Is Hashcat Mcp safe to use?

Hashcat Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Hashcat Mcp?

Hashcat Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Hashcat Mcp?

Hashcat Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Hashcat Mcp actively maintained?

Hashcat Mcp is recently maintained — last commit was 43 days ago. It has 9 GitHub stars.

Hashcat Mcp

Name: Hashcat Mcp
Author: techchipnet

by techchipnet

MCP Server for Hashcat advance password recovery tool

9 GitHub

No known CVEs

Apache-2.0 license

Maintained

Last commit 43d ago

Works with most clients

Transport: stdio

0 tools

Token cost not measured

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "hashcat-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/hashcat-mcp)](https://mcppedia.org/s/hashcat-mcp)

Read me

What Hashcat Mcp does

Developed By: Anil Parashar (TechChip) YouTube: @techchipnet | Website: techchip.net

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

0/100across 5 weighted dimensions

How we score →

0255075100

−100

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Hashcat Mcp safe to use?: Hashcat Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Hashcat Mcp?: Hashcat Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Hashcat Mcp?: Hashcat Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Hashcat Mcp actively maintained?: Hashcat Mcp is recently maintained — last commit was 43 days ago. It has 9 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.3k 3

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Remnux Mcp Server92

MCP server for using the REMnux malware analysis toolkit via AI assistants

95 5

MCP Security Weekly

Get CVE alerts and security updates for Hashcat Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "hashcat-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/hashcat-mcp)](https://mcppedia.org/s/hashcat-mcp)

Read me

What Hashcat Mcp does

Developed By: Anil Parashar (TechChip) YouTube: @techchipnet | Website: techchip.net

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Hashcat MCP Server

Developed By: Anil Parashar (TechChip)
YouTube: @techchipnet | Website: techchip.net

Hashcat-MCP is a server implementation of the Model Context Protocol (MCP) designed to bridge large language models with the powerful capabilities of Hashcat, a widely used password recovery and hash-cracking tool. By exposing Hashcat’s functionality through a structured, machine-readable interface, Hashcat-MCP allows AI systems to securely invoke, control, and automate complex cracking workflows.

With Hashcat-MCP, language models can perform tasks such as identifying hash types, configuring attack modes (dictionary, brute-force, hybrid, and rule-based attacks), managing wordlists and masks, and monitoring cracking progress in real time. This integration enables more efficient, context-aware automation of security auditing, penetration testing, and forensic analysis processes.

The system is particularly useful for cybersecurity professionals, researchers, and developers who want to incorporate intelligent automation into password recovery tasks, while maintaining fine-grained control over execution parameters. By combining the reasoning capabilities of large language models with Hashcat’s high-performance computation, Hashcat-MCP streamlines workflows that would otherwise require significant manual setup and expertise.

Prerequisites

Requirement	Details
Python	3.10+
hashcat	Must be installed and in `$PATH`
OS	Linux/Windows/macOS

Available Tools

Tool	Description
`identify_hash`	Built-in tool to identify hash types and suggest hashcat `-m` mode
`dictionary_attack`	Wordlist/dictionary attack against hashes (`-a 0`)
`combination_attack`	Combine words from two wordlists (`-a 1`)
`bruteforce_attack`	Brute-force using mask patterns (`-a 3`)
`hybrid_wordlist_mask`	Wordlist + mask (`-a 6`)
`hybrid_mask_wordlist`	Mask + wordlist (`-a 7`)
`rule_attack`	Dictionary + rule file for word mutations (`-a 0 -r`)
`restore_session`	Resume a paused/interrupted session (`--restore`)
`show_cracked`	Show already-cracked hashes (`--show`)
`show_uncracked`	Show remaining uncracked hashes (`--left`)
`benchmark`	Benchmark hash speed (`-b`)
`list_devices`	List OpenCL/CUDA devices (`-I`)
`check_hashcat`	Verify hashcat version
`verify_hash_file`	Validate hash file format & count hashes
`extract_hashes`	Extract hashes from common file formats
`list_hash_modes`	Search supported hash modes
`potfile_lookup`	Search potfile for specific hashes
`generate_mask`	Generate mask pattern suggestions

Usage

Run the server directly

python3 hashcatmcp.py

The server reads JSON-RPC 2.0 messages from stdin and writes responses to stdout.

MCP Client Configuration

Add this to your MCP client config (e.g. claude_desktop_config.json):

{
  "mcpServers": {
    "hashcat": {
      "command": "python3",
      "args": [
        "/absolute/path/to/hashcat-mcp/hashcatmcp.py"
      ]
    }
  }
}

Security

No External Dependency for Hash ID: Built-in regex engine.
File Validation: File paths are checked for existence before use.
Timeouts: Long-running attacks have configurable timeouts.
No Shell Execution: Commands use list-based subprocess.run() (no shell injection).

⚠️ Legal Disclaimer: This tool is for authorized penetration testing and security research only. Unauthorized access to computer networks is illegal. Always obtain written permission before testing.

Developed with ❤️ by Anil Parashar (TechChip)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

0/100across 5 weighted dimensions

How we score →

0255075100

−100

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Hashcat Mcp safe to use?: Hashcat Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Hashcat Mcp?: Hashcat Mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Hashcat Mcp?: Hashcat Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Hashcat Mcp actively maintained?: Hashcat Mcp is recently maintained — last commit was 43 days ago. It has 9 GitHub stars.