Identify the different types of hashes used to encrypt data and especially passwords.
This replaces hash-identifier, which is outdated!
hashID is a tool written in Python 3 which supports the identification of over 220 unique hash types using regular expressions. A detailed list of supported hashes can be found here.
It is able to identify a single hash, parse a file or read multiple files in a directory and identify the hashes within them. hashID is also capable of including the corresponding hashcat mode and/or JohnTheRipper format in its output.
hashID works out of the box with Python 2 ≥ 2.7.x or Python 3 ≥ 3.3 on any platform.
Note: When identifying a hash on *nix operating systems use single quotes to prevent interpolation.
You can install, upgrade, uninstall hashID with these commands:
$ pip install hashid
$ pip install --upgrade hashid
$ pip uninstall hashid
Or you can install by cloning the repository:
$ sudo apt-get install python3 git
$ git clone https://github.com/psypanda/hashid.git
$ cd hashid
$ sudo install -g 0 -o 0 -m 0644 doc/man/hashid.7 /usr/share/man/man7/
$ sudo gzip /usr/share/man/man7/hashid.7
Alternatively you can grab the latest release here.
$ ./hashid.py [-h] [-e] [-m] [-j] [-o FILE] [--version] INPUT
Parameter | Description |
---|---|
INPUT | input to analyze (default: STDIN) |
-e, --extended | list all hash algorithms including salted passwords |
-m, --mode | show corresponding hashcat mode in output |
-j, --john | show corresponding JohnTheRipper format in output |
-o FILE, --outfile FILE | write output to file (default: STDOUT) |
--help | show help message and exit |
--version | show program's version number and exit |
$ ./hashid.py '$P$8ohUJ.1sdFw09/bMaAQPTGDNi2BIUt1'
Analyzing '$P$8ohUJ.1sdFw09/bMaAQPTGDNi2BIUt1'
[+] Wordpress ≥ v2.6.2
[+] Joomla ≥ v2.5.18
[+] PHPass' Portable Hash
$ ./hashid.py -mj '$racf$*AAAAAAAA*3c44ee7f409c9a9b'
Analyzing '$racf$*AAAAAAAA*3c44ee7f409c9a9b'
[+] RACF [Hashcat Mode: 8500][JtR Format: racf]
$ ./hashid.py hashes.txt
--File 'hashes.txt'--
Analyzing '*85ADE5DDF71E348162894C71D73324C043838751'
[+] MySQL5.x
[+] MySQL4.1
Analyzing '$2a$08$VPzNKPAY60FsAbnq.c.h5.XTCZtC1z.j3hnlDFGImN9FcpfR1QnLq'
[+] Blowfish(OpenBSD)
[+] Woltlab Burning Board 4.x
[+] bcrypt
--End of file 'hashes.txt'--