Hashcat¶

Typical usage:

hashcat -a 0 -m <mode_#> -r rules\best64.rule <wordlist.txt> <hash_file>

Flags¶

Flag	Description
`-a`	Attack mode
`-m <mode_#>`	Hash type (mode ID).
`-w`	Workload profile (1–4). Use 3 by default; 4 when stable.
`-O`	Optimized kernels (faster; may reduce max candidate length for some modes).
`--session <name>`	Name a session for resume.
`--restore`	Resume the last/this session.
`--status` / `--status-timer <N>`	Periodic status output (every N seconds).
`--potfile-path <path>`	Custom potfile location.
`--show`	Display cracked hashes from potfile.
`--left`	Display uncracked hashes.
`--username`	Ignore username field in `user:hash` input.
`--skip <N>`	Skip N candidates (for chunking/distribution).
`--limit <N>`	Limit to N candidates (for chunking/distribution).
`--hwmon-temp-abort=<degC>`	Abort if device temperature exceeds threshold.

Command	Purpose
`hashcat --example-hashes`	Show example hashes and modes.
`hashid <hash>`	Heuristically identify likely hash types.
hashcat --help \| grep -n 'Hash modes'	Jump to hash modes section in help.

Hash Type	Hashcat Mode	Hash Format Signature (starts like…)
NTLM	`-m 1000`	32 hex characters (no prefix).
NetNTLMv2	`-m 5600`	`username::DOMAIN:...:NTLMv2_response` (challenge:blob:response line).
SHA1 (raw)	`-m 100`	40 hex characters (no prefix).
SHA256 (raw)	`-m 1400`	64 hex characters (no prefix).
SHA512 (raw)	`-m 1700`	128 hex characters (no prefix).
bcrypt	`-m 3200`	`$2a$…` / `$2b$…` / `$2y$…`.
WPA/WPA2 (PMKID/EAPOL, hc22000)	`-m 22000`	`WPA01…` or `WPA02…` lines.

Rules mutate dictionary words to mimic human variations. Use built-in packs and add small custom sets.

Built-in rule packs (typical paths)

Linux: /usr/share/hashcat/rules/
Zip: <hashcat_dir>/rules/
Useful files: best64.rule, generated2.rule, dive.rule, rockyou-30000.rule

Applying rules