Advanced Hash Manipulation

Project maintained by Ekultek Hosted on GitHub Pages — Theme by mattgraham

Dagon - Advanced hash manipulation

Named after the prince of Hell, Dagon (day-gone) is an advanced hash cracking and manipulation system, capable of bruteforcing multiple hash types, creating bruteforce dictionaries, automatic hashing algorithm verification, random salt generation from Unicode to ASCII, and much more.

Here you will find the complete functionality of Dagon, along with pretty pictures to help you along the way.



Dagon has a lot of options and is capable of cracking almost anything when used properly.

Mandatory arguments

There are of course mandatory arguments that must be passed so that Dagon can run successfully, in this section I will go over each one of these arguments and tell you a little bit about it, lets begin.

Cracking hashes:

To crack a hash you must provide a singular hash using the -c/--crack flag. This flag will tell Dagon that you are trying to crack a single hash, after you have provided the -c/--crack flag you will need to tell Dagon what sort of cracking needs to take place. Here’s an example of the cracking flag, for this example we will be using the MD5 hashing algorithm.

Notice that when a wordlist is not provided, Dagon will create its own. This wordlist will contain all possible combinations (up to one million lines) of the letters ‘abc’ from 7 to 15 characters long


After the wordlist has been generated, you will be able to crack the password, using that wordlist. Dagon will automatically attempt to verify the algorithm used to create the hash and attempt to crack using the most likely algorithms


Doing a dictionary attack:

To do a dictionary attack you will just need to use the wordlist flag (--wordlist) in order for the bruteforce section to read from the wordlist.


Cracking a hash list:

To crack a list of hashes (file of hashes) you can use the -l/--hash-list flag. You will need to provide a full path to a file so that Dagon can attempt to crack each hash. Lets use a file with three hashes in three different algorithms, SHA1, MD5, and WHIRLPOOL. Notice how it will prompt you if you want to crack the hash or not:


Verify a hashing algorithm:

You ever have to crack a hash, and the next thing you know you needed to know the hashing algorithm that was used in order to finish the cracking? Well look no further! I have a fix for that as well, using the -v/--verify flag! Dagon will not only automatically attempt to verify a hash before cracking, but it can also be provided a hash in order to verify what algorithm was used to create it.


You can also pass the -L/--least-likely flag and see all possible algorithms that could have been used to create this hash, everything from most likely, to least likely.


Manipulation arguments

These arguments are given to manipulate the way the application runs, or to manipulate the givens hashes.

Salt manipulation options:

There are many ways to manipulate the salt in Dagon, anything from using random Unicode salt --urandom, random integers -R, random characters -R --use-chars, random characters & integers -R --use-chars --use-int, or creating your own -S\--salt <SALT>, <PLACEMENT>. You can also change the length of the salt using the --salt-size flag. Most salts are around 10-12 characters long. So making the salt any bigger will produce a warning letting you know:

For random unicode salts, you will need to provide the length of the salt, please keep in mind that Unicode can make the hashing process slower.


Default for random salt is integers


Of course you can use just characters if you want to, it’s up to you not me


But where’s the fun in using just characters? You can also use characters and integers


Or, you can always just create your own


You can also change the salt size, because hey, who uses 12 character salts anymore?


Algorithms available and ID numbers

Currently supported hash types

Algorithm ID
MD5 100
MD2 110
MD4 120
Blake-224 200
Blake-256 210
Blake-384 220
Blake-512 230
SHA-1 300
SHA-224 310
SHA-256 320
SHA-384 330
SHA-512 340
SHA3-224 400
SHA3-256 410
SHA3-384 420
SHA3-512 430
Blowfish 500
MySQL 510
Oracle 11g 520
Oracle 10g 530
MsSQL 2005 540
PostgreSQL 550
MsSQL 2000 560
Ripemd-160 600
Tiger-192 700
Whirlpool 800
CRC-32 900
NTLM 1000

Special algorithms currently available

Algorithm ID
MD5(MD5(pass)+MD5(salt)) 130
MD5(MD5(pass)) 131
Half MD5 132
MD5(salt+pass+salt) 133
MD5(MD5(MD5(pass))):salt 134
Half SHA-1 351
SHA-1(SHA-1(pass)) 352
SSHA 353
SHA-1(SHA-1(SHA-1(pass))):salt 354

Algorithms in the process of being created

Shout out to contributors