Tarsnap GUI v.10 on MacOS

Tarsnap GUI v1.0 on MacOS

Quick update, I’ve just release the first stable version of the open source cross-platform front-end for the Tarsnap secure online backup service. Here’s an excerpt from the Tarsnap GUI v1.0 release notes:

“The chosen one.”

This release is the culmination of all the previous efforts to bring Tarsnap GUI to a point where it is feature rich, reliable and robust enough to be called “stable”. We have been hard at work to bring you the most complete cross-platform open-source and non-intrusive secure online backup solution front-end on top of the tarsnap service possible. This release adds many new features like support for automatic job backup scheduling enable/disable, full I18N support, full search/filter capabilities in Archives, Archive contents and Job lists, detailed Archive contents using long ls list format with sortable columns, save console log to file and running concurrent restore operations and more, as well as many many improvements, code refactoring, fixes and overall adjustments on speed, resource usage, reliability, usability&accesibility and error management & reporting.

For a complete listing of changes and additions see https://github.com/Tarsnap/tarsnap-gui/blob/v1.0/CHANGELOG

For announcement e-mail see https://mail.tarsnap.com/tarsnap-users/msg01406.html

Grab it from Github, take it for a spin and let me know what you think.

https://github.com/Tarsnap/tarsnap-gui/releases/tag/v1.0

Tagged with:
 

Using Tarsnap GUI on OS X

Tarsnap logo

For the past year I’ve been working on Tarsnap GUI, an open source cross-platform frontend for the Tarsnap backup service. Tarsnap is an online, fully encrypted, deduplicated, online backup solution, that’s been around for close to 10 years now (unlike other online backup offerings with a lifespan smaller than 5 years). Starting with day one, full source code for the client tools was available for review and to establish trust. A bug bounty program is available and any kind of reporting is taken seriously, promptly responded and adequately rewarded by the creator and principal developer of Tarsnap, Colin Percival. Tarsnap uses a prepaid model, you add credit to your account and you’ll only pay for what you use and nothing more, no annual or monthly subscriptions. For the moment, the price per MB (SI notation) of storage (used monthly) and MB transferred is 250 picodollars each. The backend infrastructure is powered by AWS.

Tarsnap was originally offered as a command-line suite of tools, in true allegiance to the Unix philosophy, very similar to the tar utility, for maximum flexibility and control over your backup routines and of great relevance for the server world. Die-hard Unix users and admins see no distinction between server administration and personal workstation and thus nothing is stopping you from backing up your personal machines and workstations the same way you would a networked server. Tarsnap GUI comes to the rescue here in filling whatever gap might be between the server and desktop workflows and for the people that like to keep real work inside the Terminal and all else contained in easy to use, slim, yet robust GUIs. What follows is a small tutorial on how to get started with Tarsnap GUI to back up your OS X desktop. Setting the platform differences in the Installation and Scheduling sections aside, this tutorial is very relevant to the other supported platforms too.

Register with Tarsnap

First and foremost you need to register on the Tarsnap website and add some credit via the preferred method of payment (Credit card, Paypal and Bitcoin are accepted methods). Five bucks would suffice for a start. Read a bit on the homepage and getting started page just to get acquainted with Tarsnap. Tarsnap doesn’t ask, thus doesn’t need to store any personal information besides your e-mail address.

Installation

At the moment of writing this tutorial, Tarsnap GUI version 0.8 and Tarsnap CLI version 1.0.36.1 are the latest offerings and installing from source is the preferred method of installation for all platforms, although we are working towards changing that at some point.

Installing from source on OS X is pretty easy thanks to Homebrew, an alternative to Mac ports. Once you installed Homebrew or updated to the latest version (tarsnap-gui was recently added to the homebrew-gui repo), installing Tarsnap is as simple as executing the following command in Terminal:

brew tap homebrew/gui && brew install tarsnap-gui && brew linkapps tarsnap-gui

What this will do is fetch the latest stable versions of the Tarsnap command-line utilities and the GUI front-end along with their dependencies from Github, compile from source and then add useful symlinks to the appropriate system directories. The Tarsnap command-line utilities are symlinked in /usr/local/bin and a symlink for Tarsnap.app should be in /Applications.

If Homebrew is not a desirable option for you or you’re reading this with *Linux or *BSD in mind, the steps for installing manually from source are best described in the INSTALL dist file. Some BSD flavors like FreeBSD, PCBSD have already incorporated tarsnap-gui into their repos or ports trees, or plan to like OpenBSD in next version, so it might be worth to look for it there before deciding to proceed with the manual steps. Upstream Linux RPM and DEB packages are being considered for a change.

Wizard setup

Upon opening /Applications/Tarsnap.app you will be greeted with the following:

Tarsnap-tutorial-1

This is the setup wizard and will help you get started with using Tarsnap in no time. The first step for the wizard is to find the Tarsnap command-line utilities that are used to talk with the Tarsnap servers. In the Homebrew case, they will be located in /usr/local/bin and depending on the PATH environment variable for your current user the wizard will either direct you to the Advanced page to set that directory manually or proceed right next to the next step for the case where you already have it in your PATH. You don’t have to worry about the other settings in the Advanced page for now.

Tarsnap-tutorial-2

Tarsnap-tutorial-3

 

On the next screen you will be asked if you used Tarsnap on this machine already, assuming this is a fresh setup you should click on No. If you already used Tarsnap in the past and have a key for that machine (it is good practice to use a different key for every machine), I’m guessing you already know what you’re doing and thus you can proceed the other way around. Upon clicking on No you end up to this screen:

Tarsnap-tutorial-4

 

This is where you fill in your Tarsnap account credentials from the Registration step. When you click on Register machine, your encryption key is created locally and an accounting record using the Machine name specified is created on the Tarsnap server and associated with a signature of the key. This is used for generating your service and credit usage reports per machine (or key signature, the machine name doesn’t matter much and can be anything you want), for your convenience, on Tarsnap.com. The actual key used for encrypting your data never leaves your machine. Your backups are safe as long as you will be able to hold on to this key privately. If you lose this key your backup data is gone forever. The actual path where the key is stored on your system, along with some useful advice, will be revealed to you in the last screen upon successful registration.

That’s all it takes to quickly set up Tarsnap on your desktop, rather simple right? Let’s proceed by taking a first look at the main app window.

First impressions

Tarsnap-tutorial-5

The first thing you’ll see is the empty Backup pane. The Backup tab is used to quickly put to rest arbitrary files and directories of your choosing to Tarsnap. Think of it like a convenient one-time drop bin, where you can easily drag and drop important files, set a name for the archive, hit Backup button and forget about it.

Tarsnap-tutorial-6

Clicking the Backup button will result in an archive named Tarsnap-tutorial consisting of the files and directories added to the list. In a matter of seconds I have an off-site, encrypted backup of the resources in this tutorial, awesome right? Now let’s look for the archive just created, leading the way to the next pane, Archives:

Tarsnap-tutorial-7

This pane lists all the archives created for the current machine/key, providing for means to manage, inspect and restore archives. You can already notice the Tarsnap-tutorial archive. Let’s double click that item to get a detailed look:

Tarsnap-tutorial-8

You can notice several things from this view that describe an archive in Tarsnap terms:

  1. The archive name, Tarsnap-tutorial in this case. The name can be any arbitrary combination of characters, excluding the null character and must be unique amongst all the existing archives.
  2. The archive size, 4.83MB in this case. This is the original size of all the items included in a backup, before deduplication  and compression.
  3. Unique data, 2.15MB in this case, what you pay for. This is the archive size post deduplication and compression. As you can see, Tarsnap is smart enough not to waste your credit on duplicate data, even for single archives.
  4. A command. This is the exact command-line used by the application to create the archive. Every single action executed by the GUI app has a direct command-line equivalent, which can be reviewed in the Help -> Console pane. Total transparency, control and debugging capability. You can even use this to learn how to operate Tarsnap at the command-line.
  5. Contents listing. This list contains all the source files and directories included in an archive.

Every Tarsnap operation is accompanied by a status bar message. When Tarsnap is working with the server a loading circular orb will animate to indicate activity. All of the status messages are logged and can be reviewed by expanding the Journal with a click on the arrow head in the status bar.

Tarsnap-tutorial-9

Using Jobs

The obvious evolution from simple on-demand one-shot backups are Jobs, logical definitions for important locations in your file system that you know are going to be backed up regularly. These could be your Documents, Work or Desktop directories. Let’s define one now for the Tarsnap tutorial directory used previously, by switching to the Jobs tab, clicking on Add Job button and filling up the Job specifics:

 

Tarsnap-tutorial-10

So a Job is:

  1. A name, Tarsnap Tutorial, in this case. This name is prepended to the archive names for this Job.
  2. Files and directories selected in the File System tab. This is what you want to back up as part of this Job.
  3. Options particular to this Job. We’ll take a look at this later on.
  4. Archives pertaining to this Job. None yet thus pane is disabled.

Let’s change fact no. 4 and create the first backup for this Tarsnap Tutorial by Saving the Job and then clicking the Backup button for the Job entry that appeared in the list:

Tarsnap-tutorial-11

A couple seconds later:

Tarsnap-tutorial-12

Double click the resulting archive in the updated Job -> Archives pane and let’s take a look at the result:

Tarsnap-tutorial-13

A Job archive has all the properties as the previously created on-demand archive. A couple observations are worth noting:

  1. The Job_ prefix is prepended to the archive name;
  2. The archive has a reference to the Tarsnap Tutorial Job. You can jump to the Tarsnap Tutorial job by clicking on the Job icon in the archive listing or the Job: label;
  3. I’ve added 5 extra screenshots to the directory since the previous on-demand archive. If you take a look at the Unique data label you’ll notice that only 1.25MB of data has actually been uploaded to the Tarsnap server and thus you’ll only be charged for that. This is the deduplication magic in action that works between all archives created with the same key and will save you a lot in the long term when backing up from the same sources of data in what amounts to, basically, incremental backups.
  4. Tarsnap also compresses your data after deduplication step for maximum storage, bandwidth and resulting cost efficiency. In this case I’m backing up PNG files which are already compressed data formats (also MPG, AVI, MP3, MP4; in general any modern media format has some level of compression), but if I were to backup source code, text files, documents and other raw formats the amount of savings will be even greater. This also means that it’s pointless and even detrimental to the efficiency of Tarsnap if you’re compressing your files manually before using Tarsnap.

This is the basics of using Jobs with Tarsnap GUI. What you should do next is define individual Jobs for each of your important file system locations like Documents, Pictures, Desktop and your Work directory. You can back up all your Jobs at once by clicking on the Add job button drop down and Backup all jobs or selecting all Jobs and hitting CMD+b keyboard combo. For a full listing of keyboard shortcuts available see Help pane.

Next we’re going to take a look at scheduling automated backups for Jobs.

Scheduling

At the moment, scheduling automated backups for your Jobs requires a bit of knowledge about your Operating System scheduler and some degree of manual work. Given that Tarsnap GUI is cross-platform (OS X, BSDs, Linuxes and Windows in the future) and that every platform usually differs in the best choice for scheduling, it’s quite tricky to code a solution that applies elegantly and reliably for all, so for the meantime we’re left with a manual approach. I’m working towards changing that in a future release, if you want to find out when that happens it’s best you either follow the project on Github or subscribe to the tarsnap-users mail list (links at the bottom of this post).

The best scheduling method on OS X is Launchd. Tarsnap GUI executable has a command line parameter called –jobs:

/Applications/Tarsnap.app/Contents/MacOS/Tarsnap -h
Usage: Tarsnap [options]
Tarsnap GUI - Online backups for the truly lazy
 
Options:
...
-j, --jobs Executes all jobs sequentially that have the 'Include in scheduled backups' option checked. The application runs headless and useful information is printed to standard out and error.

You can probably figure out what’s coming next. We’re going to schedule Tarsnap –jobs with Launchd to run on a schedule. Before we do that we need to enable Tarsnap Tutorial job for inclusion into automatic backups (-j). There’s an option for that, named Include in scheduled backups:

Tarsnap-tutorial-14

The option is disabled by default and you need to check it as shown in the screenshot.

For the last step you need to open Terminal and download a sample Plist file that describers the invocation routine for Launchd to the appropriate location and enabe it using launchctl command. You can take a look at the sample plist from the repo on Github:

curl https://raw.githubusercontent.com/Tarsnap/tarsnap-gui/master/util/com.tarsnap.backup.plist > ~/Library/LaunchAgents/com.tarsnap.backup.plist
launchctl load ~/Library/LaunchAgents/com.tarsnap.backup.plist

This launchd script will invoke Tarsnap -j every Sunday at 10AM or the next wake from sleep or system boot right after that (for cron fans, beware that crond doesn’t do that on OS X). So the next time when that date comes around all Jobs that have the Include in scheduled backups option enabled will be backed up. Let’s do a test run now and see what happens:

/Applications/Tarsnap.app/Contents/MacOS/Tarsnap -j

Assuming you have notifications enabled on OS X (otherwise you’re stuck with the output in Terminal) this is what you’ll see:

Tarsnap-tutorial-15

When executing Jobs in the background, Tarsnap GUI will have an icon in the menu bar and desktop notifications will notify you of what’s happening. If you click the tray icon or the  notifications the app will fire up.

Now if you’re reading this with Linux or BSD in mind, all you have to do to schedule your backups is replace Launchd with something like crond.

Restore

What use are backups though without a simple method for restoring backed up data in case of need? Tarsnap GUI takes care of that without much fuss. Let’s delete the Tarsnap tutorial directory and attempt a restore from the latest Tarsnap Tutorial backup by clicking on Restore latest archive button for the Job.

Tarsnap-tutorial-16

Clicking Restore immediately commences the restoration of files in the last Tarsnap Tutorial backup.

Tarsnap-tutorial-17

A couple seconds later, lo and behold, I have my work on this tutorial back. Not much of a surprise huh? Nobody likes surprises when it comes to backups anyway.

Afterword

While Tarsnap CLI and Tarsnap GUI is capable of much more than what is laid out in this primer, I hope this was enough of an introduction to get your feet wet and encourage you to start exploring the other things you can do with this setup on your own. If you prefer reading this tutorial in a PDF version here you go.

Relevant links:

Tarsnap website: https://www.tarsnap.com

Tarsnap on Github: https://github.com/Tarsnap

Tarsnap mail lists: https://www.tarsnap.com/lists.html

Tarsnap GUI releases: https://github.com/Tarsnap/tarsnap-gui/releases

Tarsnap GUI Wiki: https://github.com/Tarsnap/tarsnap-gui/wiki/Tarsnap

Tagged with:
 

It’s about time to call the end on the last poll with 70 votes gathered so far and draw the conclusion:

The most useful skills in a pentester's arsenal?

  • Out of the box, unconventional thinking (hacker mindset) (22%, 24 Votes)
  • Constant curiosity (also hacker mindset) (19%, 21 Votes)
  • Social engineering (15%, 16 Votes)
  • Programming and scripting (13%, 14 Votes)
  • Exploit development (8%, 9 Votes)
  • Vulnerability discovery and Fuzzing (7%, 8 Votes)
  • Tool knowledge (6%, 7 Votes)
  • Domain specific knowledge (like Networking, Operating Systems or Scada apps) (6%, 7 Votes)
  • Forensics (2%, 2 Votes)

Total Voters: 70

Loading ... Loading ...

As it turns out, the 3 leading ones are soft skills, the ones that can’t really be learned and have much to do with personality and character. I assume this is only natural, there’s no point in having or going for the hard skills(the ones that can be learned) if there’s no motivation or direction underneath to put things in motion and more important, to keep them in motion.

 

 

Tagged with:
 

Tarsnap GUI v0.8

Tarsnap logo
New year brings fresh meat. I’ve just tagged version 0.8 at Github:

https://github.com/Tarsnap/tarsnap-gui/releases/tag/v0.8

This release continues on the track already paved by the previous release in terms of performance, code robustness and adherence to modern C++ practices and UI consistency, adds a bunch of new features like simulation mode, skip files flagged nodump in the file system and a persistent Journal, as well as numerous other improvements, fixes and adjustments throughout the whole spectrum. This release makes Tarsnap GUI leaner, faster and more robust overall.

More cool things have been packed packed into this release, so I urge you to read the announcement e-mail for all the juicy bits:

https://mail.tarsnap.com/tarsnap-users/msg01215.html

Take Tarsnap GUI v0.8 for a ride and let me know what you make of it:

https://github.com/Tarsnap/tarsnap-gui

Tagged with:
 

GSoC 2015 Mentor Summit wrap-up

The security guard attending the door (before)

The security guard attending the door (before)

I participated at the GSoC mentor summit as part of Openwall’s team during this year’s iteration. The summit took place 6-8 Nov in California, Mountain View at Google and it offers a chance for all GSoC participant orgs to meet up, exchange ideas and contacts, swag, drinks and chocolate and even PGP keys. It is also a good opportunity to talk with the Google peeps assigned with GSoC and suggest new ideas, resolve issues or congratulate their efforts.

Here are a dozen or so ideas that I walked off with from the summit, no particular order:

  1. GSoC is a lot of work, especially from just a handful of people involved with logistics/admin and likely another handful with development of the Melange suite. Be conscious of your non-critical communications and requests of Carol and company, less is better.
  2. Melange, the software behind GSoC platform is Open Source. How about applying the bad blood in regards to it on the source directly? If you’re a student, I think you can apply to Melange org. https://code.google.com/p/soc/
  3. The program is here to stay. If anything, it will get bigger and with more money involved. Congrats to Google and shame on all the other big leechers who don’t seed anything back. This has side effects, more people know about it now and spam applications are an issue. Some orgs had dozens if hundreds of spam applications from India this year and most were targeted at the initial 500$ stipend. The only mitigation to this is increased attention to details from mentors and more careful evaluation of students before the program kicks off. If in doubt don’t accept. You’ll waste your and Carol’s time and Google’s bucks and deny another potentially more successful opportunity to another org, student. Yes, many orgs don’t get into GSoC.
  4. The student conflict resolution process, with the IRC meeting and all, is a pain for both Google and orgs, for many reasons such as time zones, speed at which it happens, lack of useful feedback. Automation and improvements to that process were discussed. An interesting proposal was the possibility to see if a student has already been accepted to another org right from Melange before you accept it to yours.
  5. Mid-term student turn over issues like dropping off the radar, throughput drops significantly, loss of interest somewhere half way, reveals commitment to another engagement not agreed upon beforehand, are all very valid reasons for FAILING. Also keep in mind that many (all) students lie before, during and after the program, either malign or benign in nature. If you have doubts, notice lack of interest, respect and time, give one strike, maybe two, then FAIL. GSoC is not a benefactor program doing charity.
  6. Another interesting discussion was the possibility of extending the community bonding period by moving the org application deadline to early as December and thus start with the student application, review and bonding early in the year and have a couple of months at hand for the student to introduce himself, get started on the project, show interest or reveal the opposite. I personally like this suggestion, since it could provide a much wider ground for careful evaluation and acceptance of students, despite increasing the commitment required from mentors and orgs.
  7. Keeping students involved after the program is an issue for all orgs. I think the previous point might help in weeding out students that are only interested in a summer gig, they do some work during the dead months of summer vacation, get paid and wash hands quickly after, very similar to an internship. I think GSoC aims a bit higher than this, but keeping students interested after the program’s end is really hard, it’s usually up to the student and his overlook for the Open Source community and the org he ends up with.
  8. At least 1 member from a total of 119 orgs participated this year, thus a couple hundred heads. Security projects weren’t that many, apart from Openwall, Nmap, The Honeynet Project, that I noticed. I got a chance to meet people from Nmap that I acquainted way back in GSoC 2011 while I was student with Nmap, a nice surprise for me. The orgs roster was diverse, ranging from Wikimedia, gcc, llvm, git to R, Python and *BSDs to CERN, Bioinformatics and Genome research. Very few people had previous knowledge of Openwall, John the Ripper or Nmap, imagine the raised eyebrows when you tell about John the Ripper. Once I’ve learned that lesson, I started using “Password security testing suite” and “Security for Open Systems” to introduce my self and Openwall (mentioning bcrypt efforts yielded a bit). No shame here, such is the state of the industry and by inference the Open Source segment (which is full of hackers), lots of code, systems, technologies, communities and people involved, but little to no attention given to security, a mere afterthought given the scale, economy and speed of the tech and info industry in its entirety. I take it as a reminder though, the minute you step outside the security bubble you find out that the community is not that wide or evenly spread, popular or interesting to much of the IT industry and audience.  I guess that’s why Openwall, Nmap are here in the first place, to at least attempt a swing at the current state of affairs and challenge the modus vivendi. Too much leeway here, I should expand this in a separate post.
  9. Google was really efficient in taking care of any needs for this 2 day summit(food, shelter, directions, transportation). This was an “unconference” where most of the talks were held by participating orgs and only a couple by Carol and the company. I even met some people from Nmap I acquainted with back in 2011 while I was a student contributor. The atmosphere was relaxed, casual, no rush between events, at least for the first day. On the second the majority of attendees had to rush to the Airport by evening and I think that subtracted from the experience and casual atmosphere for the first day. Maybe one extra day would have helped.
  10. It would have been really interesting and a pleasure to have some talks by Google employees, from different departments, on how they use Open Source for good or bad, what works and what doesn’t. This would have provided some badly needed perspective and real world use case scenarios that expand outlook and even possibly motivate the OSS geeks working for the most part in solitude.
  11. Google “owns” Mountain View so badly. Wherever you look there’s Google territory. You won’t see police cars patrolling the city but you will see Google Security black SUVs strolling all over the city.

This is it for now. I’ll follow up with a separate post to jot down some random thoughts regarding Silicon Valley and San Francisco.

 

Bruce, after the event

Bruce, after the event

Bruce, after the event (close up)

Bruce, after the event (close up)

Tagged with:
 

Tarsnap GUI v0.7

Tarsnap v07 OSX

I’ve just tagged version 0.7 at Github:

https://github.com/Tarsnap/tarsnap-gui/releases/tag/v0.7

This release improves on the earlier v0.6 release, adds a bunch of new features like desktop notifications, skip files and the ability grab the Tarsnap credit from the website, along with a slew of general improvements, fixes and UI refinements. Better looking, leaner and more robust.

Desktop notifications are especially useful for the scheduled job backups, so that you are notified when the backups have started, completed or failed. OS X displays the notifications like this in the Notifications Centre:

Tarsnap OSX notifications

These are arguably valuable for quickly reviewing scheduled backups that have completed while you were away.

I’ve also carefully refined the UI for high res/dpi displays so that it looks gorgeous. This is how casually browsing your archives in Tarsnap looks like on a 40″ 4k display:

Tarsnap OSX 4k

More cool things have been packed packed into this release, so I urge you to read the announcement e-mail for all the insight:

https://mail.tarsnap.com/tarsnap-users/msg01175.html

Take Tarsnap GUI v0.7 for a ride and let me know what you make of it:

https://github.com/Tarsnap/tarsnap-gui

Tagged with:
 

Johnny 2.0 (reloaded)

johnny

Johnny, the GUI interface for the popular John the Ripper password cracker has received quite some love this past summer in an orchestrated effort to pick it up and drag it beyond the stale 1.0 branch.

Johnny who

Johnny is the cross-platform Open Source GUI frontend for the infamous password security testing suite John the Ripper. It was originally proposed and designed by your’s truly in 2011 as a POC, then version 1.0 basic implementation was achieved by Aleksey Cherepanov as part of GSoC 2012. Nothing much else happened beyond the 1.1 fix release.

Johnny’s original aim is to automate and simplify the password testing/cracking routine across all major desktops with the help of the tremendously versatile and robust John the Ripper suite, as well as add extra functionality on top of it, specific to the desktop and GUI paradigms in contrast to the command line, like improved hash and password handling, multiple attacks and session management, easily define and test complex attack rules, visual feedback and statistics, all of it by building on the immense capabilities and features already offered by both JtR core/proper as well as jumbo flavors.

Johnny 2.0 reloaded

Fast forward to 2015, I finally got some spare time to turn my attention towards Johnny again in order to further the stated goal for Johnny in the previous paragraph. So I devised a fresh plan for developing Johnny further and reconsolidate the original mission. The development plan has turned into reality with the acceptance of Mathieu Laprise as a student coder for Openwall (the org behind JtR and many other cool projects) as part of this year’s GSoC iteration. The tasks in the roadmap were split between me and Mathieu and with help from my co-mentor Aleksey Cherepanov we proceeded to the actual work involved in rebooting Johnny.

Now that the summer has concluded, it’s time to draw a summary of the achievements:

  • Cross platform issues fixed across all latest versions of supported Operating Systems and desktops
  • The UI has been significantly revamped for improved usability, robustness and consistency and looks across latest desktop paradigms
  • Full translation and I18N support added (only French for now, contribute translations to your own language on github)
  • Attack session history and persistence, easier to define new attacks
  • Greater coverage of JtR core and jumbo functionality (fork, jumbo attack modes, hash format detection)
  • Improved input and output options (2john format conversion support, export to CSV)
  • Smarter Passwords table (ability to show hash format, filter, sort, include/exclude from attack)
  • You can now test passwords manually via the Guess button

Overall Johnny is faster, more robust, better looking and much more equipped and forward looking (code and internals wise) than the previous incarnation and resulted in a significant code/ui refactoring of the original codebase (maybe 80% rewrite). All of the goodness described above and more was delivered to users in three releases starting with a major version bump to 2.0 to reinstate the fresh reboot and outlook for the project. The latest release is v2.2 and is considered to be stable and feature packed enough to be called the official GUI for John the Ripper. There are binary packages for Windows and OS X and detailed source build instructions for the other platforms on the wiki page for Johnny, thus I urge you to give it a spin and leave feedback here, on Github (where the project is hosted and tracked) or on the john-users mailing list. As always, contribution of any kind is very appreciated.

Acknowledgementsgsoc2015-300x270

 

Thanks to Mathieu Laprise for his important and dedicated contribution to Johnny as a student coder for GSoC 2015 and we hope to hear back from him from time to time. Big thanks to the entire john-dev community and Aleksey Cherepanov. Also an extended appreciation goes to Google for their continued dedication to support Open Source and contribute big bucks in the process.

 

 

Johnny on Ubuntu

Johnny on Ubuntu

Johnny on Gnome 3

Johnny on Gnome 3

Johnny on OS X Yosemite

Johnny on OS X Yosemite

 

https://www.openwall.info/wiki/john/johnny

https://github.com/shinnok/johnny

Tagged with: