DEV.co
Open-Source Security · noraj

haiti

Haiti is a lightweight CLI tool and Ruby library that identifies hash types from input strings. It supports 675+ hash algorithms including modern variants (SHA3, Blake2, Keccak) and provides references to Hashcat and John the Ripper for security professionals conducting penetration testing or CTF challenges.

Source: GitHub — github.com/noraj/haiti
988
GitHub stars
59
Forks
Ruby
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositorynoraj/haiti
Ownernoraj
Primary languageRuby
LicenseMIT — OSI-approved
Stars988
Forks59
Open issues3
Latest releasev4.0.0 (2026-01-01)
Last updated2026-07-06
Sourcehttps://github.com/noraj/haiti

What haiti is

Written in Ruby, Haiti performs hash type identification by pattern matching and algorithm-specific signatures against a comprehensive database. The tool operates both as a standalone command-line utility and as an importable library, enabling integration into security workflows and custom tooling.

Quickstart

Get the haiti source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/noraj/haiti.gitcd haiti# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Penetration Testing & Security Audits

Rapidly identify hash types encountered during security assessments to determine appropriate cracking strategies and tool selection (Hashcat, John the Ripper).

CTF & Security Training

Streamline hash identification during Capture The Flag competitions and security training exercises where manual hash type recognition is time-consuming.

Incident Response & Forensics

Quickly classify unknown hashes discovered in logs, configurations, or memory dumps to inform investigation priorities and remediation decisions.

Implementation considerations

  • Install via `gem install haiti-hash` or Docker; verify Ruby version compatibility with your environment before deployment.
  • Hash identification is heuristic-based; some rare or custom hash types may not be detected or may produce false positives—validate results in security-critical contexts.
  • The library can be embedded in Ruby scripts and security tools, but requires Ruby runtime; consider bundling for air-gapped environments.
  • Review the 675+ supported hash types against your organization's cryptographic inventory to confirm coverage; gaps require manual identification.
  • Test integration with downstream tools (Hashcat, John the Ripper) to ensure compatibility with identified hash type references.

When to avoid it — and what to weigh

  • Require Unverified Hash Integrity — Haiti identifies hash type only; it does not validate hash correctness, format compliance, or cryptographic integrity. Do not rely on it for hash validation.
  • Need Production Secrets Management — Haiti is a classification tool, not a secrets manager or key storage system. Do not use it to store, rotate, or protect production cryptographic material.
  • Expect Enterprise Support & SLA — This is a community-maintained open-source project with no formal SLA, commercial support, or guaranteed response times for critical issues.
  • Processing Sensitive Data at Scale — Ruby performance may be insufficient for batch-processing very large volumes of hashes in time-critical production pipelines.

License & commercial use

Licensed under MIT (MIT License), a permissive OSI-approved license. Permits commercial use, modification, and distribution with minimal restrictions; requires attribution and includes no warranty.

MIT license permits commercial use without explicit permission requests. However, verify that integration into commercial security products or services complies with your organization's open-source governance policies. No commercial support or indemnification provided by the maintainer.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Haiti is a hash identifier only and performs no cryptographic operations. Security considerations are minimal: ensure hashes come from trusted sources before classification, recognize that identification does not prove hash legitimacy or integrity, and validate hash detection results in security-critical workflows. No known vulnerabilities disclosed, but as a Ruby tool, maintain awareness of Ruby interpreter and gem dependency vulnerabilities.

Alternatives to consider

hashid

Python-based hash identifier with similar coverage; good for Python-native environments and may have broader language compatibility for CI/CD pipelines.

John the Ripper --list=formats

Integrated hash format detection within John itself; useful if already using John for cracking, but requires JtR installation and less focused user experience.

Hashcat --help

Hashcat's native hash mode detection; single-tool approach for environments where Hashcat is the primary cracking engine, but less refined hash identification UX.

Software development agency

Build on haiti with DEV.co software developers

Evaluate Haiti for your penetration testing, incident response, or CTF toolchain. Review the documentation, test against your hash inventory, and confirm Ruby compatibility with your environment before production deployment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

haiti FAQ

Does Haiti crack or decrypt hashes?
No. Haiti only identifies the hash type. Use Hashcat, John the Ripper, or other cracking tools to attempt hash recovery.
Can I use Haiti in a commercial product?
Yes, the MIT license permits commercial use. Ensure your organization's open-source policy is met and include MIT attribution.
What if Haiti cannot identify a hash?
Haiti may not recognize very new, proprietary, or custom hash types. Manually consult hash algorithm documentation or try alternative identifiers.
Is Haiti suitable for production security workflows?
Haiti is reliable for identification but is community-maintained without commercial SLA. Use for support functions (incident response, pentesting) rather than mission-critical automated systems without fallback logic.

Software developers & web developers for hire

DEV.co helps companies turn open-source tools like haiti into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.

Integrate Hash Identification Into Your Security Workflow

Evaluate Haiti for your penetration testing, incident response, or CTF toolchain. Review the documentation, test against your hash inventory, and confirm Ruby compatibility with your environment before production deployment.