#hashcracking — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #hashcracking, aggregated by home.social.
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
Spider v1.0.0 released.
Spider is not just another web crawler -- it is a purpose-built wordlist and ngram processor for hash cracking workflows.
URL Mode:
Point it at a URL and Spider crawls the target, extracts words, and generates frequency-sorted wordlists and/or ngrams.But, Spider does not stop at web crawling...
File Mode:
Feed it local files and it brings the same word-processing engine to your own datasets, scraped content, notes, dumps, configs, or any other plaintext source you want to turn into a targeted wordlist or ngram set.More info:
https://forum.hashpwn.net/post/52#spider #webcrawler #wordlist #generator #sort #ngram #cyclone #hashpwn #hashcracking
-
MD6 - The Failed SHA-3 Hash You Likely Never Heard Of
While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.
After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.
MD6 - Pure Go port
https://github.com/cyclone-github/md6hashgen v1.3.1 - MD6 support
https://github.com/cyclone-github/hashgen#md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port
-
MD6 - The Failed SHA-3 Hash You Likely Never Heard Of
While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.
After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.
MD6 - Pure Go port
https://github.com/cyclone-github/md6hashgen v1.3.1 - MD6 support
https://github.com/cyclone-github/hashgen#md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port
-
MD6 - The Failed SHA-3 Hash You Likely Never Heard Of
While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.
After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.
MD6 - Pure Go port
https://github.com/cyclone-github/md6hashgen v1.3.1 - MD6 support
https://github.com/cyclone-github/hashgen#md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port
-
MD6 - The Failed SHA-3 Hash You Likely Never Heard Of
While MD6 never made it into NIST as SHA-3, it has recently made its way into a few hash cracking contests.
After a suggestion from Vavaldi from HashMob to add MD6 support to hashgen, I began working on a Pure Go MD6 port. Once that was complete, I added support for 5x common MD6 digest sizes to hashgen.
MD6 - Pure Go port
https://github.com/cyclone-github/md6hashgen v1.3.1 - MD6 support
https://github.com/cyclone-github/hashgen#md6 #nist #sha3 #hashcracking #hashgen #cmiyc #ctc #golang #port
-
Looking for a language specific wordlist? We are too! Share yours with the hashpwn community.
https://forum.hashpwn.net/post/7639
#hashpwn #wordlist #hashcracking #language #hashcat #jtr #dict #dictionary
-
Crack the Con 2026 launched this morning!
https://forum.hashpwn.net/post/11778
#ctc #crackthecon #CypherCon #hashcracking #contest #hashpwn #cybersecurity #infosec
-
What a great Crack the Con #contest put on by #CsP! Congrats to Team #Hashmob for 1st, #Unmuddlers for 2nd, and #UNSHADE for 3rd!
https://crackthecon.com/leaderboard.php
https://forum.hashpwn.net/topic/119/crack-the-con-2025/6 -
Mark your calendars for Crack the Con 2025!
-
Countdown for the next Jabbercracky hash cracking contest has begun! Mark your calendars for this weekend.
https://forum.hashpwn.net/post/390
#jabbercracky #hashcracking #competition #hashpwn #ctf #cmiyc #ctc #contest
-
Released pcfg-go — a full Go rewrite of pcfg_cracker with ~3× faster training, ~40× faster guessing, $HEX[] and multi-byte support, improved trainer parsing...
Full Details: https://forum.hashpwn.net/post/11277
#pcfg #hashcracking #trainer #guesser #wordlist #generator #hashcat #hashpwn
-
CsP’s @Waffle_Real just released a new tool called hashpipe, and it solves a problem many of us run into with large potfiles: messy, misidentified hash:password entries.
hashpipe automatically validates founds by recomputing them, identifying the correct algorithm, and outputting verified results in an mdxfind format.
If you maintain large cracking datasets or potfiles, this is a great way to verify and clean them up.
Details:
https://forum.hashpwn.net/post/11119GitHub repo:
https://github.com/Cynosureprime/hashpipe#hashcracking #hashcat #jtr #hashpipe #CsP #cynosureprime #potfile #hashpwn
-
New version of hashgen released.
v1.2.2
- added mode: halfmd5 -m 5100
- added mode: morsedecodehttps://forum.hashpwn.net/post/89
#hashgen #md5 #halfmd5 #hashcat #morsecode #morsedecode #hashcracking #hashpwn
-
Crackmon, a crack rate monitor for hashcat, now supports mdxfind in PR11.
Example: stop current attack if <100 cracks / 5 minutes.
crackmon -t 5 -c 100 hashcat {hashcat args}
or
crackmon -t 5 -c 100 mdxfind {mdxfind args} -
🚀 New Release: hashgen v1.2.0
Big update packed with new features:
• Added 22 new modes: MySQL5, phpass, md5crypt, sha256crypt, sha512crypt, WordPress bcrypt-HMAC-SHA384 (wpbcrypt), base32 encode/decode, plus multiple hashcat modes including salted algos
• Updated yescrypt defaults to match Debian 12
• Read full changelog:
https://forum.hashpwn.net/post/5810#hashgen #hashcat #infosec #golang #hashcracking #hashpwn #yescrypt #wordpressbcrypt
-
Since Wordpress v6.8, the default hash func produces a custom bcrypt hash: $wp$2y$10$...
More info on this custom algo, how it uses hmac-sha384, and how to crack them with hashcat.
https://forum.hashpwn.net/post/4205
#wordpress #bcrypt #wpbcrypt #hashcracking #hashpwn #hashgen #hashcat
-
Did you know, John the Ripper can use hashcat rules?
Unlike hashcat’s simple -r flag, JtR requires some manual setup in a conf file. @freeroute posted a step-by-step guide explaining how to do this.
https://forum.hashpwn.net/post/2718
#jtr #john #JohnTheRipper #hashcat #rules #hashcracking #infosec #howto #hashpwn
-
So atom, main developer of @hashcat, used the "rapid prototyping in Python" plugin of the new "assimilation bridge" in the new hashcat 7¹, with some success in our DEF CON password CTF win this past weekend (hosted by @jabbercracky).
Afterwards, atom realized it would make a good case study for how to use the new feature, so he wrote it up:
https://hashcat.net/forum/thread-13346.html
If you do exploration of mystery hash types (either for CTFs, or in the real world) ... this approach should absolutely be in your toolbox.
¹Note that some work was done during the contest to make the Python bridge plugin better for these use cases; next minor release of 7 will have it, or grab hashcat.net/beta/ or the latest GitHub main branch.
-
Great game to all who played on both Competitive and Casual in this year's first DEF CON Jabbercracky, and congrats to team hashcat for 1st place, team hashmob for a close 2nd in the Competitive class.
https://forum.hashpwn.net/post/1974
https://defcon.jabbercracky.com/#jabbercracky #defcon #hashcracking #contest #hashcat #hashmob #hashpwn
-
Released: hashgen v1.3.0
New in this version:
* HMAC modes
* PBKDF2 modes
* scrypt support
* additional BLAKE2 modes
* hashcat UTF-16LE modes
* optimized salt RNG on salted hashes
* 95+ supported hash modes -
Happy New Year!
Hashpwn wrapped up our first full year in 2025 and had a lot of fun along the way.
A big thank you to everyone who has been part of the community, and to our staff who helped turn an idea into a reality.
Here's to 2026!
-
hashpwn-2025 wordlist is available for download and now includes all founds submitted to forum.hashpwn.net from Oct 2024 - Dec 2025.
-
A special thanks to our sponsors this year which made the prizes possible. Participates won over $700 worth of prizes in 13 different puzzles!
• Hashpwn.net
Hashpwn is an ethical hash cracking forum that offers moderated discussion, shared research, custom tools, all in a friendly and professional community.
Sponsored: Daily Prizes, Grand Prize• Lethologica.nl
Lethologica specializes in ethical crypto wallet recovery using advanced password research, digital forensics, and high-performance compute.
Sponsored: Daily Prizes, Grand Prize• Hashes.com
Hashes.com is a site dedicated to hash recovery with hash lookups, an escrow service, and an API to tie it all together.
Sponsored: Grand Prize• Hashmob.net
HashMob is a collaborative password research platform focused on hash recovery, analysis, and statistics. It provides shared hashlists, wordlists, tools, optimized rules, and APIs that help researchers and penetration testers improve real-world password security.
Sponsored: 3-month Diamond Patreon Vouchers to hashmob.net, Daily Prizes, Grand Prize• Hashcracky.com
Hashcracky hosts gamified hash cracking events where participants crack hashes, earn loot, and compete on live leaderboards. It blends competitive fun with real cracking skills through themed, time-limited challenges.
Sponsored: Vouchers for 35k Gold and loot at hashcracky.com#hashpwn #lethologica #hashescom #hashmob #hashcracky #hashcracking #challenge #puzzle #christmas
-
New Release: Hashes.com Escrow API Tool
v1.1.2; 2025-11-21
fixed redundant new line logic
added http timeouts -
🎉 Happy 1st Birthday, hashpwn! 🎉
Officially launched on October 12, 2024, what started as an idea between a few friends has grown into a thriving global community. Over the past year, forum activity has surged over 250%, with users represented from all around the world...
-
@tychotithonus has uploaded new mdxfind binaries:
mdxfind 1.135 (2025-09-12)
- Fixed segfault in SNE128 and SNE256
- Force checks added for rhash variants
- Better flushing of stdout
- New hash type: MD5DECBASE64MD5BASE64MD5Download:
https://www.techsolvency.com/pub/bin/mdxfind/Mirror:
https://forum.hashpwn.net/post/10#mdxfind #mdxsplit #techsolvency #hashcracking #hashpwn #md5
-
As a fun experiment, I rewrote hashgen v1.2.0-dev in everyone's favorite memory safe, systems programming language, Rust.
Was it easy? No. Was it worth it? Yes.
Benchmarks show Rust is fast, but so is optimized Go.
-
New release: escrow_tool v1.1.1
Hashes.com escrow tool now supports websocket monitoring.
-
hashgen v1.2.0-dev update:
-added 20 new hash modes including Wordpress v6.8 Bcrypt, Linux shadow hashes, MySQL5, and multiple salted algos
https://forum.hashpwn.net/post/89
#hashgen #hashcracking #wordpressbcrypt #hmac_sha384 #linux #shadowfile #mysql
-
hashgen v1.1.5-dev update:
- hashgen now preserves original input order
- bug fixes / updates -
New Release: hashgen v1.1.4
This release adds multiple keccak and blake2 modes, a new benchmark option, and small performance boosts.
-
Hashcat v7.0.0+4.2 Nvidia RTX 4090 benchmarks.
https://forum.hashpwn.net/post/1635
#hashcat #nvidia #rtx #4090 #hashcracking #hashpwn
-
Hashcat v7.0.0 was released on github!
https://github.com/hashcat/hashcat/releases/tag/v7.0.0
-
"As CMIYC isn't running at DEFCON this year, Password Village has worked with In.security to bring Jabbercracky to DEFCON to fill the void this year!
This will be a 48-hour event running from 12:00 noon on Friday 8th - 12:00 noon on Sunday 10th August."
https://forum.hashpwn.net/post/793
#cmiyc #KoreLogic #defcon #jabbercracky #insecurity #PasswordVillage #hashpwn #hashcat #hashmob #hashcracking #contest
-
For those familiar with hashes.com and its escrow system, hashpwn is excited to announce the launch of our Hashes.com Escrow Feed which provides a historical archive of all escrow jobs and their full hash lists.
-
Per KoreLogic, CMIYC 2025 will not be hosted at or during DEF CON (August 7-10, 2025) this year.
-
hashgen v1.1.3 published to github:
Changelog:
- added mode "hex" for $HEX[] formatted output
- improved "plaintext/dehex" logic to decode both $HEX[] and raw base-16 inputhttps://forum.hashpwn.net/post/679
#hashgen #hashcracking #wordlist #hex #base64 #base58 #hashpwn
-
#debian's default shadow file hash algo, #yescrypt, has been added to #hashgen.
-
New version of #hashgen published.
Changelog:
v1.1.0; 2025-03-19
added modes: #base58, #argon2id, #bcrypt w/custom cost factorhttps://forum.hashpwn.net/post/89
#hashgenerator #hashcracking #hashcat #hashpwn #cyclone #golang
-
Need to convert a #wordlist to #hash? Meet #hashgen, the blazingly fast hash generator. Currently supports 18+ modes such as #md5, #sha, #ntlm, #crc, #base64 encode/decode, and converting $HEX[] to #plaintext.
Cross-compilable for Linux, Windows and Mac.
https://forum.hashpwn.net/post/89
#hashpwn #hashcracking #hashcat #hex -
After seeing yescrypt hashes appear in CMIYC a while back, I started developing a yescrypt cracker in pure Go. Since then, yescrypt has become the default /etc/shadow hash for many popular linux distros such as Debian, Ubuntu, RHEL, Fedora, and Arch (to name a few), but hash cracking support for this algo has been limited to JtR -- until now.
Here's a sneak peek of the yescrypt_cracker POC:
https://forum.hashpwn.net/post/446
#yescrypt #hashcracking #cyclone #hashpwn #hashcat #cmiyc #jtr #johntheripper #golang
-
Watch out complex passwords, there's a new combinator tool in town.
Vavaldi just released Targinator, a feature-rich wordlist combinator that combines a wordlist with target hints in all possible positions, plus supports applying hashcat-style rules to either or both wordlists being combined.
https://forum.hashpwn.net/post/652
#hashcracking #combinator #hashcat #infosec #vavaldi #flagg #cyclone #hashpwn
-
New to using Targinator? Here's a quick getting started guide for generating advanced wordlist combinations.
Example command:
./targinator target_wordlist.txt ignis-10M.txt -x 1 -t cyclone_250.ruleFull post: https://forum.hashpwn.net/post/674
#targinator #hashcat #hashcracking #combo #combinator #hashpwn