John the Ripper — Quick Guide

#tooling #passwords #pentesting • Updated: Oct 19, 2025

Summary: John the Ripper (JtR) is a widely used password-cracking toolkit. It compares hashed passwords against wordlists or brute-force patterns. It’s primarily used for authorized penetration testing and forensic audits — never for unauthorized access.

What is John the Ripper used for?

Auditing password strength within organizations.
Validating password policies (length, complexity, entropy).
Forensics and recovery of password hashes during investigations.

Basic workflow

Collect password hashes (e.g., from /etc/shadow during authorized audits).
Select a wordlist (e.g., rockyou.txt or a custom list).
Run John with an explicit format flag, for example:

john --format=sha512crypt --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Useful tips

Always specify the correct --format for better performance.
Use --show to display cracked results.
Document your process and results for reproducibility and reporting.

⚠️ Legal note: Tools like John the Ripper are powerful. Use them only in authorized contexts. Running password-cracking tools on systems you do not own or have explicit permission to test is illegal.

Resources

Example output

# Found passwords
user1:$6$...:password123
admin:$6$...:S3cur3P@ss!