Set your hash file, wordlist, and format once, and every John the Ripper command below fills in with your values, ready to copy. The *2john extractors, all four cracking modes, the full flag reference, and the format list. Tested on 1.9.0-jumbo-1.
The John the Ripper reference I keep open while working a file. Set your hash file, wordlist, and format once, and every command rewrites itself with your values, ready to copy. Below that is the full flag reference, the *2john extractor list, and the common formats. New to John? Start with the John the Ripper guide. Everything here was verified on John the Ripper 1.9.0-jumbo-1 (the jumbo build).
If you are cracking an encrypted file, turn it into a hash first with the matching *2john tool, then point John at the output:
bash
zip2john secret.zip > :hashfile # then crack :hashfile below
Swap zip2john for the tool that matches your file: rar2john, pdf2john.pl, office2john.py, keepass2john, ssh2john. The full list is in the extractor table further down. Raw database hashes (MD5, NTLM, bcrypt) skip this step, they go straight into the hash file.
Put the hash in a file and run john --wordlist=rockyou.txt hash.txt; John auto-detects most formats. Then read the result with john --show hash.txt. For an encrypted file, extract the hash first with the matching *2john tool.
Usually not, John auto-detects from the hash. You only need --format= when the guess is ambiguous (several formats share a shape) or wrong. Run john --list=formats to see the exact name to use.
Add --fork=N where N is the number of cores, e.g. --fork=8. John splits the keyspace across the processes. This is CPU-only; for GPU speed on common hashes use hashcat.
In the pot file at ~/.john/john.pot. Results persist between runs, so John never re-cracks the same hash, and john --show hash.txt reads from it. Use --pot= to point at a different file.
Sources
Authoritative references this article was fact-checked against.
Tagsjohn the rippercheat sheetpassword crackingzip2johnreference
Found this useful? Pass it on.
Copied
Ishan Karunaratne
Software Systems Architect · Senior Software Engineer · Engineering Leadership
Software systems architect and senior software engineer with more than two decades designing, building, and running production software, Linux systems, and DevOps infrastructure, and lately working AI into the stack. Now a CTO, though what I write here is drawn from the full arc of that work, across architecture, engineering, and operations, not any single job.
John the Ripper is the cracker that runs anywhere and pulls a hash out of almost any encrypted file. I walk the jumbo install, auto-detection, the *2john extractors that are its killer feature, your first real crack, the cracking modes, and where John still beats hashcat. Tested on 1.9.0-jumbo-1.
A field reference for XXEinjector: target options, request file format with the XXEINJECT marker, OOB and direct modes, PHP filter wrappers, file enumeration, logging, and custom listeners. Grouped by what you are trying to do.
A field-tested fuxploider reference: target shaping, true/false response detection, extension fuzzing, cookies and headers, proxying, threading, and what to do once a webshell uploads. Grounded in the real argparse surface.