GUI for John the Ripper [Openwall Community Wiki]

Table of Contents


Johnny is the cross-platform Open Source GUI frontend for the popular password cracker John the Ripper. It was originally proposed and designed by Shinnok in draft, version 1.0 implementation was achieved by Aleksey Cherepanov as part of GSoC 2012 and Mathieu Laprise took Johnny further towards 2.0 and beyond as part of GSoC 2015.

Johnny's aim is to automate and simplify the password cracking routine with the help of the tremendously versatile and robust John the Ripper, as well as add extra functionality on top of it, specific to Desktop and GUI paradigms, like improved hash and password workflow, multiple attacks and session management, easily define complex attack rules, visual feedback and statistics, all of it on top of the immense capabilities and features offered by both JtR core/proper as well as jumbo.



  • Cross platform, builds and runs on all major desktop platforms

  • Based on the most powerful and robust password cracking software, supports both John core/proper and jumbo flavors

  • Exposes most useful JtR attack modes and options in a usable, yet powerful interface

  • Simplifies password/hash management and attack results via complex filtering and selection

  • Easily define new attacks and practical multiple attack session management

  • Manually guess passwords via the Guess function

  • Export Passwords table to CSV and colon password file format

  • Import many types of encrypted or password protected files via the 2john functionality

  • Fully translatable (English and French language for now)

See CHANGELOG for a complete listing of features.

Binary redistributables

The current version is 2.2.

Binaries 2.2 (CURRENT)

Binaries 2.1 (OLD)

Binaries 2.0 (OLD)

Binaries 1.1 (OLD)

Johnny does not have shortcuts for system menu yet. So type 'johnny' in your terminal to start Johnny.

Deb packages (suitable for Debian, Linux Mint, Ubuntu and so on):

Rpm packages (suitable for Fedora, Mageia, OpenSUSE):

Generic tarball (manual installation or no installation):


Official version 2.2 source:

Current state

Johnny is in development. Development was started as part of Summer of Security 2011 by Aleksey Cherepanov while Shinnok became a mentor for Aleksey. Development was continued by Aleksey Cherepanov as a part of Google Summer of Code 2012 with invaluable help of Frank Dittrich as mentor. It has been developed further more in Google Summer of Code 2015 by Mathieu Laprise and Shinnok.

We welcome any new contributor on Github as well as any feedback on john-dev or john-users mail lists.

Johnny is currently planned using the roadmap available at:


  1. Permanent account takeover on Yahoo’s Small Business platform
  2. A critical Improper Authentication vulnerability in Uber allowed password reset for any account
  3. SOP bypass / UXSS – Stealing Credentials Pretty Fast (Edge) - Broken Browser
  4. Attack Methods for Gaining Domain Admin Rights in Active Directory
  5. Auditing the Auditor