Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 19 Apr 2011 23:40:00 +0400
From: Aleksey Cherepanov <aleksey.4erepanov@...il.com>
To: john-users@...ts.openwall.com
Subject: JtR GUI ideas list

I would like to start comprehensive discussion about GUI for John to
collect different ideas about it and simplify upcoming development. So i
post a part of my proposal (without template and timeline). It contains
some ideas and i would like to hear more ideas. (May be a wiki page
would be better for it?)

Proposal

Problem description

While John the Ripper is the major password security auditing tool it
sometimes confuses users that are not familiar with command line
utilities or do not know enough about passwords, hashes and other things
to understand John's output correctly. GUI is intended to reduce skill
level needed to use John.

On the other hand sometimes John needs some scripts to be written to
support complex workflows. For instance when someone has a lot of
password with some specifics it is good to crack part, understand
specifics, write rules and crack next part faster using these rules. To
support it GUI may have an ability to be scripted or extended by plugins
built upon robust simple actions set.

Features

There are some variants about implementation.
- GUI framework. It was decided to use either WxWidgets or Qt. Both have
  some benefits.
- programming language. My first proposal was to fastly prototype gui in
  Python language and then rewrite it in C++. After some debats i think
  there are three usable variants: to use only C++, to prototype in
  Python and then use C++, and to use only Python. They all have some
  benefits.
- integrated John or not
- two designes: one table with all fields in which rows with cracked
  password are updated, separate tabs with its own tables for each
  cracking method (single, external and others).

Decision about these depends on what features are wanted.

Not optional features
- Comfortable and not confusing gui design
- Hash files editing with abilities to unhash it, split into separate
  files, join files, etc.
- Showing results in the interface
- Comfortable work with large hash files
- Multiple Sessions with its own Johns running at the same time
- And others common for such type of programs

GUI specific optional features
- Start screen (a-la eclipse)
- Customizable key bindings
- drug'n'drop
- support of multiple files for drug'n'drop
- drug'n'drop for not yet started program through shortcut
- Full access from keyboard
- Full access from mouse
- Customizable design
- i18n (i will provide english and russian languages)
- Report print
- Gui table copiing and pasting, exchange with other programs (MS Excel
  or similar)
- System tray support, minimizing to tray
- Attractive icons
- Toolbar

Optional features (may be insane)
- Detailed statistics
- Hints and tips in the interface to help new users understand what is
  going on
- Mailing support
- Import of already cracked passwords
- pot file and wordlists management
- Integration with rules auto-generation
- Settings profiles
- Modular architecture for easy extension
- Plugins or scripts for dynamic extension
- Starting of John on desired cpu core (is it possible?)
- Monitor for cpu load with Johns' statistics
- Local area passwords cracking (support for different dictionaries for
  different languages)
- Password analizing: reports, charts, etc.
- chr files management
- Export of results in different formats
- Johns' priorities management
- Running instance detection to not start the second gui if one already
  exists
- Different Johns' versions support
- Design customization
- Non-interactive mode (like non-interactive ex (vim -e -s))
- Other interesting command line options
- Premade scripts or plugins for common workflows
- Integration with existing documentation
- Mailing list archive browser to search some solutions online
- RSS feed reader to be up to date with John's news

Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.