How to install Social Engineering Toolkit (SET) in kali linux - vishnutechs.in

 

How to install the Social Engineering Toolkit (SET) on Kali Linux or Ubuntu 

NOTE :

This site is for knowledge and educational purposes only, we do not promote or encourage any illegal activities.Your Responsible if you Get Used to That kind of Illegal Activities

For More Updates Join with Telegram  Official Group

The Social Engineering Toolkit (SET) is a versatile open-source penetration testing framework that enables security professionals to simulate social engineering attacks. It provides a collection of tools and techniques to assess and exploit human vulnerabilities in order to gain unauthorized access, gather information, or perform other malicious activities. The SET can be used for educational purposes, security testing, and raising awareness about social engineering threats.

Here are a few examples of how the Social Engineering Toolkit can be used:

1. Spear Phishing: 

SET allows you to craft customized phishing emails that appear legitimate and trick recipients into revealing sensitive information or performing actions they shouldn't. You can create convincing email templates and set up phishing campaigns to assess the vulnerability of an organization's employees.

2. Website Cloning: 

With SET, you can clone websites to create malicious copies that look identical to the original. This can be used to steal login credentials, credit card information, or other sensitive data by directing users to the cloned site and capturing their inputs.

3. Credential Harvesting: 

SET provides tools to create malicious websites or fake login pages that capture usernames and passwords. This can be used to gather credentials for unauthorized access to systems, social media accounts, or other online services.

4. USB-Based Attacks: 

SET enables you to create malicious USB drives that automatically execute scripts when plugged into a target system. These scripts can perform actions such as installing backdoors, keyloggers, or stealing sensitive data.

5. QR Code Attacks: 

SET includes features to generate QR codes that, when scanned by a mobile device, can trigger actions such as redirecting to malicious websites or executing commands on the device.

It's important to note that while the Social Engineering Toolkit can be used for legitimate security testing and educational purposes, using it for any illegal or unauthorized activities is strictly prohibited. Always ensure that you have proper authorization and use the toolkit responsibly and ethically.

To Get Additional Tools Join with Telegram  Official Group

To install the Social Engineering Toolkit (SET) on Kali Linux or Ubuntu, you can follow these steps:

1.Open a terminal window.

2.Update your package lists by running the following command:

sql
sudo apt update

3.Install the required dependencies by executing the following command:

sudo apt install git python3-pip python3-pyqt5 python3-pyqt5.qtwebkit python3-pyqt5.qtsvg python3-pyqt5.qtopengl python3-pyqt5.qtquick python3-pyqt5.qtmultimedia -y

4.Clone the SET repository from GitHub by running the following command:

1. bash
   git clone https://github.com/trustedsec/social-engineer-toolkit.git
   

5.Change into the SET directory:

1. bash
   cd social-engineer-toolkit
   

6.Install the required Python dependencies using pip:

sudo pip3 install -r requirements.txt

7.Run the setup script to complete the installation:

arduino
sudo python3 setup.py

Once the installation is complete, you can launch the Social Engineering Toolkit (SET) by running the following command:

sudo setoolkit

Please note that the Social Engineering Toolkit is a powerful tool that should be used responsibly and legally. Make sure you have proper authorization and use it only for legitimate purposes, such as security testing or educational purposes.

The Social Engineering Toolkit (SET) offers certain advantages and disadvantages, which are important to consider when using the toolkit:

Advantages of SET:

1. Security Awareness: 

SET can be a valuable tool for raising awareness about social engineering vulnerabilities. By simulating various attacks, organizations can educate their employees and users about the importance of being cautious and vigilant against such threats.

2. Penetration Testing: 

SET allows security professionals to conduct controlled and targeted social engineering tests. This helps identify weaknesses in an organization's security measures, allowing them to take proactive steps to mitigate potential risks.

3. Customization: 

SET offers a wide range of options for customization, including the ability to create tailored phishing emails, clone websites, and generate various types of social engineering attacks. This flexibility allows for more realistic and effective simulations.

4. Open-Source Community: 

As an open-source tool, SET benefits from an active community of contributors who constantly work on enhancing its functionality, fixing bugs, and adding new features. This fosters a collaborative environment where security professionals can share knowledge and improve the toolkit.

Disadvantages of SET:

1. Legal and Ethical Concerns: 

The use of SET can easily cross legal and ethical boundaries. It's crucial to ensure that proper authorization is obtained before using the toolkit and that it is used only for legitimate purposes. Unauthorized or malicious use of SET can lead to legal consequences.

2. False Sense of Security:

While SET can be a valuable testing tool, it is important to recognize that it may not uncover all vulnerabilities or accurately reflect real-world scenarios. Organizations should supplement SET with other security measures, such as employee training, comprehensive security policies, and regular vulnerability assessments.

3. Potential Harm to Relationships: 

Conducting social engineering tests using SET can cause anxiety or distrust among employees if they are unaware of the testing. It's important to communicate clearly, obtain consent, and ensure that the tests are conducted in a manner that does not harm relationships or create unnecessary panic.

4. Limited Scope:

SET primarily focuses on social engineering attacks and may not cover all aspects of a comprehensive security assessment. It is important to consider other testing tools and techniques to evaluate different layers of an organization's security infrastructure.

Overall, the Social Engineering Toolkit can be a valuable tool for security professionals when used responsibly, with proper authorization and within legal boundaries. However, it is essential to consider its limitations, potential risks, and the need for supplementary security measures.

How to install and use Maltego in kali linux | Information Gathering Tool - vishnutechs.in

 

Maltego on Kali Linux,Ubuntu,Parrot

Maltego is a powerful information gathering and data visualization tool used for intelligence gathering and link analysis. It allows you to explore and analyze complex relationships between various entities such as people, organizations, websites, IP addresses, domains, and more.

NOTE:

This site is for knowledge and educational purposes only, we do not promote or encourage any illegal activities.Your Responsible if you Get Used to That kind of Illegal Activities

For More Updates Join with Telegram  Official Group

Maltego works by leveraging open-source intelligence (OSINT) data sources and APIs to gather information from various online and offline sources. It then organizes and presents this information in a visual graph, making it easier to understand the relationships and connections between different entities.

The tool uses a concept called "transforms" to gather information. Transforms are scripts or modules that connect to different data sources and perform specific queries or operations to retrieve data. These transforms can be either local transforms that come pre-installed with Maltego or custom transforms created by users.

When using Maltego, you start by selecting a target entity, such as an email address or a domain name. Maltego then uses transforms to query different data sources and retrieve information related to the target entity. The retrieved data is displayed in the form of nodes and edges in a graph, where nodes represent entities and edges represent relationships between them.

You can expand the graph by exploring connected entities, running additional transforms, and gathering more information. By visually exploring the graph, you can uncover connections, discover hidden relationships, and gain insights into the overall picture of your investigation.

Maltego also provides various tools for filtering and analyzing the collected data, generating reports, and exporting the graph for further analysis or sharing with others.

Overall, Maltego simplifies the process of gathering, analyzing, and visualizing information, making it an effective tool for information gathering, reconnaissance, threat intelligence, and investigations.

Click here How to install Maltego on Kali linux,UBUNTU,Terminal

Advantages of Maltego:

1. Information Gathering:

Maltego is a powerful tool for gathering information from various sources. It leverages OSINT data and transforms to retrieve relevant data about entities, allowing users to uncover connections and relationships.

2. Visual Representation: 

The graphical representation of data in Maltego makes it easy to understand complex relationships. The visual graph helps users identify patterns, visualize connections, and gain insights quickly.

3. Customizability:

Maltego allows users to create their own custom transforms to connect with different data sources. This flexibility enables users to tailor the tool to their specific needs and integrate additional data sources.

4. Collaboration:

Maltego supports collaboration by allowing users to share graphs, collaborate on investigations, and track changes made by multiple users. This feature enhances teamwork and information sharing among analysts.

5. Reporting and Documentation:

Maltego provides tools for generating reports and exporting graphs, making it convenient to document findings and share information with others. This is particularly useful in professional settings or when collaborating with team members or stakeholders.

                                              Disadvantages of Maltego:

1. Learning Curve: 

Maltego can have a steep learning curve, especially for users who are new to information gathering or data analysis. Understanding how to effectively use transforms, interpret the graph, and navigate the tool's interface may require some initial effort and practice.

2. Data Limitations: 

The effectiveness of Maltego heavily relies on the availability and quality of data sources. If certain data sources are not accessible or do not provide comprehensive information, it can limit the tool's capabilities and the depth of analysis.

3. Cost: 

While the Maltego Community Edition (CE) is free, there are commercial versions of Maltego available with additional features and access to premium data sources. These commercial versions come at a cost, which may be a disadvantage for users with limited budgets or individual users who do not require advanced features.

4. Privacy and Legal Considerations: 

When using Maltego, it's essential to adhere to ethical guidelines and respect privacy and legal boundaries. Users should ensure they have proper authorization to gather and analyze information, and they should be aware of the legal implications and regulations surrounding data gathering in their jurisdiction.

5. Dependency on External Data Sources: 

Maltego relies on external data sources and APIs for gathering information. If these data sources change or become unavailable, it can affect the functionality and reliability of the tool. Users should be prepared for potential fluctuations in data availability and ensure they have alternative methods or sources for information gathering.

How to install and use burp suite in kali linux using terminal - vishnutechs.in

 

Burp Suite | what is  Burp Suite ? | How it's works

 Burp Suite is a popular web application security testing tool developed by PortSwigger. It is widely used by security professionals and penetration testers to identify vulnerabilities and perform security assessments of web applications.

NOTE:

This site is for knowledge and educational purposes only, we do not promote or encourage any illegal activities.Your Responsible if you Get Used to That kind of Illegal Activities.

For More Updates Join with Telegram  Official Group

Burp Suite consists of several modules and features that work together to assist in different stages of the web application security testing process. Here's an overview of its main components and how they work:

Proxy: 

The Proxy module acts as an intercepting proxy between the user's browser and the target web application. It allows you to capture and modify HTTP/HTTPS traffic between the client and the server. You can intercept requests and responses, analyze them, modify parameters, and perform manual testing.

Scanner: 

The Scanner module is an automated vulnerability scanner that helps identify common security issues in web applications. It analyzes the application by sending various payloads, detecting vulnerabilities such as SQL injection, cross-site scripting (XSS), and more. It provides detailed reports on the identified vulnerabilities.

Spider: 

The Spider module automatically crawls through the web application to discover and map its structure. It follows links and analyzes the responses to build a comprehensive site map. This helps in ensuring complete coverage of the application during testing.

Intruder: 

The Intruder module is a powerful tool for performing automated attacks against web applications. It allows you to customize and automate attacks by modifying request parameters and payloads. This helps in testing for vulnerabilities such as brute-forcing, parameter fuzzing, and more.

Repeater:

The Repeater module allows you to manually modify and replay individual requests. It helps in testing and verifying vulnerabilities by modifying specific parameters, headers, or payloads and observing the application's responses.

Sequencer: 

The Sequencer module is used to test the quality of random number generation in applications. It analyzes a set of captured values, such as session tokens, and assesses their randomness. This helps identify weak cryptographic implementations or predictable values.

Decoder: 

The Decoder module provides various encoding and decoding functions to analyze and manipulate data. It helps in decoding encoded strings, encrypting and decrypting data, and performing other transformations for security testing purposes.

These are just some of the key features of Burp Suite. It also offers other tools and extensions for specific purposes, such as collaborative testing, mobile application testing, and more.

Overall, Burp Suite is designed to assist security professionals in identifying vulnerabilities, testing security controls, and improving the overall security posture of web applications. It combines manual testing capabilities with automated scanning and analysis to provide a comprehensive approach to web application security testing.

Also check   How to install Burp Suit on kali linux

Burp Suite offers several advantages and disadvantages that should be considered when using it for web application security testing. Here are some of the main advantages and disadvantages of Burp Suite:

Advantages:

1. Comprehensive Toolset: 

Burp Suite provides a wide range of tools and modules that cover various aspects of web application security testing. It offers features like proxy, scanner, spider, intruder, and more, allowing security professionals to perform both manual and automated testing efficiently.

2. User-Friendly Interface: 

Burp Suite has a user-friendly interface that makes it relatively easy to navigate and use its features. It provides intuitive menus, customizable views, and clear documentation, which helps users quickly understand and leverage its capabilities.

3. Extensibility: 

Burp Suite allows users to extend its functionality through its robust extension API. This enables security professionals to develop custom extensions or use existing ones to enhance their testing capabilities and address specific requirements.

4. Active Community: 

Burp Suite has a large and active user community. This means there are ample resources available, including tutorials, forums, and user-contributed extensions. The community provides support, shares knowledge, and helps users troubleshoot issues or explore advanced features.

5. Regular Updates: 

PortSwigger, the company behind Burp Suite, actively maintains and updates the tool. They release regular updates to address bugs, improve performance, and introduce new features, ensuring that users have access to the latest capabilities and security enhancements.

Disadvantages:

1. Complexity: 

While Burp Suite offers a user-friendly interface, it can still be overwhelming for beginners due to its extensive feature set. Understanding and mastering all the functionalities may require time and effort. Users need to invest in learning and training to utilize Burp Suite effectively.

2. Resource Intensive: 

Depending on the size and complexity of the web application being tested, Burp Suite can consume significant system resources, including CPU and memory. This can impact the overall performance of the system, especially when dealing with large-scale applications.

3. False Positives: 

Burp Suite's automated scanner, while helpful, may generate false positive findings. It relies on predefined vulnerability signatures and may occasionally report issues that require manual verification or further investigation to determine their actual impact.

4. Licensing Costs:

While Burp Suite offers a free Community Edition with limited features, more advanced functionalities and capabilities are available in the paid versions, such as the Professional or Enterprise editions. These versions come with licensing costs, which may be a consideration for individuals or organizations with budget constraints.

5. Legal and Ethical Considerations: 

Burp Suite is a powerful tool that can be used for both legitimate security testing and malicious purposes. It is essential to use Burp Suite responsibly, within the legal boundaries, and with appropriate authorization to test applications you have permission to assess.

Conclusion

Overall, the advantages of Burp Suite, including its comprehensive toolset, user-friendly interface, extensibility, active community, and regular updates, make it a popular choice for web application security testing. However, users should also be aware of its complexities, resource requirements, false positives, licensing costs, and the importance of ethical usage.

How to install use Hydra Password Crack tool in kali linux- vishnutechs.in

Hydra Tool | Brute-forcing authentication Protocol 

The term "Hydra tool" could refer to different things, but based on your question, I assume you're referring to a specific network penetration testing tool called Hydra.

NOTE:

This site is for knowledge and educational purposes only, we do not promote or encourage any illegal activities.Your Responsible if you Get Used to That kind of Illegal Activities.

For More Updates Join with Telegram  Official Group

Hydra is a popular open-source tool that is used for brute-forcing authentication protocols. Brute-forcing involves systematically trying different combinations of usernames and passwords until a valid combination is found, thus gaining unauthorized access to a system.

Hydra supports a wide range of network protocols, including FTP, SSH, Telnet, HTTP, HTTPS, and more. It's designed to automate the process of attempting multiple login attempts rapidly, making it an efficient tool for testing the strength of passwords or identifying weak authentication mechanisms.

Here's a general overview of how Hydra works:

1. Target identification: 

The user specifies the target system they want to test, including the IP address or hostname and the specific protocol they want to attack.

2. Wordlist selection: 

The user selects a wordlist or password dictionary that contains a list of potential usernames and passwords. Hydra will systematically attempt each combination until it finds a successful login.

3. Configuration:

The user configures Hydra with the target system details, protocol, and other parameters such as the number of parallel connections, timeout values, and rate limits.

4. Execution: 

Hydra starts the attack by sending login requests to the target system using the specified protocol. It tries each combination of usernames and passwords from the wordlist.

5. Results: 

Hydra reports the outcome of the attack, indicating whether it successfully discovered valid credentials or not. It may also provide statistical information, such as the number of attempted logins, the success rate, and the time taken.

It's important to note that Hydra should be used responsibly and with proper authorization. Unauthorized use of Hydra or any similar tool can be illegal and may result in severe consequences.

Always ensure that you have permission from the system owner and use Hydra or similar tools only for legitimate purposes, such as testing the security of your own systems or conducting authorized penetration tests.

Click here ..How to setup and Configure Hydra

Advantages of Hydra:

1. Versatility:

Hydra supports a wide range of protocols, making it a versatile tool for testing the strength of various authentication mechanisms. It can be used for testing FTP, SSH, Telnet, HTTP, HTTPS, and more.

2. Open-source and Free:

Hydra is an open-source tool, which means it's freely available for download and use. This makes it accessible to a wide range of users and communities, promoting knowledge sharing and collaboration.

3. Automation: 

Hydra automates the process of attempting multiple login combinations, saving time and effort for penetration testers. It can quickly iterate through a large wordlist and perform numerous login attempts, increasing the chances of finding weak credentials.

4. Customizable Parameters: 

Hydra allows users to customize various parameters, such as the number of parallel connections, timeout values, and rate limits. This flexibility allows for fine-tuning the tool according to the specific needs and limitations of the target system.

DisAdvantages of Hydra:

1. Legal and Ethical Concerns: 

The main disadvantage of Hydra, or any brute-forcing tool, is the potential for misuse. Unauthorized and malicious use of Hydra can lead to illegal activities, such as hacking into systems, stealing data, or causing harm. It's crucial to ensure that you have proper authorization before using Hydra and adhere to ethical guidelines.

2. Detection: 

Some systems employ security measures to detect and prevent brute-force attacks, such as account lockouts or IP blocking. If the target system has such mechanisms in place, Hydra may trigger these defenses, making the attack less effective or even alerting system administrators.

3. Dependence on Wordlists:

Hydra relies on wordlists or password dictionaries to perform its attacks. The effectiveness of Hydra largely depends on the quality and size of the wordlist used. If the wordlist is limited or outdated, the chances of finding successful login credentials may decrease.

4. Time and Resources:

Brute-forcing authentication can be a time-consuming process, especially if the target system has strong security measures in place. Hydra may require significant computing resources, such as processing power and network bandwidth, to perform the attack efficiently.

It's important to remember that Hydra, like any other tool, is only as effective as the person using it. It should be used responsibly, with proper authorization, and in adherence to legal and ethical guidelines.

How to use Aircrack-ng |- Network Security tool | Deep Hacker | vishnutechs.in

Aircrack-ng Network Security Tool 

 

Aircrack-ng is a network security tool suite that focuses on the assessment and penetration testing of wireless networks. It is primarily used for auditing the security of Wi-Fi networks and recovering passwords.

Note :

This site is for knowledge and educational purposes only, we do not promote or encourage any illegal activities.Your Responsible if you Get Used to That kind of Illegal Activities

Aircrack-ng consists of several components that work together to perform various tasks related to wireless network security:

For More Updates Join with Telegram  Official Group

1. Aircrack-ng: This is the main tool in the suite and is used for capturing, analyzing, and cracking Wi-Fi network passwords. It can intercept and decrypt packets, perform offline dictionary or brute-force attacks on captured handshake files, and recover the original Wi-Fi network password.

2. Airmon-ng: This tool is used to enable and disable monitor mode on wireless network interfaces. Monitor mode is required for packet capturing and analyzing the network traffic.

3. Airodump-ng: This tool is used for packet capturing and monitoring the wireless network. It captures and displays information about the wireless networks in range, including their SSIDs, signal strength, channel, encryption type, and connected clients. Airodump-ng also captures the necessary data for later cracking of the WPA/WPA2 encryption keys.

4. Aireplay-ng: This tool is used for packet injection and replay attacks. It can generate and inject traffic into the wireless network, allowing for various attacks such as deauthentication attacks, ARP request replay attacks, or interactive packet replay attacks.

5. Aircrack-ng also includes other utilities like Airtun-ng (for virtual tunneling), Airbase-ng (for rogue access point attacks), and others, which provide additional functionality for specific wireless network security tasks.

In summary, Aircrack-ng works by capturing packets from wireless networks, analyzing the captured data, and performing various attacks to assess and test the security of Wi-Fi networks. It can recover WEP and WPA/WPA2-PSK passwords by leveraging vulnerabilities in the protocols or by using offline dictionary or brute-force attacks on captured data. However, it's important to note that using Aircrack-ng for unauthorized activities or on networks you don't have permission to access is illegal and unethical.

Click here How to install & setup Aircrack-ng 

Advantages of Aircrack-ng:

1. Comprehensive Wireless Network Assessment: Aircrack-ng provides a wide range of tools and utilities that allow security professionals to assess the security of wireless networks comprehensively. It can capture and analyze network traffic, perform various attacks, and recover Wi-Fi passwords, which helps identify vulnerabilities and weaknesses in wireless network configurations.

2. Effective WEP and WPA/WPA2 Cracking: Aircrack-ng has proven to be a powerful tool for cracking WEP and WPA/WPA2-PSK passwords. It can leverage vulnerabilities in these protocols or use offline dictionary or brute-force attacks on captured handshake files to recover passwords. This can be useful for network administrators who need to test the strength of their Wi-Fi network security.

3. Open Source and Active Development: Aircrack-ng is an open-source tool suite that is actively developed and maintained by a dedicated community. This means that it benefits from continuous improvements, bug fixes, and new features being added over time. The open-source nature also allows for transparency and peer review of the code, which can enhance trust and security.

Disadvantages of Aircrack-ng:

1. Legal and Ethical Concerns: Aircrack-ng, like any other hacking or security tool, can be misused for unauthorized activities, such as unauthorized access to Wi-Fi networks. It's crucial to use Aircrack-ng responsibly and within the bounds of the law and ethical guidelines. Unauthorized use of Aircrack-ng can lead to legal consequences and breaches of privacy.

2. Limited Effectiveness Against Strong Security Measures: Aircrack-ng may struggle to crack Wi-Fi passwords that are properly configured with strong security measures. Strong, randomly generated passwords, robust encryption protocols, and other security measures can significantly increase the difficulty and time required to crack the passwords using Aircrack-ng.

3. Complexity and Skill Requirement: Aircrack-ng is a complex tool suite that requires a good understanding of networking, wireless protocols, and security concepts. It may require significant learning and expertise to use effectively. Novice users may find it challenging to master and operate Aircrack-ng properly.

4. Hardware and Software Limitations: Aircrack-ng relies on specific hardware capabilities, such as wireless network adapters that support monitor mode and packet injection. Not all Wi-Fi adapters are compatible with Aircrack-ng, and finding a suitable one can be a challenge. Additionally, Aircrack-ng primarily supports Linux, which may pose challenges for users accustomed to other operating systems.

Conclusion

It's important to emphasize that Aircrack-ng should only be used for legitimate security purposes with proper authorization. Misusing it or engaging in unauthorized activities can lead to severe legal and ethical consequences.

John the Ripper Password cracker Tool | Deeep Hacker | vishnutechs.in

 John the Ripper Password Cracker

NOTE:

This site is for knowledge and educational purposes only, we do not promote or encourage any illegal activities.Your Responsible if you Get Used to That kind of Illegal Activities

John the Ripper is a widely used password cracking tool. It is designed to help security professionals and system administrators test the strength of passwords by attempting to crack them. It supports various password cracking techniques such as brute-force attacks, dictionary attacks, and hybrid attacks.

For More Updates Join with Telegram  Official Group

The tool takes password hashes as input, which are typically obtained from password databases or operating system files. A password hash is a one-way cryptographic representation of a password. Instead of storing passwords in plaintext, systems often store their hashes for security reasons. This way, even if an attacker gains access to the password database, they cannot easily retrieve the original passwords.

How John the Ripper works:

1. Hash Identification: 

John the Ripper first analyzes the password hashes provided as input. It determines the hash type (e.g., MD5, SHA1, bcrypt) to understand the algorithm used to generate the hashes.

2. Wordlist Mode:

In the simplest form, John the Ripper can use a wordlist or dictionary containing a list of common passwords, phrases, or variations to perform a dictionary attack. It systematically applies each entry in the wordlist and checks if the resulting hash matches any of the given password hashes.

3. Rule-based Modes: 

John the Ripper supports rules to modify and transform words from the wordlist. These rules can apply various modifications, such as appending/prepending numbers, changing case, character substitution, or rotating characters. By applying these rules, it expands the wordlist and increases the chances of finding a matching password hash.

4. Brute-force Mode: 

If the wordlist and rule-based approaches fail, John the Ripper can resort to a brute-force attack. It systematically generates all possible password combinations within a given length and character set. However, brute-force attacks can be time-consuming and computationally expensive, especially for longer and more complex passwords.

5. Hybrid Attacks: 

John the Ripper also supports hybrid attacks, which combine the dictionary and brute-force approaches. It allows you to specify patterns and rules for generating passwords, combining them with words from a wordlist or applying transformations.

6. Performance Optimization: 

John the Ripper is designed to utilize multiple CPU cores and take advantage of hardware acceleration (e.g., GPU) to speed up the password cracking process.

7. Cracked Passwords: 

As John the Ripper attempts to crack the password hashes, it maintains a status report, indicating which hashes have been successfully cracked and the corresponding plaintext passwords. The cracked passwords are displayed in the output, allowing you to assess the strength of the passwords and identify potential security weaknesses.

Click here to know
How to Installation & configure John the Ripper

Conclusion

It's important to note that John the Ripper should be used responsibly and legally. It is primarily intended for security professionals and system administrators to test the strength of passwords within authorized systems or to recover lost passwords. Using it for unauthorized purposes, such as cracking passwords without proper consent, is illegal and unethical.