gzip is old. zstd (Zstandard) offers better compression and faster decompression. Install zstd and use it with Hashcat.
Compress:
zstd -o wordlist.zst wordlist.txt
Use with Hashcat:
zstd -dc wordlist.zst | hashcat -a 0 hash.txt
Benchmarks show zstd decompresses 3-5x faster than gzip on multi-core CPUs, meaning less GPU idle time.
Before diving into commands, let's understand the "why." A raw, plaintext wordlist is easy for Hashcat to process because it uses standard fread() operations. However, storage is finite. hashcat compressed wordlist
Compression ratios for plain text are extraordinary. A 15 GB text file often compresses down to 1.5 GB using gzip or 7z (LZMA). That means you can store 10x more wordlists on the same hard drive.
The problem: You cannot simply feed a .zip file to Hashcat. If you try hashcat -a 0 -m 1000 hash.txt mylist.zip, Hashcat will try to parse the raw binary zip header as a password—and fail instantly.
Hashcat includes built-in support for reading compressed wordlists directly without requiring manual decompression. The tool transparently handles three common formats:
To use a compressed wordlist, the syntax is identical to using an uncompressed one. For example: gzip is old
hashcat -m 0 -a 0 hash.txt rockyou.txt.gz
Hashcat internally pipes the decompressed output through zlib or similar libraries, feeding plaintext candidates to the GPU in a streaming fashion. The critical advantage is that the compressed file is often 5–10 times smaller than its raw form, drastically reducing load times and disk seek operations.
For professional password auditors, here is the ideal directory structure:
/opt/wordlists/
├── rockyou.txt.gz
├── SecLists/Passwords/xato-net-10-million-passwords-1000000.txt.xz
├── custom/
│ ├── breached_2024.zst
│ └── mutations.zst
└── scripts/
└── crack_with_compressed.sh
For gzip (.gz):
zcat wordlist.gz | hashcat -m <hash_type> -a 0 <hashfile>
For bzip2 (.bz2):
bzcat wordlist.bz2 | hashcat -m <hash_type> -a 0 <hashfile>
For xz (.xz):
xzcat wordlist.xz | hashcat -m <hash_type> -a 0 <hashfile>
When piping a wordlist, Hashcat cannot know the total number of lines because the stream is infinite (from its perspective). The progress bar will show 0/0 (N/A). You must use --stdout for dry runs or --status-timer to monitor velocity.
This paper examines using compressed wordlists with Hashcat to reduce storage and I/O overhead while maintaining effective password-cracking throughput. It covers compression formats, on-the-fly decompression strategies, integration methods with Hashcat, performance trade-offs, experimental benchmarks, and recommended practices for practitioners.
#!/bin/bash
# Usage: ./crack_compressed.sh hashfile.txt hashcat_mode
HASH=$1
MODE=$2
echo "[*] Cracking $HASH using compressed wordlists"