LinuxCommandLibrary

john

Crack passwords using dictionary or brute-force attacks

TLDR

Crack password hashes

$ john [path/to/hashes.txt]
copy

Show passwords cracked
$ john --show [path/to/hashes.txt]
copy

Display users' cracked passwords by user identifier from multiple files
$ john --show --users=[user_ids] [path/to/hashes1.txt path/to/hashes2.txt ...]
copy

Crack password hashes, using a custom wordlist
$ john --wordlist=[path/to/wordlist.txt] [path/to/hashes.txt]
copy

List available hash formats
$ john --list=formats
copy

Crack password hashes, using a specific hash format
$ john --format=[md5crypt] [path/to/hashes.txt]
copy

Crack password hashes, enabling word mangling rules
$ john --rules [path/to/hashes.txt]
copy

Restore an interrupted cracking session from a state file, e.g. mycrack.rec
$ john --restore=[path/to/mycrack.rec]
copy

SYNOPSIS

john [OPTIONS] [PASSWORD-FILES]

PARAMETERS

-h, --help
    Print help summary.

--test
    Benchmark performance of hash formats.

--single
    Single crack mode using user info.

-w, --wordlist=FILE
    Load target wordlist from FILE.

--rules
    Enable wordlist rules for mutations.

--incremental[=MODE]
    Incremental brute-force mode.

--fork[=N]
    Fork into N processes (default 2).

-form, --format=NAME
    Force hash format NAME.

--session=NAME
    Set session name for restore.

--restore[=NAME]
    Restore interrupted session.

--status[=[NAME]]
    Print status of session.

--show[=NAME]
    Show cracked passwords.

--pot=FILE
    Use custom pot file for results.

--config=FILE
    Use alternate config file.

DESCRIPTION

John the Ripper is a powerful, open-source password recovery utility designed for cracking passwords from various hash formats. It supports hundreds of hash types including traditional Unix crypt, DES-based hashes, MD5, SHA, Kerberos, and Windows LM/NTLM.

John operates in multiple modes: single crack (uses login/password info), wordlist (dictionary attacks with optional rules for mutations), incremental (brute-force with character sets), and hybrid combinations. It auto-detects formats or allows manual specification.

Primarily used for security auditing, penetration testing, and recovering lost passwords on authorized systems. Features include session management for resuming sessions, performance testing (--test), and status monitoring. It's highly optimized, supports GPU acceleration via community ports like Johnny, and scales with forking across CPUs. Output goes to ~/.john/john.pot for tracking cracked hashes.

Requires compilation for full features; pre-built in Kali Linux and similar distros.

CAVEATS

Intended for authorized security testing only; illegal for unauthorized access. Extremely CPU-intensive; may require custom compilation for optimal performance. Check legality in your jurisdiction.
Output sensitive data logged to ~/.john/john.pot.

CRACK MODES

Modes include single (fast guesses), wordlist (dictionary), incremental (exhaustive), and external (custom scripts).
Use --list=modes to enumerate.

SUPPORTED FORMATS

Over 100 formats; list with --list=formats. Common: des, md5crypt, sha512crypt, NT, dynamic.
Auto-detects most Unix/Linux hashes.

POT FILE

Cracked hashes stored in john.pot to avoid re-cracking. Use --show to display results with plaintext.

HISTORY

Created in 1996 by Solar Designer for the Openwall Project as a non-proprietary alternative to commercial crackers. Evolved through community contributions; Jumbo version adds modern formats and GPU support. Actively maintained with releases focusing on speed and new hashes.

SEE ALSO

hashcat(1), hydra(1), crack(1), openssl(1)

Copied to clipboard