add john the ripper for password list generation

.dockerignore

@@ -1,2 +1,3 @@
 data
 examples/stego-files
+*.swp 

README.md

@@ -134,6 +134,21 @@ The following filetypes are supported:
 - PNG: `check_png.h` and `brute_png.sh` (running `openstego` and `stegoveritas.py -bruteLSB`)
 
 
+### Wordlist generation
+
+The brute forcing scripts above need wordlists.
+Imho it will very likely not help to use huge standard wordlists like rockyou.
+The scripts are too slow for it and stego challenges seem to not be designed for
+this.
+A more probable scenario is that you have a hunch what the password could be but
+you do not know exactly.
+
+For these cases, several tools to generate wordlists are included:
+- [john](http://www.openwall.com/john/): the community enhanced version of John the Ripper can expand your wordlists. Create a base wordlist with a few candidate passwords and use `john` to create many variants of them. Use `john -wordlist:/path/to/your/wordlist -rules:Single -stdout > /path/to/expanded/wordlist` to apply extensive rules (~x1000) `john -wordlist:/path/to/your/wordlist -rules:Wordlist -stdout > /path/to/expanded/wordlist` for a reduced ruleset (~x50).
+- [crunch](https://tools.kali.org/password-attacks/crunch): can generate small wordlists if you have a pattern in mind. For instance, if you know the passwords ends with 1984 and is 6 letters long, use `crunch 6 6 abcdefghijklmnopqrstuvwxyz -t @@1984` will generate the 26 * 26 = 676 passwords aa1984, ab1984, ... up to zz1984. The format is `crunch <min-length> <max-length> <charset> <options>` and we used the templating option. Check out `less /usr/share/crunch/charset.lst` to see the charsets crunch ships with.
+- [CeWL](https://digi.ninja/projects/cewl.php): can generate wordlists if you know a website is related to a password. For instance, run `cewl -d 0 -m 8 https://en.wikipedia.org/wiki/Donald_Trump` if you suspect a picture of Donald Trump contains an encrypted hidden message. The command scrapes the site and extracts strings at least 8 characters long.
+
+
 ## Steganography examples
 
 The image contains a sample image and audio file each in different formats:

install/jumbo_john.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -e
+
+# Install some openssl headers
+apt-get install -y libssl1.0-dev \
+                   zlib1g-dev
+
+# Download
+wget -q -O /tmp/jumbo-john.tar.gz http://openwall.com/john/j/john-1.8.0-jumbo-1.tar.gz
+
+# Extract
+mkdir -p /opt/jumbo-john
+tar -xzf /tmp/jumbo-john.tar.gz -C /opt/jumbo-john
+rm /tmp/jumbo-john.tar.gz
+
+# compile
+# fix code with sed: https://blackcatsoftware.us/john-the-ripper-jumbo-1-8-0-compilemake-fails-in-fedora-25-gcc5/
+sed -i "482s/.*/\/\/#ifdef __x86_64__/" /opt/jumbo-john/john-1.8.0-jumbo-1/src/MD5_std.c
+sed -i "483s/.*/\/\/#define MAYBE_INLINE_BODY MAYBE_INLINE/" /opt/jumbo-john/john-1.8.0-jumbo-1/src/MD5_std.c
+sed -i "484s/.*/\/\/#else/" /opt/jumbo-john/john-1.8.0-jumbo-1/src/MD5_std.c
+sed -i "486s/.*/\/\/#endif/" /opt/jumbo-john/john-1.8.0-jumbo-1/src/MD5_std.c
+
+cd /opt/jumbo-john/john-1.8.0-jumbo-1/src/ && ./configure && make -s clean && make -sj4 
+
+
+# install
+echo 'export JOHN=/opt/jumbo-john/john-1.8.0-jumbo-1/run' >> ~/.bashrc
+
+cat << EOF > /usr/bin/john
+#!/bin/sh
+echo "executing john in folder '\$JOHN' - use absolute paths to avoid confusion"
+cd \$JOHN
+./john \$@
+EOF
+chmod +x /usr/bin/john