John the Ripper

John the Ripper is an open-source password security auditing and password recovery tool, widely regarded as the gold standard for offline password cracking in the security community. Originally developed by Solar Designer (Alexander Peslyak) at Openwall and first released in 1996, John the Ripper has been continuously developed for nearly three decades and remains one of the most actively maintained security tools in existence. The jumbo edition supports hundreds of hash and cipher types including Unix user passwords (descrypt, md5crypt, sha256crypt, sha512crypt, bcrypt, yescrypt), Windows passwords (LM, NTLM, NetNTLMv1, NetNTLMv2), macOS keychain passwords, web application hashes (WordPress, Drupal, Joomla, phpBB, MediaWiki), groupware (Lotus Notes/Domino, SAP), database servers (MySQL, PostgreSQL, MSSQL, Oracle, MongoDB), network traffic captures (Windows network authentication NTLM, WiFi WPA-PSK/WPA2-PSK), encrypted private keys (SSH, GnuPG, cryptocurrency wallets), filesystems and disks (macOS DMG, Windows BitLocker, LUKS, TrueCrypt, VeraCrypt), archives (ZIP, RAR, 7z), and document files (PDF, Microsoft Office). John offers multiple cracking modes including single crack mode (uses information from the GECOS field and login name), wordlist mode (with extensive mangling rules), incremental mode (tries all possible combinations in a specific order using Markov chains), external mode (custom C code compiled at runtime), and mask mode (pattern-based brute force). The tool features automatic detection of hash types, multi-core CPU parallelization, and OpenMP support. John the Ripper is free and open source (GPLv2) with a commercial Pro version available for Linux and macOS.