Hashcat Cheat Sheet

hashcat is the fastest password recovery tool supporting GPU acceleration. It supports hundreds of hash types and multiple attack modes for efficient cracking.

Basic Syntax

hashcat -m <hash_mode> -a <attack_mode> hashes.txt wordlist.txt

Common Hash Modes

• 0 → MD5
• 100 → SHA1
• 1400 → SHA256
• 1700 → SHA512
• 1800 → SHA512crypt
• 2500 → WPA/WPA2
• 3200 → bcrypt

List all:

hashcat -h | less

Attack Modes

• 0 → Straight (dictionary)
• 1 → Combination
• 3 → Brute-force / Mask
• 6 → Hybrid Wordlist + Mask
• 7 → Hybrid Mask + Wordlist

Dictionary Attack

hashcat -m 2500 -a 0 handshake.hccapx rockyou.txt

Mask Attack

hashcat -m 0 -a 3 hashes.txt ?l?l?l?l?d?d

Mask charset: - ?l lowercase - ?u uppercase - ?d digits - ?s symbols

Hybrid Attack

hashcat -m 0 -a 6 hashes.txt wordlist.txt ?d?d

Rule-Based Attack

hashcat -m 0 -a 0 hashes.txt wordlist.txt -r rules/best64.rule

Show Cracked Passwords

hashcat -m 0 hashes.txt --show

Resume Cracking

hashcat --restore

Benchmark

hashcat -b

Performance Tuning

hashcat -O -w 3 --force

• -O → optimized kernels
• -w 3 → workload profile

Typical Workflow (WPA)

hcxtools → capture PMKID
hashcat -m 22000 capture.22000 wordlist.txt

Common Issues

Related Tools

• crunch
• aircrack-ng
• john the ripper
• hcxtools

Use Cases

• Wi-Fi password cracking
• Hash recovery
• Credential auditing
• Red team operations

Legal Notice