Practitioner’s map

Ecosystem

Real-world tools, libraries, and services that work with the algorithms in the catalog. Cross-linked: each tool page lists the hash families it touches and links back into the relevant catalog pages.

Password cracking

Tools that recover plaintexts from hashed passwords. Defensive use cases: audit your own organization, test password policies, validate hash storage choices.

Hashcat
The GPU-native password recovery tool. 350+ supported hash modes, attack modes from straight wordlist to mask + rules.
John the Ripper
The original password cracker (1996). Massive hash-format coverage, CPU-focused, with a 'jumbo' fork supporting GPU and many more formats.

Hash identification

Given a hash string, guess which algorithm produced it. The natural first step before running a cracker.

hashid, name-that-hash, hash-identifier
Python tools that classify a hash string by length, character set, prefixes (like $2b$ or $argon2id$), and family-specific markers.

Hashing libraries

What real applications actually call when they hash something. Mature, audited, language-agnostic.

Command line

Hash a file from the terminal in one line.

sha256sum, md5sum, b3sum, shasum
The unix CLI hashers, GNU coreutils on Linux, shasum on macOS, b3sum (BLAKE3) as a separate binary, b2sum for BLAKE2.

Fuzzy / similarity hashing

Hashes that survive small input changes. Used heavily in malware analysis to cluster variants and identify families.

ssdeep, sdhash, TLSH, imphash
ssdeep (context-triggered piecewise hashing), sdhash (sliding-window similarity), TLSH (Trend Micro's design), imphash (Windows PE import-table hash).

Hash databases & services

Centralized indexes that answer 'has anyone seen this hash before?' for files, passwords, or malware samples.

VirusTotal, NSRL, Have I Been Pwned
VirusTotal (malware), NSRL (known software hashes for forensic exclusion), Have I Been Pwned's k-anonymous password API.