当前位置： 首页 > news >正文

intitle:律师网站建设的重要性,免费网站正能量软件,品牌营销传播,精细化工网站建设离线密码破解#xff1a;离线不会触发密码锁定机制不会产生大量登录失败日志引起管理员注意HASH识别工具#xff08;识别哈希类型#xff09;#xff1a;hash-identifierHashid yara规则匹配文件得到特定加密算法一、hash-identifierKali Linux提供工具hash-identifier来识…离线密码破解离线不会触发密码锁定机制不会产生大量登录失败日志引起管理员注意HASH识别工具识别哈希类型hash-identifierHashid yara规则匹配文件得到特定加密算法一、hash-identifierKali Linux提供工具hash-identifier来识别加密类型。运行该命令然后输入哈希密文就可以得到密文所使用的哈希算法类型。有了这个算法类型再选择对应的工具或者彩虹表获取密码明文就容易多了。核心代码如下逻辑匹配Hash_ID.py:#!/usr/bin/env python

encoding: utf-8

Hash Identifier v1.1

By Zion3R

www.Blackploit.com

RootBlackploit.comlogo ########################################################################## __ __ __ ______ _____ ## /\ \/\ \ /\ \ /__ _\ /\ _ \ ## \ \ _\ \ __ ____ \ \ ___ \/_/\ \/ \ \ \/\ \ ## \ \ _ \ /\ / ,\ \ \ _ \ \ \ \ \ \ \ \ \ ## \ \ \ \ \/\ _\ _/_, \ \ \ \ \ \ _\ _ \ \ _\ \ ## \ _\ _\ ___ _\/_/ \ _\ _\ /_\ \ ___/ ## \//\//\//\/_/\// \//\// \/____/ \/___/ v1.1 ## By Zion3R ## www.Blackploit.com ## RootBlackploit.com ##########################################################################algorithms{102020:ADLER-32, 102040:CRC-32, 102060:CRC-32B, 101020:CRC-16, 101040:CRC-16-CCITT, 104020:DES(Unix), 101060:FCS-16, 103040:GHash-32-3, 103020:GHash-32-5, 115060:GOST R 34.11-94, 109100:Haval-160, 109200:Haval-160(HMAC), 110040:Haval-192, 110080:Haval-192(HMAC), 114040:Haval-224, 114080:Haval-224(HMAC), 115040:Haval-256, 115140:Haval-256(HMAC), 107080:Lineage II C4, 106025:Domain Cached Credentials - MD4(MD4((\(pass)).(strtolower(\)username))), 102080:XOR-32, 105060:MD5(Half), 105040:MD5(Middle), 105020:MySQL, 107040:MD5(phpBB3), 107060:MD5(Unix), 107020:MD5(Wordpress), 108020:MD5(APR), 106160:Haval-128, 106165:Haval-128(HMAC), 106060:MD2, 106120:MD2(HMAC), 106040:MD4, 106100:MD4(HMAC), 106020:MD5, 106080:MD5(HMAC), 106140:MD5(HMAC(Wordpress)), 106029:NTLM, 106027:RAdmin v2.x, 106180:RipeMD-128, 106185:RipeMD-128(HMAC), 106200:SNEFRU-128, 106205:SNEFRU-128(HMAC), 106220:Tiger-128, 106225:Tiger-128(HMAC), 106240:md5(\(pass.\)salt), 106260:md5(\(salt.-.md5(\)pass)), 106280:md5(\(salt.\)pass), 106300:md5(\(salt.\)pass.\(salt), 106320:md5(\)salt.\(pass.\)username), 106340:md5(\(salt.md5(\)pass)), 106360:md5(\(salt.md5(\)pass).\(salt), 106380:md5(\)salt.md5(\(pass.\)salt)), 106400:md5(\(salt.md5(\)salt.\(pass)), 106420:md5(\)salt.md5(md5(\(pass).\)salt)), 106440:md5(\(username.0.\)pass), 106460:md5(\(username.LF.\)pass), 106480:md5(\(username.md5(\)pass).\(salt), 106500:md5(md5(\)pass)), 106520:md5(md5(\(pass).\)salt), 106540:md5(md5(\(pass).md5(\)salt)), 106560:md5(md5(\(salt).\)pass), 106580:md5(md5(\(salt).md5(\)pass)), 106600:md5(md5(\(username.\)pass).\(salt), 106620:md5(md5(md5(\)pass))), 106640:md5(md5(md5(md5(\(pass)))), 106660:md5(md5(md5(md5(md5(\)pass))))), 106680:md5(sha1(\(pass)), 106700:md5(sha1(md5(\)pass))), 106720:md5(sha1(md5(sha1(\(pass)))), 106740:md5(strtoupper(md5(\)pass))), 109040:MySQL5 - SHA-1(SHA-1(\(pass)), 109060:MySQL 160bit - SHA-1(SHA-1(\)pass)), 109180:RipeMD-160(HMAC), 109120:RipeMD-160, 109020:SHA-1, 109140:SHA-1(HMAC), 109220:SHA-1(MaNGOS), 109240:SHA-1(MaNGOS2), 109080:Tiger-160, 109160:Tiger-160(HMAC), 109260:sha1(\(pass.\)salt), 109280:sha1(\(salt.\)pass), 109300:sha1(\(salt.md5(\)pass)), 109320:sha1(\(salt.md5(\)pass).\(salt), 109340:sha1(\)salt.sha1(\(pass)), 109360:sha1(\)salt.sha1(\(salt.sha1(\)pass))), 109380:sha1(\(username.\)pass), 109400:sha1(\(username.\)pass.\(salt), 1094202:sha1(md5(\)pass)), 109440:sha1(md5(\(pass).\)salt), 109460:sha1(md5(sha1(\(pass))), 109480:sha1(sha1(\)pass)), 109500:sha1(sha1(\(pass).\)salt), 109520:sha1(sha1(\(pass).substr(\)pass,0,3)), 109540:sha1(sha1(\(salt.\)pass)), 109560:sha1(sha1(sha1(\(pass))), 109580:sha1(strtolower(\)username).\(pass), 110020:Tiger-192, 110060:Tiger-192(HMAC), 112020:md5(\)pass.\(salt) - Joomla, 113020:SHA-1(Django), 114020:SHA-224, 114060:SHA-224(HMAC), 115080:RipeMD-256, 115160:RipeMD-256(HMAC), 115100:SNEFRU-256, 115180:SNEFRU-256(HMAC), 115200:SHA-256(md5(\)pass)), 115220:SHA-256(sha1(\(pass)), 115020:SHA-256, 115120:SHA-256(HMAC), 116020:md5(\)pass.$salt) - Joomla, 116040:SAM - (LM_hash:NT_hash), 117020:SHA-256(Django), 118020:RipeMD-320, 118040:RipeMD-320(HMAC), 119020:SHA-384, 119040:SHA-384(HMAC), 120020:SHA-256, 121020:SHA-384(Django), 122020:SHA-512, 122060:SHA-512(HMAC), 122040:Whirlpool, 122080:Whirlpool(HMAC)}# hash.islower() minusculas

hash.isdigit() numerico

hash.isalpha() letras

hash.isalnum() alfanumericodef CRC16():hs4607if len(hash)len(hs) and hash.isalpha()False and hash.isalnum()True:jerar.append(101020)

def CRC16CCITT():hs3d08if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(101040) def FCS16():hs0e5bif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(101060)def CRC32():hsb33fd057if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(102040) def ADLER32():hs0607cb42if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(102020) def CRC32B():hsb764a0d9if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(102060) def XOR32():hs0000003fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(102080)def GHash323():hs80000000if len(hash)len(hs) and hash.isdigit()True and hash.isalpha()False and hash.isalnum()True:jerar.append(103040) def GHash325():hs85318985if len(hash)len(hs) and hash.isdigit()True and hash.isalpha()False and hash.isalnum()True:jerar.append(103020)def DESUnix():hsZiY8YtDKXJwYQif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False:jerar.append(104020)def MD5Half():hsae11fd697ec92c7cif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(105060) def MD5Middle():hs7ec92c7c98de3facif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(105040) def MySQL():hs63cea4673fd25f46if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(105020)def DomainCachedCredentials():hsf42005ec1afe77967cbc83dce1b4d714if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106025) def Haval128():hsd6e3ec49aa0f138a619f27609022df10if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106160) def Haval128HMAC():hs3ce8b0ffd75bc240fc7d967729cd6637if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106165) def MD2():hs08bbef4754d98806c373f2cd7d9a43c4if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106060) def MD2HMAC():hs4b61b72ead2b0eb0fa3b8a56556a6dcaif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106120) def MD4():hsa2acde400e61410e79dacbdfc3413151if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106040) def MD4HMAC():hs6be20b66f2211fe937294c1c95d1cd4fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106100) def MD5():hsae11fd697ec92c7c98de3fac23aba525if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106020) def MD5HMAC():hsd57e43d2c7e397bf788f66541d6fdef9if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106080) def MD5HMACWordpress():hs3f47886719268dfa83468630948228f6if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106140) def NTLM():hscc348bace876ea440a28ddaeb9fd3550if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106029) def RAdminv2x():hsbaea31c728cbf0cd548476aa687add4bif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106027) def RipeMD128():hs4985351cd74aff0abc5a75a0c8a54115if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106180) def RipeMD128HMAC():hsae1995b931cf4cbcf1ac6fbf1a83d1d3if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106185) def SNEFRU128():hs4fb58702b617ac4f7ca87ec77b93da8aif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106200) def SNEFRU128HMAC():hs59b2b9dcc7a9a7d089cecf1b83520350if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106205) def Tiger128():hsc086184486ec6388ff81ec9f23528727if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106220) def Tiger128HMAC():hsc87032009e7c4b2ea27eb6f99723454bif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106225) def md5passsalt():hs5634cc3b922578434d6e9342ff5913f7if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106240) def md5saltmd5pass():hs245c5763b95ba42d4b02d44bbcd916f1if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106260) def md5saltpass():hs22cc5ce1a1ef747cd3fa06106c148dfaif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106280) def md5saltpasssalt():hs469e9cdcaff745460595a7a386c4db0cif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106300) def md5saltpassusername():hs9ae20f88189f6e3a62711608ddb6f5fdif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106320) def md5saltmd5pass():hsaca2a052962b2564027ee62933d2382fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106340) def md5saltmd5passsalt():hsde0237dc03a8efdf6552fbe7788b2fddif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106360) def md5saltmd5passsalt():hs5b8b12ca69d3e7b2a3e2308e7bef3e6fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106380) def md5saltmd5saltpass():hsd8f3b3f004d387086aae24326b575b23if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106400) def md5saltmd5md5passsalt():hs81f181454e23319779b03d74d062b1a2if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106420) def md5username0pass():hse44a60f8f2106492ae16581c91edb3baif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106440) def md5usernameLFpass():hs654741780db415732eaee12b1b909119if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106460) def md5usernamemd5passsalt():hs954ac5505fd1843bbb97d1b2cda0b98fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106480) def md5md5pass():hsa96103d267d024583d5565436e52dfb3if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106500) def md5md5passsalt():hs5848c73c2482d3c2c7b6af134ed8dd89if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106520) def md5md5passmd5salt():hs8dc71ef37197b2edba02d48c30217b32if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106540) def md5md5saltpass():hs9032fabd905e273b9ceb1e124631bd67if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106560) def md5md5saltmd5pass():hs8966f37dbb4aca377a71a9d3d09cd1acif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106580) def md5md5usernamepasssalt():hs4319a3befce729b34c3105dbc29d0c40if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106600) def md5md5md5pass():hsea086739755920e732d0f4d8c1b6ad8dif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106620) def md5md5md5md5pass():hs02528c1f2ed8ac7d83fe76f3cf1c133fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106640) def md5md5md5md5md5pass():hs4548d2c062933dff53928fd4ae427fc0if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106660) def md5sha1pass():hscb4ebaaedfd536d965c452d9569a6b1eif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106680) def md5sha1md5pass():hs099b8a59795e07c334a696a10c0ebce0if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106700) def md5sha1md5sha1pass():hs06e4af76833da7cc138d90602ef80070if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106720) def md5strtouppermd5pass():hs519de146f1a658ab5e5e2aa9b7d2eec8if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(106740)def LineageIIC4():hs0x49a57f66bd3d5ba6abda5579c264a0e4if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True and hash[0:2].find(0x)0:jerar.append(107080) def MD5phpBB3():hs\(H\)9kyOtE8CDqMJ44yfn9PFz2E.L2oVzL1if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:3].find(\(H\))0:jerar.append(107040) def MD5Unix():hs\(1\)cTuJH0Ju\(1J8rI.mJReeMvpKUZbSlY/if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:3].find(\)1\()0:jerar.append(107060) def MD5Wordpress():hs\)P\(BiTOhOj3ukMgCci2juN0HRbCdDRqeh.if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:3].find(\)P\()0:jerar.append(107020)def MD5APR():hs\)apr1\(qAUKoKlG\)3LuCncByN76eLxZAh/Ldr1if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash[0:4].find(\(apr)0:jerar.append(108020)def Haval160():hsa106e921284dd69dad06192a4411ec32fce83dbbif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109100) def Haval160HMAC():hs29206f83edc1d6c3f680ff11276ec20642881243if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109200) def MySQL5():hs9bb2fb57063821c762cc009f7584ddae9da431ffif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109040) def MySQL160bit():hs*2470c0c06dee42fd1618bb99005adca2ec9d1e19if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:1].find(*)0:jerar.append(109060) def RipeMD160():hsdc65552812c66997ea7320ddfb51f5625d74721bif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109120) def RipeMD160HMAC():hsca28af47653b4f21e96c1235984cb50229331359if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109180) def SHA1():hs4a1d4dbc1e193ec3ab2e9213876ceb8f4db72333if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109020) def SHA1HMAC():hs6f5daac3fee96ba1382a09b1ba326ca73dccf9e7if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109140) def SHA1MaNGOS():hsa2c0cdb6d1ebd1b9f85c6e25e0f8732e88f02f96if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109220) def SHA1MaNGOS2():hs644a29679136e09d0bd99dfd9e8c5be84108b5fdif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109240) def Tiger160():hsc086184486ec6388ff81ec9f235287270429b225if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109080) def Tiger160HMAC():hs6603161719da5e56e1866e4f61f79496334e6a10if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109160) def sha1passsalt():hsf006a1863663c21c541c8d600355abfeeaadb5e4if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109260) def sha1saltpass():hs299c3d65a0dcab1fc38421783d64d0ecf4113448if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109280) def sha1saltmd5pass():hs860465ede0625deebb4fbbedcb0db9dc65faec30if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109300) def sha1saltmd5passsalt():hs6716d047c98c25a9c2cc54ee6134c73e6315a0ffif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109320) def sha1saltsha1pass():hs58714327f9407097c64032a2fd5bff3a260cb85fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109340) def sha1saltsha1saltsha1pass():hscc600a2903130c945aa178396910135cc7f93c63if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109360) def sha1usernamepass():hs3de3d8093bf04b8eb5f595bc2da3f37358522c9fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109380) def sha1usernamepasssalt():hs00025111b3c4d0ac1635558ce2393f77e94770c5if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109400) def sha1md5pass():hsfa960056c0dea57de94776d3759fb555a15cae87if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(1094202) def sha1md5passsalt():hs1dad2b71432d83312e61d25aeb627593295bcc9aif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109440) def sha1md5sha1pass():hs8bceaeed74c17571c15cdb9494e992db3c263695if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109460) def sha1sha1pass():hs3109b810188fcde0900f9907d2ebcaa10277d10eif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109480) def sha1sha1passsalt():hs780d43fa11693b61875321b6b54905ee488d7760if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109500) def sha1sha1passsubstrpass03():hs5ed6bc680b59c580db4a38df307bd4621759324eif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109520) def sha1sha1saltpass():hs70506bac605485b4143ca114cbd4a3580d76a413if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109540) def sha1sha1sha1pass():hs3328ee2a3b4bf41805bd6aab8e894a992fa91549if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109560) def sha1strtolowerusernamepass():hs79f575543061e158c2da3799f999eb7c95261f07if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(109580)def Haval192():hscd3a90a3bebd3fa6b6797eba5dab8441f16a7dfa96c6e641if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(110040) def Haval192HMAC():hs39b4d8ecf70534e2fd86bb04a877d01dbf9387e640366029if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(110080) def Tiger192():hsc086184486ec6388ff81ec9f235287270429b2253b248a70if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(110020) def Tiger192HMAC():hs8e914bb64353d4d29ab680e693272d0bd38023afa3943a41if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(110060)def MD5passsaltjoomla1():hs35d1c0d69a2df62be2df13b087343dc9:BeKMviAfcXeTPTlXif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[32:33].find(:)0:jerar.append(112020)def SHA1Django():hssha1\)Zion3R\(299c3d65a0dcab1fc38421783d64d0ecf4113448if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:5].find(sha1\))0:jerar.append(113020)def Haval224():hsf65d3c0ef6c56f4c74ea884815414c24dbf0195635b550f47eac651aif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(114040) def Haval224HMAC():hsf10de2518a9f7aed5cf09b455112114d18487f0c894e349c3c76a681if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(114080) def SHA224():hse301f414993d5ec2bd1d780688d37fe41512f8b57f6923d054ef8e59if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(114020) def SHA224HMAC():hsc15ff86a859892b5e95cdfd50af17d05268824a6c9caaa54e4bf1514if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(114060)def SHA256():hs2c740d20dab7f14ec30510a11f8fd78b82bc3a711abe8a993acdb323e78e6d5eif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115020) def SHA256HMAC():hsd3dd251b7668b8b6c12e639c681e88f2c9b81105ef41caccb25fcde7673a1132if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115120) def Haval256():hs7169ecae19a5cd729f6e9574228b8b3c91699175324e6222dec569d4281d4a4aif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115040) def Haval256HMAC():hs6aa856a2cfd349fb4ee781749d2d92a1ba2d38866e337a4a1db907654d4d4d7aif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115140) def GOSTR341194():hsab709d384cce5fda0793becd3da0cb6a926c86a8f3460efb471adddee1c63793if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115060) def RipeMD256():hs5fcbe06df20ce8ee16e92542e591bdea706fbdc2442aecbf42c223f4461a12afif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115080) def RipeMD256HMAC():hs43227322be1b8d743e004c628e0042184f1288f27c13155412f08beeee0e54bfif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115160) def SNEFRU256():hs3a654de48e8d6b669258b2d33fe6fb179356083eed6ff67e27c5ebfa4d9732bbif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115100) def SNEFRU256HMAC():hs4e9418436e301a488f675c9508a2d518d8f8f99e966136f2dd7e308b194d74f9if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115180) def SHA256md5pass():hsb419557099cfa18a86d1d693e2b3b3e979e7a5aba361d9c4ec585a1a70c7bde4if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115200) def SHA256sha1pass():hsafbed6e0c79338dbfe0000efe6b8e74e3b7121fe73c383ae22f5b505cb39c886if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(115220)def MD5passsaltjoomla2():hsfb33e01e4f8787dc8beb93dac4107209:fxJUXVjYRafVauT77Cze8XwFrWaeAYB2if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[32:33].find(:)0:jerar.append(116020) def SAM():hs4318B176C3D8E3DEAAD3B435B51404EE:B7C899154197E8A2A33121D76A240AB5if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash.islower()False and hash[32:33].find(:)0:jerar.append(116040)def SHA256Django():hssha256\(Zion3R\)9e1a08aa28a22dfff722fad7517bae68a55444bb5e2f909d340767cec9acf2c3if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:6].find(sha256)0:jerar.append(117020)def RipeMD320():hsb4f7c8993a389eac4f421b9b3b2bfb3a241d05949324a8dab1286069a18de69aaf5ecc3c2009d8efif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(118020) def RipeMD320HMAC():hs244516688f8ad7dd625836c0d0bfc3a888854f7c0161f01de81351f61e98807dcd55b39ffe5d7a78if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(118040)def SHA384():hs3b21c44f8d830fa55ee9328a7713c6aad548fe6d7a4a438723a0da67c48c485220081a2fbc3e8c17fd9bd65f8d4b4e6bif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(119020) def SHA384HMAC():hsbef0dd791e814d28b4115eb6924a10beb53da47d463171fe8e63f68207521a4171219bb91d0580bca37b0f96fddeeb8bif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(119040)def SHA256s():hs\(6\)g4TpUQzk\(OmsZBJFwvy6MwZckPvVYfDnwsgktm2CckOlNJGy9HNwHSuHFvywGIuwkJ6Bjn3kKbB6zoyEjIYNMpHWBNxJ6g.if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:3].find(\)6\()0:jerar.append(120020)def SHA384Django():hssha384\)Zion3R\(88cfd5bc332a4af9f09aa33a1593f24eddc01de00b84395765193c3887f4deac46dc723ac14ddeb4d3a9b958816b7bbaif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()False and hash[0:6].find(sha384)0:print [] SHA-384(Django)jerar.append(121020)def SHA512():hsea8e6f0935b34e2e6573b89c0856c81b831ef2cadfdee9f44eb9aa0955155ba5e8dd97f85c73f030666846773c91404fb0e12fb38936c56f8cf38a33ac89a24eif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(122020) def SHA512HMAC():hsdd0ada8693250b31d9f44f3ec2d4a106003a6ce67eaa92e384b356d1b4ef6d66a818d47c1f3a2c6e8a9a9b9bdbd28d485e06161ccd0f528c8bbb5541c3fef36fif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(122060) def Whirlpool():hs76df96157e632410998ad7f823d82930f79a96578acc8ac5ce1bfc34346cf64b4610aefa8a549da3f0c1da36dad314927cebf8ca6f3fcd0649d363c5a370dddbif len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(122040) def WhirlpoolHMAC():hs77996016cf6111e97d6ad31484bab1bf7de7b7ee64aebbc243e650a75a2f9256cef104e504d3cf29405888fca5a231fcac85d36cd614b1d52fce850b53ddf7f9if len(hash)len(hs) and hash.isdigit()False and hash.isalpha()False and hash.isalnum()True:jerar.append(122080)print logo while True:jerar[]print -------------------------------------------------------------------------hash raw_input( HASH: )ADLER32(); CRC16(); CRC16CCITT(); CRC32(); CRC32B(); DESUnix(); DomainCachedCredentials(); FCS16(); GHash323(); GHash325(); GOSTR341194(); Haval128(); Haval128HMAC(); Haval160(); Haval160HMAC(); Haval192(); Haval192HMAC(); Haval224(); Haval224HMAC(); Haval256(); Haval256HMAC(); LineageIIC4(); MD2(); MD2HMAC(); MD4(); MD4HMAC(); MD5(); MD5APR(); MD5HMAC(); MD5HMACWordpress(); MD5phpBB3(); MD5Unix(); MD5Wordpress(); MD5Half(); MD5Middle(); MD5passsaltjoomla1(); MD5passsaltjoomla2(); MySQL(); MySQL5(); MySQL160bit(); NTLM(); RAdminv2x(); RipeMD128(); RipeMD128HMAC(); RipeMD160(); RipeMD160HMAC(); RipeMD256(); RipeMD256HMAC(); RipeMD320(); RipeMD320HMAC(); SAM(); SHA1(); SHA1Django(); SHA1HMAC(); SHA1MaNGOS(); SHA1MaNGOS2(); SHA224(); SHA224HMAC(); SHA256(); SHA256s(); SHA256Django(); SHA256HMAC(); SHA256md5pass(); SHA256sha1pass(); SHA384(); SHA384Django(); SHA384HMAC(); SHA512(); SHA512HMAC(); SNEFRU128(); SNEFRU128HMAC(); SNEFRU256(); SNEFRU256HMAC(); Tiger128(); Tiger128HMAC(); Tiger160(); Tiger160HMAC(); Tiger192(); Tiger192HMAC(); Whirlpool(); WhirlpoolHMAC(); XOR32(); md5passsalt(); md5saltmd5pass(); md5saltpass(); md5saltpasssalt(); md5saltpassusername(); md5saltmd5pass(); md5saltmd5passsalt(); md5saltmd5passsalt(); md5saltmd5saltpass(); md5saltmd5md5passsalt(); md5username0pass(); md5usernameLFpass(); md5usernamemd5passsalt(); md5md5pass(); md5md5passsalt(); md5md5passmd5salt(); md5md5saltpass(); md5md5saltmd5pass(); md5md5usernamepasssalt(); md5md5md5pass(); md5md5md5md5pass(); md5md5md5md5md5pass(); md5sha1pass(); md5sha1md5pass(); md5sha1md5sha1pass(); md5strtouppermd5pass(); sha1passsalt(); sha1saltpass(); sha1saltmd5pass(); sha1saltmd5passsalt(); sha1saltsha1pass(); sha1saltsha1saltsha1pass(); sha1usernamepass(); sha1usernamepasssalt(); sha1md5pass(); sha1md5passsalt(); sha1md5sha1pass(); sha1sha1pass(); sha1sha1passsalt(); sha1sha1passsubstrpass03(); sha1sha1saltpass(); sha1sha1sha1pass(); sha1strtolowerusernamepass()if len(jerar)0:print print Not Found.elif len(jerar)2:jerar.sort()print print Possible Hashs:print [] ,algorithms[jerar[0]]print [] ,algorithms[jerar[1]]print print Least Possible Hashs:for a in range(int(len(jerar))-2):print [] ,algorithms[jerar[a2]]else:jerar.sort()print print Possible Hashs:for a in range(len(jerar)):print [] ,algorithms[jerar[a]]hash-identifier 它会列出最有可能的两种加密算法:Possible Hashs:和可能性不大的Least Possible Hashs:5f4dcc3b5aa765d61d8327deb882cf99\)1\(okk8R3sJ\)nOWjEHqTyMwLHT7puB6VM1二、hashid2.1、介绍识别用于加密数据的不同类型的哈希尤其是密码。这个工具是用来代替hash-identifier的因为hash-identifier已经过时啦hashID 是一个用 Python3 编写的工具它支持使用正则表达式识别 220 多种唯一的哈希类型。可在此处找找到支持的哈希的详细列表。它能够识别单个哈希解析文件或读取多个文件并标识其中的哈希。 hashID还能够在其输出中包含相应的hashcat模式和/或JohnTheRipper格式。hashID 在任何平台上都可以与 Python2 ≥ 2.7.x 或 Python3 ≥ 3.3 开箱即用。核心代码正则匹配hashid.py#!/usr/bin/env python3

-- coding: utf-8 --# hashid.py - Software to identify the different types of hashes

Copyright © 2013-2015 by c0re c0repsypanda.org

#

This program is free software: you can redistribute it and/or modify

it under the terms of the GNU General Public License as published by

the Free Software Foundation, either version 3 of the License, or

(at your option) any later version.

#

This program is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

GNU General Public License for more details.

#

You should have received a copy of the GNU General Public License

along with this program. If not, see http://www.gnu.org/licenses/.import io

import os import re import sys import argparse from collections import namedtupleauthor c0re version 3.2.0-dev github https://github.com/psypanda/hashID license License GPLv3: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html banner hashID v{0} by {1} ({2}).format(version, author, github)Prototype namedtuple(Prototype, [regex, modes]) HashInfo namedtuple(HashInfo, [name, hashcat, john, extended])prototypes [Prototype(regexre.compile(r^[a-f0-9]{4}\(, re.IGNORECASE),modes[HashInfo(nameCRC-16, hashcatNone, johnNone, extendedFalse),HashInfo(nameCRC-16-CCITT, hashcatNone, johnNone, extendedFalse),HashInfo(nameFCS-16, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{8}\), re.IGNORECASE),modes[HashInfo(nameAdler-32, hashcatNone, johnNone, extendedFalse),HashInfo(nameCRC-32B, hashcatNone, johnNone, extendedFalse),HashInfo(nameFCS-32, hashcatNone, johnNone, extendedFalse),HashInfo(nameGHash-32-3, hashcatNone, johnNone, extendedFalse),HashInfo(nameGHash-32-5, hashcatNone, johnNone, extendedFalse),HashInfo(nameFNV-132, hashcatNone, johnNone, extendedFalse),HashInfo(nameFletcher-32, hashcatNone, johnNone, extendedFalse),HashInfo(nameJoaat, hashcatNone, johnNone, extendedFalse),HashInfo(nameELF-32, hashcatNone, johnNone, extendedFalse),HashInfo(nameXOR-32, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{6}\(, re.IGNORECASE),modes[HashInfo(nameCRC-24, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(\\)crc32$[a-f0-9]{8}.)?[a-f0-9]{8}\(, re.IGNORECASE),modes[HashInfo(nameCRC-32, hashcatNone, johncrc32, extendedFalse)]),Prototype(regexre.compile(r^\[a-z0-9\/.]{12}\), re.IGNORECASE),modes[HashInfo(nameEggdrop IRC Bot, hashcatNone, johnbfegg, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9\/.]{13}\(, re.IGNORECASE),modes[HashInfo(nameDES(Unix), hashcat1500, johndescrypt, extendedFalse),HashInfo(nameTraditional DES, hashcat1500, johndescrypt, extendedFalse),HashInfo(nameDEScrypt, hashcat1500, johndescrypt, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{16}\), re.IGNORECASE),modes[HashInfo(nameMySQL323, hashcat200, johnmysql, extendedFalse),HashInfo(nameDES(Oracle), hashcat3100, johnNone, extendedFalse),HashInfo(nameHalf MD5, hashcat5100, johnNone, extendedFalse),HashInfo(nameOracle 7-10g, hashcat3100, johnNone, extendedFalse),HashInfo(nameFNV-164, hashcatNone, johnNone, extendedFalse),HashInfo(nameCRC-64, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9\/.]{16}\(, re.IGNORECASE),modes[HashInfo(nameCisco-PIX(MD5), hashcat2400, johnpix-md5, extendedFalse)]),Prototype(regexre.compile(r^\([a-z0-9\/]{20}\)\), re.IGNORECASE),modes[HashInfo(nameLotus Notes/Domino 6, hashcat8700, johndominosec, extendedFalse)]),Prototype(regexre.compile(r^_[a-z0-9\/.]{19}\(, re.IGNORECASE),modes[HashInfo(nameBSDi Crypt, hashcatNone, johnbsdicrypt, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{24}\), re.IGNORECASE),modes[HashInfo(nameCRC-96(ZIP), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9\/.]{24}\(, re.IGNORECASE),modes[HashInfo(nameCrypt16, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(\\)md2$)?[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameMD2, hashcatNone, johnmd2, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}(:.)?\), re.IGNORECASE),modes[HashInfo(nameMD5, hashcat0, johnraw-md5, extendedFalse),HashInfo(nameMD4, hashcat900, johnraw-md4, extendedFalse),HashInfo(nameDouble MD5, hashcat2600, johnNone, extendedFalse),HashInfo(nameLM, hashcat3000, johnlm, extendedFalse),HashInfo(nameRIPEMD-128, hashcatNone, johnripemd-128, extendedFalse),HashInfo(nameHaval-128, hashcatNone, johnhaval-128-4, extendedFalse),HashInfo(nameTiger-128, hashcatNone, johnNone, extendedFalse),HashInfo(nameSkein-256(128), hashcatNone, johnNone, extendedFalse),HashInfo(nameSkein-512(128), hashcatNone, johnNone, extendedFalse),HashInfo(nameLotus Notes/Domino 5, hashcat8600, johnlotus5, extendedFalse),HashInfo(nameSkype, hashcat23, johnNone, extendedFalse),HashInfo(nameZipMonster, hashcatNone, johnNone, extendedTrue),HashInfo(namePrestaShop, hashcat11000, johnNone, extendedTrue),HashInfo(namemd5(md5(md5(\(pass))), hashcat3500, johnNone, extendedTrue),HashInfo(namemd5(strtoupper(md5(\)pass))), hashcat4300, johnNone, extendedTrue),HashInfo(namemd5(sha1(\(pass)), hashcat4400, johnNone, extendedTrue),HashInfo(namemd5(\)pass.\(salt), hashcat10, johnNone, extendedTrue),HashInfo(namemd5(\)salt.\(pass), hashcat20, johnNone, extendedTrue),HashInfo(namemd5(unicode(\)pass).\(salt), hashcat30, johnNone, extendedTrue),HashInfo(namemd5(\)salt.unicode(\(pass)), hashcat40, johnNone, extendedTrue),HashInfo(nameHMAC-MD5 (key \)pass), hashcat50, johnhmac-md5, extendedTrue),HashInfo(nameHMAC-MD5 (key \(salt), hashcat60, johnhmac-md5, extendedTrue),HashInfo(namemd5(md5(\)salt).\(pass), hashcat3610, johnNone, extendedTrue),HashInfo(namemd5(\)salt.md5(\(pass)), hashcat3710, johnNone, extendedTrue),HashInfo(namemd5(\)pass.md5(\(salt)), hashcat3720, johnNone, extendedTrue),HashInfo(namemd5(\)salt.\(pass.\)salt), hashcat3810, johnNone, extendedTrue),HashInfo(namemd5(md5(\(pass).md5(\)salt)), hashcat3910, johnNone, extendedTrue),HashInfo(namemd5(\(salt.md5(\)salt.\(pass)), hashcat4010, johnNone, extendedTrue),HashInfo(namemd5(\)salt.md5(\(pass.\)salt)), hashcat4110, johnNone, extendedTrue),HashInfo(namemd5(\(username.0.\)pass), hashcat4210, johnNone, extendedTrue)]),Prototype(regexre.compile(r^($snefru$)?[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameSnefru-128, hashcatNone, johnsnefru-128, extendedFalse)]),Prototype(regexre.compile(r^(\\)NT$)?[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameNTLM, hashcat1000, johnnt, extendedFalse)]),Prototype(regexre.compile(r^([^\\\/:*?|]{1,20}:)?[a-f0-9]{32}(:[^\\\/:*?|]{1,20})?\), re.IGNORECASE),modes[HashInfo(nameDomain Cached Credentials, hashcat1100, johnmscach, extendedFalse)]),Prototype(regexre.compile(r^([^\\/:?|]{1,20}:)?($DCC2$10240#[^\\/:?|]{1,20}#)?[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameDomain Cached Credentials 2, hashcat2100, johnmscach2, extendedFalse)]),Prototype(regexre.compile(r^{SHA}[a-z0-9\/]{27}\), re.IGNORECASE),modes[HashInfo(nameSHA-1(Base64), hashcat101, johnnsldap, extendedFalse),HashInfo(nameNetscape LDAP SHA, hashcat101, johnnsldap, extendedFalse)]),Prototype(regexre.compile(r^$1$[a-z0-9\/.]{0,8}$[a-z0-9\/.]{22}(:.)?\(, re.IGNORECASE),modes[HashInfo(nameMD5 Crypt, hashcat500, johnmd5crypt, extendedFalse),HashInfo(nameCisco-IOS(MD5), hashcat500, johnmd5crypt, extendedFalse),HashInfo(nameFreeBSD MD5, hashcat500, johnmd5crypt, extendedFalse)]),Prototype(regexre.compile(r^0x[a-f0-9]{32}\), re.IGNORECASE),modes[HashInfo(nameLineage II C4, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^$H$[a-z0-9\/.]{31}\(, re.IGNORECASE),modes[HashInfo(namephpBB v3.x, hashcat400, johnphpass, extendedFalse),HashInfo(nameWordpress v2.6.0/2.6.1, hashcat400, johnphpass, extendedFalse),HashInfo(namePHPass Portable Hash, hashcat400, johnphpass, extendedFalse)]),Prototype(regexre.compile(r^\\)P$[a-z0-9\/.]{31}\(, re.IGNORECASE),modes[HashInfo(nameuWordpress ≥ v2.6.2, hashcat400, johnphpass, extendedFalse),HashInfo(nameuJoomla ≥ v2.5.18, hashcat400, johnphpass, extendedFalse),HashInfo(namePHPass Portable Hash, hashcat400, johnphpass, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}:[a-z0-9]{2}\), re.IGNORECASE),modes[HashInfo(nameosCommerce, hashcat21, johnNone, extendedFalse),HashInfo(namext:Commerce, hashcat21, johnNone, extendedFalse)]),Prototype(regexre.compile(r^$apr1$[a-z0-9\/.]{0,8}$[a-z0-9\/.]{22}\(, re.IGNORECASE),modes[HashInfo(nameMD5(APR), hashcat1600, johnNone, extendedFalse),HashInfo(nameApache MD5, hashcat1600, johnNone, extendedFalse),HashInfo(namemd5apr1, hashcat1600, johnNone, extendedTrue)]),Prototype(regexre.compile(r^{smd5}[a-z0-9\)\/.]{31}\(, re.IGNORECASE),modes[HashInfo(nameAIX(smd5), hashcat6300, johnaix-smd5, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}:[a-f0-9]{32}\), re.IGNORECASE),modes[HashInfo(nameWebEdition CMS, hashcat3721, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}:.{5}\(, re.IGNORECASE),modes[HashInfo(nameuIP.Board ≥ v2, hashcat2811, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}:.{8}\), re.IGNORECASE),modes[HashInfo(nameuMyBB ≥ v1.2, hashcat2811, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9]{34}\(, re.IGNORECASE),modes[HashInfo(nameCryptoCurrency(Adress), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{40}(:.)?\), re.IGNORECASE),modes[HashInfo(nameSHA-1, hashcat100, johnraw-sha1, extendedFalse),HashInfo(nameDouble SHA-1, hashcat4500, johnNone, extendedFalse),HashInfo(nameRIPEMD-160, hashcat6000, johnripemd-160, extendedFalse),HashInfo(nameHaval-160, hashcatNone, johnNone, extendedFalse),HashInfo(nameTiger-160, hashcatNone, johnNone, extendedFalse),HashInfo(nameHAS-160, hashcatNone, johnNone, extendedFalse),HashInfo(nameLinkedIn, hashcat190, johnraw-sha1-linkedin, extendedFalse),HashInfo(nameSkein-256(160), hashcatNone, johnNone, extendedFalse),HashInfo(nameSkein-512(160), hashcatNone, johnNone, extendedFalse),HashInfo(nameMangosWeb Enhanced CMS, hashcatNone, johnNone, extendedTrue),HashInfo(namesha1(sha1(sha1(\(pass))), hashcat4600, johnNone, extendedTrue),HashInfo(namesha1(md5(\)pass)), hashcat4700, johnNone, extendedTrue),HashInfo(namesha1(\(pass.\)salt), hashcat110, johnNone, extendedTrue),HashInfo(namesha1(\(salt.\)pass), hashcat120, johnNone, extendedTrue),HashInfo(namesha1(unicode(\(pass).\)salt), hashcat130, johnNone, extendedTrue),HashInfo(namesha1(\(salt.unicode(\)pass)), hashcat140, johnNone, extendedTrue),HashInfo(nameHMAC-SHA1 (key \(pass), hashcat150, johnhmac-sha1, extendedTrue),HashInfo(nameHMAC-SHA1 (key \)salt), hashcat160, johnhmac-sha1, extendedTrue),HashInfo(namesha1(\(salt.\)pass.\(salt), hashcat4710, johnNone, extendedTrue)]),Prototype(regexre.compile(r^\*[a-f0-9]{40}\), re.IGNORECASE),modes[HashInfo(nameMySQL5.x, hashcat300, johnmysql-sha1, extendedFalse),HashInfo(nameMySQL4.1, hashcat300, johnmysql-sha1, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9]{43}\(, re.IGNORECASE),modes[HashInfo(nameCisco-IOS(SHA-256), hashcat5700, johnNone, extendedFalse)]),Prototype(regexre.compile(r^{SSHA}[a-z0-9\/]{38}\), re.IGNORECASE),modes[HashInfo(nameSSHA-1(Base64), hashcat111, johnnsldaps, extendedFalse),HashInfo(nameNetscape LDAP SSHA, hashcat111, johnnsldaps, extendedFalse),HashInfo(namensldaps, hashcat111, johnnsldaps, extendedTrue)]),Prototype(regexre.compile(r^[a-z0-9]{47}\(, re.IGNORECASE),modes[HashInfo(nameFortigate(FortiOS), hashcat7000, johnfortigate, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{48}\), re.IGNORECASE),modes[HashInfo(nameHaval-192, hashcatNone, johnNone, extendedFalse),HashInfo(nameTiger-192, hashcatNone, johntiger, extendedFalse),HashInfo(nameSHA-1(Oracle), hashcatNone, johnNone, extendedFalse),HashInfo(nameOSX v10.4, hashcat122, johnxsha, extendedFalse),HashInfo(nameOSX v10.5, hashcat122, johnxsha, extendedFalse),HashInfo(nameOSX v10.6, hashcat122, johnxsha, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{51}\(, re.IGNORECASE),modes[HashInfo(namePalshop CMS, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9]{51}\), re.IGNORECASE),modes[HashInfo(nameCryptoCurrency(PrivateKey), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^{ssha1}[0-9]{2}$[a-z0-9\(\/.]{44}\), re.IGNORECASE),modes[HashInfo(nameAIX(ssha1), hashcat6700, johnaix-ssha1, extendedFalse)]),Prototype(regexre.compile(r^0x0100[a-f0-9]{48}\(, re.IGNORECASE),modes[HashInfo(nameMSSQL(2005), hashcat132, johnmssql05, extendedFalse),HashInfo(nameMSSQL(2008), hashcat132, johnmssql05, extendedFalse)]),Prototype(regexre.compile(r^(\\)md5,rounds[0-9]$|$md5$rounds[0-9]$|$md5$)[a-z0-9\/.]{0,16}($|$$)[a-z0-9\/.]{22}\(, re.IGNORECASE),modes[HashInfo(nameSun MD5 Crypt, hashcat3300, johnsunmd5, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{56}\), re.IGNORECASE),modes[HashInfo(nameSHA-224, hashcatNone, johnraw-sha224, extendedFalse),HashInfo(nameHaval-224, hashcatNone, johnNone, extendedFalse),HashInfo(nameSHA3-224, hashcatNone, johnNone, extendedFalse),HashInfo(nameSkein-256(224), hashcatNone, johnNone, extendedFalse),HashInfo(nameSkein-512(224), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^($2[axy]|$2)$[0-9]{2}$[a-z0-9\/.]{53}\(, re.IGNORECASE),modes[HashInfo(nameBlowfish(OpenBSD), hashcat3200, johnbcrypt, extendedFalse),HashInfo(nameWoltlab Burning Board 4.x, hashcatNone, johnNone, extendedFalse),HashInfo(namebcrypt, hashcat3200, johnbcrypt, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{40}:[a-f0-9]{16}\), re.IGNORECASE),modes[HashInfo(nameAndroid PIN, hashcat5800, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(S:)?[a-f0-9]{40}(:)?[a-f0-9]{20}\(, re.IGNORECASE),modes[HashInfo(nameOracle 11g/12c, hashcat112, johnoracle11, extendedFalse)]),Prototype(regexre.compile(r^\\)bcrypt-sha256$(2[axy]|2)\,[0-9]$[a-z0-9\/.]{22}$[a-z0-9\/.]{31}\(, re.IGNORECASE),modes[HashInfo(namebcrypt(SHA-256), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}:.{3}\), re.IGNORECASE),modes[HashInfo(namevBulletin v3.8.5, hashcat2611, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}:.{30}\(, re.IGNORECASE),modes[HashInfo(nameuvBulletin ≥ v3.8.5, hashcat2711, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(\\)snefru$)?[a-f0-9]{64}\(, re.IGNORECASE),modes[HashInfo(nameSnefru-256, hashcatNone, johnsnefru-256, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{64}(:.)?\), re.IGNORECASE),modes[HashInfo(nameSHA-256, hashcat1400, johnraw-sha256, extendedFalse),HashInfo(nameRIPEMD-256, hashcatNone, johnNone, extendedFalse),HashInfo(nameHaval-256, hashcatNone, johnhaval-256-3, extendedFalse),HashInfo(nameGOST R 34.11-94, hashcat6900, johngost, extendedFalse),HashInfo(nameGOST CryptoPro S-Box, hashcatNone, johnNone, extendedFalse),HashInfo(nameSHA3-256, hashcat5000, johnraw-keccak-256, extendedFalse),HashInfo(nameSkein-256, hashcatNone, johnskein-256, extendedFalse),HashInfo(nameSkein-512(256), hashcatNone, johnNone, extendedFalse),HashInfo(nameVentrilo, hashcatNone, johnNone, extendedTrue),HashInfo(namesha256(\(pass.\)salt), hashcat1410, johnNone, extendedTrue),HashInfo(namesha256(\(salt.\)pass), hashcat1420, johnNone, extendedTrue),HashInfo(namesha256(unicode(\(pass).\)salt), hashcat1430, johnNone, extendedTrue),HashInfo(namesha256(\(salt.unicode(\)pass)), hashcat1440, johnNone, extendedTrue),HashInfo(nameHMAC-SHA256 (key \(pass), hashcat1450, johnhmac-sha256, extendedTrue),HashInfo(nameHMAC-SHA256 (key \)salt), hashcat1460, johnhmac-sha256, extendedTrue)]),Prototype(regexre.compile(r^[a-f0-9]{32}:[a-z0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameJoomla v2.5.18, hashcat11, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f-0-9]{32}:[a-f-0-9]{32}\), re.IGNORECASE),modes[HashInfo(nameSAM(LM_Hash:NT_Hash), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^($chap$0*)?[a-f0-9]{32}[*:][a-f0-9]{32}(:[0-9]{2})?\(, re.IGNORECASE),modes[HashInfo(nameMD5(Chap), hashcat4800, johnchap, extendedFalse),HashInfo(nameiSCSI CHAP Authentication, hashcat4800, johnchap, extendedFalse)]),Prototype(regexre.compile(r^\\)episerver$*0*[a-z0-9\/]*[a-z0-9\/]{27,28}\(, re.IGNORECASE),modes[HashInfo(nameEPiServer 6.x v4, hashcat141, johnepiserver, extendedFalse)]),Prototype(regexre.compile(r^{ssha256}[0-9]{2}\\)[a-z0-9\(\/.]{60}\), re.IGNORECASE),modes[HashInfo(nameAIX(ssha256), hashcat6400, johnaix-ssha256, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{80}\(, re.IGNORECASE),modes[HashInfo(nameRIPEMD-320, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)episerver$*1*[a-z0-9\/]*[a-z0-9\/]{42,43}\(, re.IGNORECASE),modes[HashInfo(nameuEPiServer 6.x ≥ v4, hashcat1441, johnepiserver, extendedFalse)]),Prototype(regexre.compile(r^0x0100[a-f0-9]{88}\), re.IGNORECASE),modes[HashInfo(nameMSSQL(2000), hashcat131, johnmssql, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{96}\(, re.IGNORECASE),modes[HashInfo(nameSHA-384, hashcat10800, johnraw-sha384, extendedFalse),HashInfo(nameSHA3-384, hashcatNone, johnNone, extendedFalse),HashInfo(nameSkein-512(384), hashcatNone, johnNone, extendedFalse),HashInfo(nameSkein-1024(384), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^{SSHA512}[a-z0-9\/]{96}\), re.IGNORECASE),modes[HashInfo(nameSSHA-512(Base64), hashcat1711, johnssha512, extendedFalse),HashInfo(nameLDAP(SSHA-512), hashcat1711, johnssha512, extendedFalse)]),Prototype(regexre.compile(r^{ssha512}[0-9]{2}$[a-z0-9\/.]{16,48}$[a-z0-9\/.]{86}\(, re.IGNORECASE),modes[HashInfo(nameAIX(ssha512), hashcat6500, johnaix-ssha512, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{128}(:.)?\), re.IGNORECASE),modes[HashInfo(nameSHA-512, hashcat1700, johnraw-sha512, extendedFalse),HashInfo(nameWhirlpool, hashcat6100, johnwhirlpool, extendedFalse),HashInfo(nameSalsa10, hashcatNone, johnNone, extendedFalse),HashInfo(nameSalsa20, hashcatNone, johnNone, extendedFalse),HashInfo(nameSHA3-512, hashcatNone, johnraw-keccak, extendedFalse),HashInfo(nameSkein-512, hashcatNone, johnskein-512, extendedFalse),HashInfo(nameSkein-1024(512), hashcatNone, johnNone, extendedFalse),HashInfo(namesha512(\(pass.\)salt), hashcat1710, johnNone, extendedTrue),HashInfo(namesha512(\(salt.\)pass), hashcat1720, johnNone, extendedTrue),HashInfo(namesha512(unicode(\(pass).\)salt), hashcat1730, johnNone, extendedTrue),HashInfo(namesha512(\(salt.unicode(\)pass)), hashcat1740, johnNone, extendedTrue),HashInfo(nameHMAC-SHA512 (key \(pass), hashcat1750, johnhmac-sha512, extendedTrue),HashInfo(nameHMAC-SHA512 (key \)salt), hashcat1760, johnhmac-sha512, extendedTrue)]),Prototype(regexre.compile(r^[a-f0-9]{136}\(, re.IGNORECASE),modes[HashInfo(nameOSX v10.7, hashcat1722, johnxsha512, extendedFalse)]),Prototype(regexre.compile(r^0x0200[a-f0-9]{136}\), re.IGNORECASE),modes[HashInfo(nameMSSQL(2012), hashcat1731, johnmsql12, extendedFalse),HashInfo(nameMSSQL(2014), hashcat1731, johnmsql12, extendedFalse)]),Prototype(regexre.compile(r^$ml$[0-9]$[a-f0-9]{64}$[a-f0-9]{128}\(, re.IGNORECASE),modes[HashInfo(nameOSX v10.8, hashcat7100, johnpbkdf2-hmac-sha512, extendedFalse),HashInfo(nameOSX v10.9, hashcat7100, johnpbkdf2-hmac-sha512, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{256}\), re.IGNORECASE),modes[HashInfo(nameSkein-1024, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^grub.pbkdf2.sha512.[0-9].([a-f0-9]{128,2048}.|[0-9].)?[a-f0-9]{128}\(, re.IGNORECASE),modes[HashInfo(nameGRUB 2, hashcat7200, johnNone, extendedFalse)]),Prototype(regexre.compile(r^sha1\\)[a-z0-9]$[a-f0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameDjango(SHA-1), hashcat124, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{49}\), re.IGNORECASE),modes[HashInfo(nameCitrix Netscaler, hashcat8100, johncitrix_ns10, extendedFalse)]),Prototype(regexre.compile(r^$S$[a-z0-9\/.]{52}\(, re.IGNORECASE),modes[HashInfo(nameDrupal v7.x, hashcat7900, johndrupal7, extendedFalse)]),Prototype(regexre.compile(r^\\)5$(rounds[0-9]$)?[a-z0-9\/.]{0,16}$[a-z0-9\/.]{43}\(, re.IGNORECASE),modes[HashInfo(nameSHA-256 Crypt, hashcat7400, johnsha256crypt, extendedFalse)]),Prototype(regexre.compile(r^0x[a-f0-9]{4}[a-f0-9]{16}[a-f0-9]{64}\), re.IGNORECASE),modes[HashInfo(nameSybase ASE, hashcat8000, johnsybasease, extendedFalse)]),Prototype(regexre.compile(r^$6$(rounds[0-9]$)?[a-z0-9\/.]{0,16}$[a-z0-9\/.]{86}\(, re.IGNORECASE),modes[HashInfo(nameSHA-512 Crypt, hashcat1800, johnsha512crypt, extendedFalse)]),Prototype(regexre.compile(r^\\)sha$[a-z0-9]{1,16}$([a-f0-9]{32}|[a-f0-9]{40}|[a-f0-9]{64}|[a-f0-9]{128}|[a-f0-9]{140})\(, re.IGNORECASE),modes[HashInfo(nameMinecraft(AuthMe Reloaded), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^sha256\\)[a-z0-9]$[a-f0-9]{64}\(, re.IGNORECASE),modes[HashInfo(nameDjango(SHA-256), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^sha384\\)[a-z0-9]$[a-f0-9]{96}\(, re.IGNORECASE),modes[HashInfo(nameDjango(SHA-384), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^crypt1:[a-z0-9]{12}:[a-z0-9]{12}\), re.IGNORECASE),modes[HashInfo(nameClavister Secure Gateway, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{112}\(, re.IGNORECASE),modes[HashInfo(nameCisco VPN Client(PCF-File), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{1329}\), re.IGNORECASE),modes[HashInfo(nameMicrosoft MSTSC(RDP-File), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[^\\/:?|]{1,20}[:]{2,3}([^\\/:?|]{1,20})?:[a-f0-9]{48}:[a-f0-9]{48}:[a-f0-9]{16}$, re.IGNORECASE),modes[HashInfo(nameNetNTLMv1-VANILLA / NetNTLMv1ESS, hashcat5500, johnnetntlm, extendedFalse)]),Prototype(regexre.compile(r^([^\\/:?|]{1,20}\)?[^\\/:?|]{1,20}[:]{2,3}([^\\/:?|]{1,20}:)?[^\\/:?|]{1,20}:[a-f0-9]{32}:[a-f0-9]\(, re.IGNORECASE),modes[HashInfo(nameNetNTLMv2, hashcat5600, johnnetntlmv2, extendedFalse)]),Prototype(regexre.compile(r^\\)(krb5pa|mskrb5)$([0-9]{2})?$.$[a-f0-9]{1,}\(, re.IGNORECASE),modes[HashInfo(nameKerberos 5 AS-REQ Pre-Auth, hashcat7500, johnkrb5pa-md5, extendedFalse)]),Prototype(regexre.compile(r^\\)scram$[0-9]$[a-z0-9\/.]{16}$sha-1[a-z0-9\/.]{27},sha-256[a-z0-9\/.]{43},sha-512[a-z0-9\/.]{86}\(, re.IGNORECASE),modes[HashInfo(nameSCRAM Hash, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{40}:[a-f0-9]{0,32}\), re.IGNORECASE),modes[HashInfo(nameRedmine Project Management Web App, hashcat7600, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(.)?$[a-f0-9]{16}\(, re.IGNORECASE),modes[HashInfo(nameSAP CODVN B (BCODE), hashcat7700, johnsapb, extendedFalse)]),Prototype(regexre.compile(r^(.)?\\)[a-f0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameSAP CODVN F/G (PASSCODE), hashcat7800, johnsapg, extendedFalse)]),Prototype(regexre.compile(r^(.\\))?[a-z0-9\/.]{30}(:.)?\(, re.IGNORECASE),modes[HashInfo(nameJuniper Netscreen/SSG(ScreenOS), hashcat22, johnmd5ns, extendedFalse)]),Prototype(regexre.compile(r^0x[a-f0-9]{60}\s0x[a-f0-9]{40}\), re.IGNORECASE),modes[HashInfo(nameEPi, hashcat123, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{40}:[^]{1,25}\(, re.IGNORECASE),modes[HashInfo(nameuSMF ≥ v1.1, hashcat121, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(\\)wbb3$*1*)?[a-f0-9]{40}[:][a-f0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameWoltlab Burning Board 3.x, hashcat8400, johnwbb3, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{130}(:[a-f0-9]{40})?\), re.IGNORECASE),modes[HashInfo(nameIPMI2 RAKP HMAC-SHA1, hashcat7300, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{32}:[0-9]:[a-z0-9_.-][a-z0-9-].[a-z0-9-.]\(, re.IGNORECASE),modes[HashInfo(nameLastpass, hashcat6800, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9\/.]{16}([:\)].{1,})?\(, re.IGNORECASE),modes[HashInfo(nameCisco-ASA(MD5), hashcat2410, johnasa-md5, extendedFalse)]),Prototype(regexre.compile(r^\\)vnc$*[a-f0-9]{32}*[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameVNC, hashcatNone, johnvnc, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9]{32}(:([a-z0-9-]\.)?[a-z0-9-.]\.[a-z]{2,7}:.:[0-9])?\), re.IGNORECASE),modes[HashInfo(nameDNSSEC(NSEC3), hashcat8300, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(user-.:)?$racf$*.*[a-f0-9]{16}\(, re.IGNORECASE),modes[HashInfo(nameRACF, hashcat8500, johnracf, extendedFalse)]),Prototype(regexre.compile(r^\\)3$$[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameNTHash(FreeBSD Variant), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)sha1$[0-9]$[a-z0-9\/.]{0,64}$[a-z0-9\/.]{28}\(, re.IGNORECASE),modes[HashInfo(nameSHA-1 Crypt, hashcatNone, johnsha1crypt, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{70}\), re.IGNORECASE),modes[HashInfo(namehMailServer, hashcat1421, johnhmailserver, extendedFalse)]),Prototype(regexre.compile(r^[:$][AB]:$?[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameMediaWiki, hashcat3711, johnmediawiki, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{140}\), re.IGNORECASE),modes[HashInfo(nameMinecraft(xAuth), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^$pbkdf2(-sha1)?$[0-9]$[a-z0-9\/.]$[a-z0-9\/.]{27}\(, re.IGNORECASE),modes[HashInfo(namePBKDF2-SHA1(Generic), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)pbkdf2-sha256$[0-9]$[a-z0-9\/.]$[a-z0-9\/.]{43}\(, re.IGNORECASE),modes[HashInfo(namePBKDF2-SHA256(Generic), hashcatNone, johnpbkdf2-hmac-sha256, extendedFalse)]),Prototype(regexre.compile(r^\\)pbkdf2-sha512$[0-9]$[a-z0-9\/.]$[a-z0-9\/.]{86}\(, re.IGNORECASE),modes[HashInfo(namePBKDF2-SHA512(Generic), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)p5k2$[0-9]$[a-z0-9\/-]$[a-z0-9\/-]{27}\(, re.IGNORECASE),modes[HashInfo(namePBKDF2(Cryptacular), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)p5k2$[0-9]$[a-z0-9\/.]$[a-z0-9\/.]{32}\(, re.IGNORECASE),modes[HashInfo(namePBKDF2(Dwayne Litzenberger), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^{FSHP[0123]\|[0-9]\|[0-9]}[a-z0-9\/]\), re.IGNORECASE),modes[HashInfo(nameFairly Secure Hashed Password, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^$PHPS$.$[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(namePHPS, hashcat2612, johnphps, extendedFalse)]),Prototype(regexre.compile(r^[0-9]{4}:[a-f0-9]{16}:[a-f0-9]{2080}\), re.IGNORECASE),modes[HashInfo(name1Password(Agile Keychain), hashcat6600, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{64}:[a-f0-9]{32}:[0-9]{5}:[a-f0-9]{608}\(, re.IGNORECASE),modes[HashInfo(name1Password(Cloud Keychain), hashcat8200, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{256}:[a-f0-9]{256}:[a-f0-9]{16}:[a-f0-9]{16}:[a-f0-9]{320}:[a-f0-9]{16}:[a-f0-9]{40}:[a-f0-9]{40}:[a-f0-9]{32}\), re.IGNORECASE),modes[HashInfo(nameIKE-PSK MD5, hashcat5300, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{256}:[a-f0-9]{256}:[a-f0-9]{16}:[a-f0-9]{16}:[a-f0-9]{320}:[a-f0-9]{16}:[a-f0-9]{40}:[a-f0-9]{40}:[a-f0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameIKE-PSK SHA1, hashcat5400, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-z0-9\/]{27}\), re.IGNORECASE),modes[HashInfo(namePeopleSoft, hashcat133, johnNone, extendedFalse)]),Prototype(regexre.compile(r^crypt$[a-f0-9]{5}$[a-z0-9\/.]{13}\(, re.IGNORECASE),modes[HashInfo(nameDjango(DES Crypt Wrapper), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(\\)django$*1*)?pbkdf2_sha256$[0-9]$[a-z0-9]$[a-z0-9\/]{44}\(, re.IGNORECASE),modes[HashInfo(nameDjango(PBKDF2-HMAC-SHA256), hashcat10000, johndjango, extendedFalse)]),Prototype(regexre.compile(r^pbkdf2_sha1\\)[0-9]$[a-z0-9]$[a-z0-9\/]{28}\(, re.IGNORECASE),modes[HashInfo(nameDjango(PBKDF2-HMAC-SHA1), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^bcrypt(\\)2[axy]|$2)$[0-9]{2}$[a-z0-9\/.]{53}\(, re.IGNORECASE),modes[HashInfo(nameDjango(bcrypt), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^md5\\)[a-f0-9]$[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameDjango(MD5), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\{PKCS5S2\}[a-z0-9\/]{64}\), re.IGNORECASE),modes[HashInfo(namePBKDF2(Atlassian), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^md5[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(namePostgreSQL MD5, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\([a-z0-9\/]{49}\)\), re.IGNORECASE),modes[HashInfo(nameLotus Notes/Domino 8, hashcat9100, johnNone, extendedFalse)]),Prototype(regexre.compile(r^SCRYPT:[0-9]{1,}:[0-9]{1}:[0-9]{1}:[a-z0-9:\/]{1,}\(, re.IGNORECASE),modes[HashInfo(namescrypt, hashcat8900, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)8$[a-z0-9\/.]{14}$[a-z0-9\/.]{43}\(, re.IGNORECASE),modes[HashInfo(nameCisco Type 8, hashcat9200, johncisco8, extendedFalse)]),Prototype(regexre.compile(r^\\)9$[a-z0-9\/.]{14}$[a-z0-9\/.]{43}\(, re.IGNORECASE),modes[HashInfo(nameCisco Type 9, hashcat9300, johncisco9, extendedFalse)]),Prototype(regexre.compile(r^\\)office$*2007*[0-9]{2}*[0-9]{3}*[0-9]{2}*[a-z0-9]{32}*[a-z0-9]{32}*[a-z0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameMicrosoft Office 2007, hashcat9400, johnoffice, extendedFalse)]),Prototype(regexre.compile(r^\\)office$*2010*[0-9]{6}*[0-9]{3}*[0-9]{2}*[a-z0-9]{32}*[a-z0-9]{32}*[a-z0-9]{64}\(, re.IGNORECASE),modes[HashInfo(nameMicrosoft Office 2010, hashcat9500, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)office$*2013*[0-9]{6}*[0-9]{3}*[0-9]{2}*[a-z0-9]{32}*[a-z0-9]{32}*[a-z0-9]{64}\(, re.IGNORECASE),modes[HashInfo(nameMicrosoft Office 2013, hashcat9600, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)fde$[0-9]{2}$[a-f0-9]{32}$[0-9]{2}$[a-f0-9]{32}$[a-f0-9]{3072}\(, re.IGNORECASE),modes[HashInfo(nameuAndroid FDE ≤ 4.3, hashcat8800, johnfde, extendedFalse)]),Prototype(regexre.compile(r^\\)oldoffice$[01]*[a-f0-9]{32}*[a-f0-9]{32}*[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameuMicrosoft Office ≤ 2003 (MD5RC4), hashcat9700, johnoldoffice, extendedFalse),HashInfo(nameuMicrosoft Office ≤ 2003 (MD5RC4) collider-mode #1, hashcat9710, johnoldoffice, extendedFalse),HashInfo(nameuMicrosoft Office ≤ 2003 (MD5RC4) collider-mode #2, hashcat9720, johnoldoffice, extendedFalse)]),Prototype(regexre.compile(r^\\)oldoffice$[34]*[a-f0-9]{32}*[a-f0-9]{32}*[a-f0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameuMicrosoft Office ≤ 2003 (SHA1RC4), hashcat9800, johnNone, extendedFalse),HashInfo(nameuMicrosoft Office ≤ 2003 (SHA1RC4) collider-mode #1, hashcat9810, johnNone, extendedFalse),HashInfo(nameuMicrosoft Office ≤ 2003 (SHA1RC4) collider-mode #2, hashcat9820, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(\\)radmin2$)?[a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(nameRAdmin v2.x, hashcat9900, johnradmin, extendedFalse)]),Prototype(regexre.compile(r^{x-issha,\s[0-9]{4}}[a-z0-9\/]\), re.IGNORECASE),modes[HashInfo(nameSAP CODVN H (PWDSALTEDHASH) iSSHA-1, hashcat10300, johnsaph, extendedFalse)]),Prototype(regexre.compile(r^$cram_md5$[a-z0-9\/-]$[a-z0-9\/-]{52}\(, re.IGNORECASE),modes[HashInfo(nameCRAM-MD5, hashcat10200, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{16}:2:4:[a-f0-9]{32}\), re.IGNORECASE),modes[HashInfo(nameSipHash, hashcat10100, johnNone, extendedFalse)]),Prototype(regexre.compile(r^[a-f0-9]{4,}\(, re.IGNORECASE),modes[HashInfo(nameCisco Type 7, hashcatNone, johnNone, extendedTrue)]),Prototype(regexre.compile(r^[a-z0-9\/.]{13,}\), re.IGNORECASE),modes[HashInfo(nameBigCrypt, hashcatNone, johnbigcrypt, extendedTrue)]),Prototype(regexre.compile(r^($cisco4$)?[a-z0-9\/.]{43}\(, re.IGNORECASE),modes[HashInfo(nameCisco Type 4, hashcatNone, johncisco4, extendedFalse)]),Prototype(regexre.compile(r^bcrypt_sha256\\)$(2[axy]|2)$[0-9]$[a-z0-9\/.]{53}\(, re.IGNORECASE),modes[HashInfo(nameDjango(bcrypt-SHA256), hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)postgres$.[^*][*:][a-f0-9]{1,32}[*:][a-f0-9]{32}\(, re.IGNORECASE),modes[HashInfo(namePostgreSQL Challenge-Response Authentication (MD5), hashcat11100, johnpostgres, extendedFalse)]),Prototype(regexre.compile(r^\\)siemens-s7$[0-9]{1}$[a-f0-9]{40}$[a-f0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameSiemens-S7, hashcatNone, johnsiemens-s7, extendedFalse)]),Prototype(regexre.compile(r^(\\)pst$)?[a-f0-9]{8}\(, re.IGNORECASE),modes[HashInfo(nameMicrosoft Outlook PST, hashcatNone, johnNone, extendedFalse)]),Prototype(regexre.compile(r^sha256[:\)][0-9][:\(][a-z0-9\/][:\)][a-z0-9\/]{32,128}\(, re.IGNORECASE),modes[HashInfo(namePBKDF2-HMAC-SHA256(PHP), hashcat10900, johnNone, extendedFalse)]),Prototype(regexre.compile(r^(\\)dahua$)?[a-z0-9]{8}\(, re.IGNORECASE),modes[HashInfo(nameDahua, hashcatNone, johndahua, extendedFalse)]),Prototype(regexre.compile(r^\\)mysqlna$[a-f0-9]{40}[:*][a-f0-9]{40}\(, re.IGNORECASE),modes[HashInfo(nameMySQL Challenge-Response Authentication (SHA1), hashcat11200, johnNone, extendedFalse)]),Prototype(regexre.compile(r^\\)pdf$[24]*[34]*128*[0-9-]{1,5}*1*(16|32)*[a-f0-9]{32,64}*32*[a-f0-9]{64}*(8|16|32)*[a-f0-9]{16,64}$, re.IGNORECASE),modes[HashInfo(namePDF 1.4 - 1.6 (Acrobat 5 - 8), hashcat10500, johnpdf, extendedFalse)]) ]class HashID(object):HashID with configurable prototypesdef init(self, prototypesprototypes):super(HashID, self).init()# Set self.prototypes to a copy of prototypes to allow# modification after instantiationself.prototypes list(prototypes)def identifyHash(self, phash):Returns identified HashInfophash phash.strip()for prototype in self.prototypes:if prototype.regex.match(phash):for mode in prototype.modes:yield modedef writeResult(identified_modes, outfile, hashcatModeFalse, johnFormatFalse, extendedFalse):Write human readable output from identifyHashcount 0hashTypes for mode in identified_modes:if not mode.extended or extended:count 1hashTypes u[] {0} .format(mode.name)if hashcatMode and mode.hashcat is not None:hashTypes [Hashcat Mode: {0}].format(mode.hashcat)if johnFormat and mode.john is not None:hashTypes [JtR Format: {0}].format(mode.john)hashTypes \noutfile.write(hashTypes)if count 0:outfile.write(u[] Unknown hash\n)return (count 0)def main():usage {0} [-h] [-e] [-m] [-j] [-o FILE] [–version] INPUT.format(os.path.basename(file))parser argparse.ArgumentParser(descriptionIdentify the different types of hashes used to encrypt data,usageusage,epiloglicense,add_helpFalse,formatter_classlambda prog: argparse.HelpFormatter(prog, max_help_position27))parser.add_argument(strings,metavarINPUT, typestr, nargs,helpinput to analyze (default: STDIN))group parser.add_argument_group(options)group.add_argument(-e, –extended,actionstore_true,helplist all possible hash algorithms including salted passwords)group.add_argument(-m, –mode,actionstore_true,helpshow corresponding Hashcat mode in output)group.add_argument(-j, –john,actionstore_true,helpshow corresponding JohnTheRipper format in output)group.add_argument(-o, –outfile,metavarFILE, typestr,helpwrite output to file)group.add_argument(-h, –help,actionhelp,helpshow this help message and exit)group.add_argument(–version,actionversion,versionbanner)args parser.parse_args()hashID HashID()if not args.outfile:outfile sys.stdoutelse:try:outfile io.open(args.outfile, w, encodingutf-8)except EnvironmentError:parser.error(Could not open {0}.format(args.output))if not args.strings or args.strings[0] -:while True:line sys.stdin.readline()if not line:breakoutfile.write(uAnalyzing {0}\n.format(line.strip()))writeResult(hashID.identifyHash(line), outfile, args.mode, args.john, args.extended)sys.stdout.flush()else:for string in args.strings:if os.path.isfile(string):try:with io.open(string, r, encodingutf-8) as infile:outfile.write(–File {0}–\n.format(string))for line in infile:if line.strip():outfile.write(uAnalyzing {0}\n.format(line.strip()))writeResult(hashID.identifyHash(line), outfile, args.mode, args.john, args.extended)except (EnvironmentError, UnicodeDecodeError):outfile.write(–File {0} - could not open–.format(string))else:outfile.write(–End of file {0}–.format(string))else:outfile.write(uAnalyzing {0}\n.format(string.strip()))writeResult(hashID.identifyHash(string), outfile, args.mode, args.john, args.extended)if name main:try:main()except KeyboardInterrupt:pass2.2、安装您可以使用以下命令安装、升级、卸载 hashID\( pip install hashid \) pip install –upgrade hashid \( pip uninstall hashid或者您可以通过克隆存储库进行安装\) sudo apt-get install python3 git \( git clonehttps://github.com/psypanda/hashid.git \) cd hashid \( sudo install -g 0 -o 0 -m 0644 doc/man/hashid.7 /usr/share/man/man7/ \) sudo gzip /usr/share/man/man7/hashid.72.3、用法-e 把包括加盐的HASH算法显示出来-m 显示对应的hashcat解密模式编号hashcat是款很棒的密码爆破工具开源该参数是为配合hashcat工具使用的-j 显示对应的johnTheRipper 格式名称-o file 输出结果到文件INPUT 要识别的哈希值或者哈希值的列表文件 \(./hashid.py\)P\(8ohUJ.1sdFw09/bMaAQPTGDNi2BIUt1 Analyzing\)P\(8ohUJ.1sdFw09/bMaAQPTGDNi2BIUt1 []Wordpress ≥ v2.6.2 []Joomla ≥ v2.5.18 []PHPass Portable Hash\)./hashid.py-mj\(racf\)*AAAAAAAA*3c44ee7f409c9a9b Analyzing\(racf\)*AAAAAAAA*3c44ee7f409c9a9b []RACF[Hashcat Mode:8500][JtR Format:racf]\(./hashid.py hashes.txt --Filehashes.txt-- Analyzing*85ADE5DDF71E348162894C71D73324C043838751 []MySQL5.x []MySQL4.1 Analyzing\)2a\(08\)VPzNKPAY60FsAbnq.c.h5.XTCZtC1z.j3hnlDFGImN9FcpfR1QnLq []Blowfish(OpenBSD) []Woltlab Burning Board4.x []bcrypt –End of filehashes.txt–三、yara规则匹配查找文件使用的特定加密算法文件libcurl.so.5.3.0yara文件https://github.com/leiwuhen92/yara_rule/blob/main/compile_rule/crypto_hints.yc代码逻辑如下import pathlib import yaraNAME crypto_hints DESCRIPTION find indicators of specific crypto algorithms CHINESE_NAME 加密算法检测 CHINESE_DESCRIPTION 查找特定加密算法# 结果存储位置 classFileAnalysis():definit(self):self.file_pathlibcurl.so.5.3.0self.processed_analysis{} file_objectFileAnalysis()# 特征文件路径 compile_pathpathlib.Path(crypto_hints.yc)

加载特征文件

ruleyara.load(str(compile_path))# 匹配 resultrule.match(file_object.file_path) print(result:%s%result) # result:[Big_Numbers1, BASE64_table]# 解析结果 file_object.processed_analysis[NAME]{} summaryset() foriteminresult:print(item)print(item.rule)print(item.meta)summary.add(item.rule)file_object.processed_analysis[NAME][item.rule]{meta:item.meta} file_object.processed_analysis[NAME][summary]list(summary)mongo_data{file_path:file_object.file_path,processed_analysis:file_object.processed_analysis } print(mongo_data) result:[Big_Numbers1, BASE64_table] Big_Numbers1 Big_Numbers1 {author: pusher, description: Looks for big numbers 32:sized, date: 2016-07} BASE64_table BASE64_table {author: pusher, description: Look for Base64 table, date: 2015-07, version: 0.1}{file_path: libcurl.so.5.3.0,processed_analysis: {crypto_hints: {Big_Numbers1: {meta: {author: pusher,description: Looks for big numbers 32:sized,date: 2016-07}},BASE64_table: {meta: {author: pusher,description: Look for Base64 table,date: 2015-07,version: 0.1}},summary: [BASE64_table,Big_Numbers1]}} } 结果可知libcurl.so.5.3.0文件的加密算法有两种BASE64_table、Big_Numbers1。备注工具匹配操作如下 Big_Numbers1的yara规则如下[0-9a-fA-F]{32}rule Big_Numbers1 {meta:author _pusher_description Looks for big numbers 32:sizeddate 2016-07strings:\(c0 /[0-9a-fA-F]{32}/ fullword wide asciicondition:\)c0 }notepad打开libcurl.so.5.3.0编码选择ANSI正则搜索[0-9a-fA-F]{32}匹配到了 BASE64_table的yara规则如下rule BASE64_table {meta:author _pusher_description Look for Base64 tabledate 2015-07version 0.1strings:\(c0 { 41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 30 31 32 33 34 35 36 37 38 39 2B 2F }condition:\)c0 }HxD打开十六进制ANSI编码根据“字节序列”搜索“41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A 30 31 32 33 34 35 36 37 38 39 2B 2F”匹配到了四、参考(1条消息) hashid/hash-identifier显示加密算法_ANIJ的博客-CSDN博客_hash-identifierhttps://github.com/psypanda/hashid.githttps://github.com/Miserlou/Hash-Identifier.git