Here’s a helpful write-up on using Hashcat with compressed wordlists — covering why, how, and practical examples.
The use of compressed wordlists in Hashcat is a mature, battle-tested optimization that every security professional should incorporate into their workflow. It transforms the bottleneck of storage I/O into a lightweight CPU decompression task, often yielding faster cracking times while dramatically reducing storage overhead. With native support for GZIP, BZIP2, and ZSTD, Hashcat makes integration seamless. The key is selecting the right compression algorithm and level for your hardware: gzip -6 for general use, ZSTD for speed, and avoiding overly aggressive compression that sacrifices throughput. By mastering compressed wordlists, penetration testers and incident responders can handle terabyte-scale dictionaries on modest hardware, keeping their GPU cores fed and their cracking efforts efficient. In the arms race between password complexity and recovery capabilities, every optimization counts—and compressing wordlists is one of the easiest, most effective wins available.
Starting with Hashcat 6.0 , the tool supports the native decompression of wordlists on-the-fly, allowing you to use compressed files directly in your attack commands without pre-extracting them. This is particularly useful for massive wordlists that would otherwise consume significant disk space. Super User Supported Formats
Hashcat natively detects and decompresses the following formats during the initial loading phase: Gzip (.gz) : Widely used for standard wordlists like rockyou.txt.gz ZIP (.zip)
: Supported for individual wordlist files contained within an archive. Note on .7z : Native support for is generally not available; pointing hashcat to a
file may result in it attempting to read the compressed binary data as plaintext, which will fail. Super User How to Use Compressed Wordlists
You can supply a compressed wordlist just as you would a standard text file: # Direct usage in Hashcat 6.0+ hashcat -a hash.txt wordlist.txt.gz Use code with caution. Copied to clipboard Manual Decompression (Piping)
If you are using an older version of Hashcat or a format it doesn't natively support (like hashcat compressed wordlist
), you can pipe the decompressed output directly into Hashcat's standard input (stdin): Super User # Using gunzip for .gz files gunzip -c wordlist.txt.gz | hashcat -a # Using 7z for .7z files z e -so wordlist.7z | hashcat -a Use code with caution. Copied to clipboard Performance & Trade-offs Disk vs. CPU
: Compressed wordlists save massive amounts of disk space but require a small amount of CPU overhead for real-time decompression.
: When using native support, Hashcat still needs to decompress the file once to build a dictionary cache
(to analyze statistics like password counts). This may cause a slight delay at the start of the attack. Piping Limitations : If you use the piping method (
), Hashcat cannot build a dictionary cache because it doesn't know the full size of the input. This means you will not see an accurate or progress bar for the overall wordlist. Alternative Tools
: For generating and automatically compressing massive custom wordlists, high-performance tools like can output directly to Super User Using Hashcat to load a compressed wordlist - Super User 23 Dec 2018 —
Using compressed wordlists in Hashcat is a highly efficient way to manage massive password dictionaries without exhausting your local storage. Modern versions of Hashcat support reading certain compressed formats directly, allowing you to run attacks on the fly without needing to manually decompress hundreds of gigabytes of text. Supported Formats and Usage Hashcat can natively handle wordlists compressed with Gzip (.gz) ZIP (.zip) Standard Syntax Here’s a helpful write-up on using Hashcat with
: Simply point Hashcat to the compressed file as you would with a hashcat -a -m [hash_type] target_hashes.txt wordlist.gz Use code with caution. Copied to clipboard ZIP Specifics : If using a
archive, ensure the wordlist is the only file inside and that it was compressed using the method for maximum compatibility. Performance Considerations On-the-Fly Decompression
: Hashcat decompresses the data in memory as it processes it. This means you don't lose cracking speed during the actual attack, though there may be a slight delay at the start while Hashcat builds its dictionary cache. RAM Limits
: While it saves disk space, Hashcat still needs to analyze the file for statistics. For extremely large files (e.g., 100GB+ compressed), you may see a long "Dictionary cache building" phase where the system appears to hang before the crack begins. Comparison of Formats : Many users report that is more reliable than
for exceptionally large wordlists (terabyte-scale uncompressed), as it avoids certain internal ZIP file size limits. Advanced Piping (The "Zcat" Method)
If you encounter a format Hashcat doesn't natively support (like
), you can pipe the output from a decompression tool directly into Hashcat using standard input ( zcat wordlist.gz | hashcat -a -m [hash_type] target_hashes.txt Use code with caution. Copied to clipboard Conclusion The use of compressed wordlists in Hashcat
Note: Using piping may prevent Hashcat from showing an accurate progress bar or ETA, as it doesn't know the total size of the incoming stream. Best Practices Avoid Subfolders
: When zipping a wordlist, do not include any subfolders in the archive; Hashcat expects the raw dictionary file to be at the root. Prioritize Rules
: Instead of using a 500GB compressed wordlist, it is often more efficient to use a smaller, high-quality list (like ) combined with Hashcat Rules ) to generate permutations on the fly. most effective rule sets to use with smaller compressed wordlists?
Because high-quality wordlists are often very large (gigabytes in size), they cannot be pasted directly as text here.
However, here are the compressed text sources for the most popular standard wordlists used by the security community. You can download these, decompress them, and pipe them directly into Hashcat.
For gzip (.gz):
zcat wordlist.gz | hashcat -m <hash_type> -a 0 <hashfile>
For bzip2 (.bz2):
bzcat wordlist.bz2 | hashcat -m <hash_type> -a 0 <hashfile>
For xz (.xz):
xzcat wordlist.xz | hashcat -m <hash_type> -a 0 <hashfile>