haiti
Haiti is a lightweight CLI tool and Ruby library that identifies hash types from input strings. It supports 675+ hash algorithms including modern variants (SHA3, Blake2, Keccak) and provides references to Hashcat and John the Ripper for security professionals conducting penetration testing or CTF challenges.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | noraj/haiti |
| Owner | noraj |
| Primary language | Ruby |
| License | MIT — OSI-approved |
| Stars | 988 |
| Forks | 59 |
| Open issues | 3 |
| Latest release | v4.0.0 (2026-01-01) |
| Last updated | 2026-07-06 |
| Source | https://github.com/noraj/haiti |
What haiti is
Written in Ruby, Haiti performs hash type identification by pattern matching and algorithm-specific signatures against a comprehensive database. The tool operates both as a standalone command-line utility and as an importable library, enabling integration into security workflows and custom tooling.
Get the haiti source
Clone the repository and explore it locally.
git clone https://github.com/noraj/haiti.gitcd haiti# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Install via `gem install haiti-hash` or Docker; verify Ruby version compatibility with your environment before deployment.
- Hash identification is heuristic-based; some rare or custom hash types may not be detected or may produce false positives—validate results in security-critical contexts.
- The library can be embedded in Ruby scripts and security tools, but requires Ruby runtime; consider bundling for air-gapped environments.
- Review the 675+ supported hash types against your organization's cryptographic inventory to confirm coverage; gaps require manual identification.
- Test integration with downstream tools (Hashcat, John the Ripper) to ensure compatibility with identified hash type references.
When to avoid it — and what to weigh
- Require Unverified Hash Integrity — Haiti identifies hash type only; it does not validate hash correctness, format compliance, or cryptographic integrity. Do not rely on it for hash validation.
- Need Production Secrets Management — Haiti is a classification tool, not a secrets manager or key storage system. Do not use it to store, rotate, or protect production cryptographic material.
- Expect Enterprise Support & SLA — This is a community-maintained open-source project with no formal SLA, commercial support, or guaranteed response times for critical issues.
- Processing Sensitive Data at Scale — Ruby performance may be insufficient for batch-processing very large volumes of hashes in time-critical production pipelines.
License & commercial use
Licensed under MIT (MIT License), a permissive OSI-approved license. Permits commercial use, modification, and distribution with minimal restrictions; requires attribution and includes no warranty.
MIT license permits commercial use without explicit permission requests. However, verify that integration into commercial security products or services complies with your organization's open-source governance policies. No commercial support or indemnification provided by the maintainer.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
Haiti is a hash identifier only and performs no cryptographic operations. Security considerations are minimal: ensure hashes come from trusted sources before classification, recognize that identification does not prove hash legitimacy or integrity, and validate hash detection results in security-critical workflows. No known vulnerabilities disclosed, but as a Ruby tool, maintain awareness of Ruby interpreter and gem dependency vulnerabilities.
Alternatives to consider
hashid
Python-based hash identifier with similar coverage; good for Python-native environments and may have broader language compatibility for CI/CD pipelines.
John the Ripper --list=formats
Integrated hash format detection within John itself; useful if already using John for cracking, but requires JtR installation and less focused user experience.
Hashcat --help
Hashcat's native hash mode detection; single-tool approach for environments where Hashcat is the primary cracking engine, but less refined hash identification UX.
Build on haiti with DEV.co software developers
Evaluate Haiti for your penetration testing, incident response, or CTF toolchain. Review the documentation, test against your hash inventory, and confirm Ruby compatibility with your environment before production deployment.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
haiti FAQ
Does Haiti crack or decrypt hashes?
Can I use Haiti in a commercial product?
What if Haiti cannot identify a hash?
Is Haiti suitable for production security workflows?
Software developers & web developers for hire
DEV.co helps companies turn open-source tools like haiti into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.
Integrate Hash Identification Into Your Security Workflow
Evaluate Haiti for your penetration testing, incident response, or CTF toolchain. Review the documentation, test against your hash inventory, and confirm Ruby compatibility with your environment before production deployment.