Hash Identifier Cheat Sheet
Interactive helper to guess hash type for cracking tools.
Overview
Hash Identifier (hash-identifier / hashid) suggests likely hash formats from a single hash string so you can pick the correct John --format or Hashcat -m mode. It does not crack hashes—only classifies them for authorized offline recovery.
Install
sudo apt install hash-identifierAlternative with more signatures:
pip install hashidhashid -hEssential commands
Interactive (paste hash, press Enter twice)
hash-identifierhashid (non-interactive)
hashid '5f4dcc3b5aa765d61d8327deb882cf99'hashid -m 'aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c'hashid -j 'hashline' # John format nameshashid -m -o hash.txtCommon workflows
NTLM vs LM —
hashid 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0'NetNTLMv2 —
hashid 'user::DOMAIN:challenge:response:response'hashcat --example-hashes | grep -i netntlmbcrypt / sha512crypt —
hashid '$2y$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy'hashid '$6$rounds=5000$ saltsalt$...'Map to hashcat mode —
hashid -m '5f4dcc3b5aa765d61d8327deb882cf99'hashcat --example-hashes | grep -i md5Flags: hashid
-m 'hash' | Identify single hash (non-interactive) |
|---|---|
-j | Show John the Ripper format names |
-o outfile.txt | Write results to file |
-e | Show extended hash types |
Commands: hash-identifier
Interactive mode — paste hash, press Enter twice
hash-identifierTips
- Always confirm with hashcat --example-hashes or a known test crack before long jobs.
- Multiple matches are common (MD5 vs NTLM)—use context (source: /etc/shadow, AD dump, web app).
- For WPA, use hcxpcapngtool / cap2hccapx, not generic MD5 identification.
- name-that-hash and hashes.com are useful cross-checks in engagements.