The only tool you need for password cracking
Rating: 10 out of 10
IncentivizedUse Cases and Deployment Scope
Hashcat is one of those go-to tools for password cracking for pen testers and red teamers. GPU support makes it faster than other projects like John the Ripper. It supports every hash format I've run into, so no need to try and bring in other tools. It's an unofficial release, but I like some of the GUIs that people make for it when I don't feel like using the command line.
Pros
- GPU accelerated password cracking
- Rule based attacks
- Supports all the hash formats
Cons
- When drivers for your GPU aren't working it can be very frustrating to get started
- Some 3rd party GUI exists for Hashcat, but having an official one could be nice
Likelihood to Recommend
Any time you want to perform offline password cracking exercises, Hashcat is going to be able to do that for you. I can't think of any scenario where you have a password hash you need to crack where another tool would be more suited to the task. Hashcat, of course, works best when you have a GPU available, but you can even use it on a VM if you use the --force flag.
Vetted Review
6 years of experience