hashcat

快捷使用

hashcat -a 0 -m 0 --force [hash]  /usr/share/wordlist/rockyou.txt -o ./result     [字典]
hashcat -a 0 -m 0 --force [hashfile]  /usr/share/wordlist/rockyou.txt -o ./result [批量hash]
hashcat -a 3 -m 0 --force f2aec315704b5f007915bdbbae5a9f5c te?d?d?dst			 [掩码爆破]
hashcat -a 6 -m 0 --force 9dc9d5ed5031367d42543763423c24ee password.txt ?l?l?l?l?l		 [字典掩码]
hashcat [hash] --show

简介
Hashcat是自称世界上最快的密码恢复工具。它在2015年之前拥有专有代码库，但现在作为免费软件发布。适用于Linux，OS X和Windows的版本可以使用基于CPU或基于GPU的变体。支持hashcat的散列算法有Microsoft LM哈希，MD4，MD5，SHA系列，Unix加密格式，MySQL和Cisco PIX等。

常用参数

1	-a 指定要使用的破解模式，其值参考后面对参数。“-a 0”字典攻击，“-a 1” 组合攻击；“-a 3”掩码攻击。
2	-m 指定要破解的hash类型，如果不指定类型，则默认是MD5
3	-o 指定破解成功后的hash及所对应的明文密码的存放位置,可以用它把破解成功的hash写到指定的文件中
4	--force 忽略破解过程中的警告信息,跑单条hash可能需要加上此选项
5	--show 显示已经破解的hash及该hash所对应的明文
6	--increment 启用增量破解模式,你可以利用此模式让hashcat在指定的密码长度范围内执行破解过程
7	--increment-min 密码最小长度,后面直接等于一个整数即可,配置increment模式一起使用
8	--increment-max 密码最大长度,同上
9	--outfile-format 指定破解结果的输出格式id,默认是3
10	--username 忽略hash文件中的指定的用户名,在破解linux系统用户密码hash可能会用到
11	--remove 删除已被破解成功的hash
12	-r 使用自定义破解规则

a参数破解模式

 # | Mode
===+======
 0 | Straight（字段破解）
 1 | Combination（多字典组合破解）
 3 | Brute-force（掩码暴力破解）
 6 | Hybrid Wordlist + Mask（字典+掩码破解）
 7 | Hybrid Mask + Wordlist（掩码+字典破解）

m参数hash类型（详见文末）

1	- [ Hash modes ] -
2
3	# \| Name \| Category
4	======+==================================================+======================================
5	900 \| MD4 \| Raw Hash
6	0 \| MD5 \| Raw Hash
7	5100 \| Half MD5 \| Raw Hash
8	100 \| SHA1 \| Raw Hash
9	1300 \| SHA2-224 \| Raw Hash
10	1400 \| SHA2-256 \| Raw Hash
11	10800 \| SHA2-384 \| Raw Hash
12	1700 \| SHA2-512 \| Raw Hash
13	17300 \| SHA3-224 \| Raw Hash
14	17400 \| SHA3-256 \| Raw Hash
15	17500 \| SHA3-384 \| Raw Hash
16	17600 \| SHA3-512 \| Raw Hash
17	10 \| md5($pass.$salt) \| Raw Hash, Salted and/or Iterated
18	20 \| md5($salt.$pass) \| Raw Hash, Salted and/or Iterated

掩码设置

常见字符集

1	l \| abcdefghijklmnopqrstuvwxyz 纯小写字母(lower)
2	u \| ABCDEFGHIJKLMNOPQRSTUVWXYZ 纯大写字母(upper)
3	d \| 0123456789 纯数字(decimal)
4	h \| 0123456789abcdef 常见小写子目录和数字(hex)
5	H \| 0123456789ABCDEF 常见大写字母和数字(HEX)
6	s \| !"#$%&'()*+,-./:;<=>?@[\]^_`{\|}~ 特殊字符(special)
7	a \| ?l?u?d?s 键盘上所有可见的字符(all_printable)
8	b \| 0x00 - 0xff 可能是用来匹配像空格这种密码的(bin)

eg：

1	八位数字密码：?d?d?d?d?d?d?d?d
2	八位未知密码：?a?a?a?a?a?a?a?a
3	前四位为大写字母，后面四位为数字：?u?u?u?u?d?d?d?d
4	前四位为数字或者是小写字母，后四位为大写字母或者数字：?h?h?h?h?H?H?H?H
5	前三个字符未知，中间为admin，后三位未知：?a?a?aadmin?a?a?a
6	6-8位数字密码：--increment --increment-min 6 --increment-max 8 ?l?l?l?l?l?l?l?l
7	6-8位数字+小写字母密码：--increment --increment-min 6 --increment-max 8 ?h?h?h?h?h?h?h?h

例子
```
- #### 7位数字破解
```

 `    hashcat -a 3 -m 0 --force 25c3e88f81b4853f2a8faacad4c871b6 ?d?d?d?d?d?d?d`

- #### 7位小写字母破解

  `hashcat -a 3 -m 0 --force 4488cec2aea535179e085367d8a17d75 ?l?l?l?l?l?l?l`

- #### 1-8位小写字母+数字破解

  `hashcat -a 3 -m 0 --force 4488cec2aea535179e085367d8a17d75 --incement --increment-min 1 --inrement-max 8 h?h?h?h?h??h?h?h`

- #### 1-8位为特定字符集：123456abcdf!@+-

  `hashcat -a 3 -m 0 --force -1 123456abcdf!@+- 8b78ba5089b11326290bc15cf0b9a07d --increment --increment-min 1 --increment-max 8 ?1?1?1?1?1?1?1?1?1?1`

- ####  1-8位数字+大小写字母+可见特殊符号

  `hashcat -a 3 -m 0 --force -1 ?d?l?u?s d37fc9ee39dd45a7717e3e3e9415f65d --increment --increment-min 1 --increment-max 8 ?1?1?1?1?1?1?1?1`

  or

   `hashcat -a 3 -m 0 --force  d37fc9ee39dd45a7717e3e3e9415f65d --increment --increment-min 1 --increment-max 8 ?a?a?a?a?a?a?a?a`

- #### 字典破解

  `hashcat -a 0 -m 0 --force [hash] password.txt -o ./result`

  #### 批量爆破

  `hashcat -a 0 -m 0 --force [hashfile] password.txt -o ./result`

- #### 字典组合破解

  `hashcat -a 1 -m 0 --force [hash] pwd1.txt pwd2.txt`

- #### 字典加掩码破解

  `hashcat -a 6 9dc9d5ed5031367d42543763423c24ee pwd.txt ?l?l?l?l?l`

密码类型实例

mysql4.1/5 passwod

1	hashcat -a 3 -m 300 --force 6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 ?d?d?d?d?d?d

sha512crypt $6$, SHA512 (Unix)破解

1	hashcate -a 3 -m 1800 --force $6$mxuA5cdy$XZRk0CvnPFqOgVopqiPEFAFK72SogKVwwwp7gWaUOb7b6tVwfCpcSUsCEk64ktLLYmzyew/xd0O0hPG/yrm2X. ?l?l?l?l

不用整理用户名，使用–username

1	hashcat -a 3 -m 1800 --force qiyou:$6$QDq75ki3$jsKm7qTDHz/xBob0kF1Lp170Cgg0i5Tslf3JW/sm9k9Q916mBTyilU3PoOsbRdxV8TAmzvdgNjrCuhfg3jKMY1 ?l?l?l?l?l --username

Windows NT-hash，LM-hash破解

1	NT-hash:
2	hashcat -a 3 -m 1000 209C6174DA490CAEB422F3FA5A7AE634 ?l?l?l?l?l
3	LM-hash:
4	hashcat -a 3 -m 3000 F0D412BD764FFE81AAD3B435B51404EE ?l?l?l?l?l

MSSQL

1	hashcat -a 3 -m 132 --force 0x01008c8006c224f71f6bf0036f78d863c3c4ff53f8c3c48edafb ?l?l?l?l?l?d?d?d

wordpress密码hash破解
具体加密脚本在./wp-includes/class-phpass.php的HashPassword函数
1
hashcat -a 3 -m 400 --force $P$BYEYcHEj3vDhV1lwGBv6rpxurKOEWY/ ?d?d?d?d?d?d

discuz用户密码hash破解

其密码加密方式md5(md5($pass).$salt)

1	hashcat -a 3 -m 2611 --force 14e1b600b1fd579f47433b88e8d85291: ?d?d?d?d?d?d

破解RAR压缩密码

首先rar2john获取rar文件hash值

1	rar2john.exe 1.rar

1	hashcate -a 3 -m 13000 --force $rar5$16$639e9ce8344c680da12e8bdd4346a6a3$15$a2b056a21a9836d8d48c2844d171b73d$8$04a52d2224ad082e ?d?d?d?d?d?d

注意：

hashcat 支持 RAR3-hp 和 RAR5，官方示例如下：

-m参数    类型      示例 hash
12500    RAR3-hp    $RAR3$*0*45109af8ab5f297a*adbf6c5385d7a40373e8f77d7b89d317
13000    RAR5       $rar5$16$74575567518807622265582327032280$15$f8b4064de34ac02ecabfe

zip密码破解

1	zip2john.exe 1.zip
2	结果：1.zip:$zip2$030554bb43ff71cb0cac76326f292119dfdff23524b28885eed4fe362bb1e91319ab53*$/zip2$:::::1.zip-1.txt

1	hashcat -a 3 -m 13600 $zip2$030554bb43ff71cb0cac76326f292119dfdff23524b28885eed4fe362bb1e91319ab53*$/zip2$ --force ?d?d?d?d?d?d

破解office密码

1	获取office的hash值：python office2john.py 11.docx

hashcat -a 3 -m 9600 $office$*2013*100000*256*16*e4a3eb62e8d3576f861f9eded75e0525*9eeb35f0849a7800d48113440b4bbb9c*577f8d8b2e1c5f60fed76e62327b38d28f25230f6c7dfd66588d9ca8097aabb9 --force ?d?d?d?d?d?d

破解WIFI密码
首先先把我们的握手包转化为hccapx格式，现在最新版的hashcat只支持hccapx格式了，以前的hccap格式已经不支持了
1
官方在线转化https://hashcat.net/cap2hccapx/
2
hashcat -a 3 -m 2500 1.hccapx 1391040?d?d?d?d

其他

对于破解过的hash值，用hashcat64.exe hash --show查看结果
所有的hash破解结果都在hashcat.potfile文件中
如果破解的时间太长，可以按s键可以查看破解的状态，p键暂停，r键继续破解，q键退出破解。
在使用GPU模式进行破解时，可以使用-O参数自动进行优化

在实际破解中的建议，如果我们盲目的去破解，会占用我们大量的时间和资源

1	1.首先走一遍常用的弱口令字典
2	2.组合密码，如：zhang1999，用姓氏和出生年组合，当然也可以用其它的组合，这里举个例子而已
3	3.把常用的掩码组合整理起来放在masks中的.hcmask文件中，然后让它自动加载破解
4	4.如果实在不行，你可以尝试低位数的所有组合去跑，不过不建议太高位数的组合去破解，因为如果对方设置的密码很复杂的话，到头来你密码没有破解到，却浪费了大量的时间和资源，得不偿失

6.HashCat参数优化
考虑到hashcat的破解速度以及资源的分配，我们可以对一些参数进行配置

Workload tuning 负载调优。
该参数支持的值有1,8,40,80,160
1
--gpu-accel 160 可以让GPU发挥最大性能。

Gpu loops 负载微调

1	--gpu-loops 1024 可以让GPU发挥最大性能。

Segment size 字典缓存大小

1	--segment-size 512 可以提高大字典破解的速度。

m 参数加密类型

[ Hash modes ] -


    # | Name                                             | Category
=========+==================================================+=========================
  900 | MD4                                              | Raw Hash
    0 | MD5                                              | Raw Hash
 5100 | Half MD5                                         | Raw Hash
  100 | SHA1                                             | Raw Hash
 1300 | SHA2-224                                         | Raw Hash
 1400 | SHA2-256                                         | Raw Hash
10800 | SHA2-384                                         | Raw Hash
 1700 | SHA2-512                                         | Raw Hash
17300 | SHA3-224                                         | Raw Hash
17400 | SHA3-256                                         | Raw Hash
17500 | SHA3-384                                         | Raw Hash
17600 | SHA3-512                                         | Raw Hash
17700 | Keccak-224                                       | Raw Hash
17800 | Keccak-256                                       | Raw Hash
17900 | Keccak-384                                       | Raw Hash
18000 | Keccak-512                                       | Raw Hash
  600 | BLAKE2b-512                                      | Raw Hash
10100 | SipHash                                          | Raw Hash
 6000 | RIPEMD-160                                       | Raw Hash
 6100 | Whirlpool                                        | Raw Hash
 6900 | GOST R 34.11-94                                  | Raw Hash
11700 | GOST R 34.11-2012 (Streebog) 256-bit, big-endian | Raw Hash
11800 | GOST R 34.11-2012 (Streebog) 512-bit, big-endian | Raw Hash
   10 | md5($pass.$salt)                                 | Raw Hash, Salted and/or Iterated
   20 | md5($salt.$pass)                                 | Raw Hash, Salted and/or Iterated
   30 | md5(utf16le($pass).$salt)                        | Raw Hash, Salted and/or Iterated
   40 | md5($salt.utf16le($pass))                        | Raw Hash, Salted and/or Iterated
 3800 | md5($salt.$pass.$salt)                           | Raw Hash, Salted and/or Iterated
 3710 | md5($salt.md5($pass))                            | Raw Hash, Salted and/or Iterated
 4010 | md5($salt.md5($salt.$pass))                      | Raw Hash, Salted and/or Iterated
 4110 | md5($salt.md5($pass.$salt))                      | Raw Hash, Salted and/or Iterated
 2600 | md5(md5($pass))                                  | Raw Hash, Salted and/or Iterated
 3910 | md5(md5($pass).md5($salt))                       | Raw Hash, Salted and/or Iterated
 4300 | md5(strtoupper(md5($pass)))                      | Raw Hash, Salted and/or Iterated
 4400 | md5(sha1($pass))                                 | Raw Hash, Salted and/or Iterated
  110 | sha1($pass.$salt)                                | Raw Hash, Salted and/or Iterated
  120 | sha1($salt.$pass)                                | Raw Hash, Salted and/or Iterated
  130 | sha1(utf16le($pass).$salt)                       | Raw Hash, Salted and/or Iterated
  140 | sha1($salt.utf16le($pass))                       | Raw Hash, Salted and/or Iterated
 4500 | sha1(sha1($pass))                                | Raw Hash, Salted and/or Iterated
 4520 | sha1($salt.sha1($pass))                          | Raw Hash, Salted and/or Iterated
 4700 | sha1(md5($pass))                                 | Raw Hash, Salted and/or Iterated
 4900 | sha1($salt.$pass.$salt)                          | Raw Hash, Salted and/or Iterated
14400 | sha1(CX)                                         | Raw Hash, Salted and/or Iterated
 1410 | sha256($pass.$salt)                              | Raw Hash, Salted and/or Iterated
 1420 | sha256($salt.$pass)                              | Raw Hash, Salted and/or Iterated
 1430 | sha256(utf16le($pass).$salt)                     | Raw Hash, Salted and/or Iterated
 1440 | sha256($salt.utf16le($pass))                     | Raw Hash, Salted and/or Iterated
 1710 | sha512($pass.$salt)                              | Raw Hash, Salted and/or Iterated
 1720 | sha512($salt.$pass)                              | Raw Hash, Salted and/or Iterated
 1730 | sha512(utf16le($pass).$salt)                     | Raw Hash, Salted and/or Iterated
 1740 | sha512($salt.utf16le($pass))                     | Raw Hash, Salted and/or Iterated
   50 | HMAC-MD5 (key = $pass)                           | Raw Hash, Authenticated
   60 | HMAC-MD5 (key = $salt)                           | Raw Hash, Authenticated
  150 | HMAC-SHA1 (key = $pass)                          | Raw Hash, Authenticated
  160 | HMAC-SHA1 (key = $salt)                          | Raw Hash, Authenticated
 1450 | HMAC-SHA256 (key = $pass)                        | Raw Hash, Authenticated
 1460 | HMAC-SHA256 (key = $salt)                        | Raw Hash, Authenticated
 1750 | HMAC-SHA512 (key = $pass)                        | Raw Hash, Authenticated
 1760 | HMAC-SHA512 (key = $salt)                        | Raw Hash, Authenticated
11750 | HMAC-Streebog-256 (key = $pass), big-endian      | Raw Hash, Authenticated
11760 | HMAC-Streebog-256 (key = $salt), big-endian      | Raw Hash, Authenticated
11850 | HMAC-Streebog-512 (key = $pass), big-endian      | Raw Hash, Authenticated
11860 | HMAC-Streebog-512 (key = $salt), big-endian      | Raw Hash, Authenticated
14000 | DES (PT = $salt, key = $pass)                    | Raw Cipher, Known-Plaintext attack
14100 | 3DES (PT = $salt, key = $pass)                   | Raw Cipher, Known-Plaintext attack
14900 | Skip32 (PT = $salt, key = $pass)                 | Raw Cipher, Known-Plaintext attack
15400 | ChaCha20                                         | Raw Cipher, Known-Plaintext attack
  400 | phpass                                           | Generic KDF
 8900 | scrypt                                           | Generic KDF
11900 | PBKDF2-HMAC-MD5                                  | Generic KDF
12000 | PBKDF2-HMAC-SHA1                                 | Generic KDF
10900 | PBKDF2-HMAC-SHA256                               | Generic KDF
12100 | PBKDF2-HMAC-SHA512                               | Generic KDF
   23 | Skype                                            | Network Protocols
 2500 | WPA-EAPOL-PBKDF2                                 | Network Protocols
 2501 | WPA-EAPOL-PMK                                    | Network Protocols
16800 | WPA-PMKID-PBKDF2                                 | Network Protocols
16801 | WPA-PMKID-PMK                                    | Network Protocols
 4800 | iSCSI CHAP authentication, MD5(CHAP)             | Network Protocols
 5300 | IKE-PSK MD5                                      | Network Protocols
 5400 | IKE-PSK SHA1                                     | Network Protocols
 5500 | NetNTLMv1                                        | Network Protocols
 5500 | NetNTLMv1+ESS                                    | Network Protocols
 5600 | NetNTLMv2                                        | Network Protocols
 7300 | IPMI2 RAKP HMAC-SHA1                             | Network Protocols
 7500 | Kerberos 5 AS-REQ Pre-Auth etype 23              | Network Protocols
 8300 | DNSSEC (NSEC3)                                   | Network Protocols
10200 | CRAM-MD5                                         | Network Protocols
11100 | PostgreSQL CRAM (MD5)                            | Network Protocols
11200 | MySQL CRAM (SHA1)                                | Network Protocols
11400 | SIP digest authentication (MD5)                  | Network Protocols
13100 | Kerberos 5 TGS-REP etype 23                      | Network Protocols
16100 | TACACS+                                          | Network Protocols
16500 | JWT (JSON Web Token)                             | Network Protocols
18200 | Kerberos 5 AS-REP etype 23                       | Network Protocols
  121 | SMF (Simple Machines Forum) > v1.1               | Forums, CMS, E-Commerce, Frameworks
  400 | phpBB3 (MD5)                                     | Forums, CMS, E-Commerce, Frameworks
 2611 | vBulletin < v3.8.5                               | Forums, CMS, E-Commerce, Frameworks
 2711 | vBulletin >= v3.8.5                              | Forums, CMS, E-Commerce, Frameworks
 2811 | MyBB 1.2+                                        | Forums, CMS, E-Commerce, Frameworks
 2811 | IPB2+ (Invision Power Board)                     | Forums, CMS, E-Commerce, Frameworks
 8400 | WBB3 (Woltlab Burning Board)                     | Forums, CMS, E-Commerce, Frameworks
   11 | Joomla < 2.5.18                                  | Forums, CMS, E-Commerce, Frameworks
  400 | Joomla >= 2.5.18 (MD5)                           | Forums, CMS, E-Commerce, Frameworks
  400 | WordPress (MD5)                                  | Forums, CMS, E-Commerce, Frameworks
 2612 | PHPS                                             | Forums, CMS, E-Commerce, Frameworks
 7900 | Drupal7                                          | Forums, CMS, E-Commerce, Frameworks
   21 | osCommerce                                       | Forums, CMS, E-Commerce, Frameworks
   21 | xt:Commerce                                      | Forums, CMS, E-Commerce, Frameworks
11000 | PrestaShop                                       | Forums, CMS, E-Commerce, Frameworks
  124 | Django (SHA-1)                                   | Forums, CMS, E-Commerce, Frameworks
10000 | Django (PBKDF2-SHA256)                           | Forums, CMS, E-Commerce, Frameworks
16000 | Tripcode                                         | Forums, CMS, E-Commerce, Frameworks
 3711 | MediaWiki B type                                 | Forums, CMS, E-Commerce, Frameworks
13900 | OpenCart                                         | Forums, CMS, E-Commerce, Frameworks
 4521 | Redmine                                          | Forums, CMS, E-Commerce, Frameworks
 4522 | PunBB                                            | Forums, CMS, E-Commerce, Frameworks
12001 | Atlassian (PBKDF2-HMAC-SHA1)                     | Forums, CMS, E-Commerce, Frameworks
   12 | PostgreSQL                                       | Database Server
  131 | MSSQL (2000)                                     | Database Server
  132 | MSSQL (2005)                                     | Database Server
 1731 | MSSQL (2012, 2014)                               | Database Server
  200 | MySQL323                                         | Database Server
  300 | MySQL4.1/MySQL5                                  | Database Server
 3100 | Oracle H: Type (Oracle 7+)                       | Database Server
  112 | Oracle S: Type (Oracle 11+)                      | Database Server
12300 | Oracle T: Type (Oracle 12+)                      | Database Server
 8000 | Sybase ASE                                       | Database Server
  141 | Episerver 6.x < .NET 4                           | HTTP, SMTP, LDAP Server
 1441 | Episerver 6.x >= .NET 4                          | HTTP, SMTP, LDAP Server
 1600 | Apache $apr1$ MD5, md5apr1, MD5 (APR)            | HTTP, SMTP, LDAP Server
12600 | ColdFusion 10+                                   | HTTP, SMTP, LDAP Server
 1421 | hMailServer                                      | HTTP, SMTP, LDAP Server
  101 | nsldap, SHA-1(Base64), Netscape LDAP SHA         | HTTP, SMTP, LDAP Server
  111 | nsldaps, SSHA-1(Base64), Netscape LDAP SSHA      | HTTP, SMTP, LDAP Server
 1411 | SSHA-256(Base64), LDAP {SSHA256}                 | HTTP, SMTP, LDAP Server
 1711 | SSHA-512(Base64), LDAP {SSHA512}                 | HTTP, SMTP, LDAP Server
16400 | CRAM-MD5 Dovecot                                 | HTTP, SMTP, LDAP Server
15000 | FileZilla Server >= 0.9.55                       | FTP Server
11500 | CRC32                                            | Checksums
 3000 | LM                                               | Operating Systems
 1000 | NTLM                                             | Operating Systems
 1100 | Domain Cached Credentials (DCC), MS Cache        | Operating Systems
 2100 | Domain Cached Credentials 2 (DCC2), MS Cache 2   | Operating Systems
15300 | DPAPI masterkey file v1                          | Operating Systems
15900 | DPAPI masterkey file v2                          | Operating Systems
12800 | MS-AzureSync  PBKDF2-HMAC-SHA256                 | Operating Systems
 1500 | descrypt, DES (Unix), Traditional DES            | Operating Systems
12400 | BSDi Crypt, Extended DES                         | Operating Systems
  500 | md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)        | Operating Systems
 3200 | bcrypt $2*$, Blowfish (Unix)                     | Operating Systems
 7400 | sha256crypt $5$, SHA256 (Unix)                   | Operating Systems
 1800 | sha512crypt $6$, SHA512 (Unix)                   | Operating Systems
  122 | macOS v10.4, MacOS v10.5, MacOS v10.6            | Operating Systems
 1722 | macOS v10.7                                      | Operating Systems
 7100 | macOS v10.8+ (PBKDF2-SHA512)                     | Operating Systems
 6300 | AIX {smd5}                                       | Operating Systems
 6700 | AIX {ssha1}                                      | Operating Systems
 6400 | AIX {ssha256}                                    | Operating Systems
 6500 | AIX {ssha512}                                    | Operating Systems
 2400 | Cisco-PIX MD5                                    | Operating Systems
 2410 | Cisco-ASA MD5                                    | Operating Systems
  500 | Cisco-IOS $1$ (MD5)                              | Operating Systems
 5700 | Cisco-IOS type 4 (SHA256)                        | Operating Systems
 9200 | Cisco-IOS $8$ (PBKDF2-SHA256)                    | Operating Systems
 9300 | Cisco-IOS $9$ (scrypt)                           | Operating Systems
   22 | Juniper NetScreen/SSG (ScreenOS)                 | Operating Systems
  501 | Juniper IVE                                      | Operating Systems
15100 | Juniper/NetBSD sha1crypt                         | Operating Systems
 7000 | FortiGate (FortiOS)                              | Operating Systems
 5800 | Samsung Android Password/PIN                     | Operating Systems
13800 | Windows Phone 8+ PIN/password                    | Operating Systems
 8100 | Citrix NetScaler                                 | Operating Systems
 8500 | RACF                                             | Operating Systems
 7200 | GRUB 2                                           | Operating Systems
 9900 | Radmin2                                          | Operating Systems
  125 | ArubaOS                                          | Operating Systems
 7700 | SAP CODVN B (BCODE)                              | Enterprise Application Software (EAS)
 7701 | SAP CODVN B (BCODE) via RFC_READ_TABLE           | Enterprise Application Software (EAS)
 7800 | SAP CODVN F/G (PASSCODE)                         | Enterprise Application Software (EAS)
 7801 | SAP CODVN F/G (PASSCODE) via RFC_READ_TABLE      | Enterprise Application Software (EAS)
10300 | SAP CODVN H (PWDSALTEDHASH) iSSHA-1              | Enterprise Application Software (EAS)
 8600 | Lotus Notes/Domino 5                             | Enterprise Application Software (EAS)
 8700 | Lotus Notes/Domino 6                             | Enterprise Application Software (EAS)
 9100 | Lotus Notes/Domino 8                             | Enterprise Application Software (EAS)
  133 | PeopleSoft                                       | Enterprise Application Software (EAS)
13500 | PeopleSoft PS_TOKEN                              | Enterprise Application Software (EAS)
11600 | 7-Zip                                            | Archives
12500 | RAR3-hp                                          | Archives
13000 | RAR5                                             | Archives
13200 | AxCrypt                                          | Archives
13300 | AxCrypt in-memory SHA1                           | Archives
13600 | WinZip                                           | Archives
14700 | iTunes backup < 10.0                             | Backup
14800 | iTunes backup >= 10.0                            | Backup
 62XY | TrueCrypt                                        | Full-Disk Encryption (FDE)
   X  | 1 = PBKDF2-HMAC-RIPEMD160                        | Full-Disk Encryption (FDE)
   X  | 2 = PBKDF2-HMAC-SHA512                           | Full-Disk Encryption (FDE)
   X  | 3 = PBKDF2-HMAC-Whirlpool                        | Full-Disk Encryption (FDE)
   X  | 4 = PBKDF2-HMAC-RIPEMD160 + boot-mode            | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure AES                        | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure Serpent                    | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure Twofish                    | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure AES                        | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure Serpent                    | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure Twofish                    | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded AES-Twofish            | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Serpent-AES            | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Twofish-Serpent        | Full-Disk Encryption (FDE)
    Y | 3 = XTS 1536 bit all                             | Full-Disk Encryption (FDE)
 8800 | Android FDE <= 4.3                               | Full-Disk Encryption (FDE)
12900 | Android FDE (Samsung DEK)                        | Full-Disk Encryption (FDE)
12200 | eCryptfs                                         | Full-Disk Encryption (FDE)
137XY | VeraCrypt                                        | Full-Disk Encryption (FDE)
   X  | 1 = PBKDF2-HMAC-RIPEMD160                        | Full-Disk Encryption (FDE)
   X  | 2 = PBKDF2-HMAC-SHA512                           | Full-Disk Encryption (FDE)
   X  | 3 = PBKDF2-HMAC-Whirlpool                        | Full-Disk Encryption (FDE)
   X  | 4 = PBKDF2-HMAC-RIPEMD160 + boot-mode            | Full-Disk Encryption (FDE)
   X  | 5 = PBKDF2-HMAC-SHA256                           | Full-Disk Encryption (FDE)
   X  | 6 = PBKDF2-HMAC-SHA256 + boot-mode               | Full-Disk Encryption (FDE)
   X  | 7 = PBKDF2-HMAC-Streebog-512                     | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure AES                        | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure Serpent                    | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure Twofish                    | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure Camellia                   | Full-Disk Encryption (FDE)
    Y | 1 = XTS  512 bit pure Kuznyechik                 | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure AES                        | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure Serpent                    | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure Twofish                    | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure Camellia                   | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit pure Kuznyechik                 | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded AES-Twofish            | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Camellia-Kuznyechik    | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Camellia-Serpent       | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Kuznyechik-AES         | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Kuznyechik-Twofish     | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Serpent-AES            | Full-Disk Encryption (FDE)
    Y | 2 = XTS 1024 bit cascaded Twofish-Serpent        | Full-Disk Encryption (FDE)
    Y | 3 = XTS 1536 bit all                             | Full-Disk Encryption (FDE)
14600 | LUKS                                             | Full-Disk Encryption (FDE)
16700 | FileVault 2                                      | Full-Disk Encryption (FDE)
18300 | Apple File System (APFS)                         | Full-Disk Encryption (FDE)
 9700 | MS Office <= 2003 $0/$1, MD5 + RC4               | Documents
 9710 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #1  | Documents
 9720 | MS Office <= 2003 $0/$1, MD5 + RC4, collider #2  | Documents
 9800 | MS Office <= 2003 $3/$4, SHA1 + RC4              | Documents
 9810 | MS Office <= 2003 $3, SHA1 + RC4, collider #1    | Documents
 9820 | MS Office <= 2003 $3, SHA1 + RC4, collider #2    | Documents
 9400 | MS Office 2007                                   | Documents
 9500 | MS Office 2010                                   | Documents
 9600 | MS Office 2013                                   | Documents
10400 | PDF 1.1 - 1.3 (Acrobat 2 - 4)                    | Documents
10410 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1       | Documents
10420 | PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2       | Documents
10500 | PDF 1.4 - 1.6 (Acrobat 5 - 8)                    | Documents
10600 | PDF 1.7 Level 3 (Acrobat 9)                      | Documents
10700 | PDF 1.7 Level 8 (Acrobat 10 - 11)                | Documents
16200 | Apple Secure Notes                               | Documents
 9000 | Password Safe v2                                 | Password Managers
 5200 | Password Safe v3                                 | Password Managers
 6800 | LastPass + LastPass sniffed                      | Password Managers
 6600 | 1Password, agilekeychain                         | Password Managers
 8200 | 1Password, cloudkeychain                         | Password Managers
11300 | Bitcoin/Litecoin wallet.dat                      | Password Managers
12700 | Blockchain, My Wallet                            | Password Managers
15200 | Blockchain, My Wallet, V2                        | Password Managers
16600 | Electrum Wallet (Salt-Type 1-3)                  | Password Managers
13400 | KeePass 1 (AES/Twofish) and KeePass 2 (AES)      | Password Managers
15500 | JKS Java Key Store Private Keys (SHA1)           | Password Managers
15600 | Ethereum Wallet, PBKDF2-HMAC-SHA256              | Password Managers
15700 | Ethereum Wallet, SCRYPT                          | Password Managers
16300 | Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256     | Password Managers
16900 | Ansible Vault                                    | Password Managers
18100 | TOTP (HMAC-SHA1)                                 | One-Time Passwords
99999 | Plaintext                                        | Plaintext

```

1	l \| abcdefghijklmnopqrstuvwxyz 纯小写字母(lower)
2	u \| ABCDEFGHIJKLMNOPQRSTUVWXYZ 纯大写字母(upper)
3	d \| 0123456789 纯数字(decimal)
4	h \| 0123456789abcdef 常见小写子目录和数字(hex)
5	H \| 0123456789ABCDEF 常见大写字母和数字(HEX)
6	s \| !"#$%&'()*+,-./:;<=>?@[\]^_`{\|}~ 特殊字符(special)
7	a \| ?l?u?d?s 键盘上所有可见的字符(all_printable)
8	b \| 0x00 - 0xff 可能是用来匹配像空格这种密码的(bin)

1	hashcat -a 0 -m 0 --force [hash] /usr/share/wordlist/rockyou.txt -o ./result [字典]
2	hashcat -a 0 -m 0 --force [hashfile] /usr/share/wordlist/rockyou.txt -o ./result [批量hash]
3	hashcat -a 3 -m 0 --force f2aec315704b5f007915bdbbae5a9f5c te?d?d?dst [掩码爆破]
4	hashcat -a 6 -m 0 --force 9dc9d5ed5031367d42543763423c24ee password.txt ?l?l?l?l?l [字典掩码]
5	hashcat [hash] --show

1	# \| Mode
2	===+======
3	0 \| Straight（字段破解）
4	1 \| Combination（多字典组合破解）
5	3 \| Brute-force（掩码暴力破解）
6	6 \| Hybrid Wordlist + Mask（字典+掩码破解）
7	7 \| Hybrid Mask + Wordlist（掩码+字典破解）

1	hashcat 支持 RAR3-hp 和 RAR5，官方示例如下：
2
3	-m参数类型示例 hash
4	12500 RAR3-hp $RAR3$045109af8ab5f297a*adbf6c5385d7a40373e8f77d7b89d317
5	13000 RAR5 $rar5$16$74575567518807622265582327032280$15$f8b4064de34ac02ecabfe

1	官方在线转化https://hashcat.net/cap2hccapx/
2	hashcat -a 3 -m 2500 1.hccapx 1391040?d?d?d?d

1
2	# \| Name \| Category
3	=========+==================================================+=========================
4	900 \| MD4 \| Raw Hash
5	0 \| MD5 \| Raw Hash
6	5100 \| Half MD5 \| Raw Hash
7	100 \| SHA1 \| Raw Hash
8	1300 \| SHA2-224 \| Raw Hash
9	1400 \| SHA2-256 \| Raw Hash
10	10800 \| SHA2-384 \| Raw Hash
11	1700 \| SHA2-512 \| Raw Hash
12	17300 \| SHA3-224 \| Raw Hash
13	17400 \| SHA3-256 \| Raw Hash
14	17500 \| SHA3-384 \| Raw Hash
15	17600 \| SHA3-512 \| Raw Hash
16	17700 \| Keccak-224 \| Raw Hash
17	17800 \| Keccak-256 \| Raw Hash
18	17900 \| Keccak-384 \| Raw Hash
19	18000 \| Keccak-512 \| Raw Hash
20	600 \| BLAKE2b-512 \| Raw Hash
21	10100 \| SipHash \| Raw Hash
22	6000 \| RIPEMD-160 \| Raw Hash
23	6100 \| Whirlpool \| Raw Hash
24	6900 \| GOST R 34.11-94 \| Raw Hash
25	11700 \| GOST R 34.11-2012 (Streebog) 256-bit, big-endian \| Raw Hash
26	11800 \| GOST R 34.11-2012 (Streebog) 512-bit, big-endian \| Raw Hash
27	10 \| md5($pass.$salt) \| Raw Hash, Salted and/or Iterated
28	20 \| md5($salt.$pass) \| Raw Hash, Salted and/or Iterated
29	30 \| md5(utf16le($pass).$salt) \| Raw Hash, Salted and/or Iterated
30	40 \| md5($salt.utf16le($pass)) \| Raw Hash, Salted and/or Iterated
31	3800 \| md5($salt.$pass.$salt) \| Raw Hash, Salted and/or Iterated
32	3710 \| md5($salt.md5($pass)) \| Raw Hash, Salted and/or Iterated
33	4010 \| md5($salt.md5($salt.$pass)) \| Raw Hash, Salted and/or Iterated
34	4110 \| md5($salt.md5($pass.$salt)) \| Raw Hash, Salted and/or Iterated
35	2600 \| md5(md5($pass)) \| Raw Hash, Salted and/or Iterated
36	3910 \| md5(md5($pass).md5($salt)) \| Raw Hash, Salted and/or Iterated
37	4300 \| md5(strtoupper(md5($pass))) \| Raw Hash, Salted and/or Iterated
38	4400 \| md5(sha1($pass)) \| Raw Hash, Salted and/or Iterated
39	110 \| sha1($pass.$salt) \| Raw Hash, Salted and/or Iterated
40	120 \| sha1($salt.$pass) \| Raw Hash, Salted and/or Iterated
41	130 \| sha1(utf16le($pass).$salt) \| Raw Hash, Salted and/or Iterated
42	140 \| sha1($salt.utf16le($pass)) \| Raw Hash, Salted and/or Iterated
43	4500 \| sha1(sha1($pass)) \| Raw Hash, Salted and/or Iterated
44	4520 \| sha1($salt.sha1($pass)) \| Raw Hash, Salted and/or Iterated
45	4700 \| sha1(md5($pass)) \| Raw Hash, Salted and/or Iterated
46	4900 \| sha1($salt.$pass.$salt) \| Raw Hash, Salted and/or Iterated
47	14400 \| sha1(CX) \| Raw Hash, Salted and/or Iterated
48	1410 \| sha256($pass.$salt) \| Raw Hash, Salted and/or Iterated
49	1420 \| sha256($salt.$pass) \| Raw Hash, Salted and/or Iterated
50	1430 \| sha256(utf16le($pass).$salt) \| Raw Hash, Salted and/or Iterated
51	1440 \| sha256($salt.utf16le($pass)) \| Raw Hash, Salted and/or Iterated
52	1710 \| sha512($pass.$salt) \| Raw Hash, Salted and/or Iterated
53	1720 \| sha512($salt.$pass) \| Raw Hash, Salted and/or Iterated
54	1730 \| sha512(utf16le($pass).$salt) \| Raw Hash, Salted and/or Iterated
55	1740 \| sha512($salt.utf16le($pass)) \| Raw Hash, Salted and/or Iterated
56	50 \| HMAC-MD5 (key = $pass) \| Raw Hash, Authenticated
57	60 \| HMAC-MD5 (key = $salt) \| Raw Hash, Authenticated
58	150 \| HMAC-SHA1 (key = $pass) \| Raw Hash, Authenticated
59	160 \| HMAC-SHA1 (key = $salt) \| Raw Hash, Authenticated
60	1450 \| HMAC-SHA256 (key = $pass) \| Raw Hash, Authenticated
61	1460 \| HMAC-SHA256 (key = $salt) \| Raw Hash, Authenticated
62	1750 \| HMAC-SHA512 (key = $pass) \| Raw Hash, Authenticated
63	1760 \| HMAC-SHA512 (key = $salt) \| Raw Hash, Authenticated
64	11750 \| HMAC-Streebog-256 (key = $pass), big-endian \| Raw Hash, Authenticated
65	11760 \| HMAC-Streebog-256 (key = $salt), big-endian \| Raw Hash, Authenticated
66	11850 \| HMAC-Streebog-512 (key = $pass), big-endian \| Raw Hash, Authenticated
67	11860 \| HMAC-Streebog-512 (key = $salt), big-endian \| Raw Hash, Authenticated
68	14000 \| DES (PT = $salt, key = $pass) \| Raw Cipher, Known-Plaintext attack
69	14100 \| 3DES (PT = $salt, key = $pass) \| Raw Cipher, Known-Plaintext attack
70	14900 \| Skip32 (PT = $salt, key = $pass) \| Raw Cipher, Known-Plaintext attack
71	15400 \| ChaCha20 \| Raw Cipher, Known-Plaintext attack
72	400 \| phpass \| Generic KDF
73	8900 \| scrypt \| Generic KDF
74	11900 \| PBKDF2-HMAC-MD5 \| Generic KDF
75	12000 \| PBKDF2-HMAC-SHA1 \| Generic KDF
76	10900 \| PBKDF2-HMAC-SHA256 \| Generic KDF
77	12100 \| PBKDF2-HMAC-SHA512 \| Generic KDF
78	23 \| Skype \| Network Protocols
79	2500 \| WPA-EAPOL-PBKDF2 \| Network Protocols
80	2501 \| WPA-EAPOL-PMK \| Network Protocols
81	16800 \| WPA-PMKID-PBKDF2 \| Network Protocols
82	16801 \| WPA-PMKID-PMK \| Network Protocols
83	4800 \| iSCSI CHAP authentication, MD5(CHAP) \| Network Protocols
84	5300 \| IKE-PSK MD5 \| Network Protocols
85	5400 \| IKE-PSK SHA1 \| Network Protocols
86	5500 \| NetNTLMv1 \| Network Protocols
87	5500 \| NetNTLMv1+ESS \| Network Protocols
88	5600 \| NetNTLMv2 \| Network Protocols
89	7300 \| IPMI2 RAKP HMAC-SHA1 \| Network Protocols
90	7500 \| Kerberos 5 AS-REQ Pre-Auth etype 23 \| Network Protocols
91	8300 \| DNSSEC (NSEC3) \| Network Protocols
92	10200 \| CRAM-MD5 \| Network Protocols
93	11100 \| PostgreSQL CRAM (MD5) \| Network Protocols
94	11200 \| MySQL CRAM (SHA1) \| Network Protocols
95	11400 \| SIP digest authentication (MD5) \| Network Protocols
96	13100 \| Kerberos 5 TGS-REP etype 23 \| Network Protocols
97	16100 \| TACACS+ \| Network Protocols
98	16500 \| JWT (JSON Web Token) \| Network Protocols
99	18200 \| Kerberos 5 AS-REP etype 23 \| Network Protocols
100	121 \| SMF (Simple Machines Forum) > v1.1 \| Forums, CMS, E-Commerce, Frameworks
101	400 \| phpBB3 (MD5) \| Forums, CMS, E-Commerce, Frameworks
102	2611 \| vBulletin < v3.8.5 \| Forums, CMS, E-Commerce, Frameworks
103	2711 \| vBulletin >= v3.8.5 \| Forums, CMS, E-Commerce, Frameworks
104	2811 \| MyBB 1.2+ \| Forums, CMS, E-Commerce, Frameworks
105	2811 \| IPB2+ (Invision Power Board) \| Forums, CMS, E-Commerce, Frameworks
106	8400 \| WBB3 (Woltlab Burning Board) \| Forums, CMS, E-Commerce, Frameworks
107	11 \| Joomla < 2.5.18 \| Forums, CMS, E-Commerce, Frameworks
108	400 \| Joomla >= 2.5.18 (MD5) \| Forums, CMS, E-Commerce, Frameworks
109	400 \| WordPress (MD5) \| Forums, CMS, E-Commerce, Frameworks
110	2612 \| PHPS \| Forums, CMS, E-Commerce, Frameworks
111	7900 \| Drupal7 \| Forums, CMS, E-Commerce, Frameworks
112	21 \| osCommerce \| Forums, CMS, E-Commerce, Frameworks
113	21 \| xt:Commerce \| Forums, CMS, E-Commerce, Frameworks
114	11000 \| PrestaShop \| Forums, CMS, E-Commerce, Frameworks
115	124 \| Django (SHA-1) \| Forums, CMS, E-Commerce, Frameworks
116	10000 \| Django (PBKDF2-SHA256) \| Forums, CMS, E-Commerce, Frameworks
117	16000 \| Tripcode \| Forums, CMS, E-Commerce, Frameworks
118	3711 \| MediaWiki B type \| Forums, CMS, E-Commerce, Frameworks
119	13900 \| OpenCart \| Forums, CMS, E-Commerce, Frameworks
120	4521 \| Redmine \| Forums, CMS, E-Commerce, Frameworks
121	4522 \| PunBB \| Forums, CMS, E-Commerce, Frameworks
122	12001 \| Atlassian (PBKDF2-HMAC-SHA1) \| Forums, CMS, E-Commerce, Frameworks
123	12 \| PostgreSQL \| Database Server
124	131 \| MSSQL (2000) \| Database Server
125	132 \| MSSQL (2005) \| Database Server
126	1731 \| MSSQL (2012, 2014) \| Database Server
127	200 \| MySQL323 \| Database Server
128	300 \| MySQL4.1/MySQL5 \| Database Server
129	3100 \| Oracle H: Type (Oracle 7+) \| Database Server
130	112 \| Oracle S: Type (Oracle 11+) \| Database Server
131	12300 \| Oracle T: Type (Oracle 12+) \| Database Server
132	8000 \| Sybase ASE \| Database Server
133	141 \| Episerver 6.x < .NET 4 \| HTTP, SMTP, LDAP Server
134	1441 \| Episerver 6.x >= .NET 4 \| HTTP, SMTP, LDAP Server
135	1600 \| Apache $apr1$ MD5, md5apr1, MD5 (APR) \| HTTP, SMTP, LDAP Server
136	12600 \| ColdFusion 10+ \| HTTP, SMTP, LDAP Server
137	1421 \| hMailServer \| HTTP, SMTP, LDAP Server
138	101 \| nsldap, SHA-1(Base64), Netscape LDAP SHA \| HTTP, SMTP, LDAP Server
139	111 \| nsldaps, SSHA-1(Base64), Netscape LDAP SSHA \| HTTP, SMTP, LDAP Server
140	1411 \| SSHA-256(Base64), LDAP {SSHA256} \| HTTP, SMTP, LDAP Server
141	1711 \| SSHA-512(Base64), LDAP {SSHA512} \| HTTP, SMTP, LDAP Server
142	16400 \| CRAM-MD5 Dovecot \| HTTP, SMTP, LDAP Server
143	15000 \| FileZilla Server >= 0.9.55 \| FTP Server
144	11500 \| CRC32 \| Checksums
145	3000 \| LM \| Operating Systems
146	1000 \| NTLM \| Operating Systems
147	1100 \| Domain Cached Credentials (DCC), MS Cache \| Operating Systems
148	2100 \| Domain Cached Credentials 2 (DCC2), MS Cache 2 \| Operating Systems
149	15300 \| DPAPI masterkey file v1 \| Operating Systems
150	15900 \| DPAPI masterkey file v2 \| Operating Systems
151	12800 \| MS-AzureSync PBKDF2-HMAC-SHA256 \| Operating Systems
152	1500 \| descrypt, DES (Unix), Traditional DES \| Operating Systems
153	12400 \| BSDi Crypt, Extended DES \| Operating Systems
154	500 \| md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5) \| Operating Systems
155	3200 \| bcrypt $2*$, Blowfish (Unix) \| Operating Systems
156	7400 \| sha256crypt $5$, SHA256 (Unix) \| Operating Systems
157	1800 \| sha512crypt $6$, SHA512 (Unix) \| Operating Systems
158	122 \| macOS v10.4, MacOS v10.5, MacOS v10.6 \| Operating Systems
159	1722 \| macOS v10.7 \| Operating Systems
160	7100 \| macOS v10.8+ (PBKDF2-SHA512) \| Operating Systems
161	6300 \| AIX {smd5} \| Operating Systems
162	6700 \| AIX {ssha1} \| Operating Systems
163	6400 \| AIX {ssha256} \| Operating Systems
164	6500 \| AIX {ssha512} \| Operating Systems
165	2400 \| Cisco-PIX MD5 \| Operating Systems
166	2410 \| Cisco-ASA MD5 \| Operating Systems
167	500 \| Cisco-IOS $1$ (MD5) \| Operating Systems
168	5700 \| Cisco-IOS type 4 (SHA256) \| Operating Systems
169	9200 \| Cisco-IOS $8$ (PBKDF2-SHA256) \| Operating Systems
170	9300 \| Cisco-IOS $9$ (scrypt) \| Operating Systems
171	22 \| Juniper NetScreen/SSG (ScreenOS) \| Operating Systems
172	501 \| Juniper IVE \| Operating Systems
173	15100 \| Juniper/NetBSD sha1crypt \| Operating Systems
174	7000 \| FortiGate (FortiOS) \| Operating Systems
175	5800 \| Samsung Android Password/PIN \| Operating Systems
176	13800 \| Windows Phone 8+ PIN/password \| Operating Systems
177	8100 \| Citrix NetScaler \| Operating Systems
178	8500 \| RACF \| Operating Systems
179	7200 \| GRUB 2 \| Operating Systems
180	9900 \| Radmin2 \| Operating Systems
181	125 \| ArubaOS \| Operating Systems
182	7700 \| SAP CODVN B (BCODE) \| Enterprise Application Software (EAS)
183	7701 \| SAP CODVN B (BCODE) via RFC_READ_TABLE \| Enterprise Application Software (EAS)
184	7800 \| SAP CODVN F/G (PASSCODE) \| Enterprise Application Software (EAS)
185	7801 \| SAP CODVN F/G (PASSCODE) via RFC_READ_TABLE \| Enterprise Application Software (EAS)
186	10300 \| SAP CODVN H (PWDSALTEDHASH) iSSHA-1 \| Enterprise Application Software (EAS)
187	8600 \| Lotus Notes/Domino 5 \| Enterprise Application Software (EAS)
188	8700 \| Lotus Notes/Domino 6 \| Enterprise Application Software (EAS)
189	9100 \| Lotus Notes/Domino 8 \| Enterprise Application Software (EAS)
190	133 \| PeopleSoft \| Enterprise Application Software (EAS)
191	13500 \| PeopleSoft PS_TOKEN \| Enterprise Application Software (EAS)
192	11600 \| 7-Zip \| Archives
193	12500 \| RAR3-hp \| Archives
194	13000 \| RAR5 \| Archives
195	13200 \| AxCrypt \| Archives
196	13300 \| AxCrypt in-memory SHA1 \| Archives
197	13600 \| WinZip \| Archives
198	14700 \| iTunes backup < 10.0 \| Backup
199	14800 \| iTunes backup >= 10.0 \| Backup
200	62XY \| TrueCrypt \| Full-Disk Encryption (FDE)
201	X \| 1 = PBKDF2-HMAC-RIPEMD160 \| Full-Disk Encryption (FDE)
202	X \| 2 = PBKDF2-HMAC-SHA512 \| Full-Disk Encryption (FDE)
203	X \| 3 = PBKDF2-HMAC-Whirlpool \| Full-Disk Encryption (FDE)
204	X \| 4 = PBKDF2-HMAC-RIPEMD160 + boot-mode \| Full-Disk Encryption (FDE)
205	Y \| 1 = XTS 512 bit pure AES \| Full-Disk Encryption (FDE)
206	Y \| 1 = XTS 512 bit pure Serpent \| Full-Disk Encryption (FDE)
207	Y \| 1 = XTS 512 bit pure Twofish \| Full-Disk Encryption (FDE)
208	Y \| 2 = XTS 1024 bit pure AES \| Full-Disk Encryption (FDE)
209	Y \| 2 = XTS 1024 bit pure Serpent \| Full-Disk Encryption (FDE)
210	Y \| 2 = XTS 1024 bit pure Twofish \| Full-Disk Encryption (FDE)
211	Y \| 2 = XTS 1024 bit cascaded AES-Twofish \| Full-Disk Encryption (FDE)
212	Y \| 2 = XTS 1024 bit cascaded Serpent-AES \| Full-Disk Encryption (FDE)
213	Y \| 2 = XTS 1024 bit cascaded Twofish-Serpent \| Full-Disk Encryption (FDE)
214	Y \| 3 = XTS 1536 bit all \| Full-Disk Encryption (FDE)
215	8800 \| Android FDE <= 4.3 \| Full-Disk Encryption (FDE)
216	12900 \| Android FDE (Samsung DEK) \| Full-Disk Encryption (FDE)
217	12200 \| eCryptfs \| Full-Disk Encryption (FDE)
218	137XY \| VeraCrypt \| Full-Disk Encryption (FDE)
219	X \| 1 = PBKDF2-HMAC-RIPEMD160 \| Full-Disk Encryption (FDE)
220	X \| 2 = PBKDF2-HMAC-SHA512 \| Full-Disk Encryption (FDE)
221	X \| 3 = PBKDF2-HMAC-Whirlpool \| Full-Disk Encryption (FDE)
222	X \| 4 = PBKDF2-HMAC-RIPEMD160 + boot-mode \| Full-Disk Encryption (FDE)
223	X \| 5 = PBKDF2-HMAC-SHA256 \| Full-Disk Encryption (FDE)
224	X \| 6 = PBKDF2-HMAC-SHA256 + boot-mode \| Full-Disk Encryption (FDE)
225	X \| 7 = PBKDF2-HMAC-Streebog-512 \| Full-Disk Encryption (FDE)
226	Y \| 1 = XTS 512 bit pure AES \| Full-Disk Encryption (FDE)
227	Y \| 1 = XTS 512 bit pure Serpent \| Full-Disk Encryption (FDE)
228	Y \| 1 = XTS 512 bit pure Twofish \| Full-Disk Encryption (FDE)
229	Y \| 1 = XTS 512 bit pure Camellia \| Full-Disk Encryption (FDE)
230	Y \| 1 = XTS 512 bit pure Kuznyechik \| Full-Disk Encryption (FDE)
231	Y \| 2 = XTS 1024 bit pure AES \| Full-Disk Encryption (FDE)
232	Y \| 2 = XTS 1024 bit pure Serpent \| Full-Disk Encryption (FDE)
233	Y \| 2 = XTS 1024 bit pure Twofish \| Full-Disk Encryption (FDE)
234	Y \| 2 = XTS 1024 bit pure Camellia \| Full-Disk Encryption (FDE)
235	Y \| 2 = XTS 1024 bit pure Kuznyechik \| Full-Disk Encryption (FDE)
236	Y \| 2 = XTS 1024 bit cascaded AES-Twofish \| Full-Disk Encryption (FDE)
237	Y \| 2 = XTS 1024 bit cascaded Camellia-Kuznyechik \| Full-Disk Encryption (FDE)
238	Y \| 2 = XTS 1024 bit cascaded Camellia-Serpent \| Full-Disk Encryption (FDE)
239	Y \| 2 = XTS 1024 bit cascaded Kuznyechik-AES \| Full-Disk Encryption (FDE)
240	Y \| 2 = XTS 1024 bit cascaded Kuznyechik-Twofish \| Full-Disk Encryption (FDE)
241	Y \| 2 = XTS 1024 bit cascaded Serpent-AES \| Full-Disk Encryption (FDE)
242	Y \| 2 = XTS 1024 bit cascaded Twofish-Serpent \| Full-Disk Encryption (FDE)
243	Y \| 3 = XTS 1536 bit all \| Full-Disk Encryption (FDE)
244	14600 \| LUKS \| Full-Disk Encryption (FDE)
245	16700 \| FileVault 2 \| Full-Disk Encryption (FDE)
246	18300 \| Apple File System (APFS) \| Full-Disk Encryption (FDE)
247	9700 \| MS Office <= 2003 $0/$1, MD5 + RC4 \| Documents
248	9710 \| MS Office <= 2003 $0/$1, MD5 + RC4, collider #1 \| Documents
249	9720 \| MS Office <= 2003 $0/$1, MD5 + RC4, collider #2 \| Documents
250	9800 \| MS Office <= 2003 $3/$4, SHA1 + RC4 \| Documents
251	9810 \| MS Office <= 2003 $3, SHA1 + RC4, collider #1 \| Documents
252	9820 \| MS Office <= 2003 $3, SHA1 + RC4, collider #2 \| Documents
253	9400 \| MS Office 2007 \| Documents
254	9500 \| MS Office 2010 \| Documents
255	9600 \| MS Office 2013 \| Documents
256	10400 \| PDF 1.1 - 1.3 (Acrobat 2 - 4) \| Documents
257	10410 \| PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #1 \| Documents
258	10420 \| PDF 1.1 - 1.3 (Acrobat 2 - 4), collider #2 \| Documents
259	10500 \| PDF 1.4 - 1.6 (Acrobat 5 - 8) \| Documents
260	10600 \| PDF 1.7 Level 3 (Acrobat 9) \| Documents
261	10700 \| PDF 1.7 Level 8 (Acrobat 10 - 11) \| Documents
262	16200 \| Apple Secure Notes \| Documents
263	9000 \| Password Safe v2 \| Password Managers
264	5200 \| Password Safe v3 \| Password Managers
265	6800 \| LastPass + LastPass sniffed \| Password Managers
266	6600 \| 1Password, agilekeychain \| Password Managers
267	8200 \| 1Password, cloudkeychain \| Password Managers
268	11300 \| Bitcoin/Litecoin wallet.dat \| Password Managers
269	12700 \| Blockchain, My Wallet \| Password Managers
270	15200 \| Blockchain, My Wallet, V2 \| Password Managers
271	16600 \| Electrum Wallet (Salt-Type 1-3) \| Password Managers
272	13400 \| KeePass 1 (AES/Twofish) and KeePass 2 (AES) \| Password Managers
273	15500 \| JKS Java Key Store Private Keys (SHA1) \| Password Managers
274	15600 \| Ethereum Wallet, PBKDF2-HMAC-SHA256 \| Password Managers
275	15700 \| Ethereum Wallet, SCRYPT \| Password Managers
276	16300 \| Ethereum Pre-Sale Wallet, PBKDF2-HMAC-SHA256 \| Password Managers
277	16900 \| Ansible Vault \| Password Managers
278	18100 \| TOTP (HMAC-SHA1) \| One-Time Passwords
279	99999 \| Plaintext \| Plaintext