name-that-hash
Overview
name-that-hash is a modern hash identification tool designed as the successor to hashid. It automatically identifies hash types from their string format and suggests appropriate cracking methodologies. Essential for penetration testers, forensic analysts, and security professionals who need to identify and crack password hashes during authorized security assessments.
Installation
Prerequisites
# Python 3.6+ required
python3 --version
# Install system dependencies
sudo apt-get update
sudo apt-get install python3-pip gitFrom PyPI
# Install via pip
pip3 install name-that-hash
# Verify installation
name-that-hash --version
# Update to latest version
pip3 install --upgrade name-that-hashFrom Source
# Clone repository
git clone https://github.com/HashPals/Name-That-Hash.git
cd Name-That-Hash
# Install dependencies
pip3 install -r requirements.txt
# Install package
python3 setup.py install
# Run directly
python3 -m name_that_hash --helpDocker Installation
# Build Docker image
docker build -t name-that-hash .
# Run in container
docker run -it name-that-hash name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# Mount local directory
docker run -it -v $(pwd):/work name-that-hash \
name-that-hash --hashfile /work/hashes.txtBasic Usage
Simple Hash Identification
| Command | Description |
|---|---|
-H, --hash | Single hash to identify |
-f, --hashfile | File containing multiple hashes |
-g, --grep | Grep pattern for hash extraction |
-t, --type | Specify hash type (skip identification) |
-c, --crack | Attempt to crack hash |
-e, --esearch | Use extended search for rare hashes |
Identifying Single Hashes
# Basic hash identification
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# With verbose output
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v
# Extended search for obscure hashes
name-that-hash --hash "abc123xyz" --esearch
# Show all possible matches
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --allBatch Identification
# Identify hashes from file
name-that-hash --hashfile hashes.txt
# Extract hashes with grep
name-that-hash --hashfile cracked.txt --grep ".*"
# Show summary statistics
name-that-hash --hashfile passwords.txt --summary
# Export results
name-that-hash --hashfile hashes.txt --json > results.jsonHash Type Recognition
Common Hash Formats
| Hash Type | Length | Example | Algorithm |
|---|---|---|---|
| MD5 | 32 | 5d41402abc4b2a76b9719d911017c592 | Cryptographic (deprecated) |
| SHA1 | 40 | aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d | Cryptographic (deprecated) |
| SHA256 | 64 | 2c26b46911185131006ba2c65476db3e5a4ed7e3 | Cryptographic (modern) |
| SHA512 | 128 | 48eae3f87f51b56602d3d64b7e8819eee7759c09 | Cryptographic (strong) |
| bcrypt | 60 | $2b$12$R9h/cIPz0gi.URNN… | Password hash |
| scrypt | Variable | $7$C6…/… | Memory-hard hash |
| Argon2 | Variable | $argon2id$v=19$m=65536… | Modern password hash |
| NTLM | 32 | 209c6174da490caeb422f3fa5a7ae634 | Windows password hash |
| LM Hash | 32 | E52CAC67419A6A51667F688DF07D0B48 | Legacy Windows |
| DES | Variable | $1$salt$… | Unix crypt |
Hash Type Detection
# MD5 hashes
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592"
# Output: MD5
# SHA1 hashes
name-that-hash --hash "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d"
# Output: SHA1
# SHA256 hashes
name-that-hash --hash "2c26b46911185131006ba2c65476db3e5a4ed7e3"
# Output: SHA256
# bcrypt hashes
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN3OlCe'
# Output: bcrypt / blowfish
# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634"
# Output: NTLMAdvanced Identification
Contextual Identification
# Identify with context hints
name-that-hash --hash "hash_value" --wordlist rockyou.txt
# Narrow by application/OS
name-that-hash --hash "hash" --platform windows
name-that-hash --hash "hash" --platform linux
# Filter by strength
name-that-hash --hash "hash" --min-strength high
# Find weak hashes
name-that-hash --hash "hash" --weak-onlyMultiple Hash Types
# Identify mixture of hash types
name-that-hash --hashfile mixed_hashes.txt --auto
# Categorize by type
name-that-hash --hashfile hashes.txt --group-by-type
# Show statistics
name-that-hash --hashfile hashes.txt --statisticsCracking Strategies
Suggested Attack Methods
# Get cracking suggestions
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" --strategies
# MD5 cracking with hashcat
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" \
--crack --wordlist rockyou.txt
# bcrypt with john
name-that-hash --hash '$2b$12$R9h/cIPz0gi.URNN...' \
--crack --tool john
# Windows NTLM
name-that-hash --hash "209c6174da490caeb422f3fa5a7ae634" \
--crack --tool hashcat --wordlist passwords.txtIntegration with Cracking Tools
# Extract hashcat mode
name-that-hash --hash "hash" --hashcat-mode
# Get john format
name-that-hash --hash "hash" --john-format
# Prepare for hashcat
name-that-hash --hashfile hashes.txt --hashcat-mode | \
xargs -I {} hashcat -m {} hashes.txt rockyou.txt
# Prepare for john
name-that-hash --hashfile hashes.txt --john-format | \
xargs -I {} john --format={} hashes.txtHash Format Recognition
Container Formats
# WordPress hashes (wp_hash)
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1"
# Joomla hashes
name-that-hash --hash "d3d9446802a44259755d38e6d163e820:trd7lHwQtFCFjuzQWemTEYmCK9h0M0Na"
# Django hashes
name-that-hash --hash "pbkdf2_sha256$260000$salt$hash"
# Drupal hashes
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7m7W6.oJgVWzMUa2z7gsS"System Password Hashes
# Linux /etc/shadow hashes
name-that-hash --hashfile /etc/shadow
# Windows SAM hashes
name-that-hash --hashfile dumped_sam.txt
# macOS password hashes
name-that-hash --hashfile macos_hashes.txt
# Cisco device hashes
name-that-hash --hash "cisco_hash_value"Batch Processing
File Processing
# Process hash file
name-that-hash --hashfile hashes.txt
# Process with specific format
name-that-hash --hashfile hashes.txt --filter md5
# Case insensitive matching
name-that-hash --hashfile hashes.txt --case-insensitive
# Skip empty lines
name-that-hash --hashfile hashes.txt --skip-emptyExtraction from Mixed Text
# Extract hashes from file
name-that-hash --grep "^[a-f0-9]{32}$" --hashfile data.txt
# Extract SHA256 hashes
name-that-hash --grep "^[a-f0-9]{64}$" --hashfile data.txt
# Extract from logs
cat apache.log | name-that-hash --stdin
# Extract from password dumps
cat dump.txt | grep -oE "[a-f0-9]{32,128}" | \
name-that-hash --stdinOutput Formats
# JSON output
name-that-hash --hashfile hashes.txt --json > results.json
# CSV output
name-that-hash --hashfile hashes.txt --csv > results.csv
# Pretty print
name-that-hash --hashfile hashes.txt --pretty
# Machine-readable format
name-that-hash --hashfile hashes.txt --machine-readableAdvanced Analysis
Hash Algorithm Characteristics
# Get algorithm strength assessment
name-that-hash --hash "hash" --strength
# Check for known weaknesses
name-that-hash --hash "hash" --vulnerabilities
# GPU cracking capability
name-that-hash --hash "hash" --gpu-crackable
# CPU cracking capability
name-that-hash --hash "hash" --cpu-crackablePerformance Metrics
# Estimated crack time (MD5)
name-that-hash --hash "hash" --crack-time
# Compare hash algorithms
name-that-hash --hashfile hashes.txt --compare-speed
# Memory requirements
name-that-hash --hash "hash" --memory-requirements
# Parallelization potential
name-that-hash --hash "hash" --parallelizableIntegration with Other Tools
With Hashcat
# Export hashcat mode
mode=$(name-that-hash --hash "hash" --hashcat-mode)
# Crack with exported mode
hashcat -m $mode hashes.txt rockyou.txt
# Batch processing with hashcat
for hash in $(cat hashes.txt); do
mode=$(name-that-hash --hash "$hash" --hashcat-mode)
echo "$mode,$hash"
done > hashcat_input.csvWith John the Ripper
# Detect format for john
format=$(name-that-hash --hash "hash" --john-format)
# Crack with john
john --format=$format hashes.txt
# Dictionary attack
john --format=$format --wordlist=rockyou.txt hashes.txt
# Mask attack
john --format=$format --mask='?a?a?a?a' hashes.txtWith hashcat-utils
# Extract hashcat mode for batch
name-that-hash --hashfile hashes.txt --hashcat-mode | \
sort -u | while read mode; do
grep "$mode" hashes.txt | hashcat -m $mode rockyou.txt
doneReal-World Scenarios
Web Application Testing
# WordPress password crack
name-that-hash --hash "$P$B/e6hVR9VL6x5p0xPL.yEswQEI7jOq1" \
--crack --tool john
# Drupal credential identification
name-that-hash --hash "$S$DqupvVjVfb6W6o5w3vND0Wvod.pVzCa7..." \
--strategies
# Joomla user database
name-that-hash --hashfile joomla_users.txt --group-by-typeSystem Auditing
# Linux password audit
sudo cat /etc/shadow | cut -d: -f2 | \
name-that-hash --stdin --analyze
# Windows registry audit
name-that-hash --hashfile sam_hashes.txt --platform windows
# macOS audit
name-that-hash --hashfile macos_hashes.txt --strengthIncident Response
# Identify hashes in intrusion evidence
name-that-hash --hashfile evidence.txt --summary
# Timeline correlation
name-that-hash --hashfile hashes.txt --group-by-type > timeline.csv
# Hash comparison with IOCs
name-that-hash --hashfile unknown.txt --compare database.txtScripting and Automation
Bash Integration
#!/bin/bash
# Automated hash analysis
HASHFILE="$1"
OUTPUT="analysis_$(date +%Y%m%d).txt"
{
echo "Hash Analysis Report - $(date)"
echo "================================"
echo ""
echo "Summary:"
name-that-hash --hashfile "$HASHFILE" --summary
echo ""
echo "By Type:"
name-that-hash --hashfile "$HASHFILE" --group-by-type
echo ""
echo "Detailed Results:"
name-that-hash --hashfile "$HASHFILE" --pretty
} > "$OUTPUT"
echo "Report saved to $OUTPUT"Python Integration
import subprocess
import json
def identify_hash(hash_value):
"""Identify hash type using name-that-hash"""
result = subprocess.run(
['name-that-hash', '--hash', hash_value, '--json'],
capture_output=True,
text=True
)
return json.loads(result.stdout)
def batch_identify(hash_file):
"""Process file of hashes"""
result = subprocess.run(
['name-that-hash', '--hashfile', hash_file, '--json'],
capture_output=True,
text=True
)
return json.loads(result.stdout)
# Usage
hashes = identify_hash('5d41402abc4b2a76b9719d911017c592')
print(f"Hash Type: {hashes['name']}")
print(f"Crackable: {hashes['crackable']}")PowerShell Integration
# PowerShell hash identification
function Get-HashType {
param([string]$Hash)
$result = & name-that-hash --hash $Hash --json | ConvertFrom-Json
return $result
}
function Analyze-HashFile {
param([string]$FilePath)
& name-that-hash --hashfile $FilePath --pretty
}
# Usage
$hashes = Get-Content 'hashes.txt'
foreach ($hash in $hashes) {
$type = Get-HashType $hash
Write-Host "$hash : $($type.name)"
}Output Analysis
Understanding Results
# Detailed output explanation
name-that-hash --hash "5d41402abc4b2a76b9719d911017c592" -v
# Sample output:
# Hash: 5d41402abc4b2a76b9719d911017c592
# Type: MD5
# Hashcat Mode: 0
# John Format: raw-md5
# Crackable: True
# GPU Capable: True
# Strength: Weak
# Estimated Time (RTX 3090): 0.001 secondsInterpreting Recommendations
# Get recommended tools
name-that-hash --hash "hash" --recommend-tools
# Speed ratings
name-that-hash --hash "hash" --speed-rating
# Best practices
name-that-hash --hash "hash" --best-practicesTroubleshooting
Common Issues
# Hash not recognized
name-that-hash --hash "unknown" --esearch # Extended search
# Wrong identification
name-that-hash --hash "hash" --all # Show all possibilities
# File encoding issues
file hashes.txt # Check encoding
iconv -f iso-8859-1 -t utf-8 hashes.txt > hashes_utf8.txtDebug Mode
# Verbose output
name-that-hash --hash "hash" -vvv
# Debug logging
name-that-hash --hash "hash" --debug
# Profile execution
time name-that-hash --hashfile large_file.txtPerformance Optimization
Batch Processing
# Process large files efficiently
name-that-hash --hashfile hashes.txt --parallel 4
# Skip extended search for speed
name-that-hash --hashfile hashes.txt --no-esearch
# Use pre-filtered input
grep -oE "^[a-f0-9]{32}$" data.txt | \
name-that-hash --stdinReferences
- name-that-hash GitHub: https://github.com/HashPals/Name-That-Hash
- Hash Database: https://hashpals.com/
- Hashcat Modes: https://hashcat.net/wiki/doku.php?id=example_hashes
- John the Ripper: https://www.openwall.com/john/
Legal Notice
name-that-hash is designed for authorized password auditing, forensic analysis, and security research. Unauthorized password cracking is illegal. Always obtain written authorization before testing password systems or analyzing hashes.