:For formats Hashcat doesn't read directly (like .zip , .7z , or .xz ), you use a pipe. This "streams" the words directly into Hashcat's memory: zcat wordlist.txt.gz | hashcat -m 0 hash.txt Note: When using stdin, you cannot use certain multi-file features or specific optimization masks that require knowing the file size upfront. Pro-Tips for Compressed Workflows
: Massive wordlists, such as a 2.5TB file, can be compressed down to ~250GB, saving significant disk space while remaining usable.
Sometimes, using the full path to the compressed file prevents "Invalid argument" errors. hashcat compressed wordlist
hashcat -m 0 -a 0 hash.txt rockyou.txt.gz
By mastering compressed wordlists, you can store more passwords in less space, transfer wordlists faster across networks, and focus your cracking efforts where they matter most: recovering passwords efficiently and effectively. :For formats Hashcat doesn't read directly (like
# Decompress and pipe directly into hashcat gunzip -c rockyou.txt.gz | hashcat -m 0 -a 0 target_hash.txt
When you pipe data, your CPU must decompress the file in real-time while Hashcat feeds those words to the GPU. For fast hashing algorithms (like MD5 or NTLM), a slow CPU will bottleneck your fast GPUs. For slow, complex algorithms (like bcrypt or WPA2), the GPU is the bottleneck anyway, making compressed piping highly efficient. Missing Status Features Sometimes, using the full path to the compressed
Beyond traditional compression, Hashcat supports Markov chain attacks that generate candidates statistically rather than reading from a wordlist. While not compression per se, this technique dramatically reduces storage needs because the candidate generation logic replaces the wordlist entirely. For password recovery scenarios where coverage matters more than precision, Markov attacks offer an interesting alternative to compressed wordlists.
When you provide a .gz or .zip file as your wordlist, Hashcat builds a dictionary cache by decompressing the file on the fly. The decompressed data is used immediately as it becomes available, without waiting for the entire file to finish decompressing. This streaming approach minimizes memory overhead and startup latency. Hashcat first scans the entire compressed file to gather statistics (such as the total number of passwords and keyspace) and then proceeds with the cracking attack.
For wordlists exceeding 100 GB compressed, consider splitting them into manageable chunks (e.g., 10 GB each). This practice reduces the risk of memory-related errors and improves overall stability during the cache building phase.
When feeding data to Hashcat via standard input ( - ), you as local files. Because standard input is a one-way, non-seekable stream, Hashcat cannot jump backward or cache the entire file to perform complex multi-word mutations.