John (aka John the Ripper) is a fast password cracker, currently available for many flavors of Unix, macOS, Windows, DOS, BeOS, and OpenVMS

Link: https://github.com/magnumripper/JohnTheRipper

Simple usage

JTR password cracking

john --wordlist=/usr/share/wordlists/rockyou.txt hashes

JTR forced descrypt cracking with wordlist

john --format=descrypt --wordlist /usr/share/wordlists/rockyou.txt hash.txt

JTR forced descrypt brute force cracking

john --format=descrypt hash --show

Display formats:

john --list=formats

Type and mask:

iron@kali2:/tmp$ sudo john lm.txt --mask=?l?l?l?l --format=lm

mask

Create a mask:

example:

root@attackdefense:~# john pdfhash --mask=?d?d?d?d?d?d?d?d?l 
?d = digit 
?l = lower-case ASCII letters 
?u = upper-case ASCII letters 

example with numbers in the middle:

root@attackdefense:~# john pdfhash --mask=?d?d?d?d19?d?d?u 
Using default input encoding: UTF-8 
Loaded 1 password hash (PDF [MD5 SHA2 RC4/AES 32/64]) 
Press 'q' or Ctrl-C to abort, almost any other key for status 
01021980D        (/root/encrypted.pdf) 
1g 0:00:00:05 DONE (2019-10-31 10:10) 0.1721g/s 530466p/s 530466c/s 530466C/s 01021980D 
Use the "--show" option to display all of the cracked passwords reliably 
Session completed 

A mask may consist of: