John The ripper allows to check if a hash corresponds to a password present in a list.
Save one or more hashes in hash.txt file.
$ echo 'root:$1$1337$WmteYFHyEYyx2MDVXln7Y1' >hash.txt $ echo 'wordpressuser1:$P$BqV.SQ6OtKhVV7k7h1wqESkMh41buR0' >>hash.txt
Use John the ripper to break the password using its internal password list:
$ john hash.txt
Use John the ripper to break the password using the Rockyou list:
$ john hash.txt --wordlist=/etc/share/wordlists/rockyou.txt
John no longer displays passwords he has already broken.
To view these passwords:
$ john hash.txt --show
There are several versions of John on the Internet. The Kali and Parrot distributions, install the John Community Enhanced -jumbo version. This distribution is available at https://github.com/openwall/john
$ sudo snap install john-the-ripper $ john John the Ripper 1.9.0-jumbo-1 OMP [linux-gnu 64-bit 64 AVX2 AC]