Cybersecurity Tools Cheat Sheets: Quick Reference Commands and Techniques

John the Ripper Cheat Sheet

38 enrolled
~185 min
08-01-2026
1 pt

Chapter Content

Deep dive into cybersecurity fundamentals

John the Ripper Cheat Sheet

Complete Password Cracking Reference

Wordlist attacks • Rules • Hash formats • Multiple platforms

📅 Updated: December 2024⏱️ 20 min read🔧 John 1.9.0+

What is John the Ripper?

John the Ripper is a free and open-source password cracking tool. Originally developed for Unix, it now runs on many platforms and supports hundreds of hash types. The "Jumbo" version adds even more formats and features.

John comes pre-installed on Kali Linux. Official site: openwall.com/john.

📦 Installation

Kali Linux

sudo apt install john

Jumbo Version (recommended)

git clone https://github.com/openwall/john
cd john/src && ./configure && make

macOS (Homebrew)

brew install john-jumbo

🎯 Basic Usage

# Crack with default settings (auto-detect format)
john hashes.txt

# Use wordlist
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

# Specify hash format
john --format=raw-md5 hashes.txt

# Show cracked passwords
john --show hashes.txt

# List supported formats
john --list=formats

# Check session status
john --status

# Restore interrupted session
john --restore

⚔️ Attack Modes

Mode Flag Description
Single --single Uses login names, GECOS, home dir names
Wordlist --wordlist=FILE Dictionary attack
Incremental --incremental Brute force all combinations
Mask --mask=MASK Pattern-based brute force
External --external=MODE Custom C-like functions 
# Single mode (fastest, uses usernames)
john --single hashes.txt

# Wordlist with rules
john --wordlist=rockyou.txt --rules hashes.txt

# Incremental (all lowercase, up to 8 chars)
john --incremental=Lower hashes.txt

# Mask mode
john --mask='?u?l?l?l?d?d?d?d' hashes.txt

🎭 Mask Mode Characters

Placeholder Character Set
?l Lowercase (a-z)
?u Uppercase (A-Z)
?d Digits (0-9)
?s Special characters
?a All printable ASCII
?h Hex lowercase (0-9, a-f)
?H Hex uppercase (0-9, A-F) 
# Password1 pattern
john --mask='?u?l?l?l?l?l?l?l?d' hashes.txt

# 8 digit PIN
john --mask='?d?d?d?d?d?d?d?d' hashes.txt

# Static prefix with variable suffix
john --mask='Company?d?d?d?d' hashes.txt

📋 Common Hash Formats

Format Description
raw-md5 Raw MD5
raw-sha1 Raw SHA1
raw-sha256 Raw SHA256
raw-sha512 Raw SHA512
sha512crypt Linux shadow file ($6$)
sha256crypt Linux shadow file ($5$)
md5crypt Linux/BSD MD5 crypt ($1$)
bcrypt Blowfish crypt ($2a$, $2b$, $2y$)
nt Windows NTLM
lm Windows LM
mscash2 MS Cache 2 (Domain Cached)
krb5tgs Kerberos TGS 
# List all formats
john --list=formats

# Search for format
john --list=formats | grep -i mysql

🔧 Hash Extraction Tools (*2john)

John includes many tools to extract hashes from various file types:

# Linux shadow file
unshadow /etc/passwd /etc/shadow > unshadowed.txt

# ZIP file
zip2john protected.zip > zip.hash

# RAR file
rar2john protected.rar > rar.hash

# 7z file
7z2john protected.7z > 7z.hash

# PDF file
pdf2john protected.pdf > pdf.hash

# Office documents
office2john document.docx > office.hash

# SSH private key
ssh2john id_rsa > ssh.hash

# KeePass database
keepass2john database.kdbx > keepass.hash

# GPG/PGP private key
gpg2john private.key > gpg.hash

# Kerberos tickets
kirbi2john ticket.kirbi > kirbi.hash

📜 Word Mangling Rules

# Use default rules
john --wordlist=rockyou.txt --rules hashes.txt

# Use specific rule set
john --wordlist=rockyou.txt --rules=best64 hashes.txt

# Jumbo rules (more comprehensive)
john --wordlist=rockyou.txt --rules=jumbo hashes.txt

# List available rules
john --list=rules

Common Rule Sets

Single Default single crack rules
Wordlist Default wordlist rules
best64 Top 64 most effective rules
jumbo Comprehensive rule set
KoreLogic Very thorough rules

⚡ Performance Options

Flag Description
--fork=N Fork N processes for parallel cracking
--node=X/Y Split work for distributed cracking
--devices=N OpenCL device selection
--min-length=N Minimum password length
--max-length=N Maximum password length 
# Use all CPU cores
john --fork=8 --wordlist=rockyou.txt hashes.txt

💾 Session Management

# Name a session
john --session=mycrack --wordlist=rockyou.txt hashes.txt

# Restore session
john --restore=mycrack

# Check status (while running)
john --status=mycrack

# Show cracked passwords
john --show hashes.txt

# Show cracked passwords in format user:password
john --show --format=raw-md5 hashes.txt

🔥 Common Cracking Scenarios

# Crack Linux shadow file
unshadow /etc/passwd /etc/shadow > hashes.txt
john hashes.txt

# Crack NTLM hashes
john --format=nt --wordlist=rockyou.txt ntlm_hashes.txt

# Crack MD5 with rules
john --format=raw-md5 --wordlist=rockyou.txt --rules hashes.txt

# Crack encrypted ZIP
zip2john file.zip > zip.hash
john zip.hash

# Crack SSH private key
ssh2john id_rsa > ssh.hash
john ssh.hash

# Crack Kerberoast tickets
john --format=krb5tgs --wordlist=rockyou.txt kerberos.hash

🔐 John the Ripper Cheat Sheet Complete!

You now have a comprehensive reference for one of the most legendary password cracking tools. From shadow files to encrypted archives, these commands are essential for any security professional.

Wordlist Rules Mask Hash Extraction Formats

Ready to crack your next hash!

Knowledge Validation

Demonstrate your understanding to earn points and progress

1
Chapter Question

What John the Ripper flag specifies a custom wordlist file?

1
Read
2
Validate
3
Complete

Ready to track your progress?

Create a free account to save your progress, earn points, and access 170+ hands-on cybersecurity labs.

Start Learning Free

Course Progress

Track your learning journey

0 /9
0 % Complete
9 Remaining
Course Chapters

No chapters found for this filter

Join 5,000+ hackers learning cybersecurity with hands-on labs. Create Account