Which tool is commonly used for offline password cracking and supports various hash formats and rulesets?

Cracking passwords offline relies on using a tool that takes captured password hashes and tests candidate passwords against them without interacting with the target system. John the Ripper is built for this workflow. It operates in offline mode, supports a wide range of hash formats (such as MD5, SHA variants, NTLM, LM, bcrypt, and more), and uses rulesets to mutate candidate passwords—simulating common user patterns like substitutions, capitalization changes, and appended numbers. This combination makes it particularly effective for password auditing, as you can customize wordlists with rules to improve success. The other tools serve different purposes: Burp Suite is for web application security testing, Nmap is for network discovery and mapping, and Metasploit is an exploitation framework. They aren’t focused on offline hash cracking with extensive format support and rulesets, which is why John the Ripper is the best fit here.