This tool extracts password hashes from ZIP archives using zip2john, preparing data for password recovery tools like John the Ripper.
Supported Tools:
Extract a crackable hash from a password-protected ZIP archive with zip2john, ready for John the Ripper or hashcat. For authorized password recovery only.
zip2john reads an encrypted ZIP archive and emits a hash string describing its password verifier, which John the Ripper or hashcat can then attempt to crack. It handles both legacy PKZIP "traditional" encryption and the newer WinZip AES (AES-128/192/256) scheme. It does not decrypt the archive itself; it extracts the data needed to test password guesses offline. Use it only on archives you own or are authorized to recover.
Input:
secret.zip (password-protected)
Output:
secret.zip:$zip2$*0*3*0*<salt>*<verifier>*...*$/zip2$
Does zip2john recover the password?
No. It produces a hash that a cracking tool (John or hashcat) uses to guess the password. The strength of the password determines whether recovery succeeds.
Which ZIP encryption types are supported?
Both traditional PKZIP encryption and WinZip AES (the AES-256 scheme used by modern archivers and 7-Zip's zip mode).
Which hashcat mode matches the output?
WinZip AES ZIPs use hashcat mode 13600; traditional PKZIP uses modes 17200-17230 depending on compression.