Mailer

root@kali:~# mailer
Usage: /usr/sbin/mailer PASSWORD-FILE

Unique

root@kali:~# unique
Usage: unique [-v] [-inp=fname] [-cut=len] [-mem=num] OUTPUT-FILE [-ex_file=FNAME2] [-ex_file_only=FNAME2]

       reads from stdin 'normally', but can be overridden by optional -inp=
       If -ex_file=XX is used, then data from file XX is also used to
       unique the data, but nothing is ever written to XX. Thus, any data in
       XX, will NOT output into OUTPUT-FILE (for making iterative dictionaries)
       -ex_file_only=XX assumes the file is 'unique', and only checks against XX
       -cut=len  Will trim each input lines to 'len' bytes long, prior to running
       the unique algorithm. The 'trimming' is done on any -ex_file[_only] file
       -mem=num.  A number that overrides the UNIQUE_HASH_LOG value from within
       params.h.  The default is 21.  This can be raised, up to 25 (memory usage
       doubles each number).  If you go TOO large, unique will swap and thrash and
       work VERY slow

       -v is for 'verbose' mode, outputs line counts during the run

john Usage Example

Using a wordlist (–wordlist=/usr/share/john/password.lst), apply mangling rules (–rules) and attempt to crack the password hashes in the given file (unshadowed.txt):

root@kali:~# john --wordlist=/usr/share/john/password.lst --rules unshadowed.txt
Warning: detected hash type "sha512crypt", but the string is also recognized as "crypt"
Use the "--format=crypt" option to force loading these as that type instead
Loaded 1 password hash (sha512crypt [64/64])
toor             (root)
guesses: 1  time: 0:00:00:07 DONE (Mon May 19 08:13:05 2014)  c/s: 482  trying: 1701d - andrew
Use the "--show" option to display all of the cracked passwords reliably

unique Usage Example

Using verbose mode (-v), read a list of passwords (-inp=allwords.txt) and save only unique words to a file (uniques.txt):

root@kali:~# unique -v -inp=allwords.txt uniques.txt
Total lines read 6089 Unique lines written 5083

Packages and Binaries:

john

John the Ripper is a tool designed to help systems administrators to find weak (easy to guess or crack through brute force) passwords, and even automatically mail users warning them about it, if it is desired.

Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches.

Installed size: 75.27 MB
How to install: sudo apt install john

  • john-data
  • libc6
  • libgmp10
  • libgomp1
  • libpcap0.8
  • libssl1.1
  • zlib1g
SIPdump

Part of SIPcrack, A suite of tools to sniff and crack the digest authentications within the SIP protocol.

root@kali:~# SIPdump -h
Usage: sipdump [OPTIONS] <dump file>                           

       <dump file>    = file where captured logins will be written to

       Options:                                                  
       -i <interface> = interface to listen on                   
       -p <file>      = use pcap data file                       
       -m             = enter login data manually                
       -f "<filter>"  = set libpcap filter                       

* Invalid arguments

base64conv
root@kali:~# base64conv -h
Created directory: /root/.john
base64conv: invalid option -- 'h'
Usage: base64conv [-l] [-i intype] [-o outtype] [-q] [-w] [-e] [-f flag] [data[data ...] | < stdin]
 - data must match input_type i.e. if hex, then data should be in hex
 - if data is not present, then base64conv will read data from std input)
 - if data read from stdin, max size of any line is 256k

  -q will only output resultant string. No extra junk text
  -e turns on buffer overwrite error checking logic
  -l performs a 'length' test

  -r ifname  process whole file ifname (this is the input file)
  -w ofname  The output filename for whole file processing
             NOTE, -r and -w have to be used as a pair

Input/Output types:
  raw      raw data byte
  hex      hexadecimal string (for input, case does not matter)
  mime     base64 mime encoding
  crypt    base64 crypt character set encoding
  cryptBS  base64 crypt encoding, byte swapped

Flags (note more than 1 -f command switch can be given at one time):
  HEX_UPCASE         output or length UPCASED (input case auto handled)
  HEX_LOCASE         output or length locased (input case auto handled)
  MIME_TRAIL_EQ      output mime adds = chars (input = auto handled)
  CRYPT_TRAIL_DOTS   output crypt adds . chars (input . auto handled)
  MIME_PLUS_TO_DOT   mime converts + to . (passlib encoding)
  MIME_DASH_UNDER    mime convert +/ into -_ (passlib encoding)

bitlocker2john
root@kali:~# bitlocker2john -h

Usage: bitlocker2john -i <Image of encrypted memory unit>

Options:

  -h		Show this help
  -i		Image path of encrypted memory unit encrypted with BitLocker

calc_stat
root@kali:~# calc_stat -h
Usage: calc_stat [-p] dictionary_file statfile
	-p: include non printable and 8-bit characters

cprepair
root@kali:~# cprepair -h
Codepage repair (c) magnum 2014-2019

Input can be a mix of codepages, UTF-8 and double-encoded UTF-8, and with
a mix of Windows (CRLF) and Unix (LF) line endings, or missing line endings
on last lines.  If no file name is given, STDIN is used.
Output is UTF-8 with LF line endings and no silly BOM.

Usage: cprepair [options] [file(s)]
Options:
 -i <cp>   Codepage to assume for 8-bit input. Default is CP1252 (MS Latin-1)
 -f <cp>   Alternate codepage when no ASCII letters (a-z, A-Z) seen (default
           is to not treat them differently)
 -n        Do not guess (leave 8-bit as-is)
 -s        Suppress lines that does not need fixing.
 -d        Debug (show conversions).
 -l        List supported encodings.
 -p        Only convert stuff after first ':' (.pot file).
 -P        Suppress output lines with unprintable ASCII and, when used together
           with -n option, also suppress lines with invalid UTF-8

dmg2john

genmkvpwd
root@kali:~# genmkvpwd -h
Usage: genmkvpwd statfile max_lvl [max_len] [start] [end]

gpg2john

hccap2john

john

A tool to find weak passwords of your users

root@kali:~# john -h
John the Ripper 1.9.0-jumbo-1 OMP [linux-gnu 64-bit x86_64 AVX2 AC]
Copyright (c) 1996-2019 by Solar Designer and others
Homepage: http://www.openwall.com/john/

Usage: john [OPTIONS] [PASSWORD-FILES]
--single[=SECTION[,..]]    "single crack" mode, using default or named rules
--single=:rule[,..]        same, using "immediate" rule(s)
--wordlist[=FILE] --stdin  wordlist mode, read words from FILE or stdin
                  --pipe   like --stdin, but bulk reads, and allows rules
--loopback[=FILE]          like --wordlist, but extract words from a .pot file
--dupe-suppression         suppress all dupes in wordlist (and force preload)
--prince[=FILE]            PRINCE mode, read words from FILE
--encoding=NAME            input encoding (eg. UTF-8, ISO-8859-1). See also
                           doc/ENCODINGS and --list=hidden-options.
--rules[=SECTION[,..]]     enable word mangling rules (for wordlist or PRINCE
                           modes), using default or named rules
--rules=:rule[;..]]        same, using "immediate" rule(s)
--rules-stack=SECTION[,..] stacked rules, applied after regular rules or to
                           modes that otherwise don't support rules
--rules-stack=:rule[;..]   same, using "immediate" rule(s)
--incremental[=MODE]       "incremental" mode [using section MODE]
--mask[=MASK]              mask mode using MASK (or default from john.conf)
--markov[=OPTIONS]         "Markov" mode (see doc/MARKOV)
--external=MODE            external mode or word filter
--subsets[=CHARSET]        "subsets" mode (see doc/SUBSETS)
--stdout[=LENGTH]          just output candidate passwords [cut at LENGTH]
--restore[=NAME]           restore an interrupted session [called NAME]
--session=NAME             give a new session the NAME
--status[=NAME]            print status of a session [called NAME]
--make-charset=FILE        make a charset file. It will be overwritten
--show[=left]              show cracked passwords [if =left, then uncracked]
--test[=TIME]              run tests and benchmarks for TIME seconds each
--users=[-]LOGIN|UID[,..]  [do not] load this (these) user(s) only
--groups=[-]GID[,..]       load users [not] of this (these) group(s) only
--shells=[-]SHELL[,..]     load users with[out] this (these) shell(s) only
--salts=[-]COUNT[:MAX]     load salts with[out] COUNT [to MAX] hashes
--costs=[-]C[:M][,...]     load salts with[out] cost value Cn [to Mn]. For
                           tunable cost parameters, see doc/OPTIONS
--save-memory=LEVEL        enable memory saving, at LEVEL 1..3
--node=MIN[-MAX]/TOTAL     this node's number range out of TOTAL count
--fork=N                   fork N processes
--pot=NAME                 pot file to use
--list=WHAT                list capabilities, see --list=help or doc/OPTIONS
--format=NAME              force hash of type NAME. The supported formats can
                           be seen with --list=formats and --list=subformats


keepass2john
root@kali:~# keepass2john -h
keepass2john: invalid option -- 'h'
Usage: keepass2john [-k <keyfile>] <.kdbx database(s)>

mailer

Script to warn users about their weak passwords


mkvcalcproba

putty2john

racf2john

rar2john
root@kali:~# rar2john -h
rar2john: invalid option -- 'h'
Usage: rar2john <rar file(s)>

raw2dyna
root@kali:~# raw2dyna -h
usage raw2dyna [options] < input > output
	Options:
		-d=#   dyna number (-d=12 and $dynamic_12$hash$salt is used)
		-a     ALL hashes get $HEX$ and not simply hashes which have problems
		-ls=#  The salt is the leading data, and it is # bytes long
		-ss=b  The salt separator char is b  a blank -ss= means no separator char
		-hl=n  The length of hash.  SHA1 is 40, MD4/5 is 32, SHA256 is 64, etc
		-2h=r  perform a simple convert to hex.  the string r is converted to $HEX$hhhh...
		-2r=h  perform a simple convert out of hex.  the hex string h is converted to raw data
		       if either -2h or -2r are used, then the convert is done and the program exits
	defaults are -d=12 -ss=: -hl=32

tgtsnarf
root@kali:~# tgtsnarf --help
tgtsnarf: invalid option -- '-'
Usage: tgtsnarf [-A] realm host [users...]

uaf2john

unafs

Script to warn users about their weak passwords

root@kali:~# unafs -h
Usage: unafs DATABASE-FILE CELL-NAME

undrop

unique

Removes duplicates from a wordlist


unshadow

Combines passwd and shadow files

root@kali:~# unshadow -h
Usage: unshadow PASSWORD-FILE SHADOW-FILE

vncpcap2john

wpapcap2john
root@kali:~# wpapcap2john -h
Converts PCAP or IVS2 files to JtR format.
Supported encapsulations: 802.11, Prism, Radiotap, PPI and TZSP over UDP.
Usage: wpapcap2john [options] <file[s]>

-c		Show only complete auths (incomplete ones might be wrong passwords
		but we can crack what passwords were tried).
-v		Bump verbosity (can be used several times, try -vv)
-d		Do not suppress dupe hashes (per AP/STA pair)
-r		Ignore replay-count (may output fuzzed-anonce handshakes)
-f <n>		Force anonce fuzzing with +/- <n>
-e <essid:mac>	Manually add Name:MAC pair(s) in case the file lacks beacons.
		eg. -e "Magnum WIFI:6d:61:67:6e:75:6d"
-m <mac>	Ignore any packets not involving this mac address


zip2john
root@kali:~# zip2john -h
zip2john: invalid option -- 'h'
Usage: zip2john [options] [zip file(s)]
Options for 'old' PKZIP encrypted files only:
 -a <filename>   This is a 'known' ASCII file. This can be faster, IF all
    files are larger, and you KNOW that at least one of them starts out as
    'pure' ASCII data.
 -o <filename>   Only use this file from the .zip file.
 -c This will create a 'checksum only' hash.  If there are many encrypted
    files in the .zip file, then this may be an option, and there will be
    enough data that false positives will not be seen.  If the .zip is 2
    byte checksums, and there are 3 or more of them, then we have 48 bits
    knowledge, which 'may' be enough to crack the password, without having
    to force the user to have the .zip file present.
 -m Use "file magic" as known-plain if applicable. This can be faster but
    not 100% safe in all situations.
 -2 Force 2 byte checksum computation.

NOTE: By default it is assumed that all files in each archive have the same
password. If that's not the case, the produced hash may be uncrackable.
To avoid this, use -o option to pick a file at a time.

john-data

John the Ripper is a tool designed to help systems administrators to find weak (easy to guess or crack through brute force) passwords, and even automatically mail users warning them about it, if it is desired.

This package contains architecture-independent character sets usable by john and architecture-independent scripts.

Installed size: 60.93 MB
How to install: sudo apt install john-data


Updated on: 2021-Sep-16