LinuxCommandLibrary

hashid

Identify hash types

TLDR

Identify hashes from stdin (through typing, copying and pasting, or piping the hash into the program)

$ hashid
copy

Identify one or more hashes
$ hashid [hash1 hash2 ...]
copy

Identify hashes on a file (one hash per line)
$ hashid [path/to/hashes.txt]
copy

Show all possible hash types (including salted hashes)
$ hashid [[-e|--extended]] [hash]
copy

Show hashcat's mode number and john's format string of the hash types
$ hashid [[-m|--mode]] [[-j|--john]] [hash]
copy

Save output to a file instead of printing to stdout
$ hashid [[-o|--outfile]] [path/to/output.txt] [hash]
copy

SYNOPSIS

hashid [-h] [-m {s,f,d}] [-t TYPE] [-e] [HASH]

PARAMETERS

-h, --help
    Display help message and exit

-m {s,f,d}, --mode {s,f,d}
    Processing mode: s=single hash, f=file, d=directory (recursive)

-t TYPE, --type TYPE
    Filter for specific hash type (e.g., md5, sha1)

-e, --encoding
    Attempt to detect and decode common encodings (e.g., base64, rot13)

HASH
    Hash string to analyze; reads from stdin if omitted or with file/dir mode

DESCRIPTION

HashID is a Python-based command-line tool for identifying the type of hash from a given string, supporting over 220 hash algorithms across 48 types. It analyzes hash length, character set (e.g., hex, base64), and patterns to match against a predefined database.

Commonly used in penetration testing, forensics, and password cracking workflows, it saves time by avoiding brute-force identification. For instance, a 32-character hex string like 5d41402abc4b2a76b9719d911017c592 is flagged as MD5.

Key features include single hash checks, batch processing of files/directories, specific type filtering, and encoding detection (e.g., rot13). Output is a formatted table listing possible matches with details like byte length, mode, and algorithm name. While highly effective for standard hashes, accuracy depends on uniqueness of patterns and may produce false positives for ambiguous cases.

CAVEATS

Pattern-based; not 100% accurate for custom/obscure hashes. Requires Python; not in core repos (install separately). Directory mode may be slow on large trees.

INSTALLATION

Via pip: pip install hashID
Debian/Ubuntu: apt install hashid
GitHub: github.com/blackploit/hashid

EXAMPLE USAGE

hashid 5d41402abc4b2a76b9719d911017c592
Output:
### Possible Hashes ###
+-------------------------------------------------------+
| Hash: 5d41402abc4b2a76b9719d911017c592 |
| Algorithm: MD5 |
| Mode: Hex |
| Bytes: 16 |
+-------------------------------------------------------+

HISTORY

Originated as hash-identifier.py (~2009) by Marcelo Barros; evolved into Hash-ID by blackploit (GitHub, 2013+). Renamed hashid; actively maintained with database updates for new algorithms.

SEE ALSO

hashcat(1), john(1), md5sum(1)

Copied to clipboard