macOS
brew install johnlocal Homebrew formula metadata
sudo port install johnMacPorts ports tree · sysutils/john/Portfile · source: api.github.com
brew
Featureful UNIX password cracker. Version 1.9.0 via Homebrew; verified 2026-06-19.
install
brew install johnlocal Homebrew formula metadata
sudo port install johnMacPorts ports tree · sysutils/john/Portfile · source: api.github.com
sudo apk add johnAlpine Linux edge package indexes · john · source: dl-cdn.alpinelinux.org
sudo apt install johnDebian stable package indexes · john · source: deb.debian.org
sudo dnf install johnFedora Rawhide package metadata · john · source: dl.fedoraproject.org
nix profile install nixpkgs#johnnixpkgs package indexes · pkgs/by-name/jo/john/package.nix · source: api.github.com
sudo pacman -S johnArch Linux sync databases · john · source: geo.mirror.pkgbuild.com
sudo zypper install johnopenSUSE Tumbleweed package metadata · john · source: download.opensuse.org
overview
Featureful UNIX password cracker
history
John the Ripper is a classic open-source password security auditing and recovery tool. Its core identity is a fast Unix password cracker, but the Openwall documentation also presents it as a cross-platform tool for many Unix-like systems, macOS, Windows, DOS, BeOS, and OpenVMS.
According to Solar Designer on the Openwall john-users list, John the Ripper 1.0 was released in 1996 as a DOS replacement for Cracker Jack, built with DJGPP and optimized for 486 and Pentium systems. The same account says the incremental-mode prototypes date to 1995, the project became open source in 1997, and the 1.5 rewrite in 1998 formed the basis of later releases.
Openwall's project page separates core John from Jumbo: the core release is the smaller, more conservative line, while Jumbo carries broader community functionality. The openwall/john GitHub repository was created in 2011 and serves the development source referenced from the official homepage.
John became part of Unix security practice because it automated weak-password detection against common crypt(3) hashes and later gained support for Kerberos/AFS, Windows LM, DES tripcodes, and many additional formats. Openwall notes that John is included in Owl, Debian, Fedora, Gentoo, Mandriva, SUSE, and BSD ports or packages.
Homebrew keeps a separate john formula for the core package, conflicting with john-jumbo so users choose between the conservative package and the enhanced branch.
The core workflow is to feed John password hashes, let it identify or be told a format, crack with wordlist, single, or incremental modes, and save cracked values to john.pot. Related tools such as unshadow and unique support the Unix password-auditing workflow around the main john executable.
John is one of the packages that makes Unix security tooling feel like a package-manager canon item: tiny command name, long history, distro ubiquity, and a split between core stability and Jumbo reach. For maintainers, it is also a reminder that packaging security tools means preserving documentation, wordlists, CPU optimizations, and legal/licensing details alongside the executable.
security posture
credential attack tooling.
red risk · high confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
john | cli | global executable | |
unafs | cli | global executable | |
unique | cli | global executable | |
unshadow | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://www.openwall.com/john/
install metadata
| Package key | brew:john |
|---|---|
| Version | 1.9.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/john |
| Homepage | https://www.openwall.com/john/ |
| Repository | https://github.com/openwall/john |
| Upstream docs | https://github.com/openwall/john |
| License | GPL-2.0-or-later |
| Source archive | https://www.openwall.com/john/k/john-1.9.0.tar.xz |
| Last updated | 2026-06-19T12:31:21-07:00 |
| Pulse | updated |
| Uses from macOS | libxcrypt |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | john |
| Version Scheme | 0 |
| Revision | 1 |
| Conflicts With |
|
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
john 1.9.0-2
active password cracking tool
sudo apt install johnjohn-data 1.9.0-2
active password cracking tool - character sets
sudo apt install john-datajohn
nix profile install nixpkgs#johnjohn 1.9.0-2build1
active password cracking tool
sudo apt install johnjohn-data 1.9.0-2build1
active password cracking tool - character sets
sudo apt install john-datajohn 1.9.0-r8
John the Ripper password cracker
sudo apk add johnjohn-bash-completion 1.9.0-r8
Bash completions for john
sudo apk add john-bash-completionjohn-doc 1.9.0-r8
John the Ripper password cracker (documentation)
sudo apk add john-docjohn-zsh-completion 1.9.0-r8
Zsh completions for john
sudo apk add john-zsh-completionjohn 1.9.0-12.fc43
John the Ripper password cracker
sudo dnf install johnjohn 1.9.0.jumbo1-13
John the Ripper password cracker
sudo pacman -S johnjohn 1.9.0-9.12
Utility to detect weak passwords
https://www.openwall.com/john/
sudo zypper install johnjohn
sudo port install johnunique 1.1.6-37.fc44
Single instance support for applications
http://www.gnome.org/~ebassi/source/
sudo dnf install uniqueunique-devel 1.1.6-37.fc44
Libraries and headers for Unique
http://www.gnome.org/~ebassi/source/
sudo dnf install unique-develsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.