explaingit

openwall/john

13,132CAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

TLDR

John the Ripper is an offline password-auditing tool that recovers original passwords from stored hashes, supporting hundreds of formats including Windows NTLM, ZIP, RAR, PDF, and Unix crypt.

Mindmap

mindmap
  root((repo))
    What it does
      Hash cracking
      Password auditing
      Session resume
    Hash Formats
      Unix crypt
      Windows NTLM
      ZIP and RAR
      PDF and disk images
    Attack Modes
      Wordlist
      Wordlist plus rules
      Brute force
    Platforms
      Linux
      macOS
      Windows
      GPU support
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Audit password strength by running John against a database password dump from a penetration test

USE CASE 2

Extract hashes from encrypted ZIP or PDF files using companion tools like zip2john, then crack them

USE CASE 3

Run a wordlist plus mangling rules attack to test whether users are choosing weak or predictable passwords

Tech stack

COpenCLCUDA

Getting it running

Difficulty · moderate Time to first run · 30min

Requires compiling from source on Linux/macOS, GPU acceleration needs OpenCL or CUDA drivers installed separately.

Free to use and modify, but any software you distribute that includes this code must also be released under the GPL version 2.

In plain English

John the Ripper is an offline password auditing tool used to test how strong passwords are by attempting to recover the original password from its stored hash. A hash is the scrambled, one-way representation of a password that most systems store instead of the password itself. When a security team has a file of these hashes (from a database backup or penetration test), John tries combinations from wordlists and other methods to figure out what the original passwords were. This version (called the "jumbo" community edition) supports hundreds of hash and cipher formats: Unix crypt types, Windows NTLM and LM hashes, various web application hash formats like MD5 and SHA-256 used raw, SQL and LDAP server hashes, and encrypted file containers such as ZIP, RAR, PDF, and macOS disk images. To crack one of those file types, a companion tool (for example zip2john or pdf2john) first extracts the hash from the file, and then you feed that output into John. Cracking can run in several modes: using a wordlist (a file of common passwords), a wordlist plus mangling rules that generate variations, or a brute-force pattern that tries all combinations within defined limits. Sessions can be paused and resumed, and the tool saves found passwords to a file called john.pot so you can see results and avoid re-processing already-cracked hashes. The software runs on Linux, macOS, Windows, and several other platforms. It can distribute work across multiple CPU cores and also supports GPU acceleration for formats that benefit from it. There is a separate graphical interface called Johnny for users who prefer not to use the command line. The project is licensed under the GNU GPL version 2 and is developed on GitHub through pull requests.

Copy-paste prompts

Prompt 1
Show me step-by-step how to use john with the rockyou.txt wordlist to crack an /etc/shadow file from a Linux system
Prompt 2
How do I use zip2john and john together to recover the password from a protected ZIP archive?
Prompt 3
Write a shell script that runs john against a list of NTLM hashes and saves any cracked passwords to a results file
Prompt 4
What John the Ripper mangling rules should I enable to test a password policy requiring mixed case, numbers, and symbols?
Open on GitHub → Explain another repo

← openwall on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.