Skip to content

John the Ripper Setup

Linux (Debian/Ubuntu)

Quick install (limited features)

sudo apt install john

sudo apt install git build-essential libssl-dev zlib1g-dev libgmp-dev libbz2-dev
git clone https://github.com/openwall/john.git
cd john/src
./configure && make clean && make -j2
echo 'export PATH="$HOME/john/run:$PATH"' >> ~/.bashrc
source ~/.bashrc

macOS

brew install john

Windows

Download: https://www.openwall.com/john/ Extract and run from john-XXX\run\john.exe

Wordlists

rockyou.txt (14M passwords)

curl -L -o ~/rockyou.txt https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt

SecLists (comprehensive)

git clone https://github.com/danielmiessler/SecLists.git ~/SecLists

Other sources

  • https://github.com/berzerk0/Probable-Wordlists
  • https://weakpass.com/wordlist
  • https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm

Usage

Extract hash

zip2john file.zip > hash.txt

Crack with wordlist

john --wordlist=~/rockyou.txt hash.txt

Specify format if needed

john --format=raw-MD5 --wordlist=~/rockyou.txt hash.txt

Show cracked password

john --show hash.txt

Common hash formats

  • MD5: --format=raw-MD5
  • SHA256: --format=raw-SHA256
  • ZIP: auto-detected from zip2john output
  • PDF: auto-detected from pdf2john output