John the Ripper Quick Reference
================================

BASIC USAGE
  john hash.txt                  Auto-detect and crack
  john --wordlist=words.txt hash.txt   Dictionary attack
  john --show hash.txt           Show cracked passwords

HASH FORMATS
  john --format=raw-md5 hash.txt
  john --format=raw-sha256 hash.txt
  john --format=raw-sha512 hash.txt
  john --format=bcrypt hash.txt
  john --format=NT hash.txt          NTLM
  john --format=sha512crypt hash.txt  Linux shadow

  # List all formats
  john --list=formats

HASH EXTRACTION
  # Linux shadow file
  unshadow /etc/passwd /etc/shadow > hashes.txt

  # ZIP file
  zip2john file.zip > hash.txt

  # RAR file
  rar2john file.rar > hash.txt

  # PDF
  pdf2john file.pdf > hash.txt

  # SSH private key
  ssh2john id_rsa > hash.txt

  # KeePass
  keepass2john database.kdbx > hash.txt

  # Office documents
  office2john file.docx > hash.txt

  # 7z archive
  7z2john file.7z > hash.txt

ATTACK MODES
  # Wordlist
  john --wordlist=/path/to/wordlist hash.txt

  # Wordlist with rules
  john --wordlist=words.txt --rules hash.txt
  john --wordlist=words.txt --rules=jumbo hash.txt

  # Incremental (brute force)
  john --incremental hash.txt
  john --incremental=digits hash.txt

  # Mask
  john --mask="?a?a?a?a?a" hash.txt

OPTIONS
  --fork=4                 Use 4 CPU cores
  --session=name           Save session
  --restore=name           Restore session
  --pot=file               Custom potfile

COMMON CTF PATTERNS
  # Crack ZIP password
  zip2john secret.zip > zip_hash.txt
  john --wordlist=rockyou.txt zip_hash.txt
  john --show zip_hash.txt

  # Crack SSH key
  ssh2john id_rsa > ssh_hash.txt
  john --wordlist=rockyou.txt ssh_hash.txt
