You can do something like debug mode to show heshcat rule or mask that has worked for the hash?
For example:
Code:
554c6e5deae099ad8f637f2a646b9fe0:alone89inthedark | rule
9e5865b44ccbb7164db87b9534eff1f7:burbukay9396 | mask
Thank you.
You mean which mask matches a password? That's like impossible to answer, because there's too many. Do you want to know which rule cracked a password? Use debug mode.
My practice is to use a logging method that writes to a log file, for every attack, the rule file or mask pattern being run.
E.g., for a mask attack, one of the lines in my log file would be:
Mask: ?u?l?l?l?l?d?d?d?d ; Notation: Aaaaa9999 ; Example: Bacon7215
And I have a way of notating the "found" file any results.
Hashcat uses markov-chain optimizations. IOW, there's no Aaaaa9999 (or better said Zzzzz9999) as final word. If you just want the mask which was used to crack your hash, why don't you name the output file not like the mask, then you can do the join from an outer script without overlapping.