Convert a Gitea PBKDF2 password hash into hashcat format with gitea2hashcat, ready for offline auditing. For authorized password recovery only.
gitea2hashcat converts the password hashes stored by Gitea (the self-hosted Git service) into the format hashcat expects. Gitea stores passwords as PBKDF2-HMAC-SHA256 with a per-user salt, kept in its database, and the raw values are not directly loadable by crackers. This tool reshapes the salt and digest into hashcat's sha256:iterations:salt:hash layout so administrators can audit password strength offline. Use it only on data you are authorized to assess.
Input:
Gitea salt + passwd_hash_algo PBKDF2 digest
Output:
sha256:50000:<b64-salt>:<b64-hash>
Where do I find the Gitea hash?
In the Gitea database user table - the salt and passwd columns. You need read access to that database, which is why this is an administrator/authorized-audit tool.
Which hashcat mode does the output use?
PBKDF2-HMAC-SHA256, hashcat mode 10900.
Does this recover the password?
No. It only reformats the hash; hashcat then attempts to recover the password, which only works for weak ones.
This tool converts Gitea password hashes into Hashcat-compatible format, enabling efficient password recovery and analysis.
Supported Tools: