Hash Cracking Tools


CrackStation uses massive pre-computed lookup tables to crack password hashes. These tables store a mapping between the hash of a password, and the correct password for that hash. The hash values are indexed so that it is possible to quickly search the database for a given hash.

– https://crackstation.net/


CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.
Generates custom wordlists by spidering a target’s website and collecting unique words.

– https://digi.ninja/projects/cewl.php


Fast hash cracking utility with support for most known hashes as well as OpenCL and CUDA acceleration.
hashcat is the world’s fastest and most advanced password recovery utility, supporting five unique modes of attack for over 300 highly-optimized hashing algorithms. hashcat currently supports CPUs, GPUs, and other hardware accelerators on Linux, Windows, and macOS, and has facilities to help enable distributed password cracking.

John the Ripper

John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems.
This is the community-enhanced, “jumbo” version of John the Ripper. It has a lot of code, documentation, and data contributed by jumbo developers and the user community. It is easy for new code to be added to jumbo, and the quality requirements are low, although lately we’ve started subjecting all contributions to quite some automated testing. This means that you get a lot of functionality that is not necessarily “mature”, which in turn means that bugs in this code are to be expected.


Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms for constructing passwords and can output the full wordlist as well as rules compatible with Hashcat and John the Ripper.

For more information on installing and using Mentalist, please visit the wiki.