hashid

Identify hashes from stdin (through typing, copying and pasting, or piping the hash into the program)

$ hashid

$ hashid [hash1 hash2 ...]

$ hashid [path/to/hashes.txt]

$ hashid --extended [hash]

$ hashid --mode --john [hash]

$ hashid --outfile [path/to/output.txt] [hash]

hashid [OPTIONS] HASH_STRING
hashid [OPTIONS] -m MODULE_ID
hashid [OPTIONS] -d DESCRIPTION

-m MODULE_ID
    Displays detailed information for a specific hash module ID found in the hashid database.

-d DESCRIPTION
    Searches for hash modules by their descriptive name or a keyword within their description.

-v, --verbose
    Shows extended information about identified hashes, including algorithm families and typical use cases.

-j, --json
    Outputs the identification results in JSON format, useful for scripting and integration.

-o, --optimize
    Optimizes the internal hash database (primarily for development or maintenance purposes).

-s, --show-stats
    Displays statistics about the internal hash database, such as the total number of supported hash types.

-r, --regex
    Treats the input HASH_STRING as a regular expression for advanced pattern matching against hash formats.

-h, --help
    Displays the command's help message and available options.

-V, --version
    Displays the command's version information.

hashid is a utility designed to identify the type of an unknown hash string. It works by analyzing the format, length, and characteristics of the provided hash and comparing it against an extensive database of known hash algorithms and structures. This is particularly useful for penetration testers, security researchers, and forensic analysts who encounter hash strings and need to determine their origin or algorithm before attempting to crack them with tools like Hashcat or John the Ripper. It can identify cryptographic hashes (e.g., MD5, SHA-1, SHA-256), password hashes (e.g., NTLM, WPA, various Unix formats), and many more. By providing the hash type, hashid streamlines the process of selecting the correct cracking module, saving significant time in security assessments.

While hashid boasts an extensive database, it does not cover every possible hash type. Some hash formats might have overlapping characteristics, leading to multiple potential identifications (false positives) which hashid will list. It identifies the type of hash, not its original value or validity.

hashid employs a sophisticated logic combining hash length, character sets, presence of specific prefixes or delimiters, and regular expressions to match input strings against its internal database. This database includes over 300 known hash types, each corresponding to a unique Hashcat module ID, enabling seamless integration with hash cracking workflows.

Primarily utilized by ethical hackers, penetration testers, and forensic analysts, hashid quickly identifies hash types encountered in various contexts, such as configuration files, database dumps, and network captures. This identification is vital for selecting appropriate cracking tools and techniques, greatly aiding in security assessments and incident response by providing the necessary context for further analysis.

hashid is a key component of the hashcat-utils suite, which complements the popular password cracking tool Hashcat. It was developed to streamline the process of identifying unknown hash formats, a crucial first step before attempting to crack them. Its development is intertwined with the evolution of Hashcat itself, aiming to provide a comprehensive ecosystem for hash analysis and cracking. It's commonly found pre-installed or available in security-focused Linux distributions like Kali Linux and Parrot OS.

hashcat(1), john(1), md5sum(1), sha1sum(1)