Drop the Ripper

Drush command to try cracking user passwords against wordlists (like John the Ripper).

N.B. this is a Drush command, rather than a Drupal module. The same version should work for both Drupal 7 and Drupal 8.

$ drush help drop-the-ripper
Crack Drupal password hashes.

Examples:
 drush dtr                                 Try to crack passwords of all users.
 drush dtr --top=100                       Try to crack passwords of all users, using the first 100 passwords from the wordlist.
 drush dtr 3                               Try to crack passwords of all users with role 3 (typically administrator).
 drush dtr --wordlist=/tmp/rockyou.txt     Use a custom wordlist for password cracking.

Arguments:
 user-rids                                 (Optional) Only check passwords for users with these role ids (comma separate multiple rids).

Options:
 --all                                     Use all entries from the wordlist (default if a custom wordlist is supplied).
 --hide                                    Do not show plaintext passwords in output.
 --top=<25>                                Number of passwords to read from the wordlist (default is 25).
 --wordlist=</path/to/wordlist>            Path to a custom wordlist (default is openwall's password list).

Aliases: dtr

Example:

$ drush dtr
Match: uid=2 name=fred password=qwerty                       [success]
Match: uid=4 name=marvin password=123456                     [success]
Ran 65 password checks for 4 users in 2.68 seconds.          [success]

$ drush dtr 3 --all
Match: uid=7 name=sally password=Qwert                       [success]
Ran 7085 password checks for 2 users in 294.19 seconds.      [success]