Rules Hashcat Rules Comparison

Cyclone · Jun 30, 2020

The info below is simply FYI and to help someone learn and have fun with hash cracking.
This is by no means a conclusive demonstration of which wordlist or ruleset is "best".
The "best" wordlist + rules is the one that generates the plaintext!

Having a good wordlist + rules is vital to hash cracking. I use my own wordlist + rules when cracking, but for these tests, I'll only be using publicly available wordlists.

To set the test up, I compiled 1,995,899 plaintext from the stockx database, then hashed these to md5.
I used publicly available wordlist and rules, but also compared the results to my own rules.
100% of cyclone's rules have been handwritten or generated by cyclone and trained against scores of databases. These were given as a comparison. They're not always better, but as you will see below, they generally do well.

Test set:
stockx plaintext - 1.9 m

Wordlists:
rockyou + phpbb - 146 mb
hashkiller (Jan 2020) - 2.9 gb

Rules:
best64 - 77 rules (included with hashcat)
T0XlC - 4085 rules (included with hashcat)
top_1500 - top 1,500 rules (from @blandyuk's hashcatgui)
top_5000 - top 5,000 rules (from @blandyuk's hashcatgui)
d3ad0ne - 34,099 rules - d3ad0ne
OneRuleToRuleThemAll - 51,998 rules - notsosecure
cyclone_mini - 195 handwritten rules - cyclone
cyclone_250 - top 250 rules - cyclone
cyclone_1500 - top 1,500 rules - cyclone
cyclone_5000 - top 5,000 rules - cyclone
cyclone_mst - top 50,000 rules - cyclone (to replace OneRuleToRuleThemAll)

Results:
Rockyou + phpbb:

Code:

no rules                (2.70%)
best64                  (6.86%)
cyclone_mini            (22.39%)
T0XlC                   (22.66%)
top_1500                (24.84%)
cyclone_250             (26.57%)
top_5000                (39.22%)
d3ad0ne                 (41.12%)
cyclone_1500            (41.58%)
OneRuleToRuleThemAll    (50.77%)
cyclone_5000            (51.58%)
cyclone_mst             (61.86%)

Hashkiller:

Code:

no rules                (34.50%)
best64                  (37.98%)
cyclone_mini            (52.77%)
T0XlC                   (54.66%)
top_1500                (58.71%)
cyclone_250             (59.01%)
top_5000                (71.54%)
cyclone_1500            (71.73%)
d3ad0ne                 (75.83%)
cyclone_5000            (79.25%)
OneRuleToRuleThemAll    (79.64%)
cyclone_mst             (86.10%)

Credits to all those who were involved with creating the rules & wordlists used above.

mugenma · Jul 1, 2020

@Cyclone
This is impressive. I love to see your personal rules. I know you worked hard , and spent a lot of time on these rules.
Would you mind sharing these rules ? It would help me a noob like me :) (Even just cyclone_mini will help me a great deal)
Anyway., thanks for your hard work, and stay safe !!!

Cyclone · Jul 1, 2020

@mugenma
Thanks for your comment. I updated my test list to include cyclone_250 as well as a download link for it.

mugenma · Jul 1, 2020

@Cyclone
It is so kind of you for sharing.....much appreciated !!! I am gonna have fun with this :)

Mr.cracker · Jul 3, 2020

@Cyclone
please try rules from https://forum.hashkiller.io/index.php?threads/top-rules.37302/

Mr.cracker · Jul 3, 2020

I tried my own rules top50k

result
Rockyou + phpbb: Recovered........: 1145326/1996374 (57.37%)
Hashkiller: Recovered........: 1667663/1996374 (83.53%)

Mr.cracker · Jul 5, 2020

we should try it on other lists hashes

XakEp · Sep 1, 2020

I've been an anonymous browser of this site for literally years until I saw this and tested these rules. These rules caught a LOT of hashes that my other rules didn't. I'm impressed, can't wait to see the next iteration. Feel free to hit me up if you need someone to assist in testing.

anhday222 · Feb 13, 2021

Cyclone said:
The info below is simply FYI and to help someone learn and have fun with hash cracking.
This is by no means a conclusive demonstration of which wordlist or ruleset is "best".
The "best" wordlist + rules is the one that generates the plaintext!

Having a good wordlist + rules is vital to hash cracking. I use my own wordlist + rules when cracking, but for these tests, I'll only be using publicly available wordlists.

To set the test up, I compiled 1,995,899 plaintext from the stockx database, then hashed these to md5.
I used publicly available wordlist and rules, but also compared the results to my own rules.
100% of cyclone's rules have been handwritten or generated by cyclone and trained against scores of databases. These were given as a comparison. They're not always better, but as you will see below, they generally do well.

Test set:
stockx plaintext - 1.9 m

Wordlists:
rockyou + phpbb - 146 mb
hashkiller (Jan 2020) - 2.9 gb

Rules:
best64 - 77 rules (included with hashcat)
T0XlC - 4085 rules (included with hashcat)
top_1500 - top 1,500 rules (from @blandyuk's hashcatgui)
top_5000 - top 5,000 rules (from @blandyuk's hashcatgui)
d3ad0ne - 34,099 rules - d3ad0ne
OneRuleToRuleThemAll - 51,998 rules - notsosecure
cyclone_mini - 195 handwritten rules - cyclone
cyclone_250 - top 250 rules - cyclone
cyclone_1500 - top 1,500 rules - cyclone
cyclone_5000 - top 5,000 rules - cyclone
cyclone_mst - top 50,000 rules - cyclone (to replace OneRuleToRuleThemAll)

Results:
Rockyou + phpbb:

Code:

no rules (2.70%) best64 (6.86%) cyclone_mini (22.39%) T0XlC (22.66%) top_1500 (24.84%) cyclone_250 (26.57%) top_5000 (39.22%) d3ad0ne (41.12%) cyclone_1500 (41.58%) OneRuleToRuleThemAll (50.77%) cyclone_5000 (51.58%) cyclone_mst (61.86%)

Hashkiller:

Code:

no rules (34.50%) best64 (37.98%) cyclone_mini (52.77%) T0XlC (54.66%) top_1500 (58.71%) cyclone_250 (59.01%) top_5000 (71.54%) cyclone_1500 (71.73%) d3ad0ne (75.83%) cyclone_5000 (79.25%) OneRuleToRuleThemAll (79.64%) cyclone_mst (86.10%)

Credits to all those who were involved with creating the rules & wordlists used above.

Can you give me cyclone_mst.rule. Thank you

wretiii · Feb 19, 2021

Thanks for sharing, @Cyclone.

watcherpro · Mar 27, 2021

Hi,

could you share the cyclone_mst.rule with me?

Thanks in advance

daddy666 · Mar 27, 2021

and can you share with me with cyclone_mst?

Dawbs · Mar 27, 2021

Notice to EVERYONE.

Cyclone_mst is not publicly available. It's not for sale either. Please stop asking, either publicly or via DM's

Many thanks for your understanding.

zido · Jul 22, 2021

I got very good results with these rules

GitHub - rarecoil/pantagrule: large hashcat rulesets generated from real-world compromised passwords

large hashcat rulesets generated from real-world compromised passwords - rarecoil/pantagrule

github.com

wretiii · Jul 22, 2021

@zido thanks for sharing

Hashpup2222 · Aug 7, 2022

cyclone_5000 (79.25%)
OneRuleToRuleThemAll (79.64%)
Are either of these avail to public?

karkajoi · Aug 7, 2022

Hashpup2222 said:
cyclone_5000 (79.25%)
OneRuleToRuleThemAll (79.64%)
Are either of these avail to public?

GitHub - NotSoSecure/password_cracking_rules: One rule to crack all passwords. or atleast we hope so.

One rule to crack all passwords. or atleast we hope so. - NotSoSecure/password_cracking_rules

github.com

Hashpup2222 · Feb 20, 2023

Dawbs said:
Notice to EVERYONE.

Cyclone_mst is not publicly available. It's not for sale either. Please stop asking, either publicly or via DM's

Many thanks for your understanding.

How do we make our own ruleset?

Hashpup2222 · Feb 21, 2023

Mr.cracker said:
I tried my own rules top50k

result
Rockyou + phpbb: Recovered........: 1145326/1996374 (57.37%)
Hashkiller: Recovered........: 1667663/1996374 (83.53%)

share please

Dawbs · Feb 21, 2023

rule_based_attack [hashcat wiki]

hashcat.net

Rules Hashcat Rules Comparison

Active member

Active member

Active member

Active member

Member

Member

Member

Member

New member

Member

Active member

Member

Super Moderator

Active member

Member

Active member

Active member

Active member

Active member

Super Moderator