John the Ripper Cheat Sheet
Versatile offline password cracker with automatic format detection.
Overview
John the Ripper (Jumbo) cracks password hashes and protected files on CPU (with optional OpenMP/GPU builds). It auto-detects many formats and integrates rules and wordlists. Use only on material you own or are authorized to recover.
Install
sudo apt install johnjohn --list=formats | headEssential commands
john hashes.txtjohn --wordlist=/usr/share/wordlists/rockyou.txt hashes.txtjohn --show hashes.txtjohn --format=raw-md5 hashes.txtQuick one-liners
Crack hashes with auto-detected format
john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txtShow cracked passwords
john --show hashes.txtCrack Linux shadow after unshadow
unshadow passwd shadow > unshadowed.txt && john --wordlist=rockyou.txt unshadowed.txtCrack NTLM hashes explicitly
john --format=nt --wordlist=rockyou.txt hashes.txtResume interrupted cracking session
john --restoreCommon workflows
Single hash file (auto-detect) —
unshadow passwd shadow > unshadowed.txtjohn unshadowed.txtjohn --wordlist=rockyou.txt unshadowed.txtjohn --show unshadowed.txtNTLM / NetNTLM —
john --format=nt hashes.txtjohn --format=netntlmv2 netntlm.txt --wordlist=rockyou.txtRules and incremental —
john --wordlist=rockyou.txt --rules=best64 hashes.txtjohn --incremental=ASCII hashes.txtZIP / office / KeePass (Jumbo) —
zip2john protected.zip > zip.hashjohn zip.hashoffice2john document.docx > office.hashjohn office.hashPause and restore —
john hashes.txtCtrl+C to pause
john --restoreFlags reference
--wordlist= | Dictionary file |
|---|---|
--rules= | Apply rule set |
--format= | Force hash type |
--show | Display cracked |
--session= | Session name |
--restore | Resume session |
--single | GECOS/login guessing |
--incremental | Brute force charset |
Tips
- Prefer *2john helpers (ssh2john, pdf2john, keepass2john) to produce valid hash lines.
- john --list=formats and john --list=format-details help when auto-detect fails.
- For large lists, use --fork=4 (if built with OpenMP) on multi-core CPUs.
- Pair with hashcat when GPU speed matters; John excels at odd formats and quick wins.