Hash type identifier

Free online hash identifier that analyses a digest and tells you which algorithm most likely produced it. Paste any hash — MD5, SHA-1/256/512, bcrypt, Argon2, NTLM, MySQL, LDAP and dozens more — and the tool reads its length, character set and structure to rank the candidates, decode self-describing formats (bcrypt cost, Argon2 memory and iterations), and show the matching hashcat and John the Ripper modes. The analysis runs in your browser.

How to identify a hash

1
Paste your hash

Drop a single hash into the box, or switch to Bulk for a whole list or hashdump file.

2
Read the ranked matches

Self-describing formats are identified for certain; ambiguous digests show the most likely algorithms first, with an explanation.

3
Grab the cracking mode

Copy the hashcat -m mode, the John --format name, or the ready-to-run command for each candidate.

🔥 Trending right now
🗣️ Text to Speech Video Enhancer ✂️ Trim Audio Audio Enhancer 🎭 Voice Changer 🎙️ Vocal Remover 🎬 Create Video from Audio 🎬 Trim Video

Find out which algorithm produced a hash

Paste a hash above and it is identified instantly.
Don't know what to try?
450+ free tools — open a surprise
🎲 Surprise me

Features

Ranked matches by real-world prevalence Decodes bcrypt cost, Argon2 m/t/p and crypt rounds hashcat -m and John --format for every match Identifies live as you type Bulk / hashdump mode with a per-line table Honest about ambiguous digests

Common uses

  • Recognise an unknown hash pulled from a database dump or config file.
  • Confirm the algorithm before configuring a password verifier or planning a migration.
  • Decode a bcrypt or Argon2 string to read its cost, memory and iteration parameters.
  • Look up the exact hashcat -m mode and John --format name for a hash.
  • Triage a whole hashdump (pwdump, /etc/shadow, user:hash) line by line.

Which hashes it recognises

Raw digests (MD5, SHA-1, SHA-224/256/384/512, SHA-3, RIPEMD, Whirlpool, CRC-32) and their look-alikes; password hashes (bcrypt, Argon2i/d/id, scrypt, yescrypt, PBKDF2, md5crypt, sha256crypt, sha512crypt); application formats (Django, WordPress/phpass, Drupal, MySQL, LDAP {SSHA}, Cisco IOS type 8/9, GRUB); and Windows/Active Directory credentials (NTLM, LM, NetNTLMv1/v2, Kerberos AS-REP and TGS-REP). It also flags strings that are not hashes at all, such as JWTs and UUIDs.

Why this identifier is different

Most identifiers print a single — often wrong — guess, or an unordered dump. This one is honest. When a digest is shape-ambiguous (any 32-character hex value could be MD5, NTLM or MD4, for instance) it shows the whole family ranked by how common each is in the wild and explains why it cannot be certain. For self-describing formats it goes further and decodes the embedded parameters — bcrypt cost, Argon2 memory/iterations/parallelism, crypt rounds, salts. Every match carries its hashcat -m mode and John the Ripper --format name plus a copy-ready command, so you can move straight from “what is this?” to the next step. It works on a single hash, a pasted list, or an uploaded hashdump, and the analysis runs in your browser via JavaScript.

Hash identifier FAQ

Can you tell me exactly which algorithm made my hash?

Only when the format is self-describing — bcrypt, Argon2, the $…$ crypt families, {scheme} LDAP, Django and so on carry a marker, so identification is certain. A bare hex digest cannot be pinned down from the value alone, because many algorithms produce the same length. For those, the tool lists every plausible algorithm ranked by real-world prevalence.

Why does a 32-character hash show MD5, NTLM and MD4 together?

All three output 128 bits — 32 hexadecimal characters — so their results are indistinguishable by inspection. Context decides: MD5 is by far the most common on the web, NTLM comes from Windows accounts, MD4 is rare. The honest answer is a ranked shortlist, not a single guess.

Can this crack or reverse a hash?

No. Hashing is one-way, so this tool only recognises the algorithm — it does not recover the original text. It does give you the hashcat -m mode and John --format name so you can run a real cracking tool yourself, where you are authorised to.

What are the hashcat and John values for?

hashcat selects an algorithm with a numeric mode (-m 0 = MD5, -m 1000 = NTLM, -m 3200 = bcrypt); John the Ripper uses a name (--format=raw-md5). The tool shows both for every match, plus a copy-ready command line.

Does it handle a whole list of hashes?

Yes. Switch to Bulk mode and paste many lines, or upload a text file. It understands plain hashes, user:hash pairs, pwdump and /etc/shadow lines, and returns a per-line table plus a summary of how many of each type it found.

Is it accurate for salted password hashes?

Salted formats that embed their salt — bcrypt, Argon2, sha512crypt, LDAP {SSHA} and the like — are identified with certainty and their salt and cost parameters are decoded. A bare digest with a separate “:salt” is matched on its digest part.

💡 Want us to improve this tool just for you?

We can — and it's free! Just send us a quick message with your idea. If you'd like to discuss it in detail, leave your email and we'll get back to you. You can stay anonymous.

You May Also Like

🔤 Base64 # Hash Generator 🔐 JWT Decoder 🔎 Regex Tester 🔗 URL Encoder 🆔 UUID Generator

How do you rate this tool?

Thank you for your rating!
Want to share more? Leave a comment!
Thank you! Your comment will appear after moderation.
Who is this tool for?
💻 Developers & IT Pros 🔒 Security & Privacy
Published Authors: