ENNAENNA

John the Ripper Cheat Sheet

Versatile password cracker supporting hundreds of hash formats. Covers format detection, wordlist attacks, rule-based mutations, incremental brute-force, and session management.

View John the Ripper tool page

Hash Formats

Search available formats for NTLM hash support

$ john --list=formats | grep -i ntlm

Crack plain MD5 hashes

$ john --format=raw-md5 hashes.txt

Crack bcrypt ($2a$, $2b$) hashes

$ john --format=bcrypt hashes.txt

Crack Kerberoast TGS-REP hashes

$ john --format=krb5tgs hashes.txt

Auto-detect hash format and begin cracking with defaults

$ john hashes.txt

Wordlist Attacks

Dictionary attack using the rockyou wordlist

$ john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

Wordlist attack with a specific hash format

$ john --wordlist=custom.txt --format=raw-sha256 hashes.txt

Preview the first 100 candidates without cracking

$ john --wordlist=wordlist.txt --stdout | head -100

Constrain candidate passwords to 8-16 characters

$ john --wordlist=wordlist.txt --min-length=8 --max-length=16 hashes.txt

Rules & Mangling

Apply best64 rules for common password variations

$ john --wordlist=wordlist.txt --rules=best64 hashes.txt

Use KoreLogic competition rules for aggressive mangling

$ john --wordlist=wordlist.txt --rules=KoreLogic hashes.txt

Apply the extended Jumbo ruleset for broad coverage

$ john --wordlist=wordlist.txt --rules=Jumbo hashes.txt

List all available rule sections from the config

$ john --list=rules

Count total candidates generated by default rules

$ john --wordlist=wordlist.txt --rules --stdout | wc -l

Incremental Mode

Full brute-force with default character set and length limits

$ john --incremental hashes.txt

Brute-force using only digit characters

$ john --incremental=digits hashes.txt

Brute-force lowercase letters up to 8 characters

$ john --incremental=lower --max-length=8 hashes.txt

Mask mode: each wordlist entry with 3 appended digits

$ john --mask=?w?d?d?d --wordlist=wordlist.txt hashes.txt

Session Management

Start a named cracking session

$ john --session=crack1 --wordlist=wordlist.txt hashes.txt

Resume a previously interrupted session by name

$ john --restore=crack1

Display all cracked passwords from the potfile

$ john --show hashes.txt

Show cracked passwords for a specific hash format

$ john --show --format=raw-md5 hashes.txt

Use a custom potfile instead of the default

$ john --pot=custom.pot --wordlist=wordlist.txt hashes.txt

More Cheat Sheets

Nmap Cheat Sheet

6 sections

Hashcat Cheat Sheet

5 sections

SQLMap Cheat Sheet

5 sections

ffuf Cheat Sheet

5 sections

Nuclei Cheat Sheet

5 sections

Subfinder Cheat Sheet

4 sections