John the Ripper is a penetration testing tool used to find and crack weak passwords.
N/A
Pentest-Tools.com
Score 7.0 out of 10
N/A
Pentest-Tools.com helps security professionals find, validate, and communicate vulnerabilities, whether they’re internal teams defending at scale, MSPs juggling clients, or consultants under pressure. The service provides coverage across network, web, API, and cloud assets, and includes built-in exploit validation to turn every scan into credible, actionable insight. Boasting users among over 2,000 teams in 119 countries for use…
It is best suited in those environments where complexity is not the key. We've used it fairly extensively in our UNIX to find weak UNIX passwords and in Windows environments too. It's very easy to get hold of as it is essentially Open Source, although a paid version is now available and we are thinking of looking at this proposition in-depth to see if it is viable. We found it easy to install and deploy across our systems. Patching was fairly regular, so we always had the latest version. It holds its own against DES and Blowfish encryption algorithms among many others.
This website is well suited for organisations that perform regular security assessments. In particular, external scans and reconnaissance. As an example, I am able to run a report on our Wordpress website to enable me to see whether we are missing any important security updates. We found it to be very useful for training new security analysts, due to the straightforward GUI. You can work on the same projects together to help you to do this. Having it laid out in front of them helps them to understand the concepts much easier than using dozens of different tools to achieve the same goals, and also speeds up training. If you're a personal user it may not be appropriate due to price. If you are a personal user, I would advise using the many open source tools there are that do the same things. The strength of this platform is that it combines them into a single pane of glass, but you can achieve the same things with other tools if necessary. For example, there are many other tools that you could use to run a UDP port scan that do not cost money (EG NMAP)
No logging for things like scanning. This means you don't actually know when the scan has failed if you're not immediately on the ball.
Reports could look better. It would be good to be able to customise the report with some different styles to suit your company's branding.
Could have better tutorials.
It may be useful to have a feature similar to Microsoft Secure Score, which compares your organisation to similar ones, so that you have a reference of how secure your environment actually is.
'John the Ripper' being open source was free to use, whereas the others had to be paid for. It was very simple to install and runs against many hundreds of hashes and crypts. It is always developing thanks to large communities on GitHub.
Offers a great number of tools in one interface, giving you a single pane of glass to work from. Therefore, it's favourable compared to some of these other products, that do similar things but are less intuitive and less easy to use. This makes it not only easier to use, but easier to report results to your customers. Also, although the price point can seem high, once you start adding multiple paid tools that do the same job, there probably isn't a massive amount of difference (if any)
