It is more like a programming language designed for password candidate generation. It has functions that can modify and mutate any given word list with literally anything you can imagine allowing you to have a higher rate of successly cracking a hash.
You can locate a handful of hashcat rules available by default on Kali Linux in : /usr/share/hashcat/rules
best64.rule
rockyou-30000.rule
dive.rule
OneRuleToRuleThemAll
# Decrypt NTLM hashes with hashcat rule best64.rule
hashcat -m 1000 -a 0 -O hashes.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule
John the Ripper
Installation
git clone https://github.com/openwall/john.git
cd john/src
./configure && make
# use
cd ../run
./john
Usage
# Cracking MD5 hash
john hash.txt --format=RAW-MD5
# Cracking SHA1 hash
john hash.txt /usr/share/wordlists/rockyou.txt --format=RAW-SHA1
# Cracking Linux passwords
sudo john /etc/shadow
Rule based attacks
For more information :
The following is a list of rules that can be used if the password is not present in a word list chosen. Note : This list is sorted by its complexity, meaning the bottom rule will rule the rest of the rules
