7z x -so wordlist.7z | hashcat -a 0 hash.txt - The -so flag stands for "stdout output." A single decompression stream is a bottleneck. If you have a 100GB wordlist compressed on a spinning HDD, the zcat process might feed Hashcat at 50 MB/s, but your RTX 4090 can process 100 GB/s worth of candidate rules. The pipe becomes the bottleneck.
Enter . The Architecture Instead of one giant file.txt.gz , split it into 10 smaller compressed chunks (e.g., chunk_aa.gz , chunk_ab.gz ). Then, launch 10 instances of Hashcat, each reading its own compressed chunk via a pipe. hashcat compressed wordlist
# Split and compress a master wordlist split -l 5000000 master.txt part_ gzip part_* ls part_*.gz | parallel -j 4 'zcat {} | hashcat -a 0 -m 1000 hash.txt -O -w 4 -' 7z x -so wordlist
Workaround: Use pv (Pipe Viewer) to tee the decompressed stream to a temp file and to Hashcat simultaneously, but this defeats the purpose. For professional password auditors, here is the ideal directory structure: # Split and compress a master wordlist split
Hashcat allows compressed rule files via piping as well:
zcat huge_rules.rule.gz | hashcat -a 0 -m 1000 hash.txt wordlist.txt -r - There is a specific Hashcat attack mode that begs for compressed wordlists: -a 3 (Mask attack) is fast. But -a 6 (Hybrid wordlist + mask) requires reading the base wordlist.