Skip to content

John the Ripper Cheat Sheet

John the Ripper (JtR) is a powerful password cracking tool supporting many hash formats. The Jumbo version adds hundreds of additional formats and features.

Basic Syntax

john [options] <hashfile>

Identify Hash Type

john --list=formats

Auto-detect (Jumbo): 

john hash.txt

Dictionary Attack

john --wordlist=rockyou.txt hashes.txt

Rule-Based Attack

john --wordlist=rockyou.txt --rules hashes.txt

Common rules: - --rules=best64 - --rules=single

Incremental (Brute Force)

john --incremental hashes.txt

Custom mode: 

john --incremental=Digits hashes.txt

Mask Attack

john --mask='?l?l?l?l?d?d' hashes.txt

Specify Hash Format

john --format=raw-md5 hashes.txt

Resume Cracking

john --restore

Show Cracked Passwords

john --show hashes.txt

WPA/WPA2 Cracking

aircrack-ng capture.cap -J handshake
john --wordlist=rockyou.txt handshake.hccap

Performance Tuning

john --fork=4 hashes.txt

Tip

Use --fork to leverage multiple CPU cores.

Typical Workflow

unshadow passwd shadow > hashes.txt
john --wordlist=rockyou.txt hashes.txt
john --show hashes.txt

Common Issues

No hashes loaded

Wrong format or unsupported hash.

Cracking too slow

Use rules or masks instead of full brute force.

  • hashcat
  • crunch
  • hydra
  • aircrack-ng

Use Cases

  • Password audits
  • Hash recovery
  • Credential assessment
  • Red team operations

Danger

Use John the Ripper only for authorized security testing.