Section titled “Container Formats”# WordPress hashes (wp_hash)
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1"
# Joomla hashes
name-that-hash --hash "d3d9446802a44259755d38e6d163e820:trd7lHwQtFCFjuzQWemTEYmCK9h0M0Na"
# Django hashes
name-that-hash --hash "pbkdf2_sha256$260000$salt$hash"
# Drupal hashes
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7m7W6.oJgVWzMUa2z7gsS"System Password Hashes
Section titled “System Password Hashes”# Linux /etc/shadow hashes
name-that-hash --hashfile /etc/shadow
# Windows SAM hashes
name-that-hash --hashfile dumped_sam.txt
# macOS password hashes
name-that-hash --hashfile macos_hashes.txt
# Cisco device hashes
name-that-hash --hash "cisco_hash_value"Batch Processing
Section titled “Batch Processing”File Processing
Section titled “File Processing”# Process hash file
name-that-hash --hashfile hashes.txt
# Process with specific format
name-that-hash --hashfile hashes.txt --filter md5
# Case insensitive matching
name-that-hash --hashfile hashes.txt --case-insensitive
# Skip empty lines
name-that-hash --hashfile hashes.txt --skip-emptyExtraction from Mixed Text
Section titled “Extraction from Mixed Text”# Extract hashes from file
name-that-hash --grep "^[a-f0-9]{32}$" --hashfile data.txt
# Extract SHA256 hashes
name-that-hash --grep "^[a-f0-9]{64}$" --hashfile data.txt
# Extract from logs
cat apache.log | name-that-hash --stdin
# Extract from password dumps
cat dump.txt | grep -oE "[a-f0-9]{32,128}" | \
name-that-hash --stdinOutput Formats
Section titled “Output Formats”# JSON output
name-that-hash --hashfile hashes.txt --json > results.json
# CSV output
name-that-hash --hashfile hashes.txt --csv > results.csv
# Pretty print
name-that-hash --hashfile hashes.txt --pretty
# Machine-readable format
name-that-hash --hashfile hashes.txt --machine-readableAdvanced Analysis
Section titled “Advanced Analysis”Hash Algorithm Characteristics
Section titled “Hash Algorithm Characteristics”# Get algorithm strength assessment
name-that-hash --hash "hash" --strength
# Check for known weaknesses
name-that-hash --hash "hash" --vulnerabilities
# GPU cracking capability
name-that-hash --hash "hash" --gpu-crackable
# CPU cracking capability
name-that-hash --hash "hash" --cpu-crackablePerformance Metrics
Section titled “Performance Metrics”# Estimated crack time (MD5)
name-that-hash --hash "hash" --crack-time
# Compare hash algorithms
name-that-hash --hashfile hashes.txt --compare-speed
# Memory requirements
name-that-hash --hash "hash" --memory-requirements
# Parallelization potential
name-that-hash --hash "hash" --parallelizableIntegration with Other Tools
Section titled “Integration with Other Tools”With Hashcat
Section titled “With Hashcat”# Export hashcat mode
mode=$(name-that-hash --hash "hash" --hashcat-mode)
# Crack with exported mode
hashcat -m $mode hashes.txt rockyou.txt
# Batch processing with hashcat
for hash in $(cat hashes.txt); do
mode=$(name-that-hash --hash "$hash" --hashcat-mode)
echo "$mode,$hash"
done > hashcat_input.csvWith John the Ripper
Section titled “With John the Ripper”# Detect format for john
format=$(name-that-hash --hash "hash" --john-format)
# Crack with john
john --format=$format hashes.txt
# Dictionary attack
john --format=$format --wordlist=rockyou.txt hashes.txt
# Mask attack
john --format=$format --mask='?a?a?a?a' hashes.txtWith hashcat-utils
Section titled “With hashcat-utils”# Extract hashcat mode for batch
name-that-hash --hashfile hashes.txt --hashcat-mode | \
sort -u | while read mode; do
grep "$mode" hashes.txt | hashcat -m $mode rockyou.txt
doneReal-World Scenarios
Section titled “Real-World Scenarios”Web Application Testing
Section titled “Web Application Testing”# WordPress password crack
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1" \
--crack --tool john
# Drupal credential identification
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7..." \
--strategies
# Joomla user database
name-that-hash --hashfile joomla_users.txt --group-by-typeSystem Auditing
Section titled “System Auditing”# Linux password audit
sudo cat /etc/shadow | cut -d: -f2 | \
name-that-hash --stdin --analyze
# Windows registry audit
name-that-hash --hashfile sam_hashes.txt --platform windows
# macOS audit
name-that-hash --hashfile macos_hashes.txt --strengthIncident Response
Section titled “Incident Response”# Identify hashes in intrusion evidence
name-that-hash --hashfile evidence.txt --summary
# Timeline correlation
name-that-hash --hashfile hashes.txt --group-by-type > timeline.csv
# Hash comparison with IOCs
name-that-hash --hashfile unknown.txt --compare database.txtScripting and Automation
Section titled “Scripting and Automation”Bash Integration
Section titled “Bash Integration”#!/bin/bash
# Automated hash analysis
HASHFILE="$1"
OUTPUT="analysis_$(date +%Y%m%d).txt"
{
echo "Hash Analysis Report - $(date)"
echo "================================"
echo ""
echo "Summary:"
name-that-hash --hashfile "$HASHFILE" --summary
echo ""
echo "By Type:"
name-that-hash --hashfile "$HASHFILE" --group-by-type
echo ""
echo "Detailed Results:"
name-that-hash --hashfile "$HASHFILE" --pretty
} > "$OUTPUT"
echo "Report saved to $OUTPUT"Python Integration
Section titled “Python Integration”import subprocess
import json
def identify_hash(hash_value):
"""Identify hash type using name-that-hash"""
result = subprocess.run(
['name-that-hash', '--hash', hash_value, '--json'],
capture_output=True,
text=True
)
return json.loads(result.stdout)
def batch_identify(hash_file):
"""Process file of hashes"""
result = subprocess.run(
['name-that-hash', '--hashfile', hash_file, '--json'],
capture_output=True,
text=True
)
return json.loads(result.stdout)
# Usage
hashes = identify_hash('5d41402abc4b2a76b9719d911017c592')
print(f"Hash Type: {hashes['name']}")
print(f"Crackable: {hashes['crackable']}")PowerShell Integration
Section titled “PowerShell Integration”# PowerShell hash identification
function Get-HashType {
param([string]$Hash)
$result = & name-that-hash --hash $Hash --json | ConvertFrom-Json
return $result
}
function Analyze-HashFile {
param([string]$FilePath)
& name-that-hash --hashfile $FilePath --pretty
}
# Usage
$hashes = Get-Content 'hashes.txt'
foreach ($hash in $hashes) {
$type = Get-HashType $hash
Write-Host "$hash : $($type.name)"
}Output Analysis
Section titled “Output Analysis”Understanding Results
Section titled “Understanding Results”# Detailed output explanation
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v
# Sample output:
# Hash: 5d41402abc4b2a76b9719d911017c592
# Type: MD5
# Hashcat Mode: 0
# John Format: raw-md5
# Crackable: True
# GPU Capable: True
# Strength: Weak
# Estimated Time (RTX 3090): 0.001 secondsInterpreting Recommendations
Section titled “Interpreting Recommendations”# Get recommended tools
name-that-hash --hash "hash" --recommend-tools
# Speed ratings
name-that-hash --hash "hash" --speed-rating
# Best practices
name-that-hash --hash "hash" --best-practicesTroubleshooting
Section titled “Troubleshooting”Common Issues
Section titled “Common Issues”# Hash not recognized
name-that-hash --hash "unknown" --esearch # Extended search
# Wrong identification
name-that-hash --hash "hash" --all # Show all possibilities
# File encoding issues
file hashes.txt # Check encoding
iconv -f iso-8859-1 -t utf-8 hashes.txt > hashes_utf8.txtDebug Mode
Section titled “Debug Mode”# Verbose output
name-that-hash --hash "hash" -vvv
# Debug logging
name-that-hash --hash "hash" --debug
# Profile execution
time name-that-hash --hashfile large_file.txtPerformance Optimization
Section titled “Performance Optimization”Batch Processing
Section titled “Batch Processing”# Process large files efficiently
name-that-hash --hashfile hashes.txt --parallel 4
# Skip extended search for speed
name-that-hash --hashfile hashes.txt --no-esearch
# Use pre-filtered input
grep -oE "^[a-f0-9]{32}$" data.txt | \
name-that-hash --stdinReferences
Section titled “References”- name-that-hash GitHub: https://github.com/HashPals/Name-That-Hash
- Hash Database: https://hashpals.com/
- Hashcat Modes: https://hashcat.net/wiki/doku.php?id=example_hashes
- John the Ripper: https://www.openwall.com/john/
Legal Notice
Section titled “Legal Notice”name-that-hash is designed for authorized password auditing, forensic analysis, and security research. Unauthorized password cracking is illegal. Always obtain written authorization before testing password systems or analyzing hashes.