Basic Syntax
Common Options
| Option | Description |
|---|---|
--wordlist= | Wordlist file |
--rules | Apply default rules |
--format= | Force hash format |
--show | Show cracked passwords |
--list=formats | List supported formats |
--single | Single crack mode (username mangling) |
--incremental | Brute-force all combos |
Identify Hash Format
Extract Hashes (*2john Tools)
John includes tools to extract hashes from various file types.SSH Private Key
ZIP File
RAR File
7-Zip
Office Documents (Word, Excel, PowerPoint)
KeePass Database
PFX / PKCS#12
Kerberos TGS (Kerberoast)
BitLocker
GPG Key
Mozilla Firefox
John’smozilla2john only parses the legacy key3.db. For modern Firefox (key4.db / logins.json) use a tool like firepwd.
Common Cracking Workflows
Linux /etc/shadow
Windows NTLM
MD5
SHA256
bcrypt
Rules
Show Results
Potfile
Quick Reference — *2john Tools
| Tool | Source |
|---|---|
ssh2john | SSH private keys |
zip2john | ZIP archives |
rar2john | RAR archives |
7z2john | 7-Zip archives |
pdf2john | PDF files |
office2john | MS Office docs |
keepass2john | KeePass databases |
pfx2john | PFX certificates |
kirbi2john | Kerberos tickets |
bitlocker2john | BitLocker volumes |
gpg2john | GPG keys |
mozilla2john | Firefox legacy key3.db (not key4.db) |
John vs Hashcat
| Feature | John | Hashcat |
|---|---|---|
| GPU support | Limited | Excellent |
| *2john extractors | Built-in | Not included |
| Exotic formats | Better | Fewer |
| Speed (GPU) | Slower | Faster |
| Default rules | Better | Manual |