> For the complete documentation index, see [llms.txt](https://venator17.gitbook.io/bibliotheque/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://venator17.gitbook.io/bibliotheque/pentesting/password-attacks/john-the-ripper.md).

# John The Ripper

## <mark style="color:yellow;">ABOUT</mark>

<mark style="color:red;">**John the Ripper (JTR or john)**</mark> is an essential <mark style="color:purple;">**pentesting tool**</mark> used to check the strength of passwords and crack encrypted (or hashed) passwords using either brute force or dictionary attacks. It is open-source software initially developed for UNIX-based systems and first released in **1996.**

## <mark style="color:yellow;">Cracking Modes</mark>

### <mark style="color:blue;">**Single Crack Mode**</mark>

Is one of the most common John modes used when attempting to crack passwords using a single password list. It is a **brute-force** attack which use single password list, meaning all passwords on the list are tried, one by one, until the correct one is found.

```bash
$ john --format=sha256 hashes_to_crack.txt
```

### <mark style="color:blue;">**Wordlist Mode**</mark>&#x20;

Is used to crack passwords using multiple lists of words. It is a dictionary attack which means it will try all the words in the lists one by one until it finds the right one. It is almost same with **Single Crack Mode**, just uses custom wordlists.

```bash
$ john --wordlist=<wordlist_file> --rules <hash_file>
```

## <mark style="color:yellow;">**Incremental Mode**</mark>&#x20;

is an advanced **John** mode used to crack passwords using a character set. It is a **hybrid attack**, which means it will attempt to match the password by trying all possible combinations of characters from the character set.

```bash
$ john --incremental <hash_file>
```

## <mark style="color:yellow;">**Cracking Files**</mark>

```bash
$ locate *2john #locate tools to make file crackable
$ pdf2john server_doc.pdf > server_doc.hash
$ john server_doc.hash
$ john --wordlist=<wordlist.txt> server_doc.hash
```

## <mark style="color:yellow;">2JOHN</mark>

John sometimes can't crack files without proper formatting, and for this reason there are a lot of scripts to change format into **john-crackable** one.

```bash
locate *2john
```

After converting we could crack it with basic command:

<pre class="language-bash"><code class="lang-bash">ssh2john.py id_rsa > ssh.hash #changing file to crackable type
<strong>john --wordlist=rockyou.txt ssh.hash #cracking
</strong>john ssh.hash --show #show password if cracked succesfully
</code></pre>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://venator17.gitbook.io/bibliotheque/pentesting/password-attacks/john-the-ripper.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.