Overview
Johnny is a graphical interface for John the Ripper, a widely-used password cracking tool. Johnny simplifies password hash analysis and cracking by providing an intuitive GUI for security professionals conducting authorized password testing and vulnerability assessment.
The tool supports numerous hash types and provides visual feedback on cracking progress, dictionary management, and statistical analysis for comprehensive password security testing.
Installation
Prerequisites
- John the Ripper (john package must be installed)
- Qt 5 libraries
- Python 2.7+ or Python 3.x
- Perl (for John the Ripper)
- 4GB+ RAM recommended
Linux Installation
# Install dependencies (Ubuntu/Debian)
sudo apt-get update
sudo apt-get install john john-data build-essential qt5-default \
python3-dev libpython3-dev
# Download Johnny
wget https://github.com/openwall/johnny/releases/download/1.2-release/johnny-1.2-release.tar.xz
# Extract and build
tar -xf johnny-1.2-release.tar.xz
cd johnny-1.2-release
make
sudo make install
# Run Johnny
johnny
macOS Installation
# Install using Homebrew
brew install john-the-ripper
brew install qt5
# Download and build Johnny
git clone https://github.com/openwall/johnny.git
cd johnny
qmake
make
./johnny.app/Contents/MacOS/johnny
Docker Installation
# Build Docker image with Johnny and John
docker build -t johnny-cracker .
# Run interactive session
docker run -it johnny-cracker johnny
# With volume mount for hash files
docker run -it -v /path/to/hashes:/hashes \
johnny-cracker johnny
From Source
# Clone repository
git clone https://github.com/openwall/johnny.git
cd johnny
# Install dependencies
./install-dependencies.sh
# Build from source
qmake
make
./johnny
Basic Usage
Starting Johnny
| Method | Command |
|---|
| GUI Launch | johnny |
| Open with hash file | johnny hashes.txt |
| Open with wordlist | johnny --wordlist=dict.txt |
| Specify John location | johnny --john=/usr/bin/john |
| Debug mode | johnny --debug |
| Verbose output | johnny -v |
# Basic launch
./johnny
# Open with existing hash file
johnny /path/to/hashes.txt
# Launch with specific configuration
johnny --config=/etc/john/john.conf
Hash Management
Creating and Importing Hash Files
# Create hash file from shadow entries
unshadow /etc/passwd /etc/shadow > hashes.txt
# Extract hashes from various sources
cat > hashes.txt << EOF
user1:$1$salt$hash...
user2:$1$salt$hash...
user3:md5$hash...
EOF
# Import into Johnny (File → Open → Select file)
# Johnny auto-detects hash format
| Format | Example | Type |
|---|
| MD5 | 5d41402abc4b2a76b9719d911017c592 | Hash |
| SHA-1 | aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d | Hash |
| SHA-256 | 2c26b46911185131006ba32c1f32fa6f… | Hash |
| Unix crypt | $1$salt$… | Salted hash |
| Windows NTLM | 8846f7eaee8fb117ad06bdd830b7586c | Hash |
| bcrypt | $2b$12$… | Salted hash |
| WPA2 PMKID | 4d6f9c1a8… | Wireless |
Managing Multiple Hash Files
# Combine multiple hash files
cat hashes1.txt hashes2.txt hashes3.txt > combined.txt
# Remove duplicates
sort -u combined.txt > hashes_unique.txt
# Import combined file into Johnny
johnny hashes_unique.txt
Wordlist Management
Using Dictionary Attacks
# Select or create wordlist in Johnny GUI
# File → Wordlist → Select
# Common wordlists
/usr/share/wordlists/rockyou.txt
/usr/share/wordlists/dirb/
/usr/share/wordlists/password-lists/
# Create custom wordlist
cat > custom.txt << EOF
password123
admin
letmein
P@ssw0rd
123456
EOF
# Combine multiple wordlists
cat /usr/share/wordlists/*.txt > merged_dict.txt
sort -u merged_dict.txt > final_wordlist.txt
Dictionary-Based Cracking
# Through Johnny GUI:
# 1. Load hash file (File → Open)
# 2. Select Wordlist tab
# 3. Browse and select wordlist
# 4. Click "Run" or "Crack"
# Johnny shows:
# - Hashes loaded
# - Wordlist size
# - Attack speed (words/sec)
# - Progress bar
# - Cracked passwords
Attack Modes
Single Crack Mode
# Perform rule-based variations on single input
# Through GUI:
# 1. Select "Single" attack mode
# 2. Set wordlist to minimum (usernames, etc.)
# 3. John applies transformations:
# - Case variations
# - Reversals
# - Number appending
# - Common substitutions
# Example transformations on "admin":
# admin, Admin, ADMIN, nimda, admin1, admin123...
Dictionary Attack
# Standard wordlist matching
# Setup in Johnny:
# 1. Select "Wordlist" mode
# 2. Choose wordlist file
# 3. Apply rules (optional):
# - Append numbers
# - Prepend symbols
# - Case manipulation
# Cracking process:
# - Load wordlist
# - Try each word against hashes
# - Report matches
# - Continue with remaining hashes
Brute Force / Incremental Mode
# Generate all possible character combinations
# Through Johnny GUI:
# 1. Select "Incremental" tab
# 2. Choose character set:
# - LowerCase (abc...)
# - UpperCase (ABC...)
# - Digits (0-9...)
# - All (full ASCII)
# 3. Set length range (minimum to maximum)
# 4. Click "Run"
# Configuration for efficient bruteforce
Min length: 4
Max length: 8
Character set: Digits + Lowercase
Expected time: Hours/Days shown in GUI
Rules-Based Cracking
# Apply transformation rules to wordlist
# Common rules in John:
# l - convert to lowercase
# u - convert to uppercase
# r - reverse string
# d - duplicate
# { - rotate left
# } - rotate right
# [0-9] - add numbers
# Through Johnny:
# 1. Select wordlist mode
# 2. Enable "Rules" checkbox
# 3. Select rule set from dropdown:
# - Single
# - Wordlist
# - Extra
# - Jumbo
# 4. Custom rules field for advanced options
Advanced Features
Hash Type Detection
# Johnny auto-detects format, but can specify:
# In GUI:
# Tools → Identify → Paste hash or upload file
# Johnny attempts identification and displays:
# - Detected format
# - Hash algorithm
# - Estimated crack time
# - Recommended mode
# Manual specification:
# Select hash type from dropdown before loading
| Setting | Purpose | Value |
|---|
| Threads | CPU cores to use | 4, 8, 16 (match CPU count) |
| Memory | RAM allocation | 512MB - 2GB |
| Session | Save/resume progress | Enable for long jobs |
| Verbosity | Output detail | Low, Medium, High |
# Configure through Preferences:
# Edit → Preferences → Performance
# - Thread count (match system cores)
# - GPU acceleration (if available)
# - Memory usage limits
# - Session management
Monitoring Progress
# Real-time statistics displayed:
# - Cracking speed (guesses/second)
# - Elapsed time
# - Estimated time remaining
# - Hashes cracked / remaining
# - Current attempt shown
# - Success rate percentage
Command Line Integration
Direct John Invocation
# While Johnny runs in background, use John CLI:
john hashes.txt --format=md5 --wordlist=/usr/share/wordlists/rockyou.txt
# Brute force specific length
john hashes.txt --format=md5 --incremental=Digits --min-length=6 \
--max-length=8
# Resume previous session
john --restore=session_name
# Check cracked passwords
john hashes.txt --format=md5 --show
Batch Processing Script
#!/bin/bash
# Process multiple hash files through Johnny
HASH_DIR="${1:-.}"
WORDLIST="/usr/share/wordlists/rockyou.txt"
for hash_file in "$HASH_DIR"/*.txt; do
echo "Processing: $hash_file"
# Start Johnny with hash file
johnny "$hash_file" --wordlist="$WORDLIST" \
--save-session="$(basename $hash_file)" &
# Let it run in background
sleep 5
done
# Wait for all to complete
wait
echo "All files processed"
Result Analysis
Viewing Cracked Passwords
# Cracked passwords displayed in Johnny window:
# - Original hash
# - Cracked password
# - Hash type
# - Time to crack
# Export results:
# File → Export → Select format:
# - CSV format
# - Text format
# - JSON format
Analyzing Results
# Results saved in John database
john hashes.txt --show --format=md5
# Output format:
# username:password:hash
# Extract only passwords
john hashes.txt --show --format=md5 | cut -d: -f2
# Count successful cracks
john hashes.txt --show --format=md5 | wc -l
# Compare against original file
diff <(sort hashes.txt) \
<(john hashes.txt --show | cut -d: -f1 | sort)
Statistical Analysis
# Password characteristics analysis
cracked_passwords=$(john hashes.txt --show --format=md5 | cut -d: -f2)
# Length distribution
echo "$cracked_passwords" | awk '{print length}' | sort | uniq -c
# Character type analysis
echo "$cracked_passwords" | grep -o '[a-z]' | wc -l # lowercase
echo "$cracked_passwords" | grep -o '[A-Z]' | wc -l # uppercase
echo "$cracked_passwords" | grep -o '[0-9]' | wc -l # digits
echo "$cracked_passwords" | grep -o '[^[:alnum:]]' | wc -l # special
Session Management
Saving and Resuming Attacks
# Johnny maintains sessions automatically
# In GUI:
# - Session name auto-generated or custom
# - Progress saved periodically
# - Resume from Session menu
# - Previous results retained
# Check saved sessions:
ls ~/.john/sessions/ 2>/dev/null || \
ls ~/.local/share/Johnny/sessions/ 2>/dev/null
# Manually resume job
john --restore=session_name
Session Configuration
# Save session with custom name
# Through Johnny GUI:
# File → Save Session As
# Provide name and location
# Johnny preserves:
# - Hash file path
# - Wordlist used
# - Attack mode
# - Current progress
# - Cracked passwords
Troubleshooting
Common Issues
| Problem | Solution |
|---|
| John not found | Install john-the-ripper: sudo apt install john |
| No hashes detected | Verify format, check hash validity |
| Slow cracking speed | Check CPU usage, reduce thread count, use GPU |
| Out of memory | Reduce thread count, use smaller wordlist |
| Session won’t resume | Check file permissions, re-create session |
| GUI freezes | Reduce verbosity, lower thread count |
# Optimize for speed
# 1. Match threads to CPU cores
# 2. Use SSD for wordlist and memory
# 3. Enable GPU acceleration if available
# 4. Run on dedicated system during heavy jobs
# Check system capabilities
lscpu | grep -E "CPU|core"
nvidia-smi # For GPU cracking
# Monitor during run
htop # Watch resource usage
iostat 1 # Monitor disk I/O
# If format not detected automatically
# Test with john directly
john --format=md5 --test
# List all supported formats
john --list=formats | head -20
# Try format-specific approach
john hashes.txt --format=md5crypt
john hashes.txt --format=bcrypt
john hashes.txt --format=sha256crypt
# Validate hash file format
file hashes.txt
head -c 100 hashes.txt
Best Practices
Security Testing Workflow
# 1. Collection Phase
# - Extract hashes (shadow, SAM, database)
# - Verify hash format and validity
# - Remove duplicates
# - Document source system
# 2. Analysis Phase
# - Start with dictionary attacks (fast)
# - Progress to rule-based (medium time)
# - Use incremental as fallback (slow)
# - Monitor progress regularly
# 3. Reporting Phase
# - Document cracked passwords
# - Categorize by strength
# - Recommend policies
# - Plan remediation
Authorized Testing
- Only crack passwords you own or have explicit written authorization
- Document business justification for password testing
- Obtain proper approvals before starting
- Maintain secure records of results
- Follow responsible disclosure procedures
- Comply with applicable laws and regulations
Effective Dictionary Use
# Combine multiple wordlists efficiently
cat /usr/share/wordlists/rockyou.txt \
/usr/share/wordlists/common-passwords.txt \
custom_passwords.txt | sort -u > master_dict.txt
# Use targeted wordlists for context
# Organization names
# Common terms related to business
# Personal information (if authorized)
# Previous breach databases (responsibly)
# Create context-specific rules
# Append company founding year
# Prepend company abbreviation
# Include local area codes
See Also
- John the Ripper CLI documentation
- Hashcat GPU-accelerated cracking
- Ophcrack Windows password tool
- L0phtCrack commercial cracker
- Password security policies and standards
- Breach database analysis techniques
- Rainbow table generation and usage
