βββ βββ ββββββ βββββββββββ βββ ββββββββββ
βββ ββββββββββββββββββββββ βββ βββββββββββ
ββββββββββββββββββββββββββββββββ ββββββ βββ
ββββββββββββββββββββββββββββββββ ββββββ βββ
βββ ββββββ ββββββββββββββ βββ βββββββββββ
βββ ββββββ ββββββββββββββ βββ ββββββββββ
Identify the algorithm behind a hash string by its prefix, length, and character set β the first move in any password-cracking workflow.
This is a quick overview β security theory, architecture, and full walkthroughs are in the learn modules.
Note
Foundations tier β this project is built for someone who has never written Python before. The source code is heavily commented as a teaching aid, the learn/ folder explains every concept from zero, and the whole tool is one readable file. If you already know Python, jump straight to PROJECTS/beginner/hash-cracker β the natural cracking companion to this identifier.
- Identify ~30 hash formats by prefix (
$2b$,$argon2id$,$apr1$,pbkdf2_sha256$,{SSHA}, and more) - Identify common hex hashes by length (MD5, SHA-1, SHA-256, SHA-512, NTLM, MD4, RIPEMD, BLAKE2, SHA-3)
- Recognize MySQL5, NetNTLMv1/v2, and traditional 13-char DES crypt by shape
- Detect non-hash inputs (JWTs, base64 blobs) and tell the user what they actually pasted
- Return ranked candidates with
high/medium/lowconfidence and a one-line reason for every guess - Pure-function core β no network, no filesystem, no global state, instant runtime
- Rich-rendered colored output table; clean exit codes for shell scripting
./install.sh
just run -- 5f4dcc3b5aa765d61d8327deb882cf99
# β MD5 (medium) β 32 hex chars, most likely candidate at this lengthTip
This project uses just as a command runner. Type just to see all available commands.
Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Try these β each demonstrates a different identification path:
| Hash | Detected as | Why |
|---|---|---|
5f4dcc3b5aa765d61d8327deb882cf99 |
MD5 | 32 hex chars β most likely candidate at this length |
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
SHA-256 | 64 hex chars β most likely candidate at this length |
$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQNQy.uK4Of2T7G.VHvgvWK |
bcrypt | prefix $2b$ β bcrypt PHC string, 2b variant (current) |
$argon2id$v=19$m=65536,t=3,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG |
Argon2id | prefix $argon2id$ β modern PHC string, the current standard |
$apr1$JlOdSlVe$ipa1mTAv3LFRBHHzqaIaH/ |
Apache MD5-crypt | prefix $apr1$ β Apache htpasswd MD5 variant (htpasswd -m) |
*A4B6157319038724E3560894F7F932C8886EBFCF |
MySQL5 | starts with * followed by 40 uppercase hex chars |
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.dozjgN... |
JWT (not a hash) | leading eyJ is base64 of {" β JWT, not a hash |
just run -- 5f4dcc3b5aa765d61d8327deb882cf99
just run -- '$2b$12$EixZaYVK1fsbw1ZfbX3OXePaWxn96p36WQNQy.uK4Of2T7G.VHvgvWK'
just run -- '*A4B6157319038724E3560894F7F932C8886EBFCF'
just run -- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855Important
Always wrap hashes that begin with $ in single quotes. Without quotes your shell will try to expand $2, $P$, $1$ etc. as shell variables and silently mangle the input.
just # list available recipes
just test # run pytest (30+ tests, runs in under a second)
just lint # ruff + mypy --strict + pylint
just format # yapf
just run -- <h> # identify a hash- Python 3.14+ β the install script will check.
uvβ modern Python package manager (auto-installed by./install.sh).justβ command runner (auto-installed by./install.sh).
No compilers, no system libraries, no network access required. The project is one Python file plus tests.
This project includes step-by-step learning materials covering security theory, architecture, and implementation β written for someone who has never touched Python before.
| Module | Topic |
|---|---|
| 00 - Overview | Quick start, prerequisites, common problems |
| 01 - Concepts | What hashes are, real-world breaches, the three identification signals |
| 02 - Architecture | Three-layer architecture, six-step decision pipeline, data-driven design |
| 03 - Implementation | Line-by-line walkthrough β every Python feature explained when first encountered |
| 04 - Challenges | Five tiers of extension ideas, from adding a prefix rule to building an ML classifier |
PROJECTS/beginner/hash-crackerβ the natural sibling. Once this tool tells you what a hash is, that one teaches you how to crack it.PROJECTS/foundations/http-headers-scannerβ another foundations-tier Python project, slightly more involved I/O.PROJECTS/foundations/password-managerβ the hardest foundations-tier project; covers Argon2id, AES-GCM, and on-disk vaults.
AGPL 3.0