John the ripper

zip2john protected.zip > hash.txt john hash.txt

Alternatives: - Hashcat - GPU-accelerated, faster for supported hash types - Hydra - for online attacks (SSH, FTP, HTTP) - fcrackzip - specifically for zip files

Why JTR is popular: - Pre-installed on Kali/Parrot - Old (1996), proven, massive community - Handles many hash types - CPU-based (works anywhere) - Good documentation/tutorials

JTR structure: Multiple tools in one suite: - john - main cracker - zip2john - extract zip hash - ssh2john - SSH keys - pdf2john - PDF files - rar2john - RAR archives - Many others (*2john scripts)

Hashcat vs JTR: - Hashcat - GPU, faster, modern - JTR - CPU, older, more compatible

---

sudo apt install git build-essential libssl-dev zlib1g-dev git clone https://github.com/openwall/john.git cd john/src ./configure && make -s clean && make -sj4 cd ../run ./zip2john

Binary at: ~/john/run/zip2john

Option 3 - Alternative tool: sudo apt install fcrackzip fcrackzip -D -p /usr/share/wordlists/rockyou.txt -u file.zip

Compiling from source gets you full JTR jumbo with all *2john scripts.

---

zip2john file.zip > hash.txt john hash.txt

With wordlist: john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

Show cracked password: john --show hash.txt