Crackq is an online distributed GPU-accelerated password cracker designed to help penetration testers and network auditors check for weak passwords. It supports a number of hash types and we are actively adding new algorithms. There are no delays associated with manual submissions and payment processing. The results are emailed automatically as soon as the hash is processed.

This service must be used for legal purposes only. We are not liable for any loss or damage caused as a result of using this service.

Queue utilisation: 1/10

Update your client to v0.3.2

This is a standard FIFO queue with a maximum size of 10 submissions.

To submit your hashes, download the crackqcli python script. You will need your API key which can be found on the user details page after logging in. The results will be emailed to your registered email address. For more details, refer to the FAQ page.

For example, the following command can be used to submit the MD5 hash 06aa3b7d55df43e7d7fa4aef94811e4a:

$ git clone
$ ./ -t md5 06aa3b7d55df43e7d7fa4aef94811e4a

The crackqcli comman-line client is also available via pip or easy_install. Refer to Linux, OS X and Windows installation instructions for details.

$ sudo pip install crackqcli

You can view and purchase your queue submission quota on the user details page after logging in.

The currently supported algorithms along with their time to completion (TTC) are shown below. Note that we are actively adding new dictionary files, GPU nodes, custom rules, etc. This may affect the completion times shown below.

Password protected PDF files (v1.4 - v1.6) 1 hour
NTLM 1.2 hours
MD5 2.1 hours
SHA1 2.5 hours
WPA / WPA2 2 hours
DESCRYPT / DES(Unix) 2 hours
MD5CRYPT / FreeBSD MD5 / Cisco IOS MD5 / MD5(Unix) 45 min
PHPass MD5 (Wordpress, Joomla, phpBB3) 1 hour

Site Notifications

  1. 12/10/15 08:09: User id = 1756 signed up.
  2. 13/10/15 00:25: User id = 1758 signed up.
  3. 13/10/15 07:21: User id = 1761 signed up.
  4. 13/10/15 11:35: User id = 1763 signed up.
  5. 13/10/15 11:39: WPA hash was submitted by user id = 1761.
  6. 13/10/15 12:05: WPA hash was submitted by user id = 1761.
  7. 13/10/15 13:16: WPA hash was submitted by user id = 1761.
  8. 13/10/15 13:24: WPA hash was submitted by user id = 1761.
  9. 13/10/15 17:22: User id = 1764 signed up.
  10. 13/10/15 19:25: WPA hash was submitted by user id = 1761.


  1. 16/09/2015: Added support for password protected PDF files. Currently versions 1.4 - 1.6 are supported.
  2. 01/09/2015: Added EE-BrightBox-xxxxxx and TPG-XXXX to the list of default ESSIDs. See the full list here.
  3. 26/05/2015: Added support for PHPass (Wordpress, Joomla and phpBB3) hashes.
  4. 13/04/2015: WPA/WPA2 rules and brute-force attacks supported by Crackq
  5. 10/04/2015: Crackq client v0.2b is released. Merged public and private queues.
  6. 26/03/2015: is now supported on Windows. The private queue adds VPN IPSec IKE (aggressive mode) MD5 psk cracking support:
  7. 16/03/2015: Added upper- and lower-case 8 hex char brute-force to the private queue.
  8. 04/03/2015: Added SHA1 support to the private queue.
  9. 03/03/2015: Crackq client v0.18b is released. Added support for Cisco type 7 and Windows Group Policy Preferences (GPP) hashes. There is no processing time involved since these are reversible encodings.
  10. 25/02/2015: Crackq client v0.17 is released. Added support for DESCRYPT / DES (Unix) and MD5CRYPT / MD5(Unix) to the private queue.
  11. 24/02/2015: Crackq client v0.16b is released. Added support for the private queue.
  12. 18/02/2015: Fixed the essid issue. Essid values with non-ASCII characters are now properly terminated.
  13. 17/02/2015: Crackq client v0.15b is released.
  14. 12/02/2015: Added a new dictionary file with some custom rules to our WPA/WPA2 handshake cracking queue. The time to completion (TTC) for a single handshake is now ~8 min.
  15. 01/02/2015: Added support for LM (LanMan) hashes. Full keyspace is brute-forced in ~30 min (both password halves). Both halves are submitted as a single hash but brute-forced independently (see FAQ for details).
  16. 13/01/2015: Fixed issues related to requests with hashes that have already been cracked.
  17. 07/01/2015: The WPA/WPA2 queue now adds 8-digit brute-force support to its hybrid dictionary attacks which brings TTC to ~8 min.