John the Ripper Password Cracker

Readiness Level

CISA does not endorse any commercial product or service. CISA does not attest to the suitability or effectiveness of these services and resources for any particular use case. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.

This tool may be used for malicious purpose due to its penetration testing or hacking capabilities, please use with discretion.


This offering is a password security auditing and password recovery tool available for many operating systems. John the Ripper jumbo supports hundreds of hash and cipher types, including for: user passwords of Unix flavors, macOS, Windows, groupware, and database servers; network traffic captures; encrypted private keys, filesystems and disks, archives, and document files.

Learn about CISA's CPGs