John the Ripper Password Cracker Tool

John the Ripper is an Open Source password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for: user passwords of Unix flavors (Linux, *BSD, Solaris, AIX, QNX, etc.), macOS, Windows, "web apps" (e.g., WordPress), groupware (e.g., Notes/Domino), and database servers (SQL, LDAP, etc.); network traffic captures (Windows network authentication, WiFi WPA-PSK, etc.); encrypted private keys (SSH, GnuPG, cryptocurrency wallets, etc.), filesystems and disks (macOS .dmg files and "sparse bundles", Windows BitLocker, etc.), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office's, etc.) These are just some of the examples - there are many more.

Password authentication for web and mobile apps (e-book)

John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance.

Proceed to John the Ripper Pro homepage for your OS: John the Ripper Pro for Linux John the Ripper Pro for macOS On Windows, consider Hash Suite (developed by a contributor to John the Ripper) On Android, consider Hash Suite Droid Download the latest John the Ripper jumbo release (release notes) or development snapshot: John The Ripper 1.9.0 Windows 64-bit  1.9.0-jumbo-1 32-bit Windows binaries in 7z, 21 MB (signature) or zip, 61 MB (signature) Development source code in GitHub repository (download as tar.gz or zip) Run John the Ripper jumbo in the cloud (AWS): John the Ripper in the cloud homepage Download the latest John the Ripper core release (release notes): 1.9.0 core sources in tar.xz, 8.6 MB (signature) or tar.gz, 13 MB (signature) Development source code in CVS repository

Get John the Ripper apparel at 0-Day Clothing and support the project

To verify authenticity and integrity of your John the Ripper downloads, please use our GnuPG public key. You will most likely need to download a "Windows binaries" archive above. However, if you choose to download the source code instead (for a specific good reason), then please refer to these pages on how to extract John the Ripper source code from the tar.gz and tar.xz archives and how to build (compile) John the Ripper core (for jumbo, please refer to instructions inside the archive). You can also consider the unofficial builds on the contributed resources list further down this page.

These and older versions of John the Ripper, patches, unofficial builds, and many other related files are also available from the Openwall file archive.

You can browse the documentation for John the Ripper core online, including a summary of changes between core versions. Also relevant is our presentation on the history of password security.

There's a collection of wordlists for use with John the Ripper. It includes lists of common passwords, wordlists for 20+ human languages, and files with the common passwords and unique words for all the languages combined, also with mangling rules applied and any duplicates purged.

yescrypt and crypt_blowfish are implementations of yescrypt, scrypt, and bcrypt - some of the strong password hashes also found in John the Ripper - released separately for defensive use in your software or on your servers.

passwdqc is a proactive password/passphrase strength checking and policy enforcement toolset, which can prevent your users from choosing passwords that would be easily cracked with programs like John the Ripper.