1 minute read

A Mask-Attack using hashcat based on the rockyou leak

I am not developing this project anymore. The code is not complex so don’t be afraid to take a peek and modify it yourself. If you want to know how I generated the maks feel free to contact me and I may be able to remember how I did it.

I’ve collected the most effective masks to use to crack passwords and put it all together so you have to do as little manual labor as possible to achieve (sub) optimal results.</br> Suboptimal because knowing your target and using that information for a custom mask goes a lot further than even the best password cracking algotithm based on the average person


  • Linux (Debian Based): sudo apt install python
  • Windows: https://www.microsoft.com/en-us/p/python-38/9mssztt1n39l?activetab=pivot:overviewtab


  • Linux (Debian Based): sudo apt-get install hashcat
  • Windows: https://hashcat.net/files/hashcat-

On Windows put your hashes in a text file (one hash per line) in the hashcat directory

On Linux put your hashes in a text file where you excecute the script

cracked hashes:

  • Linux: hashcat yourhashfilehere –show
  • Windows: in the commandline navigate to the hashcat directory - .\hashcat64.exe yourhashfilehere –show

Running a Radeon RX 570 this script can brute-force 70% of passwords in rockyou in about half a day, 60% in about half an hour

View on Github


Leave a comment