Developed by Openwall, John the Ripper (JtR) excels at cracking password hashes using dictionary, brute-force, and hybrid attacks. Its open-source nature, vast hash format support, and optimization options make it a top choice for password auditing in 2025.
Basic Usage and Setup
Command
Description
john
Start JtR with default settings
john –help
Display help and usage options
john –list=formats
List supported hash formats
john –format=<format>
Specify hash format (e.g., md5crypt)
john –wordlist=<file>
Use wordlist for dictionary attack
john –rules
Apply word mangling rules
john –incremental
Run brute-force attack (incremental mode)
john –mask=<mask>
Use mask for hybrid attacks
john –single
Use single crack mode for weak passwords
john –show
Show cracked passwords
john –restore
Restore interrupted session
john –status
Show session status
john –make-charset=<file>
Generate custom charset for brute-force
john –stdout
Output candidate passwords without cracking
john –session=<name>
Name cracking session
john –config=<file>
Specify custom configuration file
john –log-stderr
Log errors to stderr
john –pot=<file>
Specify custom pot file for cracked passwords
john –fork=<N>
Run N parallel processes
john –node=<N/M>
Distribute cracking across M nodes, this is node N
Advanced Cracking Techniques
Command
Description
john –format=raw-md5
Crack raw MD5 hashes
john –format=raw-sha1
Crack raw SHA-1 hashes
john –format=raw-sha256
Crack raw SHA-256 hashes
john –format=raw-sha512
Crack raw SHA-512 hashes
john –format=bcrypt
Crack bcrypt hashes
john –format=descrypt
Crack traditional DES crypt hashes
john –format=md5crypt
Crack MD5 crypt hashes
john –format=sha256crypt
Crack SHA-256 crypt hashes
john –format=sha512crypt
Crack SHA-512 crypt hashes
john –format=nt
Crack Windows NTLM hashes
john –format=lm
Crack Windows LM hashes
john –format=office
Crack Microsoft Office document hashes
john –format=pdf
Crack PDF document hashes
john –format=rar
Crack RAR archive passwords
john –format=zip
Crack ZIP archive passwords
john –format=ssh
Crack SSH private key passwords
john –format=krb5
Crack Kerberos 5 tickets
john –format=pgpdisk
Crack PGP disk images
john –format=blockchain
Crack Blockchain wallet passwords
john –format=keepass
Crack KeePass database passwords
Wordlist and Mask Attacks
Command
Description
john –wordlist=<file> –rules
Use wordlist with mangling rules
john –mask=?l?l?l?l
Brute-force 4 lowercase letters
john –mask=?d?d?d?d
Brute-force 4 digits
john –mask=?a?a?a?a
Brute-force 4 alphanumeric characters
john –mask=?l?u?d
Brute-force lowercase, uppercase, digits
john –mask=?l?l?l?l –min-length=6
Set minimum password length to 6
john –mask=?l?l?l?l –max-length=8
Set maximum password length to 8
john –wordlist=<file> –rules –loopback
Use cracked passwords as wordlist
john –wordlist=<file> –rules –stdout
Output mangled wordlist without cracking
john –mask=?l?l?l?l –external=filter_latin1
Use external filter for charset
Performance and Optimization
Command
Description
john –fork=4
Run 4 parallel processes
john –node=1/4
Run as node 1 of 4 in distributed setup
john –device=0
Use GPU device 0 for cracking
john –format=opencl
Use OpenCL for GPU acceleration
john –format=cuda
Use CUDA for GPU acceleration
john –mkpc=1000
Set max keys per crypt to 1000
john –salts=100
Crack hashes with at least 100 salts
john –costs=10:100
Set cost range for bcrypt (10 to 100)
john –tune=auto
Auto-tune performance settings
john –mem-limit=1024
Limit memory usage to 1024 MB
Session Management and Reporting
Command
Description
john –session=<name>
Name the cracking session
john –restore=<name>
Restore a named session
john –status=<name>
Show status of a named session
john –show
Show all cracked passwords
john –show –format=<format>
Show cracked passwords for specific format
john –show –users=<user>
Show cracked passwords for specific user
john –show –left
Show uncracked hashes
john –show –invalid
Show invalid hashes
john –make-log
Generate a log file for the session
john –progress-every=60
Show progress every 60 seconds
Custom Configuration and Extensions
Command
Description
john –config=<file>
Use a custom configuration file
john –external=<mode>
Use an external cracking mode
john –list=external-modes
List available external modes
john –subformat=<format>
Specify a subformat for certain hash types
john –field-separator-char=<char>
Set field separator character for input files
john –encoding=<encoding>
Set encoding for wordlists
john –input-encoding=<encoding>
Set encoding for input hashes
john –target-encoding=<encoding>
Set encoding for target passwords
john –rules=<section>
Use a specific rules section from config
john –incremental=<mode>
Use a specific incremental mode from config
Real-World Examples of Top 20 Commands
Crack Linux shadow file:
john --format=sha512crypt /etc/shadow
Targets SHA-512 hashed passwords in Linux shadow file.
Crack Windows NTLM hashes:
john --format=nt nt_hashes.txt
Cracks NTLM hashes from Windows system dump.
Use wordlist with rules:
john --wordlist=rockyou.txt --rules --format=raw-md5 hashes.txt
Applies mangling rules to rockyou.txt for MD5 hashes.
Brute-force with mask:
john --mask=?l?l?l?l?d?d --format=raw-sha1 hashes.txt
Tries 4 lowercase letters and 2 digits for SHA-1.
Crack ZIP archive password:
zip2john archive.zip > zip.hash john --format=zip zip.hash
Cracks ZIP archive password.
Crack PDF password:
pdf2john document.pdf > pdf.hash john --format=pdf pdf.hash
Cracks PDF document password.
Use single crack mode:
john --single --format=raw-md5 hashes.txt
Cracks weak passwords using username/GECOS data.
Show cracked passwords:
john --show hashes.txt
Displays cracked passwords from hashes.txt.
Restore interrupted session:
john --restore
Resumes last interrupted session.
Crack with GPU acceleration:
john --format=sha512crypt-opencl --device=0 /etc/shadow
Uses GPU for faster SHA-512 cracking.
Crack bcrypt hashes:
john --format=bcrypt hashes.txt
Targets bcrypt hashes.
Use custom charset:
john --make-charset=custom.chr john --incremental=custom --format=raw-md5 hashes.txt
Uses custom charset for MD5 brute-forcing.
Crack with multiple processes:
john --fork=4 --format=raw-sha256 hashes.txt
Runs 4 parallel processes for SHA-256 cracking.
Crack specific users:
john --users=root,admin --format=sha512crypt /etc/shadow
Cracks passwords for root and admin.
Use loopback mode:
john --wordlist=rockyou.txt --rules --loopback --format=raw-md5 hashes.txt
Reuses cracked passwords as wordlist for MD5.
Crack with mask and wordlist: bashCollapseUnwrapCopyjohn --wordlist=rockyou.txt --mask=?w?d?d --format=raw-sha1 hashes.txt
Appends two digits to wordlist entries for SHA-1.
Show progress every minute:
john --progress-every=60 --format=raw-md5 hashes.txt
Displays progress every 60 seconds.
Crack with external mode:
john --external=filter_latin1 --format=raw-md5 hashes.txt
Uses external filter for MD5 candidates.
Crack with specific encoding:
john --encoding=utf8 --format=raw-md5 hashes.txt
Uses UTF-8 encoding for wordlists.
Crack bcrypt with cost range:
john --costs=10:12 --format=bcrypt hashes.txt
Targets bcrypt hashes with cost factors 10 to 12.
Bonus Password Cracking Cheat Sheet
This guide covers essential tools to complement John the Ripper and supercharge your password cracking game. For each tool, you’ll get:
What it does: A clear description.
When to use it: Real-world scenarios where it shines.
How to use it: Practical example commands to get you started.
Let’s dive in.
1. Hashcat
What it does: A GPU-accelerated beast for cracking password hashes offline. It supports tons of hash types (MD5, SHA, bcrypt, etc.).
When to use it: You’ve got a file of hashes (e.g., from a compromised database) and a GPU to speed things up.
How to use it: bashCollapseUnwrapCopyhashcat -m 0 -a 0 hashes.txt wordlist.txt
-m 0: Targets MD5 hashes (check Hashcat’s hash type list for others).
-a 0: Runs a dictionary attack.
Uses wordlist.txt to crack hashes in hashes.txt.
Why it’s useful: GPUs make it insanely fast for cracking complex hashes like bcrypt.
2. Hydra
What it does: A speedy online cracker for brute-forcing network protocols (SSH, FTP, HTTP, etc.).
When to use it: You’re testing live systems for weak passwords or default credentials.
How to use it: bashCollapseUnwrapCopyhydra -l username -P wordlist.txt ssh://target_ip
-l username: Single username to test.
-P wordlist.txt: Password list to try.
Targets SSH on target_ip.
Why it’s useful: Perfect for real-time attacks, but watch out—online brute-forcing can trip alarms.
3. CeWL
What it does: Scrapes a website to build a custom wordlist based on its content.
When to use it: You’re targeting a specific organization or person and need a tailored wordlist (e.g., for password spraying).
How to use it: bashCollapseUnwrapCopycewl https://targetwebsite.com -w custom_wordlist.txt
Pulls words from https://targetwebsite.com and saves them to custom_wordlist.txt.
Why it’s useful: Creates wordlists that reflect a target’s language or culture—super effective for social engineering.
4. Crunch
What it does: Generates wordlists with custom patterns, lengths, and character sets.
When to use it: You know something about the password (e.g., it’s 6 digits or uses specific characters).
How to use it: bashCollapseUnwrapCopycrunch 6 6 -t @@@@@@ -o wordlist.txt
Why it’s useful: Trades prep time for near-instant cracking—perfect for repeated use.
Best Practices to Level Up
Start smart: Use a solid base wordlist (e.g., rockyou.txt) or build one with CeWL.
Mangle words: Add rules (like “password123” or “P@ssw0rd”) to catch common tweaks.
Mix tools: Generate with Crunch, refine with Pack, then crack with Hashcat.
Go GPU: For offline cracking, Hashcat with a GPU is your best friend.
Stay legal: Only crack passwords with explicit permission (e.g., pentesting gigs).
Tool Comparison Table
Tool
Type
Best For
Watch Out For
Hashcat
Offline Cracking
GPU speed, tons of hash types
Needs hashes to work
Hydra
Online Cracking
Live systems, network logins
Can get you blocked or flagged
CeWL
Wordlist Generator
Targeted attacks
Only as good as the site’s words
Crunch
Wordlist Generator
Custom patterns
Files can balloon in size
Pack
Wordlist Generator
Optimizing big lists
Needs a starting wordlist
Pwgen
Password Generator
Quick, strong passwords
Not a cracking tool
Aircrack-ng
Wi-Fi Cracking
Wi-Fi security testing
Needs the right Wi-Fi card
RainbowCrack
Offline Cracking
Fast with pre-made tables
Table generation takes time
Make It Work for You
Pick the right tool: Hashcat for offline hashes, Hydra for live logins, Aircrack-ng for Wi-Fi.
Know your target: Use CeWL for custom wordlists if you’ve got a specific victim in mind.
Brute-force smart: Lean on Crunch for patterns instead of blind guessing.
Stay sharp: Test these commands in a lab (like a VM or Kali Linux) to get comfy.
This isn’t just a cheat sheet—it’s your playbook for cracking passwords like a pro. Use it, tweak it, and keep it handy for your next security challenge.
Pro Tips for John the Ripper Masters
Test Safely: Use legal labs like Hack The Box.
Combine Tools: Pair with Hashcat or Hydra for broader attacks.
Stay Ethical: Authorized testing only.
Optimize Attacks: Start with –single, then –wordlist, then –incremental.
Verify Formats: Use –list=formats to confirm hash support.
Conclusion
John the Ripper’s 100 commands empower you to dominate password cracking in 2025. From basic attacks to advanced techniques, this guide equips you for any auditing challenge. Use it ethically, keep learning, and master the art of password security!
