Docs · Tools
Hash Tools
Two everyday jobs in one tab: figure out what kind of hash you are looking at, and try to recover its plaintext with a wordlist. Works out of the box with Python's hashlib; speeds up with hashcat or john if installed.
- Category
- Offensive (authorized)
- Powered by
pure-Python (hashlib) · hashcat/john (optional)- Edition
- Free
- Where
- Desktop → Hash Tools tab
What it does
- Identify — inspect a hash string and report the likely algorithm(s) by length and shape (MD5, SHA-1/256/512, NTLM, bcrypt, …).
- Crack (dictionary) — hash each candidate from a wordlist and compare, recovering the plaintext when there is a match.
The pure-Python engine means the tool always works with no external install; if hashcat or john is present, Nexus uses it for much faster cracking.
How to use it
1
Paste a hash
Drop one or more hashes into the input. Nexus shows the detected type(s).
text
5f4dcc3b5aa765d61d8327deb882cf99 → likely MD5
$2y$10$N9qo8uLOickgx2ZMRZoMy... → bcrypt2
Choose a wordlist
Pick a dictionary (manage lists with the
Wordlist Manager) and start the crack.3
Read the result
Recovered plaintexts appear next to their hash; unmatched hashes are reported as not found for that wordlist.
Modes & options
- Identify-only — just classify without cracking.
- Dictionary crack — single hash or a batch against one wordlist.
- Engine — automatic: native hashcat/john if available, else built-in Python.
What you get
A table of hash → detected algorithm → recovered plaintext (or “not found”). A fast recovery is a strong signal that the source system uses a weak or fast hashing scheme.
Tips
- Fast algorithms (MD5/SHA-1) crack quickly — that is itself the finding; migrate to bcrypt/argon2.
- Use a focused wordlist first; size is not always speed.
- For salted/slow hashes, prefer the native engine if you have a GPU.
Authorized use only. Only crack hashes you are authorized to handle (your own systems or an approved engagement). Recovering credentials you do not own is illegal.