Import Hashcat Rules into John the Ripper
-
With John the Ripper 1.9.0-jumbo-1 and later, you can natively use rules designed for Hashcat by leveraging a new compatibility mode. This ensures the rules are processed identically to how Hashcat handles them.
Step 1: Copy the Rule Files
First, place your Hashcat .rule files into John's rules directory. This makes them easy to reference.
cp /path/to/hashcat/rules/*.rule /path/to/john/run/rules/Step 2: Edit the Configuration
You should not edit the main john.conf file directly. Instead, create or edit a john-local.conf file in John's run/ directory. This is where you will link to the new rules.**Note: What is john-local.conf file and why do not edit it?
"The file john.conf is a file that is 'owned' by JtR. In other words, when you make local edits to this file, it is assured that these changes will be lost (overwritten) when you update JtR out of the
version control system. However, there is a file, which is NOT owned by JtR, but which john.conf will include at the very bottom. This file is john-local.conf. It is highly recommended that a user make edits to this local file, as much as possible, leaving the original john.conf file intact."**Step 3: Use the Correct Syntax
Within john-local.conf, you must wrap the inclusion of each Hashcat rule file with special flags that enable Hashcat's logic.
"There are 2 new 'flags' added. These tell both the config loader (part of john which loads the .conf files), how to process things a bit differently, and tells the rules engine that the rules processing should be done fully using hashcat logic (or not). These flags are:!! hashcat logic ON
!! hashcat logic OFF
"
Example:
The following example shows how to include two rule files, hashpwn-mst.rule and hashpwn-5000.rule, from the rules directory.# Inside john-local.conf# Enable Hashcat logic and include the first rule file
[List.Rules:hashpwn-5000]# <- The name you will use with John's -r flag
!! hashcat logic ON
.include 'rules/hashpwn-5000.rule' # <- Path relative to John's run directory
!! hashcat logic OFF# Enable Hashcat logic and include the second rule file
[List.Rules:hashpwn-mst]
!! hashcat logic ON
.include 'rules/hashpwn-mst.rule'
!! hashcat logic OFFImportant Notes:
The flags !! hashcat logic ON and !! hashcat logic OFF are crucial. They activate the compatible parser and must be used in pairs. In this mode, you do not need to escape special characters like [ and ] with a backslash (\). The rule name (e.g., hashpwn-mst) is the identifier you will use with John's -r flag: john --wordlist=wordlist.txt --rules=hashpwn-mst hashfile.txtBy following this method, you can seamlessly expand John the Ripper's capabilities with the vast library of rules available for Hashcat.
IMPORTANT!: "be very cautious when using '!! hashcat logic ON' pragma lines, as this will cause the .conf file loading to fail to load sections, and has other strange side effects, if the '!! hashcat logic OFF' is not present..."
List all the rules: john --list=Rules
-
I do it like this since I'm a windows user
I go to cygwin64/home/pcname/JtR/run/rules
Use e.g. best64.rule file
Copy your hashcat rules to best64.rule file and save
and you can run your hashcat rules from file best64.rule
That way I don't have to edit my config file since I don't use JtR that often
