John the Ripper

This is the community-enhanced, "jumbo" version of John the Ripper.It has a lot of code, documentation, and data contributed by jumbodevelopers and the user community. It is easy for new code to be addedto jumbo, and the quality requirements are low, although lately we'vestarted subjecting all contributions to quite some automated testing.This means that you get a lot of functionality that is not necessarily"mature", which in turn means that bugs in this code are to be expected.

John the Ripper homepage is:

https://www.openwall.com/john/

If you have any comments on this release or on JtR in general, pleasejoin the john-users mailing list and post in there:

https://www.openwall.com/lists/john-users/

For contributions to John the Ripper jumbo, please use pull requests onGitHub:

https://github.com/openwall/john/blob/bleeding-jumbo/CONTRIBUTING.md

Included below is basic John the Ripper core documentation.

John the Ripper password cracker.

John the Ripper is a fast password cracker, currently available formany flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS (the latterrequires a contributed patch). Its primary purpose is to detect weakUnix passwords. Besides several crypt(3) password hash types mostcommonly found on various Unix flavors, supported out of the box areKerberos/AFS and Windows LM hashes, as well as DES-based tripcodes, plushundreds of additional hashes and ciphers in "-jumbo" versions.

How to install.

See INSTALL for information on installing John on your system.

How to use.

To run John, you need to supply it with some password files andoptionally specify a cracking mode, like this, using the default orderof modes and assuming that "passwd" is a copy of your password file:

john passwd

or, to restrict it to the wordlist mode only, but permitting the useof word mangling rules:

john --wordlist=password.lst --rules passwd

Cracked passwords will be printed to the terminal and saved in thefile called $JOHN/john.pot (in the documentation and in theconfiguration file for John, "$JOHN" refers to John's "homedirectory"; which directory it really is depends on how you installedJohn). The $JOHN/john.pot file is also used to not load passwordhashes that you already cracked when you run John the next time.

To retrieve the cracked passwords, run:

john --show passwd

While cracking, you can press any key for status, or 'q' or Ctrl-C toabort the session saving its state to a file ($JOHN/john.rec bydefault). If you press Ctrl-C for a second time before John had achance to complete handling of your first Ctrl-C, John will abortimmediately without saving. By default, the state is also saved every10 minutes to permit for recovery in case of a crash.

To continue an interrupted session, run:

john --restore

These are just the most essential things you can do with John. Fora complete list of command line options and for more complicated usageexamples you should refer to OPTIONS and EXAMPLES, respectively.

Please note that "binary" (pre-compiled) distributions of John mayinclude alternate executables instead of just "john". You may need tochoose the executable that fits your system best, e.g. "john-omp" totake advantage of multiple CPUs and/or CPU cores.

Features.

John the Ripper is designed to be both feature-rich and fast. Itcombines several cracking modes in one program and is fullyconfigurable for your particular needs (you can even define a customcracking mode using the built-in compiler supporting a subset of C).Also, John is available for several different platforms which enablesyou to use the same cracker everywhere (you can even continue acracking session which you started on another platform).

Out of the box, John supports (and autodetects) the following Unixcrypt(3) hash types: traditional DES-based, "bigcrypt", BSDI extendedDES-based, FreeBSD MD5-based (also used on Linux and in Cisco IOS), andOpenBSD Blowfish-based (now also used on some Linux distributions andsupported by recent versions of Solaris). Also supported out of the boxare Kerberos/AFS and Windows LM (DES-based) hashes, as well as DES-basedtripcodes.

When running on Linux distributions with glibc 2.7+, John 1.7.6+additionally supports (and autodetects) SHA-crypt hashes (which areactually used by recent versions of Fedora and Ubuntu), with optionalOpenMP parallelization (requires GCC 4.2+, needs to be explicitlyenabled at compile-time by uncommenting the proper OMPFLAGS line nearthe beginning of the Makefile).

Similarly, when running on recent versions of Solaris, John 1.7.6+supports and autodetects SHA-crypt and SunMD5 hashes, also withoptional OpenMP parallelization (requires GCC 4.2+ or recent Sun Studio,needs to be explicitly enabled at compile-time by uncommenting theproper OMPFLAGS line near the beginning of the Makefile and at runtimeby setting the OMP_NUM_THREADS environment variable to the desirednumber of threads).

"-jumbo" versions add support for hundreds of additional hash and ciphertypes, including fast built-in implementations of SHA-crypt and SunMD5,Windows NTLM (MD4-based) password hashes, various macOS and Mac OS Xuser password hashes, fast hashes such as raw MD5, SHA-1, SHA-256, andSHA-512 (which many "web applications" historically misuse forpasswords), various other "web application" password hashes, various SQLand LDAP server password hashes, and lots of other hash types, as wellas many non-hashes such as SSH private keys, S/Key skeykeys files,Kerberos TGTs, encrypted filesystems such as macOS .dmg files and"sparse bundles", encrypted archives such as ZIP (classic PKZIP andWinZip/AES), RAR, and 7z, encrypted document files such as PDF andMicrosoft Office's - and these are just some examples. To load some ofthese larger files for cracking, a corresponding bundled *2john programshould be used first, and then its output fed into JtR -jumbo.

Graphical User Interface (GUI).

There is an official GUI for John the Ripper: Johnny.

Despite the fact that Johnny is oriented onto JtR core, all basicfunctionality is supposed to work in all versions, including jumbo.

Johnny is a separate program, therefore you need to have John the Ripperinstalled in order to use it.

More information about Johnny and its releases is on the wiki:

https://openwall.info/wiki/john/johnny

Documentation.

The rest of documentation is located in separate files, listed here inthe recommended order of reading:

• INSTALL - installation instructions
• OPTIONS - command line options and additional utilities
• MODES - cracking modes: what they are
• CONFIG (*) - how to customize
• RULES (*) - wordlist rules syntax
• EXTERNAL (*) - defining an external mode
• EXAMPLES - usage examples - strongly recommended
• FAQ - guess
• CHANGES (*) - history of changes
• CONTACT (*) - how to contact the author or otherwise obtain support
• CREDITS (*) - credits
• LICENSE - copyrights and licensing terms
• COPYING - GNU GPL version 2, as referenced by LICENSE above

(*) most users can safely skip these.

There are a lot of additional documentation files in jumbo's "doc"directory, which you'll also want to explore.

Happy reading!