Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Aug 2016 10:59:50 -0400
From: Rich Rumble <>
Subject: Re: how to use John to create more complex passwords

On Thu, Aug 18, 2016 at 10:04 AM, Liyan Cao <> wrote:
> Hi, Rich,
> Thank you!
> I got below error. I'm using "John the Ripper 1.8.0 (sources, tar.xz, 4.3 MB)". Any suggestions?
> $ ./john -w=mypasswd.lst -rules=single -stdout
> Extra parameter for option: "-rules=single"
You will want to download and compile the latest version of John, the
Jumbo version on Github
If you know hot to use git too: git clone
cd into the src directory and use ./configure && make clean && make

There are also some premade and user contributed versions you may want
to try that are more modern than 1.8.0, but none as updated as the GIT
> -----Original Message-----
> From: Rich Rumble []
> Sent: Thursday, August 18, 2016 9:38 AM
> To:
> Subject: Re: [john-users] how to use John to create more complex passwords
> On Wed, Aug 17, 2016 at 9:22 PM, Liyan Cao <> wrote:
>> Hi,
>> I'd like to run John with a password list file to create another file with the passwords at least 8 alphanumeric characters.
>> Can you give me a sample with the syntax?
>> For example :
>> Inside the password.lst, I have:
>> Security
>> I'd like the new password file to have the words generated from Security:
>> Security123
>> Secur1ty
>> How do I do that?
> the --stdout feature should work:
> john -w=password.lst -rules=single -stdout The output from that command could be very large depending on how many lines you have in your password.lst file so if your redirecting that output to a file ( >output.txt) it could get quite large.
> You can write your own rules (see RULES in the DOC folder) as well and then specify them instead of the built in rules like "single", "nt", "wordlist" etc..
> If you have a password "policy" you want john to use, you can use the external filter or create your own external filter
> john -external=policy -w=password.lst -rules=single -stdout
> That default policy above is 1 upper, 1 lower and 1 digit, 8 or more in length. If you want specials to be included, the external filter in john.conf will have to be changed to include that.
> You can also use the mask mode to append to your wordlist john -stdout -w=password.lst -mask=?w?s?d?d -min-length=5
> See MASK doc's for more examples. You can even apply the external filters to that command too :) This too will create a lot of data...
> -rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.