john

Overview

John the Ripper cracks password hashes offline. Modes: single crack (GECOS/username-based), wordlist, and incremental. `--format` selects hash type (raw-md5, bcrypt, descrypt, krb5tgs).

Use `unshadow` to combine /etc/passwd and /etc/shadow for Linux hash cracking. `--wordlist` with `--rules=Jumbo` applies extensive mangling.

Primary use cases

• Cracking /etc/shadow from compromised Linux hosts
• Fast checks against leaked hash formats
• Krb5tgs cracking after Kerberoasting

Key commands

john --wordlist=rockyou.txt --rules hashfile.txt

john --show hashfile.txt

Related tools

• Hashcat — GPU password recovery. Rule and mask attacks across hundreds of hash formats.
• hydra — Parallelized network login cracker. Supports dozens of protocols and brute-force modes.