for password cracking using hashcat
I built this site while exploring password cracking during my cybersecurity journey. Instead of just watching Hashcat run for hours or days, I wanted to find smarter, more efficient ways to crack passwords by recognizing patterns. VowelFreq is a statistical analysis tool designed to optimize password cracking by leveraging vowel frequency and character positioning within words from the dictionary. Traditional brute-force attacks waste significant time testing unrealistic letter combinations. By analyzing word structures and separating vowels (aeiou) from non-vowels (bcdfghjklmnpqrstvwxyz), we can drastically reduce the keyspace required for effective cracking.
— 0xdiGi
Hashcat allows up to four custom charsets [read more here] (?1 to ?4). By strategically assigning:
?1 → Vowel-only charset (aeiou)
?2 → Non-vowel charset (bcdfghjklmnpqrstvwxyz)
A traditional brute-force attack against the full 95-character keyboard set (?a) on a high-end GPU (NVIDIA RTX 5090 running MD5 at ~230 GH/s with -w4 -O) scales brutally with length:
| Password length | Keyspace | Time to exhaust |
|---|---|---|
?a × 8 | 6.6 quadrillion | ~8 hours |
?a × 9 | 630 quadrillion | ~31 days |
?a × 13 | 51 septillion | ~7 million years |
Each extra character multiplies the work by 95×, so once you pass 10 or 11 characters, naive brute force stops being a strategy and becomes science fiction.
Enter vowelfreq. English words aren't random — they follow predictable vowel/non-vowel patterns. A typical 13-letter word has around 5 vowels and 8 non-vowels arranged in one of a handful of common shapes. Using Hashcat custom charsets (?1 = 5 vowels, ?2 = 21 non-vowels), a single high-probability 13-letter pattern has a keyspace of only ~118 trillion — finishing in about 8–9 minutes on the same GPU.
The payoff: a 13-character password that would take brute force ~7 million years to exhaust can be cracked in under 10 minutes with the right vowel/non-vowel pattern. That's roughly 435 billion× faster, or a 99.9999999998% reduction in work.
Of course, this only finds passwords that actually follow the pattern — but since the vast majority of user-chosen passwords are derived from dictionary words, vowelfreq shifts 13-character territory from "unreachable" to "lunch break."
While running a character analysis from the rockyou.txt wordlist, I discovered the following charset is based on the most common characters to the least common characters:
ae10i2onrls938t45m67cdyhubkgpjvfwzAxEILORNSM.TCD_BqHYK!U-PG*J@FVWZ/#$X,\+&=)?Q(';"<]%~:[^`>
Analyzing 402,056 dictionary words
How to read this table: of the 51,960 7-letter words in the dictionary, the most common vowel count is 3, appearing in 48.79% of them. That means a 7-letter word is statistically more likely to contain 3 vowels than any other count — useful when prioritizing patterns for a cracking run.
|
# of Vowels ↓ Word Length → |
3 characters | 4 characters | 5 characters | 6 characters | 7 characters | 8 characters | 9 characters | 10 characters | 11 characters | 12 characters | 13 characters | 14 characters | 15 characters |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | 63.03% | 47.86% | 25.57% | 7.00% | 1.84% | 0.48% | 0.14% | 0.05% | 0.01% | 0.01% | — | — | — |
| 2 | 19.38% | 47.65% | 60.72% | 54.45% | 37.70% | 20.15% | 8.45% | 3.25% | 1.04% | 0.29% | 0.06% | 0.03% | — |
| 3 | 0.28% | 2.55% | 13.03% | 35.19% | 48.79% | 50.82% | 41.74% | 26.10% | 14.25% | 6.86% | 2.63% | 0.93% | 0.39% |
| 4 | — | 0.01% | 0.34% | 3.20% | 11.25% | 26.32% | 41.29% | 47.82% | 42.47% | 30.93% | 18.85% | 10.11% | 5.12% |
| 5 | — | — | — | 0.02% | 0.39% | 2.16% | 7.98% | 20.81% | 35.46% | 43.34% | 42.74% | 35.62% | 24.29% |
| 6 | — | — | — | 0.00% | 0.00% | 0.06% | 0.40% | 1.89% | 6.36% | 16.89% | 30.22% | 38.82% | 43.00% |
| 7 | — | — | — | — | — | — | 0.00% | 0.07% | 0.40% | 1.59% | 5.16% | 13.15% | 23.02% |
| Total Words → | 2126 | 7183 | 15918 | 39610 | 51960 | 59720 | 58796 | 49766 | 40242 | 30802 | 21964 | 14793 | 9176 |