Openwall's John the Ripper (JtR) is a fast password cracker, currently available for many flavors of Unix and for Windows. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix systems, supported out of the box are Windows LM hashes, various macOS password hashes, as well as many non-hashes such as SSH private keys, encrypted filesystems such as macOS .dmg files and "sparse bundles", encrypted archives such as ZIP, RAR, and 7z, encrypted document files such as PDF and Microsoft Office's, plus lots of other hashes and ciphers.

1. Introduction
   1. Continuous Delivery Status
   2. Package Build Environments
   3. Testing, Continuous Integration, and Continuous Delivery
   4. Packaging and Application Distribution
   5. The commits feed of this repository
   6. The feed of John the Ripper releases
2. Windows Package
3. Snap Package
4. macOS Package
5. Flatpak Package
6. Docker Image
7. Checksums
8. Package Security
9. About This Project
10. Contribute
11. License
12. Acknowledgments and Contact

(back to top)

We produce software in short cycles, ensuring that the software can be reliably released at any time, following a pipeline through a "production-like environment".

Releases	Latest	Prerelease

Click on the link to learn more about our packages Building Environments.

All continuous integration (CI) and continuous delivery (CD) procedures are fully automated, builds and tests are performed whenever requested by the packager. Manual procedures are required just to start the process.

Click on the link to learn more about our Continuous Integration and Continuous Delivery procedures.

Snap and Flatpak are cool new ways of distributing Linux applications among a wide range of different distros. They are technologies to deploy applications in a secure, sandboxed and containerized way.

A Docker image is a read-only template used to execute code in a Docker container. An image is an immutable file that contains the binaries, configuration files, libraries, dependencies, tools, and other files needed for John the Ripper application to run.

When the Docker user runs an image, it becomes one instance (it becomes a container, in other words, a running instance of the application).

(back to top)

Delivered using Microsoft-hosted Windows 2019 Server in Azure [ supports up to AVX512BW ]

To install John the Ripper by downloading the .7z file and installing it manually, follow these steps:

• Download the compressed file to your machine.
• Navigate to where you downloaded the file and double click the compressed file.
• Extract it to a directory such as C:\john-the-ripper.
• Start a command prompt.
• Navigate to the directory you extracted the compressed file, e.g., cd C:\john-the-ripper\run.
• Run JtR:

 C:\john-the-ripper\run>john --list=build-info
 [...]
 Build: cygwin 64-bit x86_64 AVX2 AC OMP OPENCL
 SIMD: AVX2, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1
 [...]

 C:\john-the-ripper\run>john --test --format=SHA512crypt

| 📑 More examples of running John The Ripper on Windows.

The highlights (👀):

• fallback for CPU[*] and OMP;
• OpenCL available (GPU driver installation is needed);
• generic crypt(3) format available;
• security feature Address Space Layout Randomisation (ASLR) enabled;
• security feature Data Execution Prevention (DEP) enabled;
• the released version of John 1.9.0 Jumbo 1+ (is a rolling release);
• a development version is also available.

[*] John the Ripper runs using the best SIMD instructions available on the host it's running on.

Using the above instructions you can install the rolling version of John the Ripper Jumbo 1+, the hot and bleeding version, or a previous stable version in your system.

The package contains all the executables and libraries needed to run a fresh John the Ripper installation.

OpenSSF SLSA

SLSA is a framework intended to codify and promote secure software supply-chain practices, it helps trace software artifacts back to the build and source control systems that produced them.

⚠️ NOTE: the release assets from our GitHub Releases are level 1 compliant.

SLSA Provenance Traceability

In some situations a non-OpenMP build may be faster. You can ask to fallback to a non-OpenMP build specifying the value of OMP_NUM_THREADS in the command-line. You avail the best SIMD instructions at one's disposal without any OpenMP stuff. E.g.:

 PS C:\john-the-ripper\run> set OMP_NUM_THREADS=1
 PS C:\john-the-ripper\run> .\john --list=build-info

If John the Ripper is not recognizing your GPU card:

• make sure all required GPU drivers are installed;
• restart your PC, if you have just installed the drivers.

(back to top)

Delivered using Launchpad [ supports up to AVX512BW ]

A Snap is a gpg signed squashfs file containing an application together with its dependencies, and a description of how it should safely be run on your system.

You can install john by following the instructions at https://snapcraft.io/john-the-ripper. For distributions without snap pre-installed, users should enable snap support, then install:

 sudo snap install john-the-ripper

Just dance now:

 $ john-the-ripper -list=build-info
 [...]
 Build: linux-gnu 64-bit x86_64 AVX2 AC OMP OPENCL
 SIMD: AVX2, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1
 Deploy: sandboxed as a Snap app
 [...]

You can also run the software using the official john alias:

 john -list=build-info

John runs confined under a restrictive security sandbox by default. Nevertheless, you can access and audit any file located in your home. Below, an usage example:

 john -list=format-tests | cut -f3 > ~/allTests.in
 john --format=SHA512crypt ~/allTests.in

For your convenience, the snap installed on your system contains the file /snap/john-the-ripper/current/snap/manifest.yaml which field build_url points to its build log.

The highlights (👀):

• fallback for CPU[*] and OMP;
• OpenCL available (GPU driver installation is needed);
• John the Ripper is a "featured software" in the security category on Canonical Snap Store;
• John the Ripper is a software with 4-star (⭐⭐⭐⭐) user reviews on Canonical Snap Store;
• John the Ripper is tagged as safe, confined and auditable software on Canonical Snap Store;
• John the Ripper supports and has a package for all architectures supported by Ubuntu itself.
• also available via the alias john, e.g. john -list=build-info;
• the released version of John 1.9.0 Jumbo 1+ (is a rolling release);
• a development version is also available.

[*] John the Ripper runs using the best SIMD instructions available on the host it's running on.

John the Ripper snap package has approximately eight thousand active users [*].

[*] 7 Day Active Users: the number of unique users who had at least one session within a 7 day period.

You are free to pick and set up aliases. To enable the usage of aliases with John the Ripper snap, run sudo snap alias john-the-ripper <alias>. For example:

 sudo snap alias john-the-ripper john-snap
 sudo snap alias john-the-ripper.dmg2john dmg2john

Once enabled, John itself plus the *2john tools can be invoked using the aliases. In the example, to run John type john-snap.

| 📑 More examples of enabling alias for John The Ripper snap.

In some situations a non-OpenMP build may be faster. You can ask to fallback to a non-OpenMP build specifying OMP_NUM_THREADS=1 john <options> in the command-line. You avail the best SIMD instructions at one's disposal without any OpenMP stuff. E.g.:

 OMP_NUM_THREADS=1 john --list=build-info

As noted at https://forum.snapcraft.io/t/snaps-and-opencl/8509/17, the use of OpenCL by snaps is a problem. Support for NVIDIA cards is under development.

As a "general" solution (or in the case of AMD hardware), the user can run john out of the sandbox, unconfined (e.g., run /snap/john-the-ripper/current/run/john).

If you followed the above instructions, you installed the stable (or rolling) version of John the Ripper Jumbo 1+ in your system. If you want to access the hot and bleeding developing version of JtR, you must follow a development channel. For a clean installation:

 sudo snap install --channel=edge john-the-ripper

If you already has JtR installed:

 sudo snap refresh --channel=edge john-the-ripper

If you do so, you will be running the development version available on GitHub.

(back to top)

Delivered using Cirrus CI [ supports ASIMD (on ARM) ]

To install John the Ripper by downloading the .7z file and installing it manually, follow these steps:

• Download the compressed file to your machine.
• Extract it to a directory such as /Users/Me/bleeding.
• Start a command prompt.
• Navigate to the directory you extracted the compressed file, e.g., cd /Users/Me/bleeding.
• Run the software:

Install required Homebrew packages (if not already installed):

 brew update
 brew install libomp openssl gmp

Execute John the Ripper:

 $ run/john -list=build-info
 [...]
 Build: darwin22.6.0 64-bit arm ASIMD AC OMP OPENCL
 SIMD: ASIMD, interleaving: MD4:2 MD5:2 SHA1:1 SHA256:1 SHA512:1
 OMP fallback binary: john-arm64
 [...]

The highlights (👀):

• fallback for CPU[*] (if that makes sense) and OMP;
• OpenCL available;
• built using clang from the official XCode toolchain plus non-system libraries from Homebrew;
• the released version of John 1.9.0 Jumbo 1+ (is a rolling release);
• a development version is also available.

[*] John the Ripper runs using the best SIMD instructions available on the host it's running on.

Using the above instructions you can install the rolling version of John the Ripper Jumbo 1+, the hot and bleeding version, or a previous stable version in your system.

The package contains the necessary executables to run a fresh install of John the Ripper. You must install required Homebrew libraries.

OpenSSF SLSA

SLSA is a framework intended to codify and promote secure software supply-chain practices, it helps trace software artifacts back to the build and source control systems that produced them.

⚠️ NOTE: the release assets from our GitHub Releases are level 1 compliant.

SLSA Provenance Traceability

In some situations a non-OpenMP build may be faster. You can ask to fallback to a non-OpenMP build specifying the value of OMP_NUM_THREADS in the command-line. You avail the best SIMD instructions at one's disposal without any OpenMP stuff. E.g.:

OMP_NUM_THREADS=1 run/john --list=build-info

(back to top)

Delivered using GitLab CI [ supports up to AVX512BW ]

Flatpak is a new framework for desktop applications on Linux, built to be distribution agnostic and allow deployment on any Linux operating system out there.

Flatpak is available for the most common Linux distributions.

To install JtR download the john.flatpak file and run:

 # Note that root privileges are required for some operations.
 sudo dnf install -y flatpak # or 'yum install', 'apt-get install', etc.
 sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo # flatpak repository
 sudo flatpak install -y flathub org.freedesktop.Platform//23.08 # install the runtime (base "container")
 flatpak --user install --bundle john.flatpak # per-user installation (not system wide)

John runs confined under a restrictive security sandbox by default. Nevertheless, you can access and audit any file located in your home. Below, an usage example:

 flatpak run com.openwall.John -list=build-info
 flatpak run com.openwall.John -list=format-tests | cut -f3 > ~/allTests.in
 flatpak run com.openwall.John --format=SHA512crypt ~/allTests.in

The highlights (👀):

• fallback for CPU[*] and OMP;
• the released version of John 1.9.0 Jumbo 1+ (is a rolling release):
  • is also available via FlatHub at https://flathub.org/apps/com.openwall.John.
• a development version is also available.

[*] John the Ripper runs using the best SIMD instructions available on the host it's running on.

Using the above instructions you can install the rolling version of John the Ripper Jumbo 1+, the hot and bleeding version, or a previous stable version in your system.

OpenSSF SLSA

SLSA is a framework intended to codify and promote secure software supply-chain practices, it helps trace software artifacts back to the build and source control systems that produced them.

⚠️ NOTE: the release assets from our GitHub Releases are level 1 compliant.

SLSA Provenance Traceability

(back to top)

Delivered using GitHub Actions [ supports up to AVX512BW ]

Docker provides the ability to package and run an application in a loosely isolated environment called a container.

To use it:

 # CPU and GPU formats
 docker run -it ghcr.io/openwall/john:latest <binary id> <john options>

 # To run ztex formats
 docker run --device=/dev/ttyUSB0 ghcr.io/openwall/john:v1.9.0J1 ztex <john options>

Run John the Ripper and check if it is working:

 docker run ghcr.io/openwall/john # => uses the best SIMD available, tag 'latest' can be omitted
 docker run ghcr.io/openwall/john:rolling # => uses the latest rolling release
 docker run ghcr.io/openwall/john:latest best # => uses the best SIMD available

| 📑 More examples of running John The Ripper on Docker.

The highlights (👀):

• OpenSSF SLSA 3 compliant;
• has NVIDIA OpenCL available (GPU driver is required on the host);
• has auto-selection of the best SIMD if user specifies best as the <binary id>;
  • example: docker run ghcr.io/openwall/john:latest best -list=build-info.
• the released version of John 1.9.0 Jumbo 1+ (is a rolling release):
  • install from the command-line: docker pull ghcr.io/openwall/john:rolling.
• the development version:
  • install from the command-line: docker pull ghcr.io/openwall/john:latest.

Using the above instructions you can install the rolling version of John the Ripper Jumbo 1+, the hot and bleeding version, or a previous stable version in your system.

OpenSSF SLSA

SLSA is a framework intended to codify and promote secure software supply-chain practices, it helps trace software artifacts back to the build and source control systems that produced them.

⚠️ NOTE: the Docker images from our GitHub Packages are level 3 compliant.

SLSA Provenance Traceability

(back to top)

Released packages checksums computed by Build Servers

File verification is the process of using an algorithm for verifying the integrity of a computer file. A popular approach is to store checksums (hashes) of files, also known as message digests, for later comparison. All john packages checksums (hashes) are computed by the CI servers.

By accessing the build logs for each release on GitHub releases you can view the hashes of all relevant files.

(back to top)

Please inspect all packages prior to running any of them to ensure safety. We already know they're safe, but you should verify the security and contents of any binary from the internet you are not familiar with.

We take security very seriously.

(back to top)

This project aims to create tools and procedures to automate the creation and enable traceability of packages for John the Ripper software, developing a CI and CD pipeline.

(back to top)

We love contributions in the form of issues and pull requests. Read the Contributor Guide before contributing.

(back to top)

GNU General Public License v2.0

(back to top)

John the Ripper is proudly Powered by Open Source Community

• Openwall and others.

(back to top)