Security Tools

Hash Cracker/Rainbow Table Lookup

Search for hash values in rainbow tables to find corresponding plaintext passwords. Educational tool for understanding hash cracking techniques.

intermediate2-5 minutesRuns in your browser
Hash CrackingRainbow TablesPassword SecurityForensics

Interactive workspace

Inputs stay on your device — nothing is sent to our servers unless you choose to share.

Client-side only

Security Notice

  • • This tool uses a limited rainbow table for educational purposes
  • • Only common passwords and hashes are included in the database
  • • This is not a comprehensive hash cracking tool
  • • For real security testing, use dedicated hash cracking tools
  • • This tool is for educational and testing purposes only

About Rainbow Tables

Rainbow tables are precomputed tables used to reverse cryptographic hash functions. They contain hash values and their corresponding plaintext inputs, allowing for quick lookup of common passwords. This tool demonstrates the concept using a limited set of common hashes for educational purposes.

Documentation

How to use this tool, practical use cases, and technical notes.

The Hash Cracker / Rainbow Table Lookup tool is straightforward to operate. The full workflow takes 2–5 minutes. Below is a complete step-by-step guide with tips for interpreting results.


Step 1 — Obtain or Identify Your Hash

Before using the tool, you need a hash value to look up. Common sources of hash values in educational and authorized security contexts include:

Source

Example Context

Hash Format Typically Encountered

CTF challenge files

Hash extracted from a .txt or database dump in a CTF lab

MD5, SHA1, SHA256

Linux /etc/shadow file (from a lab VM)

Password hashes for cracking exercises

SHA512 (prefixed $6$), MD5 ($1$)

Windows SAM database dump (authorized)

Credential extraction exercise

NTLM

Web app database dump (authorized pentest)

Legacy PHP/MySQL apps often store MD5

MD5

Hash generation tools

Testing your own understanding by hashing a known word

Any algorithm

PentesterWorld hash generator tool

Generate a hash then verify the lookup

Any algorithm

How to identify your hash algorithm by length:

Hash Length (hex characters)

Likely Algorithm(s)

32 characters

MD5 or NTLM

40 characters

SHA1

56 characters

SHA224

64 characters

SHA256 or SHA3-256

96 characters

SHA384

128 characters

SHA512 or SHA3-512

Note: MD5 and NTLM both produce 32-character hex strings but use different algorithms. If you're unsure, select both in the tool and let it check both.


Step 2 — Enter the Hash

Paste or type your hash value into the "Hash to Search" input field. A few things to check:

  • Lowercase vs uppercase hex: Most tools output lowercase hex (e.g., 5f4dcc3b...). The tool normalizes case, but paste as-is to be safe.

  • No extra whitespace: Ensure there are no leading or trailing spaces in your hash value.

  • Prefixes: Some tools output hashes with prefixes (e.g., $1$, $6$, $nt$). Strip these — enter only the hex digest portion.

  • Colons in NTLM dumps: Windows credential dumps often show username:RID:LM_hash:NTLM_hash. Extract only the NTLM portion (the fourth colon-separated field).

Common hash formatting examples:

Raw Output

What to Enter in the Tool

5f4dcc3b5aa765d61d8327deb882cf99

5f4dcc3b5aa765d61d8327deb882cf99

$1$abc123$5f4dcc3b5aa765d61d8327de

5f4dcc3b5aa765d61d8327de (strip $1$salt$)

Administrator:500:aad3b435b51404ee:8846f7eaee8fb117::

8846f7eaee8fb117 (NTLM field)

SHA1:aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d

aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d


Step 3 — Select Hash Algorithms

Check the algorithm(s) you want to search against. The tool offers five options:

Checkbox

When to Select

MD5

Hash is 32 hex chars; source is a legacy web app, PHP system, or older tool

SHA1

Hash is 40 hex chars; source is Git, older SSL cert, or legacy web app

SHA256

Hash is 64 hex chars; source is a modern system or JWT

SHA512

Hash is 128 hex chars; source is a modern Linux shadow file

NTLM

Hash is 32 hex chars; source is a Windows system, Active Directory dump

Tip: If you don't know the algorithm, select all five. The tool will check each and report results for whichever produces a match. Checking all five adds negligible processing time since lookups are near-instantaneous.


Step 4 — Run the Search

Click "Search Rainbow Table". The tool performs an in-browser lookup against its precomputed hash database and returns results within milliseconds.


Step 5 — Interpret Your Results

Each algorithm you checked will return one of two statuses:

Result Status

Meaning

What to Do Next

Found

The hash exists in the rainbow table; plaintext is displayed

Record the plaintext; note which algorithm matched

Not Found

Hash not in this tool's limited table

Try a dedicated tool (hashcat, CrackStation) or accept the password is not a common one

Understanding a "Not Found" result:

A "Not Found" result from this tool does not mean the hash is uncrackable. It means only that the plaintext is not in this tool's curated set of common passwords. The full landscape of hash cracking resources includes:

Resource

Coverage

This tool

~1,000–10,000 most common passwords

CrackStation (online)

~15 billion entries

HashKiller (online)

~800 million MD5, NTLM entries

RockYou wordlist

14 million passwords

hashcat with rules

Billions of candidates via mutation rules

Full GPU brute force (8x RTX 4090)

~3 billion MD5/sec — cracks 8-char alphanumeric in hours


Step 6 — Copy Results

Use the copy button next to any hash or result to copy it to your clipboard for documentation in a pentest report, lab write-up, or training exercise.


Step-by-Step Example Walkthrough

Scenario: You've retrieved the following hash from a legacy PHP application database during an authorized penetration test: 5f4dcc3b5aa765d61d8327deb882cf99

Step

Action

Result

1

Count hash length

32 characters → likely MD5 or NTLM

2

Paste into "Hash to Search" field

3

Select MD5 and NTLM checkboxes

4

Click "Search Rainbow Table"

5

Review results

MD5: Found → plaintext: password

6

Note in pentest report

Critical finding: plaintext MD5 password storage with trivially common password