Hash Identifier & Analyzer

Identify and analyze hash types from hash strings. Supports MD5, SHA-1, SHA-2, SHA-3, bcrypt, Argon2, scrypt, PBKDF2, and more. Analyzes hash format, length, and characteristics to determine the most likely hashing algorithm used.

Input

Hash to Identify

Supports 100+ hash types: MD5, SHA-1/2/3, BLAKE2/3, bcrypt, Argon2, scrypt, PBKDF2, MySQL, PostgreSQL, Oracle, MSSQL, Unix Crypt, WordPress, Drupal, Joomla, NTLM, Cisco, LDAP, and more.

Don't have a hash on hand? Load an example:

Analysis Results

Analysis results will appear here

Enter a hash and click "Identify Hash Type" — or click a sample button above.

How Hash Identification Works

• Length Analysis: Different algorithms produce different output lengths
• Format Recognition: Structured hashes (bcrypt, Argon2, PBKDF2) have distinctive formats
• Pattern Matching: Character patterns help distinguish between algorithms
• Confidence Levels: Higher confidence when format is unique to one algorithm
• Multiple Matches: Some lengths match multiple algorithms (disambiguation needed)
• PBKDF2 Detection: Identifies both raw output and structured formats

Supported Hash Types (100+)

Cryptographic Hashes:

• MD2, MD4, MD5 (deprecated)
• SHA-1 (deprecated)
• SHA-224, SHA-256, SHA-384, SHA-512
• SHA-3 / Keccak variants
• BLAKE2b, BLAKE2s, BLAKE3
• RIPEMD-160
• Whirlpool, Tiger-192
• GOST R 34.11-94, HAVAL, Snefru

Password Hashes:

• bcrypt ($2a$, $2b$, $2x$, $2y$)
• Argon2 (id, d, i variants)
• scrypt, yescrypt
• PBKDF2 (structured & raw)
• HMAC-SHA1/256/512
• Unix Crypt (DES, MD5, SHA-256/512)
• Apache MD5 (APR1)

Database Hashes:

• MySQL 3.x, 4.1/5.x
• PostgreSQL MD5
• Oracle 10g, 11g, 12c
• MSSQL 2000, 2005, 2012+
• MongoDB ScramSHA1/256

CMS/Frameworks:

• WordPress ($P$, $H$)
• Drupal 7+ ($S$)
• Joomla (bcrypt, MD5+salt)
• phpBB3 ($H$)
• vBulletin (3.8.5+, older)
• Django (PBKDF2, bcrypt)

Windows/Network:

• LM Hash (deprecated)
• NTLM, NTLMv2
• Domain Cached Credentials (DCC/DCC2)
• Cisco Type 5, 7, 8, 9
• Cisco IOS SHA256
• Juniper NetScreen

LDAP/Other:

• LDAP SSHA, SSHA256, SSHA512
• LDAP MD5, SHA, Crypt
• Base64-encoded hashes
• CRC32, Adler-32 (checksums)
• LUKS / LUKS2 disk encryption

Important Notes

• Raw Hash Limitation: Cannot distinguish between algorithms with same output length
• Deprecated Algorithms: MD5 and SHA-1 are cryptographically broken — avoid for new systems
• PBKDF2 Raw Output: Looks identical to SHA-256, SHA-512, BLAKE variants, etc.
• Context Matters: Use application context, file extensions, or documentation to confirm identification
• Verification Method: Try PBKDF2 verification with known parameters to confirm
• Modern Systems: If hash is from a recent application, prefer modern algorithms over legacy ones
• Security: Never attempt to reverse or crack hashes without proper authorization

Algorithm Categories & Use Cases

Password Hashing: Argon2, bcrypt, scrypt, yescrypt, PBKDF2 — designed to be slow and resistant to brute force.

Fast Hashing: BLAKE2, BLAKE3 — modern, fast, secure alternatives to SHA-2.

Data Integrity: CRC32, Adler-32 — non-cryptographic checksums for error detection.

Legacy Systems: MD2, MD4, MD5, SHA-1, LM Hash — older algorithms, deprecated and insecure.

Cryptographic: SHA-2, SHA-3 — secure general-purpose cryptographic hashing.

Key Derivation: HMAC variants, PBKDF2 — for generating keys from passwords/secrets.

Database-Specific: MySQL, PostgreSQL, Oracle, MSSQL formats — database password storage formats.

Web Applications: WordPress, Drupal, Joomla, Django — CMS and framework password hashes.

Windows/Network: NTLM, DCC, Cisco Types — system and network device authentication hashes.

Directory Services: LDAP SSHA variants — directory server password hashes.

Disk Encryption: LUKS / LUKS2 — full-disk encryption header references.

Authentication Protocols: NTLMv2, MongoDB SCRAM — challenge-response and HMAC-based authentication exchanges.

Identification Tips

File Extensions: .md5, .sha1, .sha256 files often indicate the hash type

Application Context: Django uses PBKDF2, WordPress uses $P$, Drupal uses $S$, bcrypt is common in Ruby, Argon2 in modern apps

Database Context: MySQL hashes start with *, PostgreSQL with md5, Oracle 11g with S:, MSSQL with 0x0100/0x0200/0x0300

Length Patterns: 8 = checksums, 13 = DES crypt, 16 = MySQL 3.x/Oracle 10g, 32 = MD5/NTLM/LM, 40 = SHA-1, 41 = MySQL 4.1/5.x, 64 = SHA-256

Structured Formats: $ delimiters indicate Unix crypt, bcrypt, Argon2, scrypt, yescrypt, PBKDF2. Curly braces indicate LDAP hashes

Prefix Detection: $1$ = MD5 crypt, $2 = bcrypt, $5$ = SHA-256 crypt, $6$ = SHA-512 crypt, $argon2 = Argon2, $P$ = WordPress, $S$ = Drupal

Performance Clues: Very fast generation suggests a simple hash; slow generation suggests a password hash (bcrypt, Argon2, scrypt)

Modern Systems: Recent applications likely use SHA-2+, BLAKE variants, Argon2, or yescrypt for passwords

About Hash Identifier & Analyzer

The Hash Identifier & Analyzer inspects hash strings and reports the most likely algorithms behind them, along with format details, structural parameters, and (where applicable) Hashcat mode numbers. It covers 100+ hash types — MD5, SHA-1, the SHA-2 and SHA-3 families, BLAKE2/3, bcrypt, Argon2, scrypt, yescrypt, PBKDF2, Unix crypts, Windows authentication hashes, database password formats, CMS schemes (WordPress, Drupal, Joomla), LDAP variants, and more — and runs entirely in your browser.

Why use a Hash Identifier & Analyzer?

Hash identification is essential for security assessments, forensic investigations, and migrations where you inherit credential data without documentation. This tool removes the guesswork: it ranks candidates by confidence, parses structured formats (bcrypt cost, Argon2 m/t/p, PBKDF2 iterations), and gives you the Hashcat mode number you need to act on the result. Because everything happens client-side, you can paste sensitive hashes without sending them anywhere.

Who is it for?

Built for penetration testers and CTF players who need fast hash identification with Hashcat mode numbers, digital-forensics analysts triaging unknown credential dumps, security engineers auditing third-party authentication code, and platform teams migrating off legacy password schemes. It's also a useful learning aid for developers and students studying password storage and cryptographic hash families.

How to use the tool

Paste one or more hash strings into the input field — one hash per line for batch analysis

Click 'Identify Hash Type' (or use a sample button to load a known hash for each major type)

Review the ranked candidates: the top result is flagged 'Most Likely' and each candidate shows its confidence and Hashcat mode number

Read the characteristics and disambiguation hints for context — they explain why several algorithms can share a length and how to narrow the choice

Use the copy button to grab the hash or a JSON report, then plug the result into a hash generator/verifier or Hashcat to continue your workflow

Key Features

100+ hash types detected

Covers cryptographic hashes (MD5/SHA-1/2/3, BLAKE2/3, RIPEMD-160), password KDFs (bcrypt, Argon2, scrypt, yescrypt, PBKDF2), Unix crypts, Windows (LM/NTLM/DCC), database schemes (MySQL, PostgreSQL, Oracle, MSSQL), CMS hashes (WordPress, Drupal, Joomla, phpBB3, vBulletin, Django), LDAP variants, Cisco/Juniper, and Base64-encoded forms.

Confidence-ranked results

Candidates are sorted High → Medium → Low so the most likely algorithm is always at the top, with a clear 'Most Likely' badge. Confidence reflects how unique the format is — structured prefixes like $argon2id$ score High; bare 32-hex strings score Low because many algorithms share that length.

Hashcat mode numbers

Each candidate shows its Hashcat -m mode (e.g. 0 for MD5, 100 for SHA-1, 1000 for NTLM, 3200 for bcrypt, 13000-series for Argon2) so you can move straight from identification to attack/verification without a second lookup.

Structured-format parsing

Parses bcrypt cost factors, Argon2 m/t/p parameters, PBKDF2 iteration counts, and Unix crypt rounds. Flags malformed structures and warns when iteration counts fall below current OWASP recommendations.

Disambiguation hints

When a length matches many algorithms (32, 40, 56, 64, 96, or 128 hex chars), the tool surfaces positive signals to look for — source system, surrounding format, presence of salts — so you can rule candidates in or out.

100% client-side

All analysis runs in your browser. Hashes never leave your device, which matters for forensic evidence, customer credentials, and any hash you wouldn't want logged on a third-party server.

Common Use Cases

CTF & penetration testing

Scenario: You've extracted a credential blob from a target system and need to know which Hashcat mode to use before kicking off a crack.

✓ Identification + Hashcat mode in one step — paste the hash, copy the -m value, run Hashcat.

Digital forensics triage

Scenario: An incident-response engagement hands you an unknown password dump from a compromised application.

✓ Quickly classify the dump by algorithm family without uploading sensitive evidence to an online service.

Legacy migration

Scenario: You're modernising an inherited application and need to identify what password-hashing scheme the previous team used.

✓ Spot deprecated schemes (MD5, SHA-1, MySQL 3.x, LM) and plan a rehash-on-login migration to Argon2id or bcrypt.

Security code review

Scenario: You're reviewing third-party code that stores password hashes and want to confirm what algorithm — and what parameters — it actually uses.

✓ Confirm at a glance whether the stored format is bcrypt with a strong cost factor, Argon2id with sane m/t/p, or something weaker.

Teaching & learning

Scenario: You're explaining password storage to a class or a junior engineer and need concrete examples of each algorithm's output.

✓ Sample buttons load known hashes for MD5, SHA-256, NTLM, bcrypt, and Argon2id — perfect for live demos.

Accuracy

100+ hash types covered by 64+ detection patterns

Privacy

100% client-side — hashes never leave your device

Uptime

Static site — no backend dependency

Frequently Asked Questions

Is hash identification ever 100% certain?

Only when the hash has a distinctive structured prefix (e.g. $argon2id$, $2y$, $S$, {SSHA}). For raw hex outputs many algorithms share the same length — a 32-hex string could be MD5, NTLM, LM, MD4, MD2, raw PBKDF2-16, or a custom truncation — so the tool returns ranked candidates rather than a single answer.

Why does my SHA-256 also match BLAKE2s and BLAKE3?

All three produce 32 bytes / 64 hex characters by default. There's no way to distinguish them from the hex string alone — you need context from the source system. SHA-256 is by far the most common, so it's ranked first; BLAKE2s/BLAKE3 are listed as lower-confidence alternatives.

Does the tool send my hash anywhere?

No. All analysis runs locally in your browser. There is no API call and no logging. You can verify this in your browser's DevTools network tab — analysing a hash produces zero network requests.

What is a Hashcat mode number?

Hashcat identifies hash types using numeric modes passed via the -m flag (e.g. -m 0 for MD5, -m 1000 for NTLM, -m 3200 for bcrypt, -m 13000 for Argon2id). The tool shows the mode number next to each candidate so you can copy it straight into a Hashcat command.

Can it identify salted hashes?

Yes — the tool recognises common salt-bearing formats (bcrypt, Argon2, Unix crypt $1$/$5$/$6$/$y$, PostgreSQL md5, MySQL 4.1+, Joomla MD5+salt, vBulletin, LDAP SSHA variants). For raw hash:salt formats it uses the structural pattern, not the salt content, to classify.

Does this tool crack hashes?

No. It only identifies the algorithm. To recover the underlying value you'd need a tool like Hashcat or John the Ripper — and only against hashes you have explicit authorisation to test.

How do I tell SHA-256 from SHA3-256?

You can't from the output alone. Look at the source: SHA-256 is the default in most older systems, libraries, and protocols (TLS, Bitcoin, Git); SHA3-256 / Keccak-256 appears mostly in newer specs and Ethereum. The 'disambiguation hints' section calls this out when you analyse a 64-hex string.

Why are some matches marked 'Low' confidence even though the algorithm name matches my hash?

Low confidence means the format is shared with other algorithms — the algorithm could be present, but length alone isn't enough evidence to be sure. Cross-reference with the source system or, for password hashes, try verifying with the suspected algorithm's parameters.

What's the difference between hash identification and hash cracking?

Hash identification tells you what algorithm produced a hash so you can use the right tool to verify or attack it. Hash cracking actually attempts to recover the original input that produced the hash, typically by trying billions of candidate values (dictionary attacks, brute force, mask attacks). Identification is a 5-millisecond operation that runs anywhere; cracking can take seconds to millennia depending on the algorithm and the input's entropy. This tool only identifies. To crack, use Hashcat or John the Ripper — and only against hashes you have explicit authorisation to test (your own systems, CTF challenges, or authorised penetration tests).

Can this tool identify a hash from a leaked password dump?

Yes — that's one of its core use cases. Paste any hash from a leaked dump or breach archive and the tool will rank the candidate algorithms by confidence, parse the structured format if there is one (bcrypt cost factor, Argon2 parameters), and show the Hashcat mode number you'd use to attempt cracking. All analysis is client-side, so you can analyse forensic evidence without uploading it to a third-party service — important for chain-of-custody preservation in incident-response workflows. If the dump contains hashes from multiple algorithms (common when a site changed its hashing implementation over time), paste them one per line for batch analysis.

Technical Specifications

Supported Formats

✓Cryptographic hashes — MD2/4/5, SHA-1, SHA-2 family, SHA-3 / Keccak, BLAKE2b/2s, BLAKE3, RIPEMD-160, Whirlpool, Tiger-192, GOST, HAVAL, Snefru
✓Password KDFs — bcrypt ($2a/$2b/$2x/$2y$), Argon2 (id/i/d), scrypt, scrypt $7$ format, yescrypt, PBKDF2 (structured and raw)
✓Unix crypts — DES, MD5 ($1$), SHA-256 ($5$), SHA-512 ($6$), Apache APR1 ($apr1$)
✓Database hashes — MySQL 3.x and 4.1/5.x, PostgreSQL MD5, Oracle 10g/11g/12c, MSSQL 2000/2005/2012+, MongoDB SCRAM-SHA-1/256
✓CMS / framework — WordPress ($P$/$H$), Drupal ($S$), Joomla, phpBB3, vBulletin, Django (PBKDF2/bcrypt)
✓Windows / network — LM, NTLM, NTLMv2, DCC, DCC2, Cisco Type 5/7/9, Cisco IOS SHA-256, Juniper NetScreen
✓LDAP / directory — {SSHA}, {SSHA256}, {SSHA512}, {MD5}, {SHA}, {CRYPT}
✓Encoded variants — Base64-encoded MD5/SHA-256/SHA-512, HMAC-SHA1/256/512

Limits & Performance

•File Size: Text input only, no file uploads — analysis is instant for typical hash lengths
•Validations: 64+ detection patterns covering 100+ algorithms
•Response Time: Synchronous, in-browser — typically < 5 ms per hash
•Browsers: All modern browsers (Chrome, Firefox, Safari, Edge); no plugins required

Pro Tips

Trim whitespace before pasting — leading/trailing spaces will change the length and break length-based detection.
Paste one hash per line to batch-analyse a credential dump in a single click.
Look at structural prefixes first ($, {, *, 0x, S:, T:) — they're the most reliable signal and pin down the algorithm immediately.
Cross-reference with the source application: Django uses pbkdf2_sha256$, WordPress uses $P$, Drupal uses $S$, Linux shadow files use $1/$5/$6/$y$.
Treat any MD5/SHA-1 match for password storage as 'deprecated — plan a rehash-on-login migration to Argon2id or bcrypt'.
When several candidates share a length, rely on the disambiguation hints — they list the positive signals (source system, surrounding fields) that distinguish them.
Copy the Hashcat mode number directly from the result card to avoid mistakes when constructing your -m argument.

Share This Tool

Found this tool helpful? Share it with others who might benefit from it!

💡 Help others discover useful tools! Sharing helps us keep these tools free and accessible to everyone.

Support This Project

Buy Me a Coffee