John the Ripper – Fast Password Cracker

Last Release: 11/14/2019    

John the Ripper – Fast Password Cracker


John the Ripper (JTR) is a widely known and verified fast password cracker, available for Windows, DOS, BeOS, and OpenVMS and many flavours of Linux.  It uses wordlists/dictionary to crack  many different types of hashes including MD5, SHA, etc.

John the Ripper: Fast Password Cracker

This password cracking tool is free and Open Source,  initially developed for the Unix operating system. But today it runs on fifteen different platforms.  Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, and a lot of other hashes and ciphers in the community-enhanced version.

For those who rather use commercial version, John the Ripper is available for following platforms:

John the Ripper offers two types of attacks:

  • Dictionary: It takes text string samples from wordlist, which contains dictionary of real passwords that are cracked before,  encrypting it in the same format as the password being examined (encryption algorithm/key), and comparing the output to the encrypted string. John can also perform word alterations.
  • Brute force: It goes through all the possible plaintexts, hashing each one and then comparing it to the input hash. This method takes a long time to run, but it’s precious for cracking password that doesn’t appear in wordlist dictionary.


  • Feature-rich and fast password cracking tool, with several cracking modes.
  • It allows you to define a custom cracking mode using the built-in compiler supporting a subset of C.
  • You can use same cracker everywhere, since John is available for different platforms, with possibility to continue a cracking session started on another platform.
  • This tool supports a lot of Unix crypt(3) hash types:
    • traditional DES-based,"bigcrypt",BSDI extended DES-based,FreeBSD MD5-based,OpenBSD Blowfish-based,Kerberos/AFS and Windows LM (DES-based),DES-based tripcodes.
  • On Linux distributions with glibc 2.7+, John 1.7.6+ supports SHA-crypt hashes, with optional OpenMP parallelization (requires GCC 4.2+).
  • On recent versions of Solaris, John 1.7.6+ supports and autodetects SHA-crypt and SunMD5 hashes, also with optional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio).
  • John the Ripper Pro adds support for Windows NTLM (MD4-based) and Mac OS X 10.4+ salted SHA-1 hashes.
  • “Community enhanced” -jumbo versions add support for many more password hash types:
    • Windows NTLM (MD4-based), Mac OS X 10.4-10.6 salted SHA-1 hashes, Mac OS X 10.7 salted SHA-512 hashes, raw MD5 and SHA-1, arbitrary MD5-based “web application” password hash types, hashes used by SQL database servers (MySQL, MS SQL, Oracle) and by some LDAP servers, several hash types used on OpenVMS, password hashes of the Eggdrop IRC bot, and lots of other hash types, as well as many non-hashes such as OpenSSH private keys, S/Key skeykeys files, Kerberos TGTs, PDF files, ZIP (classic PKZIP and WinZip/AES) and RAR archives.
  • John the Ripper has its own highly optimized modules for different hash types and processor architectures.

John the Ripper’s Cracking Modes:

  1. Wordlist mode
  2. Single crack mode
  3. Incremental mode
  4. External mode


Debian-based systems/Ubuntu

Clone it from the Github repository:

$ cd ~/src
$ git clone git:// -b bleeding-jumbo john

Then build:

$ cd ~/src/john/src
$ ./configure && make -s clean && make -sj4

To test your build, run:

$ ../run/john --test


Windows users can find detailed documentation on the official John the Ripper Wiki page.


To run John, firstly supply it with some password files and if you wish, specify a cracking mode:

$ john passwd

If you want to restrict it to the wordlist mode only (permitting the use of word mangling rules):

$ john --wordlist=password.lst --rules passwd

To retrieve the cracked passwords, run:

$ john --show passwd

Interrupted session can be continued with the following:

$ john --restore


Usage (1.8.0): john [OPTIONS] [PASSWORD-FILES]
--single[=(SECTION[,S2,..,Sn]|:rule)] "single crack" mode
--wordlist[=FILE] --stdin  wordlist mode, read words from FILE or stdin
                  --pipe   like --stdin, but bulk reads, and allows rules
--loopback[=FILE]          like --wordlist, but extract words from a .pot file
--dupe-suppression         suppress all dupes in wordlist (and force preload)
--prince[=FILE]            PRINCE mode, read words from FILE
--encoding=NAME            input encoding (eg. UTF-8, ISO-8859-1). See also
                           doc/ENCODINGS and --list=hidden-options.
--rules[=(SECTION[,S2,..,Sn]|:rule)]  enable word mangling rules for
                           wordlist or PRINCE modes
--incremental[=MODE]       "incremental" mode [using section MODE]
--mask[=MASK]              mask mode using MASK (or default from john.conf)                                                                                                                                                                                
--markov[=OPTIONS]         "Markov" mode (see doc/MARKOV)                                                                                                                                                                                                  
--external=MODE            external mode or word filter                                                                                                                                                                                                    
--subsets[=CHARSET]        "subsets" mode (see doc/SUBSETS)                                                                                                                                                                                                
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]                                                                                                                                                                                 
--restore[=NAME]           restore an interrupted session [called NAME]                                                                                                                                                                                    
--session=NAME             give a new session the NAME                                                                                                                                                                                                     
--status[=NAME]            print status of a session [called NAME]                                                                                                                                                                                         
--make-charset=FILE        make a charset file. It will be overwritten                                                                                                                                                                                     
--show[=left]              show cracked passwords [if =left, then uncracked]                                                                                                                                                                               
--test[=TIME]              run tests and benchmarks for TIME seconds each                                                                                                                                                                                  
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only                                                                                                                                                                                         
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only                                                                                                                                                                                  
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only                                                                                                                                                                                 
--salts=[-]COUNT[:MAX]     load salts with[out] COUNT [to MAX] hashes                                                                                                                                                                                      
--costs=[-]C[:M][,...]     load salts with[out] cost value Cn [to Mn]. For                                                                                                                                                                                 
                           tunable cost parameters, see doc/OPTIONS                                                                                                                                                                                        
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3                                                                                                                                                                                             
--node=MIN[-MAX]/TOTAL     this node's number range out of TOTAL count
--fork=N                   fork N processes
--pot=NAME                 pot file to use
--list=WHAT                list capabilities, see --list=help or doc/OPTIONS
--devices=N[,..]           set OpenCL device(s) (see --list=opencl-devices)
--format=NAME              force hash of type NAME. The supported formats can
                           be seen with --list=formats and --list=subformats
Documentation Box
Download Box