hashcrackdb exposes a small JSON API for looking up precomputed hash →
plaintext pairs. All responses are application/json. All
hashes must be hex (lowercase or uppercase), except mysql41
which uses the *HEX40 form.
https://hashcrackdb.comReturns the list of algorithm databases currently loaded on the server.
{
"loaded_algorithms": ["md5", "sha1", "sha256", "ntlm"],
"total_loaded": 4
}Auto-detects candidate algorithms based on hash length and returns all matches. Useful when you don't know which algorithm produced the hash.
| Name | Type | Description |
|---|---|---|
hash |
string | 1–128 hex chars, or * + 40 hex chars (mysql41). |
{
"hash": "5f4dcc3b5aa765d61d8327deb882cf99",
"found": true,
"matches": [
{ "algorithm": "md5", "plaintext": "password" }
]
}matches array may contain multiple
entries if a hash collides across algorithms.
Forces a lookup against a specific algorithm database. The hash length must match the algorithm's expected length.
| Name | Type | Description |
|---|---|---|
algorithm |
string | One of the supported algorithms. See Algorithms. |
hash |
string | Hash to look up; length must match the algorithm. |
{
"hash": "5f4dcc3b5aa765d61d8327deb882cf99",
"algorithm": "md5",
"found": true,
"plaintext": "password"
}{
"hash": "0000000000000000000000000000abcd",
"algorithm": "md5",
"found": false,
"plaintext": null
}Look up multiple hashes in a single request. Each hash is tried against every algorithm matching its length, and all matches are returned.
{
"hashes": [
"5f4dcc3b5aa765d61d8327deb882cf99",
"e10adc3949ba59abbe56e057f20f883e",
"098f6bcd4621d373cade4e832627b4f6"
]
}hashes | array, 1–100 items |
| each item | 1–128 chars, hex or mysql41 form |
{
"results": [
{
"hash": "5f4dcc3b5aa765d61d8327deb882cf99",
"found": true,
"matches": [
{ "algorithm": "md5", "plaintext": "password" }
]
},
{
"hash": "e10adc3949ba59abbe56e057f20f883e",
"found": true,
"matches": [
{ "algorithm": "md5", "plaintext": "123456" }
]
},
{
"hash": "0000000000000000000000000000abcd",
"found": false,
"matches": []
}
]
}# Look up an MD5 hash without specifying the algorithm
curl https://hashcrackdb.com/api/lookup/auto/5f4dcc3b5aa765d61d8327deb882cf99curl https://hashcrackdb.com/api/lookup/sha1/5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8curl -X POST https://hashcrackdb.com/api/lookup/bulk \
-H "Content-Type: application/json" \
-d '{"hashes":["5f4dcc3b5aa765d61d8327deb882cf99","098f6bcd4621d373cade4e832627b4f6"]}'import requests
# Bulk lookup
r = requests.post(
"https://hashcrackdb.com/api/lookup/bulk",
json={"hashes": [
"5f4dcc3b5aa765d61d8327deb882cf99",
"e10adc3949ba59abbe56e057f20f883e",
]},
timeout=10,
)
r.raise_for_status()
for result in r.json()["results"]:
if result["found"]:
for m in result["matches"]:
print(f"{result['hash']} ({m['algorithm']}) -> {m['plaintext']}")
else:
print(f"{result['hash']}: not found")# hashes.txt: one hash per line
jq -Rn '{hashes: [inputs | select(length > 0)]}' hashes.txt \
| curl -s -X POST https://hashcrackdb.com/api/lookup/bulk \
-H "Content-Type: application/json" \
--data-binary @- \
| jq -r '.results[] | select(.found) | "\(.hash):\(.matches[0].plaintext)"'| Algorithm | Length | Format |
|---|---|---|
md5 | 32 | hex |
md4 | 32 | hex |
md5md5 | 32 | hex (md5 of md5) |
md5half | 16 | hex (first half of md5) |
ntlm | 32 | hex |
sha1 | 40 | hex |
sha224 | 56 | hex |
sha256 | 64 | hex |
sha384 | 96 | hex |
sha512 | 128 | hex |
ripemd160 | 40 | hex |
whirlpool | 128 | hex |
mysql41 | 41 | * + 40 hex (uppercase) |
Call GET /api/info to see which of these are currently
loaded on the server.
| Status | Meaning |
|---|---|
400 | Invalid hash format or unsupported algorithm. |
422 | Request body failed validation (too many hashes, wrong shape, etc.). |
429 | Rate limit exceeded at the edge. |
500 | Internal server error. No details leaked; check back later. |