**Hashcat Brain** is a distributed, state-aware deduplication system that tracks which password candidates have **already been tested** against a target hash set. Rather than accelerating guessing speed, Brain optimizes **long-running, multi-attack, or multi-operator campaigns** by preventing wasted effort. It fundamentally changes how you think about **coordination**, **coverage**, and **attack sequencing**. --- ## **What Problem Brain Solves** In traditional cracking workflows: - Different attacks may test the **same candidates repeatedly** - Multiple operators may unknowingly duplicate work - Long-term campaigns accumulate inefficiency over time Hashcat Brain introduces **global memory** for guesses. If a candidate has already been attempted: - It is **rejected immediately** - No hashing is performed - Resources are preserved --- ## **How Hashcat Brain Works (Conceptually)** Hashcat Brain uses: - **Client / Server architecture** - **Two in-memory databases** - **Session-aware candidate tracking** ### **High-Level Flow** 1. Brain server maintains a record of attempted password candidates 2. Brain clients submit candidates before hashing 3. Previously-seen candidates are discarded 4. Only _new_ candidates are allowed through This applies **across attacks**, **across sessions**, and **across operators**. --- ## **When Brain Is Most Effective** Hashcat Brain performs best when: - Hash types are **slow** (≈ under 650kH/s) - Attacks run for **hours, days, or weeks** - Multiple attack strategies are chained together - Teams are coordinating distributed workloads ### **Ideal Use Cases** - bcrypt, PBKDF2, scrypt, Argon2 - Large rule pipelines - PRINCE / hybrid / combinator workflows - Multi-node research environments ### **Poor Fit** - Extremely fast hashes (e.g., NTLM) - Short, one-off dictionary runs - GPU-saturated brute force jobs --- ## **Key Behavioral Takeaways** - Brain **does not speed up hashing** - Brain **reduces redundant work** - Brain is about **efficiency**, not throughput - Benefits compound over time Think of Brain as **attack memory**, not performance tuning. --- ## **Core Brain Options** ``` --brain-server Start hashcat Brain server --brain-client Start hashcat Brain client --brain-host Brain server IP address --brain-port Brain server port --brain-password Authentication password --brain-session Override automatic session ID --brain-session-whitelist Allow only explicit sessions --brain-client-features Enable/disable Brain features ``` > Enabling --brain-client automatically activates --slow-candidates. --- ## **Basic Usage Example** ### **Terminal Window #1 - Start Brain Server** ``` hashcat --brain-server ``` Example output: ``` Generated authentication password: 74fe414aede50622 Brain server started ``` --- ### **Terminal Window #2 - Connect Brain Client** ``` hashcat -a 0 -m #type hash.txt dict.txt -z --brain-password 74fe414aede50622 ``` From this point forward: - Duplicate candidates are filtered - Only unseen guesses are hashed --- ## **Session Management Concepts** ### **Brain Sessions** - Sessions isolate candidate tracking - Automatically generated unless overridden - Useful for separating: - Different targets - Different research phases - Different campaigns ### **Whitelisting** ``` --brain-session-whitelist ``` Restricts the Brain server to only explicitly allowed session IDs, useful in shared or multi-tenant environments. --- ## **Brain in Long-Term Campaigns** Brain shines when attacks are **layered**: 1. Dictionary + rules 2. Hybrid masks 3. PRINCE chains 4. Custom generators 5. Incremental or fallback strategies Each phase benefits from **accumulated memory**. Candidates attempted early never reappear later, even if generated by a completely different strategy. --- ## **Operational Caveats** - Brain uses **RAM** - Large campaigns require memory planning - Server restarts clear memory unless managed externally - Not a substitute for good attack design Brain improves _execution_, not _strategy_. --- ## **Mental Model** > **Without Brain:** > “Did we already try this?” > **With Brain:** > “We know we already tried this.” That difference matters at scale. --- ## **Summary** **Hashcat Brain** is best understood as: - A **global deduplication engine** - A **coordination multiplier** - A **long-term efficiency tool** It rewards: - Careful planning - Slow-hash research - Multi-phase attack pipelines - Team-based operations --- [[Advanced Compositional Attacks]] [[Home]] #tools #advanced