haiti-hash 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (59) hide show
  1. checksums.yaml +7 -0
  2. data/.editorconfig +21 -0
  3. data/.gitignore +8 -0
  4. data/.rubocop.yml +25 -0
  5. data/.yardopts +4 -0
  6. data/.yardopts-dev +6 -0
  7. data/Gemfile +6 -0
  8. data/Gemfile.lock +56 -0
  9. data/LICENSE.txt +21 -0
  10. data/README.md +32 -0
  11. data/Rakefile +10 -0
  12. data/bin/haiti +69 -0
  13. data/bin/haiti_console +7 -0
  14. data/bin/haiti_setup +7 -0
  15. data/data/prototypes.json +2389 -0
  16. data/docs/.nojekyll +0 -0
  17. data/docs/CHANGELOG.md +3 -0
  18. data/docs/README.md +22 -0
  19. data/docs/_coverpage.md +15 -0
  20. data/docs/_media/logo.png +0 -0
  21. data/docs/_navbar.md +2 -0
  22. data/docs/_sidebar.md +15 -0
  23. data/docs/about.md +5 -0
  24. data/docs/index.html +31 -0
  25. data/docs/pages/demo.md +3 -0
  26. data/docs/pages/documentation.md +34 -0
  27. data/docs/pages/install.md +90 -0
  28. data/docs/pages/publishing.md +39 -0
  29. data/docs/pages/quick-start.md +39 -0
  30. data/docs/pages/usage.md +58 -0
  31. data/docs/vendor/docsify.js +1 -0
  32. data/docs/vendor/plugins/emoji.min.js +1 -0
  33. data/docs/vendor/plugins/search.min.js +1 -0
  34. data/docs/vendor/prismjs/components/prism-ruby.min.js +1 -0
  35. data/docs/vendor/themes/vue.css +1 -0
  36. data/docs/why.md +35 -0
  37. data/docs/yard/HashIdentifier.html +479 -0
  38. data/docs/yard/HashIdentifier/Chf.html +590 -0
  39. data/docs/yard/Version.html +126 -0
  40. data/docs/yard/_index.html +138 -0
  41. data/docs/yard/class_list.html +51 -0
  42. data/docs/yard/css/common.css +1 -0
  43. data/docs/yard/css/full_list.css +58 -0
  44. data/docs/yard/css/style.css +496 -0
  45. data/docs/yard/file.LICENSE.html +70 -0
  46. data/docs/yard/file.README.html +106 -0
  47. data/docs/yard/file_list.html +61 -0
  48. data/docs/yard/frames.html +17 -0
  49. data/docs/yard/index.html +106 -0
  50. data/docs/yard/js/app.js +303 -0
  51. data/docs/yard/js/full_list.js +216 -0
  52. data/docs/yard/js/jquery.js +4 -0
  53. data/docs/yard/method_list.html +115 -0
  54. data/docs/yard/top-level-namespace.html +112 -0
  55. data/lib/haiti.rb +49 -0
  56. data/lib/haiti/hash.rb +23 -0
  57. data/lib/haiti/version.rb +5 -0
  58. data/test/test_haiti.rb +33 -0
  59. metadata +249 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: ea489f10f5c1dbe663cde1ff954aa0883f4a8c75e317a5a88bba47a6bc806524
4
+ data.tar.gz: 79c1620f169053f58a53a45dc2727bb6cbf180aa75c9de0969909a7ac1946e98
5
+ SHA512:
6
+ metadata.gz: 6cc3b6b014785fe7fee794af3a90c812b42bcb3a5eb50a413736faac263f1f5e2c1093bc2d589f57a9cb009794082e692cff15a4d6cbb2d10619c80cfc99c1bf
7
+ data.tar.gz: f1d02e7486b9126b997a198fd3ffcb889686378c227da43fc8c03cc2d3e9cae1174a9af32afa5355afa6c4c6ad74f9a6bc8dc5258d0f3f422f489abe225d233f
data/.editorconfig ADDED
@@ -0,0 +1,21 @@
1
+ # EditorConfig: https://EditorConfig.org
2
+
3
+ # top-most EditorConfig file
4
+ root = true
5
+
6
+ # Unix-style newlines with a newline ending every file
7
+ [*]
8
+ end_of_line = lf
9
+ insert_final_newline = true
10
+
11
+ # ruby
12
+ [*.rb]
13
+ charset = utf-8
14
+ indent_style = space
15
+ indent_size = 2
16
+ trim_trailing_whitespace = true
17
+
18
+ # keep source format
19
+ [data/prototypes.json]
20
+ indent_style = space
21
+ indent_size = 4
data/.gitignore ADDED
@@ -0,0 +1,8 @@
1
+ .yardoc
2
+ *.gem
3
+ /pkg
4
+ /doc
5
+ /vendor
6
+ .bundle/
7
+ /node_modules
8
+ .git
data/.rubocop.yml ADDED
@@ -0,0 +1,25 @@
1
+ # Metrics
2
+ AllCops:
3
+ TargetRubyVersion: 2.4
4
+
5
+ Layout/AlignHash:
6
+ Include:
7
+ - 'lib/**/*.rb'
8
+ Metrics/AbcSize:
9
+ Enabled: false
10
+ Metrics/ClassLength:
11
+ Max: 200
12
+ Metrics/CyclomaticComplexity:
13
+ Enabled: false
14
+ Metrics/LineLength:
15
+ Include:
16
+ - 'lib/**/*.rb'
17
+ Metrics/BlockNesting:
18
+ Exclude:
19
+ - 'bin/*'
20
+ Metrics/MethodLength:
21
+ Max: 25
22
+ Metrics/PerceivedComplexity:
23
+ Max: 10
24
+ Style/RedundantReturn:
25
+ Enabled: false
data/.yardopts ADDED
@@ -0,0 +1,4 @@
1
+ --output-dir docs/yard
2
+ -
3
+ --main README.md
4
+ LICENSE.txt
data/.yardopts-dev ADDED
@@ -0,0 +1,6 @@
1
+ --output-dir docs/yard
2
+ --protected
3
+ --private
4
+ -
5
+ --main README.md
6
+ LICENSE.txt
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ # frozen_string_literal: true
2
+
3
+ source 'https://rubygems.org'
4
+
5
+ # Specify your gem's dependencies in .gemspec
6
+ gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,56 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ haiti-hash (0.0.1)
5
+ docopt (~> 0.6)
6
+ paint (~> 2.1)
7
+
8
+ GEM
9
+ remote: https://rubygems.org/
10
+ specs:
11
+ ast (2.4.0)
12
+ commonmarker (0.20.1)
13
+ ruby-enum (~> 0.5)
14
+ concurrent-ruby (1.1.5)
15
+ docopt (0.6.1)
16
+ github-markup (3.0.4)
17
+ i18n (1.7.0)
18
+ concurrent-ruby (~> 1.0)
19
+ jaro_winkler (1.5.3)
20
+ minitest (5.12.2)
21
+ paint (2.1.1)
22
+ parallel (1.18.0)
23
+ parser (2.6.5.0)
24
+ ast (~> 2.4.0)
25
+ rainbow (3.0.0)
26
+ rake (13.0.0)
27
+ redcarpet (3.5.0)
28
+ rubocop (0.75.1)
29
+ jaro_winkler (~> 1.5.1)
30
+ parallel (~> 1.10)
31
+ parser (>= 2.6)
32
+ rainbow (>= 2.2.2, < 4.0)
33
+ ruby-progressbar (~> 1.7)
34
+ unicode-display_width (>= 1.4.0, < 1.7)
35
+ ruby-enum (0.7.2)
36
+ i18n
37
+ ruby-progressbar (1.10.1)
38
+ unicode-display_width (1.6.0)
39
+ yard (0.9.20)
40
+
41
+ PLATFORMS
42
+ ruby
43
+
44
+ DEPENDENCIES
45
+ bundler (~> 2.0)
46
+ commonmarker (~> 0.20)
47
+ github-markup (~> 3.0)
48
+ haiti-hash!
49
+ minitest (~> 5.12)
50
+ rake (~> 13.0)
51
+ redcarpet (~> 3.5)
52
+ rubocop (~> 0.75)
53
+ yard (~> 0.9)
54
+
55
+ BUNDLED WITH
56
+ 2.0.2
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2019 Alexandre ZANNI
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,32 @@
1
+ # HAITI
2
+
3
+ [![Gem Version](https://badge.fury.io/rb/haiti.svg)](https://badge.fury.io/rb/haiti-hash)
4
+ ![GitHub tag (latest SemVer)](https://img.shields.io/github/tag/Orange-Cyberdefense/haiti)
5
+ [![GitHub forks](https://img.shields.io/github/forks/Orange-Cyberdefense/haiti)](https://github.com/Orange-Cyberdefense/haiti/network)
6
+ [![GitHub stars](https://img.shields.io/github/stars/Orange-Cyberdefense/haiti)](https://github.com/Orange-Cyberdefense/haiti/stargazers)
7
+ [![GitHub license](https://img.shields.io/github/license/Orange-Cyberdefense/haiti)](https://github.com/Orange-Cyberdefense/haiti/blob/master/LICENSE.txt)
8
+
9
+ [![Packaging status](https://repology.org/badge/vertical-allrepos/haiti.svg)](https://repology.org/project/haiti/versions)
10
+
11
+ ![](https://orange-cyberdefense.github.io/haiti/_media/logo.png)
12
+
13
+ > _**HA**sh **I**den**T**if**I**er_
14
+
15
+ ## What is it?
16
+
17
+ A CLI tool to identify the hash type of a given hash.
18
+
19
+ ## Features
20
+
21
+ - 270+ hash types detected
22
+ - Hashcat and John the Ripper references
23
+ - CLI tool & library
24
+ - Hackable
25
+
26
+ ## References
27
+
28
+ Homepage / Documentation: https://orange-cyberdefense.github.io/haiti/
29
+
30
+ ## Author
31
+
32
+ Made by Alexandre ZANNI ([@noraj](https://github.com/noraj)), pentester from Orange Cyberdefense.
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ require 'rake/testtask'
2
+ require 'bundler/gem_tasks'
3
+
4
+ Rake::TestTask.new do |t|
5
+ t.libs << 'test'
6
+ end
7
+
8
+ desc 'Run tests'
9
+ task default: :test
10
+
data/bin/haiti ADDED
@@ -0,0 +1,69 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ # Ruby internal
5
+ require 'pp'
6
+ # Project internal
7
+ require 'haiti'
8
+ # External
9
+ require 'docopt'
10
+ require 'paint'
11
+
12
+ doc = <<~DOCOPT
13
+ HAITI (HAsh IdenTifIer)
14
+
15
+ Usage:
16
+ haiti [options] <hash>
17
+ haiti -h | --help
18
+ haiti --version
19
+
20
+ Options:
21
+ --no-color Disable colorized output
22
+ -e, --extended List all possible hash algorithms including ones using salt
23
+ --short Display in a short format: do not display hashcat and john the ripper references
24
+ --hashcat-only Show only hashcat references
25
+ --john-only Show only john the ripper references
26
+ --debug Display arguments
27
+ -h, --help Show this screen
28
+ --version Show version
29
+
30
+ Examples:
31
+ haiti -e d41d8cd98f00b204e9800998ecf8427e
32
+ haiti --no-color --short d41d8cd98f00b204e9800998ecf8427e
33
+ DOCOPT
34
+
35
+ begin
36
+ args = Docopt.docopt(doc, version: HashIdentifier::VERSION)
37
+ pp args if args['--debug']
38
+ # use case 1, using the tool
39
+ if args['<hash>']
40
+ hi = HashIdentifier.new(args['<hash>'])
41
+ if hi.type.empty?
42
+ puts 'Unknown hash type'
43
+ exit(0)
44
+ end
45
+ if args['--no-color']
46
+ hi.type.each do |type|
47
+ next if type.extended && !args['--extended']
48
+
49
+ line = type.name
50
+ line += " [HC: #{type.hashcat}]" unless type.hashcat.nil? || args['--short'] || args['--john-only']
51
+ line += " [JtR: #{type.john}]" unless type.john.nil? || args['--short'] || args['--hashcat-only']
52
+ puts line
53
+ end
54
+ else
55
+ hi.type.each do |type|
56
+ next if type.extended && !args['--extended']
57
+
58
+ print Paint[type.name, :bold]
59
+ print Paint[" [HC: #{type.hashcat}]", :blue] unless type.hashcat.nil? || args['--short'] || args['--john-only']
60
+ print Paint[" [JtR: #{type.john}]", :green] unless type.john.nil? || args['--short'] || args['--hashcat-only']
61
+ puts
62
+ end
63
+ end
64
+ end
65
+ # use case 2, help: already handled by docopt
66
+ # use case 3, version: already handled by docopt
67
+ rescue Docopt::Exit => e
68
+ puts e.message
69
+ end
data/bin/haiti_console ADDED
@@ -0,0 +1,7 @@
1
+ #!/usr/bin/env ruby
2
+ # frozen_string_literal: true
3
+
4
+ require 'haiti'
5
+ require 'irb'
6
+
7
+ IRB.start(__FILE__)
data/bin/haiti_setup ADDED
@@ -0,0 +1,7 @@
1
+
2
+ #!/usr/bin/env bash
3
+ set -euo pipefail
4
+ IFS=$'\n\t'
5
+ set -vx
6
+
7
+ bundle install
data/data/prototypes.json ADDED
@@ -0,0 +1,2389 @@
1
+ [
2
+ {
3
+ "regex": "^[a-f0-9]{4}$",
4
+ "modes": [
5
+ {
6
+ "john": null,
7
+ "hashcat": null,
8
+ "extended": false,
9
+ "name": "CRC-16"
10
+ },
11
+ {
12
+ "john": null,
13
+ "hashcat": null,
14
+ "extended": false,
15
+ "name": "CRC-16-CCITT"
16
+ },
17
+ {
18
+ "john": null,
19
+ "hashcat": null,
20
+ "extended": false,
21
+ "name": "FCS-16"
22
+ }
23
+ ]
24
+ },
25
+ {
26
+ "regex": "^[a-f0-9]{8}$",
27
+ "modes": [
28
+ {
29
+ "john": null,
30
+ "hashcat": null,
31
+ "extended": false,
32
+ "name": "Adler-32"
33
+ },
34
+ {
35
+ "john": null,
36
+ "hashcat": null,
37
+ "extended": false,
38
+ "name": "CRC-32B"
39
+ },
40
+ {
41
+ "john": null,
42
+ "hashcat": null,
43
+ "extended": false,
44
+ "name": "FCS-32"
45
+ },
46
+ {
47
+ "john": null,
48
+ "hashcat": null,
49
+ "extended": false,
50
+ "name": "GHash-32-3"
51
+ },
52
+ {
53
+ "john": null,
54
+ "hashcat": null,
55
+ "extended": false,
56
+ "name": "GHash-32-5"
57
+ },
58
+ {
59
+ "john": null,
60
+ "hashcat": null,
61
+ "extended": false,
62
+ "name": "FNV-132"
63
+ },
64
+ {
65
+ "john": null,
66
+ "hashcat": null,
67
+ "extended": false,
68
+ "name": "Fletcher-32"
69
+ },
70
+ {
71
+ "john": null,
72
+ "hashcat": null,
73
+ "extended": false,
74
+ "name": "Joaat"
75
+ },
76
+ {
77
+ "john": null,
78
+ "hashcat": null,
79
+ "extended": false,
80
+ "name": "ELF-32"
81
+ },
82
+ {
83
+ "john": null,
84
+ "hashcat": null,
85
+ "extended": false,
86
+ "name": "XOR-32"
87
+ }
88
+ ]
89
+ },
90
+ {
91
+ "regex": "^[a-f0-9]{6}$",
92
+ "modes": [
93
+ {
94
+ "john": null,
95
+ "hashcat": null,
96
+ "extended": false,
97
+ "name": "CRC-24"
98
+ }
99
+ ]
100
+ },
101
+ {
102
+ "regex": "^(\\$crc32\\$[a-f0-9]{8}.)?[a-f0-9]{8}$",
103
+ "modes": [
104
+ {
105
+ "john": "crc32",
106
+ "hashcat": null,
107
+ "extended": false,
108
+ "name": "CRC-32"
109
+ }
110
+ ]
111
+ },
112
+ {
113
+ "regex": "^\\+[a-z0-9\\/.]{12}$",
114
+ "modes": [
115
+ {
116
+ "john": "bfegg",
117
+ "hashcat": null,
118
+ "extended": false,
119
+ "name": "Eggdrop IRC Bot"
120
+ }
121
+ ]
122
+ },
123
+ {
124
+ "regex": "^[a-z0-9\\/.]{13}$",
125
+ "modes": [
126
+ {
127
+ "john": "descrypt",
128
+ "hashcat": 1500,
129
+ "extended": false,
130
+ "name": "DES(Unix)"
131
+ },
132
+ {
133
+ "john": "descrypt",
134
+ "hashcat": 1500,
135
+ "extended": false,
136
+ "name": "Traditional DES"
137
+ },
138
+ {
139
+ "john": "descrypt",
140
+ "hashcat": 1500,
141
+ "extended": false,
142
+ "name": "DEScrypt"
143
+ }
144
+ ]
145
+ },
146
+ {
147
+ "regex": "^[a-f0-9]{16}$",
148
+ "modes": [
149
+ {
150
+ "john": "mysql",
151
+ "hashcat": 200,
152
+ "extended": false,
153
+ "name": "MySQL323"
154
+ },
155
+ {
156
+ "john": null,
157
+ "hashcat": 3100,
158
+ "extended": false,
159
+ "name": "DES(Oracle)"
160
+ },
161
+ {
162
+ "john": null,
163
+ "hashcat": 5100,
164
+ "extended": false,
165
+ "name": "Half MD5"
166
+ },
167
+ {
168
+ "john": null,
169
+ "hashcat": 3100,
170
+ "extended": false,
171
+ "name": "Oracle 7-10g"
172
+ },
173
+ {
174
+ "john": null,
175
+ "hashcat": null,
176
+ "extended": false,
177
+ "name": "FNV-164"
178
+ },
179
+ {
180
+ "john": null,
181
+ "hashcat": null,
182
+ "extended": false,
183
+ "name": "CRC-64"
184
+ }
185
+ ]
186
+ },
187
+ {
188
+ "regex": "^[a-z0-9\\/.]{16}$",
189
+ "modes": [
190
+ {
191
+ "john": "pix-md5",
192
+ "hashcat": 2400,
193
+ "extended": false,
194
+ "name": "Cisco-PIX(MD5)"
195
+ }
196
+ ]
197
+ },
198
+ {
199
+ "regex": "^\\([a-z0-9\\/+]{20}\\)$",
200
+ "modes": [
201
+ {
202
+ "john": "dominosec",
203
+ "hashcat": 8700,
204
+ "extended": false,
205
+ "name": "Lotus Notes/Domino 6"
206
+ }
207
+ ]
208
+ },
209
+ {
210
+ "regex": "^_[a-z0-9\\/.]{19}$",
211
+ "modes": [
212
+ {
213
+ "john": "bsdicrypt",
214
+ "hashcat": null,
215
+ "extended": false,
216
+ "name": "BSDi Crypt"
217
+ }
218
+ ]
219
+ },
220
+ {
221
+ "regex": "^[a-f0-9]{24}$",
222
+ "modes": [
223
+ {
224
+ "john": null,
225
+ "hashcat": null,
226
+ "extended": false,
227
+ "name": "CRC-96(ZIP)"
228
+ }
229
+ ]
230
+ },
231
+ {
232
+ "regex": "^[a-z0-9\\/.]{24}$",
233
+ "modes": [
234
+ {
235
+ "john": null,
236
+ "hashcat": null,
237
+ "extended": false,
238
+ "name": "Crypt16"
239
+ }
240
+ ]
241
+ },
242
+ {
243
+ "regex": "^(\\$md2\\$)?[a-f0-9]{32}$",
244
+ "modes": [
245
+ {
246
+ "john": "md2",
247
+ "hashcat": null,
248
+ "extended": false,
249
+ "name": "MD2"
250
+ }
251
+ ]
252
+ },
253
+ {
254
+ "regex": "^[a-f0-9]{32}(:.+)?$",
255
+ "modes": [
256
+ {
257
+ "john": "raw-md5",
258
+ "hashcat": 0,
259
+ "extended": false,
260
+ "name": "MD5"
261
+ },
262
+ {
263
+ "john": "raw-md4",
264
+ "hashcat": 900,
265
+ "extended": false,
266
+ "name": "MD4"
267
+ },
268
+ {
269
+ "john": null,
270
+ "hashcat": 2600,
271
+ "extended": false,
272
+ "name": "Double MD5"
273
+ },
274
+ {
275
+ "john": "lm",
276
+ "hashcat": 3000,
277
+ "extended": false,
278
+ "name": "LM"
279
+ },
280
+ {
281
+ "john": "ripemd-128",
282
+ "hashcat": null,
283
+ "extended": false,
284
+ "name": "RIPEMD-128"
285
+ },
286
+ {
287
+ "john": "haval-128-4",
288
+ "hashcat": null,
289
+ "extended": false,
290
+ "name": "Haval-128"
291
+ },
292
+ {
293
+ "john": null,
294
+ "hashcat": null,
295
+ "extended": false,
296
+ "name": "Tiger-128"
297
+ },
298
+ {
299
+ "john": null,
300
+ "hashcat": null,
301
+ "extended": false,
302
+ "name": "Skein-256(128)"
303
+ },
304
+ {
305
+ "john": null,
306
+ "hashcat": null,
307
+ "extended": false,
308
+ "name": "Skein-512(128)"
309
+ },
310
+ {
311
+ "john": "lotus5",
312
+ "hashcat": 8600,
313
+ "extended": false,
314
+ "name": "Lotus Notes/Domino 5"
315
+ },
316
+ {
317
+ "john": null,
318
+ "hashcat": 23,
319
+ "extended": false,
320
+ "name": "Skype"
321
+ },
322
+ {
323
+ "john": null,
324
+ "hashcat": null,
325
+ "extended": true,
326
+ "name": "ZipMonster"
327
+ },
328
+ {
329
+ "john": null,
330
+ "hashcat": 11000,
331
+ "extended": true,
332
+ "name": "PrestaShop"
333
+ },
334
+ {
335
+ "john": null,
336
+ "hashcat": 3500,
337
+ "extended": true,
338
+ "name": "md5(md5(md5($pass)))"
339
+ },
340
+ {
341
+ "john": null,
342
+ "hashcat": 4300,
343
+ "extended": true,
344
+ "name": "md5(strtoupper(md5($pass)))"
345
+ },
346
+ {
347
+ "john": null,
348
+ "hashcat": 4400,
349
+ "extended": true,
350
+ "name": "md5(sha1($pass))"
351
+ },
352
+ {
353
+ "john": null,
354
+ "hashcat": 10,
355
+ "extended": true,
356
+ "name": "md5($pass.$salt)"
357
+ },
358
+ {
359
+ "john": null,
360
+ "hashcat": 20,
361
+ "extended": true,
362
+ "name": "md5($salt.$pass)"
363
+ },
364
+ {
365
+ "john": null,
366
+ "hashcat": 30,
367
+ "extended": true,
368
+ "name": "md5(unicode($pass).$salt)"
369
+ },
370
+ {
371
+ "john": null,
372
+ "hashcat": 40,
373
+ "extended": true,
374
+ "name": "md5($salt.unicode($pass))"
375
+ },
376
+ {
377
+ "john": "hmac-md5",
378
+ "hashcat": 50,
379
+ "extended": true,
380
+ "name": "HMAC-MD5 (key = $pass)"
381
+ },
382
+ {
383
+ "john": "hmac-md5",
384
+ "hashcat": 60,
385
+ "extended": true,
386
+ "name": "HMAC-MD5 (key = $salt)"
387
+ },
388
+ {
389
+ "john": null,
390
+ "hashcat": 3610,
391
+ "extended": true,
392
+ "name": "md5(md5($salt).$pass)"
393
+ },
394
+ {
395
+ "john": null,
396
+ "hashcat": 3710,
397
+ "extended": true,
398
+ "name": "md5($salt.md5($pass))"
399
+ },
400
+ {
401
+ "john": null,
402
+ "hashcat": 3720,
403
+ "extended": true,
404
+ "name": "md5($pass.md5($salt))"
405
+ },
406
+ {
407
+ "john": null,
408
+ "hashcat": 3810,
409
+ "extended": true,
410
+ "name": "md5($salt.$pass.$salt)"
411
+ },
412
+ {
413
+ "john": null,
414
+ "hashcat": 3910,
415
+ "extended": true,
416
+ "name": "md5(md5($pass).md5($salt))"
417
+ },
418
+ {
419
+ "john": null,
420
+ "hashcat": 4010,
421
+ "extended": true,
422
+ "name": "md5($salt.md5($salt.$pass))"
423
+ },
424
+ {
425
+ "john": null,
426
+ "hashcat": 4110,
427
+ "extended": true,
428
+ "name": "md5($salt.md5($pass.$salt))"
429
+ },
430
+ {
431
+ "john": null,
432
+ "hashcat": 4210,
433
+ "extended": true,
434
+ "name": "md5($username.0.$pass)"
435
+ }
436
+ ]
437
+ },
438
+ {
439
+ "regex": "^(\\$snefru\\$)?[a-f0-9]{32}$",
440
+ "modes": [
441
+ {
442
+ "john": "snefru-128",
443
+ "hashcat": null,
444
+ "extended": false,
445
+ "name": "Snefru-128"
446
+ }
447
+ ]
448
+ },
449
+ {
450
+ "regex": "^(\\$NT\\$)?[a-f0-9]{32}$",
451
+ "modes": [
452
+ {
453
+ "john": "nt",
454
+ "hashcat": 1000,
455
+ "extended": false,
456
+ "name": "NTLM"
457
+ }
458
+ ]
459
+ },
460
+ {
461
+ "regex": "^([^\\\\\\/:*?\"<>|]{1,20}:)?[a-f0-9]{32}(:[^\\\\\\/:*?\"<>|]{1,20})?$",
462
+ "modes": [
463
+ {
464
+ "john": "mscach",
465
+ "hashcat": 1100,
466
+ "extended": false,
467
+ "name": "Domain Cached Credentials"
468
+ }
469
+ ]
470
+ },
471
+ {
472
+ "regex": "^([^\\\\\\/:*?\"<>|]{1,20}:)?(\\$DCC2\\$10240#[^\\\\\\/:*?\"<>|]{1,20}#)?[a-f0-9]{32}$",
473
+ "modes": [
474
+ {
475
+ "john": "mscach2",
476
+ "hashcat": 2100,
477
+ "extended": false,
478
+ "name": "Domain Cached Credentials 2"
479
+ }
480
+ ]
481
+ },
482
+ {
483
+ "regex": "^{SHA}[a-z0-9\\/+]{27}=$",
484
+ "modes": [
485
+ {
486
+ "john": "nsldap",
487
+ "hashcat": 101,
488
+ "extended": false,
489
+ "name": "SHA-1(Base64)"
490
+ },
491
+ {
492
+ "john": "nsldap",
493
+ "hashcat": 101,
494
+ "extended": false,
495
+ "name": "Netscape LDAP SHA"
496
+ }
497
+ ]
498
+ },
499
+ {
500
+ "regex": "^\\$1\\$[a-z0-9\\/.]{0,8}\\$[a-z0-9\\/.]{22}(:.*)?$",
501
+ "modes": [
502
+ {
503
+ "john": "md5crypt",
504
+ "hashcat": 500,
505
+ "extended": false,
506
+ "name": "MD5 Crypt"
507
+ },
508
+ {
509
+ "john": "md5crypt",
510
+ "hashcat": 500,
511
+ "extended": false,
512
+ "name": "Cisco-IOS(MD5)"
513
+ },
514
+ {
515
+ "john": "md5crypt",
516
+ "hashcat": 500,
517
+ "extended": false,
518
+ "name": "FreeBSD MD5"
519
+ }
520
+ ]
521
+ },
522
+ {
523
+ "regex": "^0x[a-f0-9]{32}$",
524
+ "modes": [
525
+ {
526
+ "john": null,
527
+ "hashcat": null,
528
+ "extended": false,
529
+ "name": "Lineage II C4"
530
+ }
531
+ ]
532
+ },
533
+ {
534
+ "regex": "^\\$H\\$[a-z0-9\\/.]{31}$",
535
+ "modes": [
536
+ {
537
+ "john": "phpass",
538
+ "hashcat": 400,
539
+ "extended": false,
540
+ "name": "phpBB v3.x"
541
+ },
542
+ {
543
+ "john": "phpass",
544
+ "hashcat": 400,
545
+ "extended": false,
546
+ "name": "Wordpress v2.6.0/2.6.1"
547
+ },
548
+ {
549
+ "john": "phpass",
550
+ "hashcat": 400,
551
+ "extended": false,
552
+ "name": "PHPass' Portable Hash"
553
+ }
554
+ ]
555
+ },
556
+ {
557
+ "regex": "^\\$P\\$[a-z0-9\\/.]{31}$",
558
+ "modes": [
559
+ {
560
+ "john": "phpass",
561
+ "hashcat": 400,
562
+ "extended": false,
563
+ "name": "Wordpress \u2265 v2.6.2"
564
+ },
565
+ {
566
+ "john": "phpass",
567
+ "hashcat": 400,
568
+ "extended": false,
569
+ "name": "Joomla \u2265 v2.5.18"
570
+ },
571
+ {
572
+ "john": "phpass",
573
+ "hashcat": 400,
574
+ "extended": false,
575
+ "name": "PHPass' Portable Hash"
576
+ }
577
+ ]
578
+ },
579
+ {
580
+ "regex": "^[a-f0-9]{32}:[a-z0-9]{2}$",
581
+ "modes": [
582
+ {
583
+ "john": null,
584
+ "hashcat": 21,
585
+ "extended": false,
586
+ "name": "osCommerce"
587
+ },
588
+ {
589
+ "john": null,
590
+ "hashcat": 21,
591
+ "extended": false,
592
+ "name": "xt:Commerce"
593
+ }
594
+ ]
595
+ },
596
+ {
597
+ "regex": "^\\$apr1\\$[a-z0-9\\/.]{0,8}\\$[a-z0-9\\/.]{22}$",
598
+ "modes": [
599
+ {
600
+ "john": null,
601
+ "hashcat": 1600,
602
+ "extended": false,
603
+ "name": "MD5(APR)"
604
+ },
605
+ {
606
+ "john": null,
607
+ "hashcat": 1600,
608
+ "extended": false,
609
+ "name": "Apache MD5"
610
+ },
611
+ {
612
+ "john": null,
613
+ "hashcat": 1600,
614
+ "extended": true,
615
+ "name": "md5apr1"
616
+ }
617
+ ]
618
+ },
619
+ {
620
+ "regex": "^{smd5}[a-z0-9$\\/.]{31}$",
621
+ "modes": [
622
+ {
623
+ "john": "aix-smd5",
624
+ "hashcat": 6300,
625
+ "extended": false,
626
+ "name": "AIX(smd5)"
627
+ }
628
+ ]
629
+ },
630
+ {
631
+ "regex": "^[a-f0-9]{32}:[a-f0-9]{32}$",
632
+ "modes": [
633
+ {
634
+ "john": null,
635
+ "hashcat": 3721,
636
+ "extended": false,
637
+ "name": "WebEdition CMS"
638
+ }
639
+ ]
640
+ },
641
+ {
642
+ "regex": "^[a-f0-9]{32}:.{5}$",
643
+ "modes": [
644
+ {
645
+ "john": null,
646
+ "hashcat": 2811,
647
+ "extended": false,
648
+ "name": "IP.Board \u2265 v2+"
649
+ }
650
+ ]
651
+ },
652
+ {
653
+ "regex": "^[a-f0-9]{32}:.{8}$",
654
+ "modes": [
655
+ {
656
+ "john": null,
657
+ "hashcat": 2811,
658
+ "extended": false,
659
+ "name": "MyBB \u2265 v1.2+"
660
+ }
661
+ ]
662
+ },
663
+ {
664
+ "regex": "^[a-z0-9]{34}$",
665
+ "modes": [
666
+ {
667
+ "john": null,
668
+ "hashcat": null,
669
+ "extended": false,
670
+ "name": "CryptoCurrency(Adress)"
671
+ }
672
+ ]
673
+ },
674
+ {
675
+ "regex": "^[a-f0-9]{40}(:.+)?$",
676
+ "modes": [
677
+ {
678
+ "john": "raw-sha1",
679
+ "hashcat": 100,
680
+ "extended": false,
681
+ "name": "SHA-1"
682
+ },
683
+ {
684
+ "john": null,
685
+ "hashcat": 4500,
686
+ "extended": false,
687
+ "name": "Double SHA-1"
688
+ },
689
+ {
690
+ "john": "ripemd-160",
691
+ "hashcat": 6000,
692
+ "extended": false,
693
+ "name": "RIPEMD-160"
694
+ },
695
+ {
696
+ "john": null,
697
+ "hashcat": null,
698
+ "extended": false,
699
+ "name": "Haval-160"
700
+ },
701
+ {
702
+ "john": null,
703
+ "hashcat": null,
704
+ "extended": false,
705
+ "name": "Tiger-160"
706
+ },
707
+ {
708
+ "john": null,
709
+ "hashcat": null,
710
+ "extended": false,
711
+ "name": "HAS-160"
712
+ },
713
+ {
714
+ "john": "raw-sha1-linkedin",
715
+ "hashcat": 190,
716
+ "extended": false,
717
+ "name": "LinkedIn"
718
+ },
719
+ {
720
+ "john": null,
721
+ "hashcat": null,
722
+ "extended": false,
723
+ "name": "Skein-256(160)"
724
+ },
725
+ {
726
+ "john": null,
727
+ "hashcat": null,
728
+ "extended": false,
729
+ "name": "Skein-512(160)"
730
+ },
731
+ {
732
+ "john": null,
733
+ "hashcat": null,
734
+ "extended": true,
735
+ "name": "MangosWeb Enhanced CMS"
736
+ },
737
+ {
738
+ "john": null,
739
+ "hashcat": 4600,
740
+ "extended": true,
741
+ "name": "sha1(sha1(sha1($pass)))"
742
+ },
743
+ {
744
+ "john": null,
745
+ "hashcat": 4700,
746
+ "extended": true,
747
+ "name": "sha1(md5($pass))"
748
+ },
749
+ {
750
+ "john": null,
751
+ "hashcat": 110,
752
+ "extended": true,
753
+ "name": "sha1($pass.$salt)"
754
+ },
755
+ {
756
+ "john": null,
757
+ "hashcat": 120,
758
+ "extended": true,
759
+ "name": "sha1($salt.$pass)"
760
+ },
761
+ {
762
+ "john": null,
763
+ "hashcat": 130,
764
+ "extended": true,
765
+ "name": "sha1(unicode($pass).$salt)"
766
+ },
767
+ {
768
+ "john": null,
769
+ "hashcat": 140,
770
+ "extended": true,
771
+ "name": "sha1($salt.unicode($pass))"
772
+ },
773
+ {
774
+ "john": "hmac-sha1",
775
+ "hashcat": 150,
776
+ "extended": true,
777
+ "name": "HMAC-SHA1 (key = $pass)"
778
+ },
779
+ {
780
+ "john": "hmac-sha1",
781
+ "hashcat": 160,
782
+ "extended": true,
783
+ "name": "HMAC-SHA1 (key = $salt)"
784
+ },
785
+ {
786
+ "john": null,
787
+ "hashcat": 4710,
788
+ "extended": true,
789
+ "name": "sha1($salt.$pass.$salt)"
790
+ }
791
+ ]
792
+ },
793
+ {
794
+ "regex": "^\\*[a-f0-9]{40}$",
795
+ "modes": [
796
+ {
797
+ "john": "mysql-sha1",
798
+ "hashcat": 300,
799
+ "extended": false,
800
+ "name": "MySQL5.x"
801
+ },
802
+ {
803
+ "john": "mysql-sha1",
804
+ "hashcat": 300,
805
+ "extended": false,
806
+ "name": "MySQL4.1"
807
+ }
808
+ ]
809
+ },
810
+ {
811
+ "regex": "^[a-z0-9]{43}$",
812
+ "modes": [
813
+ {
814
+ "john": null,
815
+ "hashcat": 5700,
816
+ "extended": false,
817
+ "name": "Cisco-IOS(SHA-256)"
818
+ }
819
+ ]
820
+ },
821
+ {
822
+ "regex": "^{SSHA}[a-z0-9\\/+]{38}==$",
823
+ "modes": [
824
+ {
825
+ "john": "nsldaps",
826
+ "hashcat": 111,
827
+ "extended": false,
828
+ "name": "SSHA-1(Base64)"
829
+ },
830
+ {
831
+ "john": "nsldaps",
832
+ "hashcat": 111,
833
+ "extended": false,
834
+ "name": "Netscape LDAP SSHA"
835
+ },
836
+ {
837
+ "john": "nsldaps",
838
+ "hashcat": 111,
839
+ "extended": true,
840
+ "name": "nsldaps"
841
+ }
842
+ ]
843
+ },
844
+ {
845
+ "regex": "^[a-z0-9=]{47}$",
846
+ "modes": [
847
+ {
848
+ "john": "fortigate",
849
+ "hashcat": 7000,
850
+ "extended": false,
851
+ "name": "Fortigate(FortiOS)"
852
+ }
853
+ ]
854
+ },
855
+ {
856
+ "regex": "^[a-f0-9]{48}$",
857
+ "modes": [
858
+ {
859
+ "john": null,
860
+ "hashcat": null,
861
+ "extended": false,
862
+ "name": "Haval-192"
863
+ },
864
+ {
865
+ "john": "tiger",
866
+ "hashcat": null,
867
+ "extended": false,
868
+ "name": "Tiger-192"
869
+ },
870
+ {
871
+ "john": null,
872
+ "hashcat": null,
873
+ "extended": false,
874
+ "name": "SHA-1(Oracle)"
875
+ },
876
+ {
877
+ "john": "xsha",
878
+ "hashcat": 122,
879
+ "extended": false,
880
+ "name": "OSX v10.4"
881
+ },
882
+ {
883
+ "john": "xsha",
884
+ "hashcat": 122,
885
+ "extended": false,
886
+ "name": "OSX v10.5"
887
+ },
888
+ {
889
+ "john": "xsha",
890
+ "hashcat": 122,
891
+ "extended": false,
892
+ "name": "OSX v10.6"
893
+ }
894
+ ]
895
+ },
896
+ {
897
+ "regex": "^[a-f0-9]{51}$",
898
+ "modes": [
899
+ {
900
+ "john": null,
901
+ "hashcat": null,
902
+ "extended": false,
903
+ "name": "Palshop CMS"
904
+ }
905
+ ]
906
+ },
907
+ {
908
+ "regex": "^[a-z0-9]{51}$",
909
+ "modes": [
910
+ {
911
+ "john": null,
912
+ "hashcat": null,
913
+ "extended": false,
914
+ "name": "CryptoCurrency(PrivateKey)"
915
+ }
916
+ ]
917
+ },
918
+ {
919
+ "regex": "^{ssha1}[0-9]{2}\\$[a-z0-9$\\/.]{44}$",
920
+ "modes": [
921
+ {
922
+ "john": "aix-ssha1",
923
+ "hashcat": 6700,
924
+ "extended": false,
925
+ "name": "AIX(ssha1)"
926
+ }
927
+ ]
928
+ },
929
+ {
930
+ "regex": "^0x0100[a-f0-9]{48}$",
931
+ "modes": [
932
+ {
933
+ "john": "mssql05",
934
+ "hashcat": 132,
935
+ "extended": false,
936
+ "name": "MSSQL(2005)"
937
+ },
938
+ {
939
+ "john": "mssql05",
940
+ "hashcat": 132,
941
+ "extended": false,
942
+ "name": "MSSQL(2008)"
943
+ }
944
+ ]
945
+ },
946
+ {
947
+ "regex": "^(\\$md5,rounds=[0-9]+\\$|\\$md5\\$rounds=[0-9]+\\$|\\$md5\\$)[a-z0-9\\/.]{0,16}(\\$|\\$\\$)[a-z0-9\\/.]{22}$",
948
+ "modes": [
949
+ {
950
+ "john": "sunmd5",
951
+ "hashcat": 3300,
952
+ "extended": false,
953
+ "name": "Sun MD5 Crypt"
954
+ }
955
+ ]
956
+ },
957
+ {
958
+ "regex": "^[a-f0-9]{56}$",
959
+ "modes": [
960
+ {
961
+ "john": "raw-sha224",
962
+ "hashcat": null,
963
+ "extended": false,
964
+ "name": "SHA-224"
965
+ },
966
+ {
967
+ "john": null,
968
+ "hashcat": null,
969
+ "extended": false,
970
+ "name": "Haval-224"
971
+ },
972
+ {
973
+ "john": null,
974
+ "hashcat": 17300,
975
+ "extended": false,
976
+ "name": "SHA3-224"
977
+ },
978
+ {
979
+ "john": null,
980
+ "hashcat": 17700,
981
+ "extended": false,
982
+ "name": "Keccak-224"
983
+ },
984
+ {
985
+ "john": null,
986
+ "hashcat": null,
987
+ "extended": false,
988
+ "name": "Skein-256(224)"
989
+ },
990
+ {
991
+ "john": null,
992
+ "hashcat": null,
993
+ "extended": false,
994
+ "name": "Skein-512(224)"
995
+ }
996
+ ]
997
+ },
998
+ {
999
+ "regex": "^(\\$2[axy]|\\$2)\\$[0-9]{2}\\$[a-z0-9\\/.]{53}$",
1000
+ "modes": [
1001
+ {
1002
+ "john": "bcrypt",
1003
+ "hashcat": 3200,
1004
+ "extended": false,
1005
+ "name": "Blowfish(OpenBSD)"
1006
+ },
1007
+ {
1008
+ "john": null,
1009
+ "hashcat": null,
1010
+ "extended": false,
1011
+ "name": "Woltlab Burning Board 4.x"
1012
+ },
1013
+ {
1014
+ "john": "bcrypt",
1015
+ "hashcat": 3200,
1016
+ "extended": false,
1017
+ "name": "bcrypt"
1018
+ }
1019
+ ]
1020
+ },
1021
+ {
1022
+ "regex": "^[a-f0-9]{40}:[a-f0-9]{16}$",
1023
+ "modes": [
1024
+ {
1025
+ "john": null,
1026
+ "hashcat": 5800,
1027
+ "extended": false,
1028
+ "name": "Android PIN"
1029
+ }
1030
+ ]
1031
+ },
1032
+ {
1033
+ "regex": "^(S:)?[a-f0-9]{40}(:)?[a-f0-9]{20}$",
1034
+ "modes": [
1035
+ {
1036
+ "john": "oracle11",
1037
+ "hashcat": 112,
1038
+ "extended": false,
1039
+ "name": "Oracle 11g/12c"
1040
+ }
1041
+ ]
1042
+ },
1043
+ {
1044
+ "regex": "^\\$bcrypt-sha256\\$(2[axy]|2)\\,[0-9]+\\$[a-z0-9\\/.]{22}\\$[a-z0-9\\/.]{31}$",
1045
+ "modes": [
1046
+ {
1047
+ "john": null,
1048
+ "hashcat": null,
1049
+ "extended": false,
1050
+ "name": "bcrypt(SHA-256)"
1051
+ }
1052
+ ]
1053
+ },
1054
+ {
1055
+ "regex": "^[a-f0-9]{32}:.{3}$",
1056
+ "modes": [
1057
+ {
1058
+ "john": null,
1059
+ "hashcat": 2611,
1060
+ "extended": false,
1061
+ "name": "vBulletin < v3.8.5"
1062
+ }
1063
+ ]
1064
+ },
1065
+ {
1066
+ "regex": "^[a-f0-9]{32}:.{30}$",
1067
+ "modes": [
1068
+ {
1069
+ "john": null,
1070
+ "hashcat": 2711,
1071
+ "extended": false,
1072
+ "name": "vBulletin \u2265 v3.8.5"
1073
+ }
1074
+ ]
1075
+ },
1076
+ {
1077
+ "regex": "^(\\$snefru\\$)?[a-f0-9]{64}$",
1078
+ "modes": [
1079
+ {
1080
+ "john": "snefru-256",
1081
+ "hashcat": null,
1082
+ "extended": false,
1083
+ "name": "Snefru-256"
1084
+ }
1085
+ ]
1086
+ },
1087
+ {
1088
+ "regex": "^[a-f0-9]{64}(:.+)?$",
1089
+ "modes": [
1090
+ {
1091
+ "john": "raw-sha256",
1092
+ "hashcat": 1400,
1093
+ "extended": false,
1094
+ "name": "SHA-256"
1095
+ },
1096
+ {
1097
+ "john": null,
1098
+ "hashcat": null,
1099
+ "extended": false,
1100
+ "name": "RIPEMD-256"
1101
+ },
1102
+ {
1103
+ "john": "haval-256-3",
1104
+ "hashcat": null,
1105
+ "extended": false,
1106
+ "name": "Haval-256"
1107
+ },
1108
+ {
1109
+ "john": "gost",
1110
+ "hashcat": 6900,
1111
+ "extended": false,
1112
+ "name": "GOST R 34.11-94"
1113
+ },
1114
+ {
1115
+ "john": null,
1116
+ "hashcat": null,
1117
+ "extended": false,
1118
+ "name": "GOST CryptoPro S-Box"
1119
+ },
1120
+ {
1121
+ "john": null,
1122
+ "hashcat": 17400,
1123
+ "extended": false,
1124
+ "name": "SHA3-256"
1125
+ },
1126
+ {
1127
+ "john": "raw-keccak-256",
1128
+ "hashcat": 17800,
1129
+ "extended": false,
1130
+ "name": "Keccak-256"
1131
+ },
1132
+ {
1133
+ "john": "skein-256",
1134
+ "hashcat": null,
1135
+ "extended": false,
1136
+ "name": "Skein-256"
1137
+ },
1138
+ {
1139
+ "john": null,
1140
+ "hashcat": null,
1141
+ "extended": false,
1142
+ "name": "Skein-512(256)"
1143
+ },
1144
+ {
1145
+ "john": null,
1146
+ "hashcat": null,
1147
+ "extended": true,
1148
+ "name": "Ventrilo"
1149
+ },
1150
+ {
1151
+ "john": null,
1152
+ "hashcat": 1410,
1153
+ "extended": true,
1154
+ "name": "sha256($pass.$salt)"
1155
+ },
1156
+ {
1157
+ "john": null,
1158
+ "hashcat": 1420,
1159
+ "extended": true,
1160
+ "name": "sha256($salt.$pass)"
1161
+ },
1162
+ {
1163
+ "john": null,
1164
+ "hashcat": 1430,
1165
+ "extended": true,
1166
+ "name": "sha256(unicode($pass).$salt)"
1167
+ },
1168
+ {
1169
+ "john": null,
1170
+ "hashcat": 1440,
1171
+ "extended": true,
1172
+ "name": "sha256($salt.unicode($pass))"
1173
+ },
1174
+ {
1175
+ "john": "hmac-sha256",
1176
+ "hashcat": 1450,
1177
+ "extended": true,
1178
+ "name": "HMAC-SHA256 (key = $pass)"
1179
+ },
1180
+ {
1181
+ "john": "hmac-sha256",
1182
+ "hashcat": 1460,
1183
+ "extended": true,
1184
+ "name": "HMAC-SHA256 (key = $salt)"
1185
+ }
1186
+ ]
1187
+ },
1188
+ {
1189
+ "regex": "^[a-f0-9]{32}:[a-z0-9]{32}$",
1190
+ "modes": [
1191
+ {
1192
+ "john": null,
1193
+ "hashcat": 11,
1194
+ "extended": false,
1195
+ "name": "Joomla < v2.5.18"
1196
+ }
1197
+ ]
1198
+ },
1199
+ {
1200
+ "regex": "^[a-f0-9]{32}:[a-f0-9]{32}$",
1201
+ "modes": [
1202
+ {
1203
+ "john": null,
1204
+ "hashcat": null,
1205
+ "extended": false,
1206
+ "name": "SAM(LM_Hash:NT_Hash)"
1207
+ }
1208
+ ]
1209
+ },
1210
+ {
1211
+ "regex": "^(\\$chap\\$0\\*)?[a-f0-9]{32}[\\*:][a-f0-9]{32}(:[0-9]{2})?$",
1212
+ "modes": [
1213
+ {
1214
+ "john": "chap",
1215
+ "hashcat": 4800,
1216
+ "extended": false,
1217
+ "name": "MD5(Chap)"
1218
+ },
1219
+ {
1220
+ "john": "chap",
1221
+ "hashcat": 4800,
1222
+ "extended": false,
1223
+ "name": "iSCSI CHAP Authentication"
1224
+ }
1225
+ ]
1226
+ },
1227
+ {
1228
+ "regex": "^\\$episerver\\$\\*0\\*[a-z0-9\\/=+]+\\*[a-z0-9\\/=+]{27,28}$",
1229
+ "modes": [
1230
+ {
1231
+ "john": "episerver",
1232
+ "hashcat": 141,
1233
+ "extended": false,
1234
+ "name": "EPiServer 6.x < v4"
1235
+ }
1236
+ ]
1237
+ },
1238
+ {
1239
+ "regex": "^{ssha256}[0-9]{2}\\$[a-z0-9$\\/.]{60}$",
1240
+ "modes": [
1241
+ {
1242
+ "john": "aix-ssha256",
1243
+ "hashcat": 6400,
1244
+ "extended": false,
1245
+ "name": "AIX(ssha256)"
1246
+ }
1247
+ ]
1248
+ },
1249
+ {
1250
+ "regex": "^[a-f0-9]{80}$",
1251
+ "modes": [
1252
+ {
1253
+ "john": null,
1254
+ "hashcat": null,
1255
+ "extended": false,
1256
+ "name": "RIPEMD-320"
1257
+ }
1258
+ ]
1259
+ },
1260
+ {
1261
+ "regex": "^\\$episerver\\$\\*1\\*[a-z0-9\\/=+]+\\*[a-z0-9\\/=+]{42,43}$",
1262
+ "modes": [
1263
+ {
1264
+ "john": "episerver",
1265
+ "hashcat": 1441,
1266
+ "extended": false,
1267
+ "name": "EPiServer 6.x \u2265 v4"
1268
+ }
1269
+ ]
1270
+ },
1271
+ {
1272
+ "regex": "^0x0100[a-f0-9]{88}$",
1273
+ "modes": [
1274
+ {
1275
+ "john": "mssql",
1276
+ "hashcat": 131,
1277
+ "extended": false,
1278
+ "name": "MSSQL(2000)"
1279
+ }
1280
+ ]
1281
+ },
1282
+ {
1283
+ "regex": "^[a-f0-9]{96}$",
1284
+ "modes": [
1285
+ {
1286
+ "john": "raw-sha384",
1287
+ "hashcat": 10800,
1288
+ "extended": false,
1289
+ "name": "SHA-384"
1290
+ },
1291
+ {
1292
+ "john": null,
1293
+ "hashcat": 17500,
1294
+ "extended": false,
1295
+ "name": "SHA3-384"
1296
+ },
1297
+ {
1298
+ "john": null,
1299
+ "hashcat": 17900,
1300
+ "extended": false,
1301
+ "name": "Keccak-384"
1302
+ },
1303
+ {
1304
+ "john": null,
1305
+ "hashcat": null,
1306
+ "extended": false,
1307
+ "name": "Skein-512(384)"
1308
+ },
1309
+ {
1310
+ "john": null,
1311
+ "hashcat": null,
1312
+ "extended": false,
1313
+ "name": "Skein-1024(384)"
1314
+ }
1315
+ ]
1316
+ },
1317
+ {
1318
+ "regex": "^{SSHA512}[a-z0-9\\/+]{96}$",
1319
+ "modes": [
1320
+ {
1321
+ "john": "ssha512",
1322
+ "hashcat": 1711,
1323
+ "extended": false,
1324
+ "name": "SSHA-512(Base64)"
1325
+ },
1326
+ {
1327
+ "john": "ssha512",
1328
+ "hashcat": 1711,
1329
+ "extended": false,
1330
+ "name": "LDAP(SSHA-512)"
1331
+ }
1332
+ ]
1333
+ },
1334
+ {
1335
+ "regex": "^{ssha512}[0-9]{2}\\$[a-z0-9\\/.]{16,48}\\$[a-z0-9\\/.]{86}$",
1336
+ "modes": [
1337
+ {
1338
+ "john": "aix-ssha512",
1339
+ "hashcat": 6500,
1340
+ "extended": false,
1341
+ "name": "AIX(ssha512)"
1342
+ }
1343
+ ]
1344
+ },
1345
+ {
1346
+ "regex": "^[a-f0-9]{128}(:.+)?$",
1347
+ "modes": [
1348
+ {
1349
+ "john": "raw-sha512",
1350
+ "hashcat": 1700,
1351
+ "extended": false,
1352
+ "name": "SHA-512"
1353
+ },
1354
+ {
1355
+ "john": "whirlpool",
1356
+ "hashcat": 6100,
1357
+ "extended": false,
1358
+ "name": "Whirlpool"
1359
+ },
1360
+ {
1361
+ "john": null,
1362
+ "hashcat": null,
1363
+ "extended": false,
1364
+ "name": "Salsa10"
1365
+ },
1366
+ {
1367
+ "john": null,
1368
+ "hashcat": null,
1369
+ "extended": false,
1370
+ "name": "Salsa20"
1371
+ },
1372
+ {
1373
+ "john": "raw-sha3",
1374
+ "hashcat": 17600,
1375
+ "extended": false,
1376
+ "name": "SHA3-512"
1377
+ },
1378
+ {
1379
+ "john": "raw-keccak",
1380
+ "hashcat": 18000,
1381
+ "extended": false,
1382
+ "name": "Keccak-512"
1383
+ },
1384
+ {
1385
+ "john": "raw-blake2",
1386
+ "hashcat": 600,
1387
+ "extended": false,
1388
+ "name": "Blake2"
1389
+ },
1390
+ {
1391
+ "john": "skein-512",
1392
+ "hashcat": null,
1393
+ "extended": false,
1394
+ "name": "Skein-512"
1395
+ },
1396
+ {
1397
+ "john": null,
1398
+ "hashcat": null,
1399
+ "extended": false,
1400
+ "name": "Skein-1024(512)"
1401
+ },
1402
+ {
1403
+ "john": null,
1404
+ "hashcat": 1710,
1405
+ "extended": true,
1406
+ "name": "sha512($pass.$salt)"
1407
+ },
1408
+ {
1409
+ "john": null,
1410
+ "hashcat": 1720,
1411
+ "extended": true,
1412
+ "name": "sha512($salt.$pass)"
1413
+ },
1414
+ {
1415
+ "john": null,
1416
+ "hashcat": 1730,
1417
+ "extended": true,
1418
+ "name": "sha512(unicode($pass).$salt)"
1419
+ },
1420
+ {
1421
+ "john": null,
1422
+ "hashcat": 1740,
1423
+ "extended": true,
1424
+ "name": "sha512($salt.unicode($pass))"
1425
+ },
1426
+ {
1427
+ "john": "hmac-sha512",
1428
+ "hashcat": 1750,
1429
+ "extended": true,
1430
+ "name": "HMAC-SHA512 (key = $pass)"
1431
+ },
1432
+ {
1433
+ "john": "hmac-sha512",
1434
+ "hashcat": 1760,
1435
+ "extended": true,
1436
+ "name": "HMAC-SHA512 (key = $salt)"
1437
+ }
1438
+ ]
1439
+ },
1440
+ {
1441
+ "regex": "^[a-f0-9]{136}$",
1442
+ "modes": [
1443
+ {
1444
+ "john": "xsha512",
1445
+ "hashcat": 1722,
1446
+ "extended": false,
1447
+ "name": "OSX v10.7"
1448
+ }
1449
+ ]
1450
+ },
1451
+ {
1452
+ "regex": "^0x0200[a-f0-9]{136}$",
1453
+ "modes": [
1454
+ {
1455
+ "john": "msql12",
1456
+ "hashcat": 1731,
1457
+ "extended": false,
1458
+ "name": "MSSQL(2012)"
1459
+ },
1460
+ {
1461
+ "john": "msql12",
1462
+ "hashcat": 1731,
1463
+ "extended": false,
1464
+ "name": "MSSQL(2014)"
1465
+ }
1466
+ ]
1467
+ },
1468
+ {
1469
+ "regex": "^\\$ml\\$[0-9]+\\$[a-f0-9]{64}\\$[a-f0-9]{128}$",
1470
+ "modes": [
1471
+ {
1472
+ "john": "pbkdf2-hmac-sha512",
1473
+ "hashcat": 7100,
1474
+ "extended": false,
1475
+ "name": "OSX v10.8"
1476
+ },
1477
+ {
1478
+ "john": "pbkdf2-hmac-sha512",
1479
+ "hashcat": 7100,
1480
+ "extended": false,
1481
+ "name": "OSX v10.9"
1482
+ }
1483
+ ]
1484
+ },
1485
+ {
1486
+ "regex": "^[a-f0-9]{256}$",
1487
+ "modes": [
1488
+ {
1489
+ "john": null,
1490
+ "hashcat": null,
1491
+ "extended": false,
1492
+ "name": "Skein-1024"
1493
+ }
1494
+ ]
1495
+ },
1496
+ {
1497
+ "regex": "^grub\\.pbkdf2\\.sha512\\.[0-9]+\\.([a-f0-9]{128,2048}\\.|[0-9]+\\.)?[a-f0-9]{128}$",
1498
+ "modes": [
1499
+ {
1500
+ "john": null,
1501
+ "hashcat": 7200,
1502
+ "extended": false,
1503
+ "name": "GRUB 2"
1504
+ }
1505
+ ]
1506
+ },
1507
+ {
1508
+ "regex": "^sha1\\$[a-z0-9]+\\$[a-f0-9]{40}$",
1509
+ "modes": [
1510
+ {
1511
+ "john": null,
1512
+ "hashcat": 124,
1513
+ "extended": false,
1514
+ "name": "Django(SHA-1)"
1515
+ }
1516
+ ]
1517
+ },
1518
+ {
1519
+ "regex": "^[a-f0-9]{49}$",
1520
+ "modes": [
1521
+ {
1522
+ "john": "citrix_ns10",
1523
+ "hashcat": 8100,
1524
+ "extended": false,
1525
+ "name": "Citrix Netscaler"
1526
+ }
1527
+ ]
1528
+ },
1529
+ {
1530
+ "regex": "^\\$S\\$[a-z0-9\\/.]{52}$",
1531
+ "modes": [
1532
+ {
1533
+ "john": "drupal7",
1534
+ "hashcat": 7900,
1535
+ "extended": false,
1536
+ "name": "Drupal > v7.x"
1537
+ }
1538
+ ]
1539
+ },
1540
+ {
1541
+ "regex": "^\\$5\\$(rounds=[0-9]+\\$)?[a-z0-9\\/.]{0,16}\\$[a-z0-9\\/.]{43}$",
1542
+ "modes": [
1543
+ {
1544
+ "john": "sha256crypt",
1545
+ "hashcat": 7400,
1546
+ "extended": false,
1547
+ "name": "SHA-256 Crypt"
1548
+ }
1549
+ ]
1550
+ },
1551
+ {
1552
+ "regex": "^0x[a-f0-9]{4}[a-f0-9]{16}[a-f0-9]{64}$",
1553
+ "modes": [
1554
+ {
1555
+ "john": "sybasease",
1556
+ "hashcat": 8000,
1557
+ "extended": false,
1558
+ "name": "Sybase ASE"
1559
+ }
1560
+ ]
1561
+ },
1562
+ {
1563
+ "regex": "^\\$6\\$(rounds=[0-9]+\\$)?[a-z0-9\\/.]{0,16}\\$[a-z0-9\\/.]{86}$",
1564
+ "modes": [
1565
+ {
1566
+ "john": "sha512crypt",
1567
+ "hashcat": 1800,
1568
+ "extended": false,
1569
+ "name": "SHA-512 Crypt"
1570
+ }
1571
+ ]
1572
+ },
1573
+ {
1574
+ "regex": "^\\$sha\\$[a-z0-9]{1,16}\\$([a-f0-9]{32}|[a-f0-9]{40}|[a-f0-9]{64}|[a-f0-9]{128}|[a-f0-9]{140})$",
1575
+ "modes": [
1576
+ {
1577
+ "john": null,
1578
+ "hashcat": null,
1579
+ "extended": false,
1580
+ "name": "Minecraft(AuthMe Reloaded)"
1581
+ }
1582
+ ]
1583
+ },
1584
+ {
1585
+ "regex": "^sha256\\$[a-z0-9]+\\$[a-f0-9]{64}$",
1586
+ "modes": [
1587
+ {
1588
+ "john": null,
1589
+ "hashcat": null,
1590
+ "extended": false,
1591
+ "name": "Django(SHA-256)"
1592
+ }
1593
+ ]
1594
+ },
1595
+ {
1596
+ "regex": "^sha384\\$[a-z0-9]+\\$[a-f0-9]{96}$",
1597
+ "modes": [
1598
+ {
1599
+ "john": null,
1600
+ "hashcat": null,
1601
+ "extended": false,
1602
+ "name": "Django(SHA-384)"
1603
+ }
1604
+ ]
1605
+ },
1606
+ {
1607
+ "regex": "^crypt1:[a-z0-9+=]{12}:[a-z0-9+=]{12}$",
1608
+ "modes": [
1609
+ {
1610
+ "john": null,
1611
+ "hashcat": null,
1612
+ "extended": false,
1613
+ "name": "Clavister Secure Gateway"
1614
+ }
1615
+ ]
1616
+ },
1617
+ {
1618
+ "regex": "^[a-f0-9]{112}$",
1619
+ "modes": [
1620
+ {
1621
+ "john": null,
1622
+ "hashcat": null,
1623
+ "extended": false,
1624
+ "name": "Cisco VPN Client(PCF-File)"
1625
+ }
1626
+ ]
1627
+ },
1628
+ {
1629
+ "regex": "^[a-f0-9]{1329}$",
1630
+ "modes": [
1631
+ {
1632
+ "john": null,
1633
+ "hashcat": null,
1634
+ "extended": false,
1635
+ "name": "Microsoft MSTSC(RDP-File)"
1636
+ }
1637
+ ]
1638
+ },
1639
+ {
1640
+ "regex": "^[^\\\\\\/:*?\"<>|]{1,20}[:]{2,3}([^\\\\\\/:*?\"<>|]{1,20})?:[a-f0-9]{48}:[a-f0-9]{48}:[a-f0-9]{16}$",
1641
+ "modes": [
1642
+ {
1643
+ "john": "netntlm",
1644
+ "hashcat": 5500,
1645
+ "extended": false,
1646
+ "name": "NetNTLMv1-VANILLA / NetNTLMv1+ESS"
1647
+ }
1648
+ ]
1649
+ },
1650
+ {
1651
+ "regex": "^([^\\\\\\/:*?\"<>|]{1,20}\\\\)?[^\\\\\\/:*?\"<>|]{1,20}[:]{2,3}([^\\\\\\/:*?\"<>|]{1,20}:)?[^\\\\\\/:*?\"<>|]{1,20}:[a-f0-9]{32}:[a-f0-9]+$",
1652
+ "modes": [
1653
+ {
1654
+ "john": "netntlmv2",
1655
+ "hashcat": 5600,
1656
+ "extended": false,
1657
+ "name": "NetNTLMv2"
1658
+ }
1659
+ ]
1660
+ },
1661
+ {
1662
+ "regex": "^\\$(krb5pa|mskrb5)\\$([0-9]{2})?\\$.+\\$[a-f0-9]{1,}$",
1663
+ "modes": [
1664
+ {
1665
+ "john": "krb5pa-md5",
1666
+ "hashcat": 7500,
1667
+ "extended": false,
1668
+ "name": "Kerberos 5 AS-REQ Pre-Auth"
1669
+ }
1670
+ ]
1671
+ },
1672
+ {
1673
+ "regex": "^\\$scram\\$[0-9]+\\$[a-z0-9\\/.]{16}\\$sha-1=[a-z0-9\\/.]{27},sha-256=[a-z0-9\\/.]{43},sha-512=[a-z0-9\\/.]{86}$",
1674
+ "modes": [
1675
+ {
1676
+ "john": null,
1677
+ "hashcat": null,
1678
+ "extended": false,
1679
+ "name": "SCRAM Hash"
1680
+ }
1681
+ ]
1682
+ },
1683
+ {
1684
+ "regex": "^[a-f0-9]{40}:[a-f0-9]{0,32}$",
1685
+ "modes": [
1686
+ {
1687
+ "john": null,
1688
+ "hashcat": 7600,
1689
+ "extended": false,
1690
+ "name": "Redmine Project Management Web App"
1691
+ }
1692
+ ]
1693
+ },
1694
+ {
1695
+ "regex": "^(.+)?\\$[a-f0-9]{16}$",
1696
+ "modes": [
1697
+ {
1698
+ "john": "sapb",
1699
+ "hashcat": 7700,
1700
+ "extended": false,
1701
+ "name": "SAP CODVN B (BCODE)"
1702
+ }
1703
+ ]
1704
+ },
1705
+ {
1706
+ "regex": "^(.+)?\\$[a-f0-9]{40}$",
1707
+ "modes": [
1708
+ {
1709
+ "john": "sapg",
1710
+ "hashcat": 7800,
1711
+ "extended": false,
1712
+ "name": "SAP CODVN F/G (PASSCODE)"
1713
+ }
1714
+ ]
1715
+ },
1716
+ {
1717
+ "regex": "^(.+\\$)?[a-z0-9\\/.+]{30}(:.+)?$",
1718
+ "modes": [
1719
+ {
1720
+ "john": "md5ns",
1721
+ "hashcat": 22,
1722
+ "extended": false,
1723
+ "name": "Juniper Netscreen/SSG(ScreenOS)"
1724
+ }
1725
+ ]
1726
+ },
1727
+ {
1728
+ "regex": "^0x[a-f0-9]{60}\\s0x[a-f0-9]{40}$",
1729
+ "modes": [
1730
+ {
1731
+ "john": null,
1732
+ "hashcat": 123,
1733
+ "extended": false,
1734
+ "name": "EPi"
1735
+ }
1736
+ ]
1737
+ },
1738
+ {
1739
+ "regex": "^[a-f0-9]{40}:[^*]{1,25}$",
1740
+ "modes": [
1741
+ {
1742
+ "john": null,
1743
+ "hashcat": 121,
1744
+ "extended": false,
1745
+ "name": "SMF \u2265 v1.1"
1746
+ }
1747
+ ]
1748
+ },
1749
+ {
1750
+ "regex": "^(\\$wbb3\\$\\*1\\*)?[a-f0-9]{40}[:*][a-f0-9]{40}$",
1751
+ "modes": [
1752
+ {
1753
+ "john": "wbb3",
1754
+ "hashcat": 8400,
1755
+ "extended": false,
1756
+ "name": "Woltlab Burning Board 3.x"
1757
+ }
1758
+ ]
1759
+ },
1760
+ {
1761
+ "regex": "^[a-f0-9]{130}(:[a-f0-9]{40})?$",
1762
+ "modes": [
1763
+ {
1764
+ "john": null,
1765
+ "hashcat": 7300,
1766
+ "extended": false,
1767
+ "name": "IPMI2 RAKP HMAC-SHA1"
1768
+ }
1769
+ ]
1770
+ },
1771
+ {
1772
+ "regex": "^[a-f0-9]{32}:[0-9]+:[a-z0-9_.+\\-]+@[a-z0-9\\-]+\\.[a-z0-9\\-.]+$",
1773
+ "modes": [
1774
+ {
1775
+ "john": null,
1776
+ "hashcat": 6800,
1777
+ "extended": false,
1778
+ "name": "Lastpass"
1779
+ }
1780
+ ]
1781
+ },
1782
+ {
1783
+ "regex": "^[a-z0-9\\/.]{16}([:$].{1,})?$",
1784
+ "modes": [
1785
+ {
1786
+ "john": "asa-md5",
1787
+ "hashcat": 2410,
1788
+ "extended": false,
1789
+ "name": "Cisco-ASA(MD5)"
1790
+ }
1791
+ ]
1792
+ },
1793
+ {
1794
+ "regex": "^\\$vnc\\$\\*[a-f0-9]{32}\\*[a-f0-9]{32}$",
1795
+ "modes": [
1796
+ {
1797
+ "john": "vnc",
1798
+ "hashcat": null,
1799
+ "extended": false,
1800
+ "name": "VNC"
1801
+ }
1802
+ ]
1803
+ },
1804
+ {
1805
+ "regex": "^[a-z0-9]{32}(:([a-z0-9\\-]+\\.)?[a-z0-9\\-.]+\\.[a-z]{2,7}:.+:[0-9]+)?$",
1806
+ "modes": [
1807
+ {
1808
+ "john": null,
1809
+ "hashcat": 8300,
1810
+ "extended": false,
1811
+ "name": "DNSSEC(NSEC3)"
1812
+ }
1813
+ ]
1814
+ },
1815
+ {
1816
+ "regex": "^(user-.+:)?\\$racf\\$\\*.+\\*[a-f0-9]{16}$",
1817
+ "modes": [
1818
+ {
1819
+ "john": "racf",
1820
+ "hashcat": 8500,
1821
+ "extended": false,
1822
+ "name": "RACF"
1823
+ }
1824
+ ]
1825
+ },
1826
+ {
1827
+ "regex": "^\\$3\\$\\$[a-f0-9]{32}$",
1828
+ "modes": [
1829
+ {
1830
+ "john": null,
1831
+ "hashcat": null,
1832
+ "extended": false,
1833
+ "name": "NTHash(FreeBSD Variant)"
1834
+ }
1835
+ ]
1836
+ },
1837
+ {
1838
+ "regex": "^\\$sha1\\$[0-9]+\\$[a-z0-9\\/.]{0,64}\\$[a-z0-9\\/.]{28}$",
1839
+ "modes": [
1840
+ {
1841
+ "john": "sha1crypt",
1842
+ "hashcat": null,
1843
+ "extended": false,
1844
+ "name": "SHA-1 Crypt"
1845
+ }
1846
+ ]
1847
+ },
1848
+ {
1849
+ "regex": "^[a-f0-9]{70}$",
1850
+ "modes": [
1851
+ {
1852
+ "john": "hmailserver",
1853
+ "hashcat": 1421,
1854
+ "extended": false,
1855
+ "name": "hMailServer"
1856
+ }
1857
+ ]
1858
+ },
1859
+ {
1860
+ "regex": "^[:\\$][AB][:\\$]([a-f0-9]{1,8}[:\\$])?[a-f0-9]{32}$",
1861
+ "modes": [
1862
+ {
1863
+ "john": "mediawiki",
1864
+ "hashcat": 3711,
1865
+ "extended": false,
1866
+ "name": "MediaWiki"
1867
+ }
1868
+ ]
1869
+ },
1870
+ {
1871
+ "regex": "^[a-f0-9]{140}$",
1872
+ "modes": [
1873
+ {
1874
+ "john": null,
1875
+ "hashcat": null,
1876
+ "extended": false,
1877
+ "name": "Minecraft(xAuth)"
1878
+ }
1879
+ ]
1880
+ },
1881
+ {
1882
+ "regex": "^\\$pbkdf2(-sha1)?\\$[0-9]+\\$[a-z0-9\\/.]+\\$[a-z0-9\\/.]{27}$",
1883
+ "modes": [
1884
+ {
1885
+ "john": null,
1886
+ "hashcat": null,
1887
+ "extended": false,
1888
+ "name": "PBKDF2-SHA1(Generic)"
1889
+ }
1890
+ ]
1891
+ },
1892
+ {
1893
+ "regex": "^\\$pbkdf2-sha256\\$[0-9]+\\$[a-z0-9\\/.]+\\$[a-z0-9\\/.]{43}$",
1894
+ "modes": [
1895
+ {
1896
+ "john": "pbkdf2-hmac-sha256",
1897
+ "hashcat": null,
1898
+ "extended": false,
1899
+ "name": "PBKDF2-SHA256(Generic)"
1900
+ }
1901
+ ]
1902
+ },
1903
+ {
1904
+ "regex": "^\\$pbkdf2-sha512\\$[0-9]+\\$[a-z0-9\\/.]+\\$[a-z0-9\\/.]{86}$",
1905
+ "modes": [
1906
+ {
1907
+ "john": null,
1908
+ "hashcat": null,
1909
+ "extended": false,
1910
+ "name": "PBKDF2-SHA512(Generic)"
1911
+ }
1912
+ ]
1913
+ },
1914
+ {
1915
+ "regex": "^\\$p5k2\\$[0-9]+\\$[a-z0-9\\/+=\\-]+\\$[a-z0-9\\/+\\-]{27}=$",
1916
+ "modes": [
1917
+ {
1918
+ "john": null,
1919
+ "hashcat": null,
1920
+ "extended": false,
1921
+ "name": "PBKDF2(Cryptacular)"
1922
+ }
1923
+ ]
1924
+ },
1925
+ {
1926
+ "regex": "^\\$p5k2\\$[0-9]+\\$[a-z0-9\\/.]+\\$[a-z0-9\\/.]{32}$",
1927
+ "modes": [
1928
+ {
1929
+ "john": null,
1930
+ "hashcat": null,
1931
+ "extended": false,
1932
+ "name": "PBKDF2(Dwayne Litzenberger)"
1933
+ }
1934
+ ]
1935
+ },
1936
+ {
1937
+ "regex": "^{FSHP[0123]\\|[0-9]+\\|[0-9]+}[a-z0-9\\/+=]+$",
1938
+ "modes": [
1939
+ {
1940
+ "john": null,
1941
+ "hashcat": null,
1942
+ "extended": false,
1943
+ "name": "Fairly Secure Hashed Password"
1944
+ }
1945
+ ]
1946
+ },
1947
+ {
1948
+ "regex": "^\\$PHPS\\$.+\\$[a-f0-9]{32}$",
1949
+ "modes": [
1950
+ {
1951
+ "john": "phps",
1952
+ "hashcat": 2612,
1953
+ "extended": false,
1954
+ "name": "PHPS"
1955
+ }
1956
+ ]
1957
+ },
1958
+ {
1959
+ "regex": "^[0-9]{4}:[a-f0-9]{16}:[a-f0-9]{2080}$",
1960
+ "modes": [
1961
+ {
1962
+ "john": null,
1963
+ "hashcat": 6600,
1964
+ "extended": false,
1965
+ "name": "1Password(Agile Keychain)"
1966
+ }
1967
+ ]
1968
+ },
1969
+ {
1970
+ "regex": "^[a-f0-9]{64}:[a-f0-9]{32}:[0-9]{5}:[a-f0-9]{608}$",
1971
+ "modes": [
1972
+ {
1973
+ "john": null,
1974
+ "hashcat": 8200,
1975
+ "extended": false,
1976
+ "name": "1Password(Cloud Keychain)"
1977
+ }
1978
+ ]
1979
+ },
1980
+ {
1981
+ "regex": "^[a-f0-9]{256}:[a-f0-9]{256}:[a-f0-9]{16}:[a-f0-9]{16}:[a-f0-9]{320}:[a-f0-9]{16}:[a-f0-9]{40}:[a-f0-9]{40}:[a-f0-9]{32}$",
1982
+ "modes": [
1983
+ {
1984
+ "john": null,
1985
+ "hashcat": 5300,
1986
+ "extended": false,
1987
+ "name": "IKE-PSK MD5"
1988
+ }
1989
+ ]
1990
+ },
1991
+ {
1992
+ "regex": "^[a-f0-9]{256}:[a-f0-9]{256}:[a-f0-9]{16}:[a-f0-9]{16}:[a-f0-9]{320}:[a-f0-9]{16}:[a-f0-9]{40}:[a-f0-9]{40}:[a-f0-9]{40}$",
1993
+ "modes": [
1994
+ {
1995
+ "john": null,
1996
+ "hashcat": 5400,
1997
+ "extended": false,
1998
+ "name": "IKE-PSK SHA1"
1999
+ }
2000
+ ]
2001
+ },
2002
+ {
2003
+ "regex": "^[a-z0-9\\/+]{27}=$",
2004
+ "modes": [
2005
+ {
2006
+ "john": null,
2007
+ "hashcat": 133,
2008
+ "extended": false,
2009
+ "name": "PeopleSoft"
2010
+ }
2011
+ ]
2012
+ },
2013
+ {
2014
+ "regex": "^crypt\\$[a-f0-9]{5}\\$[a-z0-9\\/.]{13}$",
2015
+ "modes": [
2016
+ {
2017
+ "john": null,
2018
+ "hashcat": null,
2019
+ "extended": false,
2020
+ "name": "Django(DES Crypt Wrapper)"
2021
+ }
2022
+ ]
2023
+ },
2024
+ {
2025
+ "regex": "^(\\$django\\$\\*1\\*)?pbkdf2_sha256\\$[0-9]+\\$[a-z0-9]+\\$[a-z0-9\\/+=]{44}$",
2026
+ "modes": [
2027
+ {
2028
+ "john": "django",
2029
+ "hashcat": 10000,
2030
+ "extended": false,
2031
+ "name": "Django(PBKDF2-HMAC-SHA256)"
2032
+ }
2033
+ ]
2034
+ },
2035
+ {
2036
+ "regex": "^pbkdf2_sha1\\$[0-9]+\\$[a-z0-9]+\\$[a-z0-9\\/+=]{28}$",
2037
+ "modes": [
2038
+ {
2039
+ "john": null,
2040
+ "hashcat": null,
2041
+ "extended": false,
2042
+ "name": "Django(PBKDF2-HMAC-SHA1)"
2043
+ }
2044
+ ]
2045
+ },
2046
+ {
2047
+ "regex": "^bcrypt(\\$2[axy]|\\$2)\\$[0-9]{2}\\$[a-z0-9\\/.]{53}$",
2048
+ "modes": [
2049
+ {
2050
+ "john": null,
2051
+ "hashcat": null,
2052
+ "extended": false,
2053
+ "name": "Django(bcrypt)"
2054
+ }
2055
+ ]
2056
+ },
2057
+ {
2058
+ "regex": "^md5\\$[a-f0-9]+\\$[a-f0-9]{32}$",
2059
+ "modes": [
2060
+ {
2061
+ "john": null,
2062
+ "hashcat": null,
2063
+ "extended": false,
2064
+ "name": "Django(MD5)"
2065
+ }
2066
+ ]
2067
+ },
2068
+ {
2069
+ "regex": "^\\{PKCS5S2\\}[a-z0-9\\/+]{64}$",
2070
+ "modes": [
2071
+ {
2072
+ "john": null,
2073
+ "hashcat": null,
2074
+ "extended": false,
2075
+ "name": "PBKDF2(Atlassian)"
2076
+ }
2077
+ ]
2078
+ },
2079
+ {
2080
+ "regex": "^md5[a-f0-9]{32}$",
2081
+ "modes": [
2082
+ {
2083
+ "john": null,
2084
+ "hashcat": null,
2085
+ "extended": false,
2086
+ "name": "PostgreSQL MD5"
2087
+ }
2088
+ ]
2089
+ },
2090
+ {
2091
+ "regex": "^\\([a-z0-9\\/+]{49}\\)$",
2092
+ "modes": [
2093
+ {
2094
+ "john": null,
2095
+ "hashcat": 9100,
2096
+ "extended": false,
2097
+ "name": "Lotus Notes/Domino 8"
2098
+ }
2099
+ ]
2100
+ },
2101
+ {
2102
+ "regex": "^SCRYPT:[0-9]{1,}:[0-9]{1}:[0-9]{1}:[a-z0-9:\\/+=]{1,}$",
2103
+ "modes": [
2104
+ {
2105
+ "john": null,
2106
+ "hashcat": 8900,
2107
+ "extended": false,
2108
+ "name": "scrypt"
2109
+ }
2110
+ ]
2111
+ },
2112
+ {
2113
+ "regex": "^\\$8\\$[a-z0-9\\/.]{14}\\$[a-z0-9\\/.]{43}$",
2114
+ "modes": [
2115
+ {
2116
+ "john": "cisco8",
2117
+ "hashcat": 9200,
2118
+ "extended": false,
2119
+ "name": "Cisco Type 8"
2120
+ }
2121
+ ]
2122
+ },
2123
+ {
2124
+ "regex": "^\\$9\\$[a-z0-9\\/.]{14}\\$[a-z0-9\\/.]{43}$",
2125
+ "modes": [
2126
+ {
2127
+ "john": "cisco9",
2128
+ "hashcat": 9300,
2129
+ "extended": false,
2130
+ "name": "Cisco Type 9"
2131
+ }
2132
+ ]
2133
+ },
2134
+ {
2135
+ "regex": "^\\$office\\$\\*2007\\*[0-9]{2}\\*[0-9]{3}\\*[0-9]{2}\\*[a-z0-9]{32}\\*[a-z0-9]{32}\\*[a-z0-9]{40}$",
2136
+ "modes": [
2137
+ {
2138
+ "john": "office",
2139
+ "hashcat": 9400,
2140
+ "extended": false,
2141
+ "name": "Microsoft Office 2007"
2142
+ }
2143
+ ]
2144
+ },
2145
+ {
2146
+ "regex": "^\\$office\\$\\*2010\\*[0-9]{6}\\*[0-9]{3}\\*[0-9]{2}\\*[a-z0-9]{32}\\*[a-z0-9]{32}\\*[a-z0-9]{64}$",
2147
+ "modes": [
2148
+ {
2149
+ "john": null,
2150
+ "hashcat": 9500,
2151
+ "extended": false,
2152
+ "name": "Microsoft Office 2010"
2153
+ }
2154
+ ]
2155
+ },
2156
+ {
2157
+ "regex": "^\\$office\\$\\*2013\\*[0-9]{6}\\*[0-9]{3}\\*[0-9]{2}\\*[a-z0-9]{32}\\*[a-z0-9]{32}\\*[a-z0-9]{64}$",
2158
+ "modes": [
2159
+ {
2160
+ "john": null,
2161
+ "hashcat": 9600,
2162
+ "extended": false,
2163
+ "name": "Microsoft Office 2013"
2164
+ }
2165
+ ]
2166
+ },
2167
+ {
2168
+ "regex": "^\\$fde\\$[0-9]{2}\\$[a-f0-9]{32}\\$[0-9]{2}\\$[a-f0-9]{32}\\$[a-f0-9]{3072}$",
2169
+ "modes": [
2170
+ {
2171
+ "john": "fde",
2172
+ "hashcat": 8800,
2173
+ "extended": false,
2174
+ "name": "Android FDE \u2264 4.3"
2175
+ }
2176
+ ]
2177
+ },
2178
+ {
2179
+ "regex": "^\\$oldoffice\\$[01]\\*[a-f0-9]{32}\\*[a-f0-9]{32}\\*[a-f0-9]{32}$",
2180
+ "modes": [
2181
+ {
2182
+ "john": "oldoffice",
2183
+ "hashcat": 9700,
2184
+ "extended": false,
2185
+ "name": "Microsoft Office \u2264 2003 (MD5+RC4)"
2186
+ },
2187
+ {
2188
+ "john": "oldoffice",
2189
+ "hashcat": 9710,
2190
+ "extended": false,
2191
+ "name": "Microsoft Office \u2264 2003 (MD5+RC4) collider-mode #1"
2192
+ },
2193
+ {
2194
+ "john": "oldoffice",
2195
+ "hashcat": 9720,
2196
+ "extended": false,
2197
+ "name": "Microsoft Office \u2264 2003 (MD5+RC4) collider-mode #2"
2198
+ }
2199
+ ]
2200
+ },
2201
+ {
2202
+ "regex": "^\\$oldoffice\\$[34]\\*[a-f0-9]{32}\\*[a-f0-9]{32}\\*[a-f0-9]{40}$",
2203
+ "modes": [
2204
+ {
2205
+ "john": null,
2206
+ "hashcat": 9800,
2207
+ "extended": false,
2208
+ "name": "Microsoft Office \u2264 2003 (SHA1+RC4)"
2209
+ },
2210
+ {
2211
+ "john": null,
2212
+ "hashcat": 9810,
2213
+ "extended": false,
2214
+ "name": "Microsoft Office \u2264 2003 (SHA1+RC4) collider-mode #1"
2215
+ },
2216
+ {
2217
+ "john": null,
2218
+ "hashcat": 9820,
2219
+ "extended": false,
2220
+ "name": "Microsoft Office \u2264 2003 (SHA1+RC4) collider-mode #2"
2221
+ }
2222
+ ]
2223
+ },
2224
+ {
2225
+ "regex": "^(\\$radmin2\\$)?[a-f0-9]{32}$",
2226
+ "modes": [
2227
+ {
2228
+ "john": "radmin",
2229
+ "hashcat": 9900,
2230
+ "extended": false,
2231
+ "name": "RAdmin v2.x"
2232
+ }
2233
+ ]
2234
+ },
2235
+ {
2236
+ "regex": "^{x-issha,\\s[0-9]{4}}[a-z0-9\\/+=]+$",
2237
+ "modes": [
2238
+ {
2239
+ "john": "saph",
2240
+ "hashcat": 10300,
2241
+ "extended": false,
2242
+ "name": "SAP CODVN H (PWDSALTEDHASH) iSSHA-1"
2243
+ }
2244
+ ]
2245
+ },
2246
+ {
2247
+ "regex": "^\\$cram_md5\\$[a-z0-9\\/+=\\-]+\\$[a-z0-9\\/+=\\-]{52}$",
2248
+ "modes": [
2249
+ {
2250
+ "john": null,
2251
+ "hashcat": 10200,
2252
+ "extended": false,
2253
+ "name": "CRAM-MD5"
2254
+ }
2255
+ ]
2256
+ },
2257
+ {
2258
+ "regex": "^[a-f0-9]{16}:2:4:[a-f0-9]{32}$",
2259
+ "modes": [
2260
+ {
2261
+ "john": null,
2262
+ "hashcat": 10100,
2263
+ "extended": false,
2264
+ "name": "SipHash"
2265
+ }
2266
+ ]
2267
+ },
2268
+ {
2269
+ "regex": "^[a-f0-9]{4,}$",
2270
+ "modes": [
2271
+ {
2272
+ "john": null,
2273
+ "hashcat": null,
2274
+ "extended": true,
2275
+ "name": "Cisco Type 7"
2276
+ }
2277
+ ]
2278
+ },
2279
+ {
2280
+ "regex": "^[a-z0-9\\/.]{13,}$",
2281
+ "modes": [
2282
+ {
2283
+ "john": "bigcrypt",
2284
+ "hashcat": null,
2285
+ "extended": true,
2286
+ "name": "BigCrypt"
2287
+ }
2288
+ ]
2289
+ },
2290
+ {
2291
+ "regex": "^(\\$cisco4\\$)?[a-z0-9\\/.]{43}$",
2292
+ "modes": [
2293
+ {
2294
+ "john": "cisco4",
2295
+ "hashcat": null,
2296
+ "extended": false,
2297
+ "name": "Cisco Type 4"
2298
+ }
2299
+ ]
2300
+ },
2301
+ {
2302
+ "regex": "^bcrypt_sha256\\$\\$(2[axy]|2)\\$[0-9]+\\$[a-z0-9\\/.]{53}$",
2303
+ "modes": [
2304
+ {
2305
+ "john": null,
2306
+ "hashcat": null,
2307
+ "extended": false,
2308
+ "name": "Django(bcrypt-SHA256)"
2309
+ }
2310
+ ]
2311
+ },
2312
+ {
2313
+ "regex": "^\\$postgres\\$.[^\\*]+[*:][a-f0-9]{1,32}[*:][a-f0-9]{32}$",
2314
+ "modes": [
2315
+ {
2316
+ "john": "postgres",
2317
+ "hashcat": 11100,
2318
+ "extended": false,
2319
+ "name": "PostgreSQL Challenge-Response Authentication (MD5)"
2320
+ }
2321
+ ]
2322
+ },
2323
+ {
2324
+ "regex": "^\\$siemens-s7\\$[0-9]{1}\\$[a-f0-9]{40}\\$[a-f0-9]{40}$",
2325
+ "modes": [
2326
+ {
2327
+ "john": "siemens-s7",
2328
+ "hashcat": null,
2329
+ "extended": false,
2330
+ "name": "Siemens-S7"
2331
+ }
2332
+ ]
2333
+ },
2334
+ {
2335
+ "regex": "^(\\$pst\\$)?[a-f0-9]{8}$",
2336
+ "modes": [
2337
+ {
2338
+ "john": null,
2339
+ "hashcat": null,
2340
+ "extended": false,
2341
+ "name": "Microsoft Outlook PST"
2342
+ }
2343
+ ]
2344
+ },
2345
+ {
2346
+ "regex": "^sha256[:$][0-9]+[:$][a-z0-9\\/+]+[:$][a-z0-9\\/+]{32,128}$",
2347
+ "modes": [
2348
+ {
2349
+ "john": null,
2350
+ "hashcat": 10900,
2351
+ "extended": false,
2352
+ "name": "PBKDF2-HMAC-SHA256(PHP)"
2353
+ }
2354
+ ]
2355
+ },
2356
+ {
2357
+ "regex": "^(\\$dahua\\$)?[a-z0-9]{8}$",
2358
+ "modes": [
2359
+ {
2360
+ "john": "dahua",
2361
+ "hashcat": null,
2362
+ "extended": false,
2363
+ "name": "Dahua"
2364
+ }
2365
+ ]
2366
+ },
2367
+ {
2368
+ "regex": "^\\$mysqlna\\$[a-f0-9]{40}[:*][a-f0-9]{40}$",
2369
+ "modes": [
2370
+ {
2371
+ "john": null,
2372
+ "hashcat": 11200,
2373
+ "extended": false,
2374
+ "name": "MySQL Challenge-Response Authentication (SHA1)"
2375
+ }
2376
+ ]
2377
+ },
2378
+ {
2379
+ "regex": "^\\$pdf\\$[24]\\*[34]\\*128\\*[0-9\\-]{1,5}\\*1\\*(16|32)\\*[a-f0-9]{32,64}\\*32\\*[a-f0-9]{64}\\*(8|16|32)\\*[a-f0-9]{16,64}$",
2380
+ "modes": [
2381
+ {
2382
+ "john": "pdf",
2383
+ "hashcat": 10500,
2384
+ "extended": false,
2385
+ "name": "PDF 1.4 - 1.6 (Acrobat 5 - 8)"
2386
+ }
2387
+ ]
2388
+ }
2389
+ ]