John the Ripper Usage Cheat Sheet: A Quick Guide

John the Ripper (often referred to as JtR) is a renowned password-cracking tool that cybersecurity professionals frequently employ. If you’re diving into the world of password security, this swift guide will serve as your essential cheat sheet for John the Ripper’s basic and advanced usage. Whether you’re a seasoned pro or just getting started, keeping this reference close will streamline your operations.
This cheat sheet is designed to be a handy reference for all John the Ripper users.

Core Commands:

  1. help menu:
    You can use the help menu to see all the usage options you need:
    $ john --help
    John the Ripper 1.9.0-jumbo-1+bleeding-aec1328d6c 2021-11-02 10:45:52 +0100 OMP [linux-gnu 64-bit x86_64 AVX2 AC]
    Copyright (c) 1996-2021 by Solar Designer and others
    Usage: john [OPTIONS] [PASSWORD-FILES]
    --help                     Print usage summary
    --single[=SECTION[,..]]    "Single crack" mode, using default or named rules
    --single=:rule[,..]        Same, using "immediate" rule(s)
    --single-seed=WORD[,WORD]  Add static seed word(s) for all salts in single mode
    --single-wordlist=FILE     *Short* wordlist with static seed words/morphemes
    --single-user-seed=FILE    Wordlist with seeds per username (user:password[s]
    --single-pair-max=N        Override max. number of word pairs generated (6)
    --no-single-pair           Disable single word pair generation
    --[no-]single-retest-guess Override config for SingleRetestGuess
    --wordlist[=FILE] --stdin  Wordlist mode, read words from FILE or stdin
                      --pipe   like --stdin, but bulk reads, and allows rules
    --rules[=SECTION[,..]]     Enable word mangling rules (for wordlist or PRINCE
                               modes), using default or named rules
    --rules=:rule[;..]]        Same, using "immediate" rule(s)
    --rules-stack=SECTION[,..] Stacked rules, applied after regular rules or to
                               modes that otherwise don't support rules
    --rules-stack=:rule[;..]   Same, using "immediate" rule(s)
    --rules-skip-nop           Skip any NOP ":" rules (you already ran w/o rules)
    --loopback[=FILE]          Like --wordlist, but extract words from a .pot file
    --mem-file-size=SIZE       Size threshold for wordlist preload (default 2048 MB)
    --dupe-suppression         Suppress all dupes in wordlist (and force preload)
    --incremental[=MODE]       "Incremental" mode [using section MODE]
    --incremental-charcount=N  Override CharCount for incremental mode
    --external=MODE            External mode or word filter
    --mask[=MASK]              Mask mode using MASK (or default from john.conf)
    --markov[=OPTIONS]         "Markov" mode (see doc/MARKOV)
    --mkv-stats=FILE           "Markov" stats file
    --prince[=FILE]            PRINCE mode, read words from FILE
    --prince-loopback[=FILE]   Fetch words from a .pot file
    --prince-elem-cnt-min=N    Minimum number of elements per chain (1)
    --prince-elem-cnt-max=[-]N Maximum number of elements per chain (negative N is
                               relative to word length) (8)
    --prince-skip=N            Initial skip
    --prince-limit=N           Limit number of candidates generated
    --prince-wl-dist-len       Calculate length distribution from wordlist
    --prince-wl-max=N          Load only N words from input wordlist
    --prince-case-permute      Permute case of first letter
    --prince-mmap              Memory-map infile (not available with case permute)
    --prince-keyspace          Just show total keyspace that would be produced
                               (disregarding skip and limit)
    --subsets[=CHARSET]        "Subsets" mode (see doc/SUBSETS)
    --subsets-required=N       The N first characters of "subsets" charset are
                               the "required set"
    --subsets-min-diff=N       Minimum unique characters in subset
    --subsets-max-diff=[-]N    Maximum unique characters in subset (negative N is
                               relative to word length)
    --subsets-prefer-short     Prefer shorter candidates over smaller subsets
    --subsets-prefer-small     Prefer smaller subsets over shorter candidates
    --make-charset=FILE        Make a charset, FILE will be overwritten
    --stdout[=LENGTH]          Just output candidate passwords [cut at LENGTH]
    --session=NAME             Give a new session the NAME
    --status[=NAME]            Print status of a session [called NAME]
    --restore[=NAME]           Restore an interrupted session [called NAME]
    --[no-]crack-status        Emit a status line whenever a password is cracked
    --progress-every=N         Emit a status line every N seconds
    --show[=left]              Show cracked passwords [if =left, then uncracked]
    --show=formats             Show information about hashes in a file (JSON)
    --show=invalid             Show lines that are not valid for selected format(s)
    --test[=TIME]              Run tests and benchmarks for TIME seconds each
                               (if TIME is explicitly 0, test w/o benchmark)
    --stress-test[=TIME]       Loop self tests forever
    --test-full=LEVEL          Run more thorough self-tests
    --no-mask                  Used with --test for alternate benchmark w/o mask
    --skip-self-tests          Skip self tests
    --users=[-]LOGIN|UID[,..]  [Do not] load this (these) user(s) only
    --groups=[-]GID[,..]       Load users [not] of this (these) group(s) only
    --shells=[-]SHELL[,..]     Load users with[out] this (these) shell(s) only
    --salts=[-]COUNT[:MAX]     Load salts with[out] COUNT [to MAX] hashes, or
    --salts=#M[-N]             Load M [to N] most populated salts
    --costs=[-]C[:M][,...]     Load salts with[out] cost value Cn [to Mn]. For
                               tunable cost parameters, see doc/OPTIONS
    --fork=N                   Fork N processes
    --node=MIN[-MAX]/TOTAL     This node's number range out of TOTAL count
    --save-memory=LEVEL        Enable memory saving, at LEVEL 1..3
    --log-stderr               Log to screen instead of file
    --verbosity=N              Change verbosity (1-5 or 6 for debug, default 3)
    --no-log                   Disables creation and writing to john.log file
    --bare-always-valid=Y      Treat bare hashes as valid (Y/N)
    --catch-up=NAME            Catch up with existing (paused) session NAME
    --config=FILE              Use FILE instead of john.conf or john.ini
    --encoding=NAME            Input encoding (eg. UTF-8, ISO-8859-1). See also
    --input-encoding=NAME      Input encoding (alias for --encoding)
    --internal-codepage=NAME   Codepage used in rules/masks (see doc/ENCODINGS)
    --target-encoding=NAME     Output encoding (used by format)
    --force-tty                Set up terminal for reading keystrokes even if we're
                               not the foreground process
    --field-separator-char=C   Use 'C' instead of the ':' in input and pot files
    --[no-]keep-guessing       Try finding plaintext collisions
    --list=WHAT                List capabilities, see --list=help or doc/OPTIONS
    --length=N                 Shortcut for --min-len=N --max-len=N
    --min-length=N             Request a minimum candidate length in bytes
    --max-length=N             Request a maximum candidate length in bytes
    --max-candidates=[-]N      Gracefully exit after this many candidates tried.
                               (if negative, reset count on each crack)
    --max-run-time=[-]N        Gracefully exit after this many seconds (if negative,
                               reset timer on each crack)
    --mkpc=N                   Request a lower max. keys per crypt
    --no-loader-dupecheck      Disable the dupe checking when loading hashes
    --pot=NAME                 Pot file to use
    --regen-lost-salts=N       Brute force unknown salts (see doc/OPTIONS)
    --reject-printable         Reject printable binaries
    --tune=HOW                 Tuning options (auto/report/N)
    --subformat=FORMAT         Pick a benchmark format for --format=crypt
    --format=[NAME|CLASS][,..] Force hash of type NAME. The supported formats can
                               be seen with --list=formats and --list=subformats.
                               See also doc/OPTIONS for more advanced selection of
                               format(s), including using classes and wildcards.
  1. Cracking with a Wordlist:
    Deploy a designated password list to break the hashes stored in a hash file:
   john --wordlist=<wordlist.txt> <hashfile>
  1. Cracking Using Special Characters with a Wordlist:
    Leverage special rules to augment your password list-driven cracking attempts:
   john --wordlist=<wordlist.txt> --rules <hashfile>
  1. Auto-Selecting a Wordlist:
    Let John decide the optimal wordlist for your cracking task:
   john --incremental <hashfile>
  1. Cracking a Specific Password Type:
    Target a distinct password format for a more focused cracking attempt:
   john --format=<format> <hashfile>
  1. Visualizing Cracked Passwords:
    Review the passwords you’ve successfully cracked:
   john --show <hashfile>

Advanced Commands:

  1. Halting a Cracking Process:
    Need to stop a running password-cracking process? Here’s how:
   john --abort
  1. Retrieving Version Information:
    Stay updated with your John the Ripper version:
   john --version
  1. Accessing Help and Documentation:
    Dive deeper into the full array of commands and options:
   john --help
  1. Monitoring the Cracking Process (Hashcat-style):
    Keep a record of cracked passwords and their corresponding hashes:
   john --pot=<potfile>
  1. Cracking Using John’s Rules and a Wordlist:
    Incorporate John’s rules sourced from a specific file for a comprehensive attempt:
john --wordlist=<wordlist.txt> --rules=<rules.conf> <hashfile>
  1. Adjusting Workload:
    Turbocharge your password-cracking performance by designating a number of processes:
john --fork=<number_of_processes> <hashfile>
  1. Accelerating the Cracking Process:
    Specify a core count to maximize utilization and speed up cracking:
john --cores=<number_of_cores> <hashfile>

Quick Notes:

  • <wordlist.txt>: Filename of the chosen password list.
  • <hashfile>: Filename of the hash file containing target passwords.
  • <format>: Defines the desired password format for cracking.
  • <rules.conf>: Filename of the file containing John’s specific rules.
  • <potfile>: File that stores cracked passwords alongside their hashes.
  • <number_of_processes>: Number of processes designated for the cracking task.
  • <number_of_cores>: Number of CPU cores to employ.

Sample Uses:

  • Cracking using a wordlist:
  john --wordlist=wordlist.txt hashes.txt
  • Cracking with rules and a wordlist:
  john --wordlist=wordlist.txt --rules=rules.conf hashes.txt
  • Specifying a password format:
  john --format=md5crypt hashes.txt
  • Using John’s rules and storing the result in a pot file:
  john --wordlist=wordlist.txt --rules=rules.conf --pot=potfile.txt hashes.txt

This cheat sheet is designed to be a handy reference for all John the Ripper users. Remember, ethical considerations and legal implications surround the use of such tools. Always ensure you’re operating within the boundaries of the law and have proper permissions when cracking passwords.

Leave a Comment

Join our Mailing list!

Get all latest news, exclusive deals and academy updates.