“John the ripper” is a password cracking program that looks for weak passwords in /etc/shadow. It is a very useful tool for local security enforcement. The package name in Debian is simply john.
Note that John can be set up to periodically check for weak passwords and send email to notify an administrator of which account has a weak password. This can, in some cases, “creep out” regular end users.