Docker image with Python

[kc9jud]

Currently the Docker images do not contain Python, precluding the use of the xxx2john.py scripts. It would be nice to have a version of the images which have Python included. (Perhaps a separate tag should be used, so people don't have to use the extra space if they don't want Python?)

[kc9jud]

It might also be helpful to modify docker-entrypoint.sh to give access to the conversion scripts instead of needing to use docker run --entrypoint=....

[claudioandre-br]

Thank you for participating.

I agree that a new image can be useful but I'm afraid it can be overwhelming, I mean that to be used by all 2john tools we need python, perl, ruby, node and lua. Would this large image be used?

Anyway, we will keep thinking and discussing how users would use it and how we can improve (probably create a new) image.

[kc9jud]

Looking through the scripts in https://github.com/openwall/john/tree/bleeding-jumbo/run, it seems we need only Python, Perl, and Ruby. mongodb2john.js is for use with the mongo command from MongoDB (which I don't think we would want to include in an image!) and the network2john.lua is to be run by tshark.

[kc9jud]

It looks like adding the scripting languages adds about 54% to the image size:

REPOSITORY                            TAG               IMAGE ID       CREATED          SIZE
ghcr.io/kc9jud/john                   latest-script     7bfefac15c1b   47 seconds ago   386MB
ghcr.io/openwall/john                 latest            bf99e8de2299   12 days ago      251MB

The build log is consistent, with the additional layer being 135.45 MB.

[kc9jud]

Reduced to ~90MB.

[claudioandre-br]

@solardiz, @magnumripper do you guys have anything to say about this?

What would be the best for a random user?

• wget script.py && python script.py (requires to run pip, sometimes).
• docker run -v [...] john 2john-tool /host/archive > hashes.txt (requires to be ok with docker tools and to download 300MB).

For example, I do not intend to add "libraries" to distro packages like the Ubuntu snap. The idea is keep everything small and simple as it could be. That said:

• I use the snap packaged scripts in my machine like /snap/john-the-ripper/current/run/2john-tool archive > hash.txt because it is simple and good to me.
• I never did the same using the docker image. The syntax would be clunky.

Not a lot of people uses john's Docker image. I agree that a new Docker image aimed only at 2john tools would be interesting because people would have something able to handle all these conversions without any software installation.

[edited]
The question is, is anyone interested in having it?

[magnumripper]

I really have no idea. Perhaps raise the topic on john-users and see what response we get?

[solardiz]

The question is, is anyone interested in having it?

It looks like @kc9jud is? I think it makes sense to listen to the (very few) users we have for this, and especially to prospective contributors.

[claudioandre-br]

It looks like @kc9jud is?

@kc9jud, please make a PR so we can review and accept it.

[claudioandre-br]

I'm afraid I want to concentrate on the use case where the executables are the focus, without having to test or worry about installing programming language(s) and packages needed by the 2john tools.

In this way, the packages present in this repository serve to run a real cracking session (safely, sand boxed, without internet access, away from your files/secrets dealing only with a 'hash', ...). All preparation for running john can be done with the help of the package, but that would NOT be the goal.

I regret to inform I'm going to close this as "wontfix".