Ecosystem · Password cracking
John the Ripper
The original password cracker. Solar Designer (Alexander Peslyak) started John the Ripper in 1996 as a free Unix password cracker; it is still actively developed thirty years later. JtR’s claim to fame is breadth: it handles a wider variety of hash formats than any other single tool, and its “jumbo” community fork adds GPU support.
At a glance
| Author | Solar Designer (Alexander Peslyak) and contributors |
|---|---|
| License | GPL v2 / custom John license depending on component |
| Two distributions | Core ('john') and Jumbo ('john-jumbo') |
| Project | openwall.com/john |
| Repository | github.com/openwall/john |
| Formats | Hundreds, especially in ‘jumbo’ |
Cracking modes
- Single mode , mangles known user info (username, GECOS field) into candidate passwords. The first cheap pass.
- Wordlist mode, classic dictionary attack with optional ‘rules’ for mutation.
- Incremental mode , trigraph-aware brute force, weighted by realistic character distributions.
- External mode , user-defined custom rules in a small TCL-flavored language inside
john.conf. - Mask mode (jumbo) , same idea as Hashcat masks.
Format detection
John’s killer feature is --format=auto heuristic detection. Feed it any hash file it has seen the shape of and it can usually pick the right algorithm. For unknown shapes, list candidates with --list=formats.
Where it shines vs Hashcat
- Format breadth , arbitrary file formats (KeePass, ZIP / RAR / 7z, Office documents, PEM keys, KeePass, Bitcoin wallet) get
*2john.pyhelpers that produce the cracking-format hash. - Distributed cracking , node-based work splitting via
--node=N/T. - Long-running CPU sessions , SIGINT-saving and resuming via
.recfiles is mature. - Education , the canonical tool taught in introductory security classes.
The *2john.py helpers
John’s ecosystem includes dozens of conversion helpers that pull a hash out of a file format into JtR’s line-oriented hash format:
keepass2john, KDBX / KDB databaseszip2john,rar2john,7z2johnoffice2john, Microsoft Office password protectionssh2john, SSH private keysbitcoin2john, Bitcoin walletspdf2john, PDF password protectiontruecrypt2john,luks2john,bitlocker2john
Defensive use cases
- Audit Linux
/etc/shadowfor weak passwords. - Recover access to encrypted archives where the password was forgotten and you legitimately own the data.
- Validate that an archive’s password is strong enough for its sensitivity.
- Educational CTF-style exercises.