Top hashpwn Rules

cyclone

Title: Top hashpwn Rules Collection
Author: hashpwn
URL: https://github.com/hashpwn/rules
Description:
This repository contains hashpwn's Top Rules, a collection of high-performing hash-cracking rules that have been tested on hundreds of real-world leaks over the past decade. These rules include some of the best-performing publicly released rulesets to date.

• Included Rulesets:
  • hashpwn_250.rule
  • hashpwn_500.rule
  • hashpwn_1500.rule
  • hashpwn_3000.rule
  • hashpwn_5000.rule

v1cvap0r

hashpwn_250.rule file converted to be used with HashManager (only support cpu).
hashpwn_250 _HM.7z

Rampage45

Does rule 250,500,1500,3000 included in rule 5000?

cyclone

@Rampage45 Yes, that's correct.

Rampage45

Hello what is the comparison between hashpwn_5000.rule vs cyclone5000? and hashpwn_5000.rule vs OneRuleToRuleThemAll.rule?

cyclone

@Rampage45
Even with an order of magnitude less rules, hashpwn_5000.rule will typically have a similar crack rate as the the 52k rules in OneRuleToRuleThemAll.rule, but that will vary depending on the wordlist and hash list you're running. You can run comparisons between hashpwn_5000.rule and OneRuleToRuleThemAll.rule with your preferred wordlist and hash list to see the difference.

When tested side-by-side, hashpwn_5000.rule and cyclone_5000.rule crackrates are typically within a few % of each other.

While these comparisons are several years old, they'll give you an idea of the performance of the *_5000.rule series rules vs others.
https://github.com/cyclone-github/rules

snazzy

@cyclone do you have a methodology for benchmarking or determining the most efficient of your rules? Say I have a list of 1m generated rules, and I want to create seperate lists, top 100, 1k, 10k, etc., is there a tool/script that can assist with this, or a workflow you're willing to share?

cyclone

@snazzy
You can do all of this from linux CLI with sort, uniq, awk, grep, etc. I have also written custom tools for sorting wordlists or rulesets by frequency, so there are several ways to accomplish this. Below is a general outline using linux CLI.

1. Run hashcat with --debug-mode=1 --debug-file=debug.rule which will save all rules that had hits to debug.rule
2. Sort debug.rule by frequency and save to debug_freq.rule

Spoiler

LC_ALL=C sort debug.rule | uniq -c | LC_ALL=C sort -rn | grep -oP '^ *[0-9]+ \K.*' > debug_freq.rule

3. Now that you have a ruleset sorted by frequency, you can run head -n {nth} debug_freq.rule to grab the top {nth} rules