# John the Ripper — Advanced Offline Password Security Auditor > A fast offline password cracker supporting hundreds of hash types, used by security professionals to audit password strength and test credential policies. ## Install Save in your project root: # John the Ripper — Advanced Offline Password Security Auditor ## Quick Use ```bash # Install on Debian/Ubuntu sudo apt install john # Or build from source (jumbo version) git clone https://github.com/openwall/john cd john/src && ./configure && make -s clean && make -sj4 # Crack password hashes john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt # Show cracked passwords john --show hashes.txt ``` ## Introduction John the Ripper is a password security auditing tool designed to detect weak passwords by testing hashed credentials against wordlists, rules, and brute-force patterns. The community-enhanced jumbo version supports over 300 hash and cipher types, making it an essential tool for penetration testers and system administrators auditing password policies. ## What John the Ripper Does - Cracks password hashes using dictionary, rule-based, and incremental brute-force modes - Supports over 300 hash types including Unix crypt, NTLM, Kerberos, and application-specific formats - Automatically detects hash formats from input files - Distributes workload across multiple CPU cores and optional GPU acceleration via OpenCL - Extracts hashes from encrypted archives, documents, and disk images with companion tools ## Architecture Overview John is written in C with heavy use of SIMD intrinsics (SSE2, AVX2, AVX-512) for high-throughput hash computation. The jumbo fork adds OpenCL GPU kernels for supported hash types. A rule engine transforms wordlist entries through character substitutions, appends, and mangling operations. Session management allows pausing and resuming long-running cracks. ## Self-Hosting & Configuration - Available in most Linux distribution repositories as the core or jumbo package - Builds from source with autoconf; GPU support requires OpenCL headers - Configuration lives in john.conf with sections for wordlist rules and cracking modes - Session files (.rec) allow resuming interrupted runs - Works on Linux, macOS, Windows, and various Unix-like systems ## Key Features - Automatic hash format detection from standard password file formats - Rule engine with over 100 built-in mangling rules for smart wordlist expansion - Incremental mode for exhaustive character-space brute-force - External mode for user-defined cracking algorithms written in C-like syntax - MPI and fork-based parallelism for distributed cracking across multiple machines ## Comparison with Similar Tools - **Hashcat** — GPU-focused cracker with broader GPU support; John excels at CPU-based cracking and format variety - **Hydra** — online brute-forcer against live services; John works offline against extracted hashes - **CrackStation** — online rainbow table lookup; John handles custom salted hashes that rainbow tables cannot - **Ophcrack** — Windows password cracker using rainbow tables; John supports far more hash types - **L0phtCrack** — commercial Windows password auditor; John is free and cross-platform ## FAQ **Q: What is the difference between John and Hashcat?** A: John excels at CPU-based cracking with broad format support and flexible rules. Hashcat is optimized for GPU-accelerated cracking. Many professionals use both. **Q: Can John crack encrypted ZIP or PDF files?** A: Yes. Companion tools like zip2john, pdf2john, and rar2john extract hashes from encrypted archives for cracking. **Q: Does it support GPU acceleration?** A: The jumbo version supports OpenCL for many hash types, enabling GPU acceleration on compatible hardware. **Q: Is it legal to use?** A: Password cracking tools are legal to use on systems you own or have explicit authorization to test. They are standard tools in authorized penetration testing. ## Sources - https://github.com/openwall/john - https://www.openwall.com/john/ --- Source: https://tokrepo.com/en/workflows/asset-bba35ac4 Author: AI Open Source