Johnny 2.0 (reloaded)

johnny

Johnny, the GUI interface for the popular John the Ripper password cracker has received quite some love this past summer in an orchestrated effort to pick it up and drag it beyond the stale 1.0 branch.

Johnny who

Johnny is the cross-platform Open Source GUI frontend for the infamous password security testing suite John the Ripper. It was originally proposed and designed by your’s truly in 2011 as a POC, then version 1.0 basic implementation was achieved by Aleksey Cherepanov as part of GSoC 2012. Nothing much else happened beyond the 1.1 fix release.

Johnny’s original aim is to automate and simplify the password testing/cracking routine across all major desktops with the help of the tremendously versatile and robust John the Ripper suite, as well as add extra functionality on top of it, specific to the desktop and GUI paradigms in contrast to the command line, like improved hash and password handling, multiple attacks and session management, easily define and test complex attack rules, visual feedback and statistics, all of it by building on the immense capabilities and features already offered by both JtR core/proper as well as jumbo flavors.

Johnny 2.0 reloaded

Fast forward to 2015, I finally got some spare time to turn my attention towards Johnny again in order to further the stated goal for Johnny in the previous paragraph. So I devised a fresh plan for developing Johnny further and reconsolidate the original mission. The development plan has turned into reality with the acceptance of Mathieu Laprise as a student coder for Openwall (the org behind JtR and many other cool projects) as part of this year’s GSoC iteration. The tasks in the roadmap were split between me and Mathieu and with help from my co-mentor Aleksey Cherepanov we proceeded to the actual work involved in rebooting Johnny.

Now that the summer has concluded, it’s time to draw a summary of the achievements:

  • Cross platform issues fixed across all latest versions of supported Operating Systems and desktops
  • The UI has been significantly revamped for improved usability, robustness and consistency and looks across latest desktop paradigms
  • Full translation and I18N support added (only French for now, contribute translations to your own language on github)
  • Attack session history and persistence, easier to define new attacks
  • Greater coverage of JtR core and jumbo functionality (fork, jumbo attack modes, hash format detection)
  • Improved input and output options (2john format conversion support, export to CSV)
  • Smarter Passwords table (ability to show hash format, filter, sort, include/exclude from attack)
  • You can now test passwords manually via the Guess button

Overall Johnny is faster, more robust, better looking and much more equipped and forward looking (code and internals wise) than the previous incarnation and resulted in a significant code/ui refactoring of the original codebase (maybe 80% rewrite). All of the goodness described above and more was delivered to users in three releases starting with a major version bump to 2.0 to reinstate the fresh reboot and outlook for the project. The latest release is v2.2 and is considered to be stable and feature packed enough to be called the official GUI for John the Ripper. There are binary packages for Windows and OS X and detailed source build instructions for the other platforms on the wiki page for Johnny, thus I urge you to give it a spin and leave feedback here, on Github (where the project is hosted and tracked) or on the john-users mailing list. As always, contribution of any kind is very appreciated.

Acknowledgementsgsoc2015-300x270

 

Thanks to Mathieu Laprise for his important and dedicated contribution to Johnny as a student coder for GSoC 2015 and we hope to hear back from him from time to time. Big thanks to the entire john-dev community and Aleksey Cherepanov. Also an extended appreciation goes to Google for their continued dedication to support Open Source and contribute big bucks in the process.

 

 

Johnny on Ubuntu

Johnny on Ubuntu

Johnny on Gnome 3

Johnny on Gnome 3

Johnny on OS X Yosemite

Johnny on OS X Yosemite

 

http://www.openwall.info/wiki/john/johnny

https://github.com/shinnok/johnny

Tagged with:
 

1 Response » to “Johnny 2.0 (reloaded)”

  1. Jeff Snyder says:

    Hello Shinnok. I am totally new to the hacking/cracking scene, and really know absolutely nothing about how to proceed whatsoever. A friend of mine forgot the password to an important DMG file of his, and so I decided to try to help him out. It was while conducting some online research regarding this matter that I came across John the Ripper, and then Johnny. I have since downloaded and installed both on my iMac running Mojave 10.14.4, along with some humongous password lists I acquired online. But as I said, I have no idea how to proceed from here. From what I have read online, it is next to impossible to crack the password for a DMG. And even if it is possible, I have no idea how to use Johnny for this purpose. In fact, in looking at Johnny’s GUI, I am beginning to doubt if it can even be used for this purpose. In other words, I am wondering if I have misunderstood what Johnny/JtR is supposed to be used for. Aside from helping my friend with his DMG file problem, another reason why I downloaded Johnny/JtR, is because I am interested in testing the dozens of different passwords I use online, in order to determine if any of them are crackable by unscrupulous characters. But again, I have no idea exactly how I am supposed to accomplish this with Johnny/JtR. So, basically, I am wondering if you can point me to some online tutorials which clearly and simply explain, step-by-step, to a total newbie on an iMac, how to use Johnny for the aforementioned purposes. Thank you in advance. Kind regards.

Leave a Reply to Jeff Snyder