John the Ripper stands as a highly versatile and open-source password security auditing and password recovery tool, compatible across a wide spectrum of operating systems. Notably, John the Ripper jumbo extends this capability, supporting an extensive range of hash and cipher types. This includes user passwords from various Unix-based systems (like Linux, *BSD, Solaris, AIX, QNX), macOS, Windows, and even “web apps” such as WordPress. It’s also adept at handling groupware like Notes/Domino, database servers (SQL, LDAP, and others), network traffic captures (including Windows network authentication and WiFi WPA-PSK), encrypted private keys (SSH, GnuPG, cryptocurrency wallets), filesystems and disks (macOS .dmg and sparse bundles, Windows BitLocker), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office formats). This list represents just a fraction of its comprehensive capabilities.
John the Ripper is available as free and open-source software, primarily distributed in source code. For users seeking a commercially supported alternative, John the Ripper Pro offers “native” packages tailored for different operating systems, emphasizing ease of installation, user-friendliness, and optimal performance.
To explore John the Ripper Pro for your specific operating system, you can visit the John the Ripper Pro homepage.
For those interested in the open-source versions:
- Download the latest John the Ripper jumbo release (release notes) or access development snapshots for the most current features.
- Utilize John the Ripper jumbo in the cloud via AWS for scalable password cracking tasks.
- Download the latest John the Ripper core release (release notes) for a stable foundation.
To ensure the authenticity and integrity of your downloads, please utilize our GnuPG public key. Detailed instructions on how to extract the source code from tar.gz and tar.xz archives can be found here. Compilation instructions for John the Ripper core are available in the INSTALL documentation; for jumbo, refer to the instructions within the downloaded archive. Consider exploring unofficial builds from community contributors for alternative distributions. Older versions, patches, and related files are accessible via the Openwall file archive.
Online documentation for John the Ripper core, including a summary of changes between versions, is readily available. Further insights into the evolution of password cracking can be found in our presentation.
A curated collection of wordlists is provided to enhance your password cracking efforts with John the Ripper. This collection includes common passwords, wordlists in over 20 languages, combined language lists, and rule sets for password mangling and duplicate removal.
Separately, yescrypt and crypt_blowfish are available as standalone implementations of yescrypt, scrypt, and bcrypt – robust password hashing algorithms also integrated within John the Ripper. These are intended for defensive use in your software and server infrastructure.
To proactively enhance password security, passwdqc serves as a password/passphrase strength checking toolset. It helps enforce password policies, preventing users from selecting passwords vulnerable to cracking tools like John the Ripper.
We offer integration services for modern password hashing with yescrypt or crypt_blowfish and proactive password strength checking using passwdqc. Learn more about these services to strengthen your systems.
Join our mailing list to share experiences, ask questions, and engage with the John the Ripper community. Please use informative subject lines for your posts. Subscribe by entering your email below or sending a blank email to . Confirmation is required via a reply to the automated request. You can unsubscribe at any time, and your email will not be used for other purposes or shared with third parties. Note that list archives and postings may display your email address. Access the list archive locally or via MARC. A selection of useful postings is available on the community wiki.
Contributed resources for John the Ripper include:
Local copies of these and many more packages are available in the Openwall file archive.
John the Ripper is integrated into various Linux distributions like Owl, Debian, Fedora, Gentoo, Mandriva, SUSE, and is part of the ports/packages collections for FreeBSD, NetBSD, and OpenBSD.
John the Ripper is a registered project on Open Hub and listed on SecTools.
Follow @Openwall on Twitter for new release announcements and other news
