Hashcat on AWS GPU Instances with Ansible

Ronald Farrer
3 min readJul 31


Photo by Jerry Zhang on Unsplash


In today’s cybersecurity climate, the role of password cracking is paramount. Hashcat, an advanced password recovery utility, is one of the key tools in this process. However, running such demanding tools on a local machine can severely exhaust system resources. The solution lies in leveraging the power and scalability of cloud-based GPU instances, such as those provided by Amazon Web Services (AWS).

While managing these instances and automating Hashcat’s deployment may appear daunting, Ansible’s capabilities simplify these tasks considerably. Ansible is an open-source tool for software provisioning, configuration management, and application deployment. This post will guide you on deploying and executing Hashcat on AWS GPU instances using Ansible, with a playbook from github.com/foo/bar.git. Moreover, we’ll discuss how the playbook orchestrates input data retrieval from an S3 bucket, execution of Hashcat, and storing the results back to the same S3 bucket.

Setting Up Your Environment

Before beginning, ensure Ansible is installed on your control node, which could be your local machine or a central server. You also need an Amazon Web Services (AWS) account with the necessary permissions to create, manage EC2 GPU instances, and access an S3 bucket. Git, required to clone the Ansible playbook from the GitHub repository, should be installed as well.

On an Ubuntu-based system, you can install these prerequisites with:

sudo apt update
sudo apt install ansible git

Cloning the Ansible Playbook

Our Ansible playbook is hosted on GitHub. Clone the repository to your local system using:

git clone git@github.com:CanuteTheGreat/hashcat-cloud.git

Then, navigate into the cloned repository:

cd hashcat-cloud/aws

Edit Configs

You will need to rename env/hosts.example to env/hosts and group_vars/all.example to group_vars/all and then edit them with your specific information (see details in files.) You will also need to generate a keypair in your AWS account and save it to hashcat-cloud/aws/hashcat.pem

Deploying Hashcat with the Ansible Playbook

Our playbook is named hashcat.yml, and it contains all required tasks for deploying and executing Hashcat on an AWS GPU instance.

Deploy this playbook with the following command:

ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i env/hosts -e group_vars/all hashcat.yml

The -i option specifies the inventory file (hosts), which contains information about your AWS GPU instances where Hashcat should be deployed.

The hashcat.yml playbook is designed to handle several tasks, including:

  1. Updating the system packages of the GPU instances.
  2. Installing Hashcat dependencies.
  3. Downloading and installing Hashcat.
  4. Configuring Hashcat to harness the GPU of the EC2 instance.
  5. Retrieving input data from an S3 bucket.
  6. Executing Hashcat with the provided options.
  7. Storing the results back to the same S3 bucket.

Execution and Termination

The playbook ensures the seamless deployment and execution of Hashcat, including retrieving data from an S3 bucket and storing the results back into the same bucket upon completion. The playbook also automates the termination of the AWS GPU instance once the Hashcat operation ends. This ensures an efficient and cost-effective process by eliminating manual management of the AWS instance.

Important Warning: If something goes wrong before Hashcat execution starts, the playbook might not reach the termination step, and the AWS instance could continue running indefinitely. This could lead to excessive charges on your AWS account. In such a scenario, it is crucial to manually terminate the instance by running the ‘hashcat-destroy.yml’ playbook:

ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i env/hosts -e group_vars/all hashcat-destroy.yml

If you do not manually terminate the instance, it could keep running and rack up charges that could end up costing as much as a house!


The fusion of Ansible’s automation capabilities with the processing prowess of AWS GPU instances significantly streamlines the process of deploying and running Hashcat for password cracking. The use of Ansible enables you to avoid manual tasks, and AWS GPU instances provide the necessary computational power for optimal Hashcat operation. Integration with AWS S3 buckets further enhances the workflow’s efficiency.

It is crucial to remember the potential pitfalls, especially regarding instance termination, to prevent unintended costs. Moreover, as with any cybersecurity tool, always use Hashcat ethically and responsibly. Here’s to the power of ethical hacking done right!

I Love Coffee! https://ko-fi.com/canutethegreat