An open-source password security auditing and password recovery tool

John the Ripper

John the Ripper

  -  21.19 MB  -  Open Source
  • Latest Version

    John the Ripper 1.9.0 Jumbo 1 (64-bit) LATEST

  • Review by

    Michael Reynolds

  • Operating System

    Windows XP64 / Vista64 / Windows 7 64 / Windows 8 64 / Windows 10 64

  • User Rating

    Click to vote
  • Author / Product

    John the Ripper Team / External Link

  • Filename

    john-1.9.0-jumbo-1-win64.7z

  • MD5 Checksum

    2aaead3288e0376de1e24f8a02a29c79

John the Ripper 64 bit is a decrypting and decoding utility built to test the strength of the user’s password as well as try to recover lost passwords using several built-in methodologies.

Built from the ground up to be focused only on working with passwords, this versatile password utility is distributed without a graphical user interface and is therefore accessible only via a command window.

Since the user has to learn how to manage this app using only text commands and parameters, the John the Ripper will most likely capture the attention of more seasoned PC users and technicians who can look past this disadvantage and focus only on the actual success rate of password recovery.

On the other hand, this GUI-less approach has made the app compatible with a wide variety of legacy PC configurations and can run on ALL versions of Windows OS.

Thankfully to learn how to use the app to test and recover passwords, users only need to learn few command options and command syntax. Most basic use involves typing the full name of the executable file, adding a few desired parameters and options, and then typing the file that contains passwords or hints for password recovery.

It utilizes several methods for password testing and recovery – the most basic “single crack” method, and more advanced “incremental” and “external” that will use provided word library to try to filter and faster guess passwords.

The app can run in benchmark mode, which is a great way for any user to test their password strength for a limited amount of time. To make prolonged password testing and recovery sessions easier to manage, developers of this app have included a handy service for saving and restoring sessions.

The app can pause its work and save a printable log with the summary of its processed work.

While John the Ripper is not the most attractive and influential password testing and recovery apps on the market, it still has value for users who ask only for simplicity and reliability. However, many other users will strive to find other solutions that have a fully built interface and additional functions.

It can be downloaded and used for FREE. A premium version of the app called John the Ripper Pro can be purchased on its official website.

Key Features

Password Cracking: It can crack password hashes using various techniques, including dictionary attacks, brute force attacks, and hybrid attacks.

Hash Algorithm Support: It supports a vast number of hash algorithms, including MD5, SHA-1, bcrypt, and many more, making it compatible with a wide range of systems and applications.

Wordlist and Rules: Users can employ custom wordlists and rules to optimize and customize their cracking strategies.

Community Edition and Pro Version: While the open-source community edition is available for free, there is also a commercial "Pro" version with additional features and support.

Performance Optimization: The program is designed to take advantage of multi-core processors and GPUs, making it capable of high-speed password cracking.

Password Strength Assessment: It can also be used for evaluating password policies and the effectiveness of password security measures.

What`s New

John the Ripper in the cloud has been updated to use the latest JtR jumbo on freshly updated Amazon Linux 2 with a newer NVIDIA GPU driver.

Many new AWS instance types are now supported.

User Interface

It primarily operates from the command line, which may not be as user-friendly as graphical interfaces for some users.

However, there are graphical frontends and third-party tools available that provide a more intuitive interface for those who prefer a graphical experience.

Installation and Setup

Download: Obtain the software from the official website or a trusted source like FileHorse.

Installation: Follow the installation instructions provided for your specific operating system. Typically, it involves extracting the archive and configuring the software.

Wordlists: You may need to download or create custom wordlists for password cracking.

Hashes: Obtain the password hashes you want to crack (e.g., from a password file).

Run: Execute the app with the appropriate command-line parameters.

How to Use
  • Open your command prompt or terminal.
  • Navigate to the directory where John the Ripper is installed.
  • Use the command line to specify the password hash file and the cracking mode you want to use (e.g., dictionary attack, brute force).
  • Wait for the tool to complete the cracking process, which can take varying amounts of time depending on the complexity of the password.
  • Review the results to determine which passwords were successfully cracked.
FAQ

Is John the Ripper legal to use?
Yes, John the Ripper is a legal tool when used for legitimate purposes like security testing and auditing. However, using it for illegal activities is prohibited.

Can I crack any password with John the Ripper?
The success of cracking depends on several factors, including the strength of the password, the available resources, and the hash algorithm used. Strong passwords may remain uncracked.

How can I improve the cracking speed of John the Ripper?
You can utilize multi-core processors and GPUs for improved performance. Additionally, custom wordlists and rules can optimize your cracking strategy.

Is there a graphical user interface (GUI) for John the Ripper?
While the tool primarily operates from the command line, there are GUI frontends available for users who prefer graphical interfaces.

Are there any risks in using John the Ripper?
When used responsibly for security testing, there are minimal risks. However, using it maliciously or without proper authorization can have legal consequences.

Alternatives

Aircrack-ng: Primarily used for Wi-Fi password cracking, it focuses on wireless network security.

System Requirements

The system requirements for the program can vary depending on the platform and the scale of your password cracking tasks.

Generally, it can run on a wide range of hardware, from modest setups to high-performance machines.

It's essential to have enough CPU power and memory to handle the chosen cracking methods effectively.

PROS
  • Versatile support for multiple hash algorithms.
  • Efficient password cracking capabilities.
  • Customizable with wordlists and rules.
  • GPU and multi-core processor support for faster cracking.
  • Open-source Community Edition is available for free.
CONS
  • Command-line interface may be intimidating for some users.
  • Learning curve for beginners.
  • Legal and ethical considerations when using the tool.
Conclusion

John the Ripper is a powerful and versatile password cracking tool that has earned its reputation in the cybersecurity community. While it may not have the most user-friendly interface, its extensive features and ability to crack a wide range of password hashes make it an invaluable resource for security professionals, penetration testers, and system administrators.

However, it's crucial to use John the Ripper 64bit responsibly and ethically, following all applicable laws and regulations. Whether you're assessing the strength of your own passwords or testing the security of a system, it remains a go-to choice for password security testing.

Note: Use 7-Zip program to unpack the archive.