What is Hashbull?

Hashbull is a graphical user interface (GUI) for controlling the world´s best Cracking-Tools (Hashcat, John the Ripper, Bulk-Extractor and CUPP) to decrypt passwords in digital evidence.


Hashbull is also able to scan the target person's computer for indications of the use of cryptocurrencies (Bitcoin, Ethereum, Monero, etc.). Hashull can also search the computer for encrypted files.


Hashbull was created primarily for law enforcement agencies to decrypt disks and files during criminal investigations. 

Which tools are integrated in Hashbull?

Hashbull Scanners - The Hashbull scanners search the target person's computer for evidence of cryptocurrencies and encrypted files.


Hashcat - Hashcat is the most popular and effective password cracker in the world. It is used by law enforcement agencies, secret services and the military, as well as penetration testers in the software industry.


John the Ripper - JtR is a password cracker originally developed for UNIX-based systems and first released in 1996. JtR includes a variety of tools for extracting password hashes.


Bulk Extractor - BuEx is a forensics tool that scans a disk image, file, or directory and extracts useful information without analyzing the file system or structures. The tool is very powerful in creating wordlists from unencrypted evidence from a target person.


CUPP - Cupp creates wordlists with person-specific passphrases of a target person based on inputs, e.g. the nickname, name of the pet or the child's date of birth. It is based on the assumption that many passwords are a combination of passphrases, numbers, and special characters.

Getting started with Hashbull

The Hashbull start window is divided into four areas.

01_Hash Extraction

The first tab is designed to extract the password hashes. The list of possible hash extractions is gradually being expanded. The hash algorithms that are most important for law enforcement authorities (VeraCrypt, PDF, Office, ZIP, Bitcoin- and Ethereum-Wallets, FileFault2 (Apple), LUKS (Linux), Bitlocker, etc.) are integrated.

02_Hash Crack

The second tab is designed to decrypt the password hashes. In the upper window the hash is loaded, the hash type is selected and optionally the session name is entered.

Several attack modes are available in the lower window. The first attack is a wordlist attack (Hashcat mode A0). Extensive mask, combination and hybrid attacks are also available. In addition, an intelligent and fully automatic attack has been integrated into Hashbull, which independently decides the attack strategy. A batch mode is also available, in which the attack strategy can be developed manually.

03_Bulk Extractor und CUPP

In the upper tab, unencrypted IT evidence objects can be analyzed with Bulk Extractor and special wordlist extractions can be initiated. The resulting wordlists are very effective.


With CUPP, very person-specific wordlists can be created. CUPP asks for example the name of the target person, the date of birth, the name of the spouse, the children, etc. and uses this information to create extensive wordlist combinations of numbers and special characters.


In this area, the settings are stored. If necessary, a Hashcat-Brain-Server can be configured. Extensive help to hashbull are stored under "Help".