Category: Hacking

Hello, aspiring ethical hackers. In this blogpost, you will learn about a tool named Crunch which is a wordlist generator. A wordlist or a dictionary is a file containing credentials that is useful while using any password cracking tool like Brutus, Hydra, Medusa or John The Ripper usually when you are using Dictionary attack.

A good wordlist goes a long way in the success of a password cracking attack and Crunch is one of the best wordlist generator tools there. Let’s see how to use Crunch to generate wordlist we want. Crunch is installed by default in Kali Linux and it can be started using command “crunch”. The syntax of crunch is given below.

crunch <min> <max> <options>

where “min” stands for minimum length of the password you want and “max” stands for the maximum length of the password string you want. To generate a wordlist containing random passwords with minimum and a maximum length 1 and 2 respectively, this is the command we have to use.

If you want a wordlist with characters you specify, you can also specify them as shown below.

Crunch already has a collection of character sets stored in “charset.lst” file located in /use/share/crunch/ directory. Here is the list of character sets it has.

For example, if you want to create the wordlist with only uppercase alphabets, you can use the command shown below.

What’s a wordlist without a saved file? (o)

Really, what is a wordlist without a saved file. To save the output, use the “-o” option as shown below.

Be careful with the size of the wordlist (b and c)

Sometimes while making a huge wordlist, the size of the wordlist may become too large in size, usually adding up to Giga bytes (GB). This can put a lot of pressure on memory and resource of the computer or may be even difficult to open. Don’t worry though. Crunch has a feature to overcome this problem using the “b” option. The “b” option can be used to set the size you want for the wordlist.

Once the size of the file reaches this limit, it saves the output to a new file with the same size. Let me show you practically. For example, here we create a wordlist and is size in 2620200 bytes as shown below.

Now, let’s create the wordlist size of just IMB as shown. While using the ‘-b’ option, ‘-o’ option and “START” are compulsory.

When we do this, instead of creating a single wordlist, crunch will create three wordlists as shown below.

Add up the size of the first three files and that should add up to the size of the “wordlist.txt” dictionary. Also note that while we use the “-b” option, the name of the wordlist is the first and last string in the wordlist.

Crunch can also create a wordlist with a specified number of lines. For example, the wordlist we created here has 3,75,922 lines.

Now, if you want your wordlist to have just 100 lines, you can use the ‘-c’ option to achieve this as shown below.

Let’s check the number of lines in each wordlist.

Remove duplication (d)

Using the ‘-d’ option, we can remove the duplicate characters from the values in the wordlist.

In the above wordlist, you can see duplicate characters like aa, bbb, ccc etc. Let’s say you want to limit the duplicate characters to two alphabets. This can be done by setting ‘2@’ value to -d option.

You can see that “bbb” and “ccc” are gone from the wordlist. The format to give value to the “-d” option is the number and the symbol. In ‘2@’, 2 is the maximum number of consecutive characters to be allowed and @ in the symbol of the characters we want to limit. The symbol for different character sets for crunch are given below.

Exit after a specific study is created (e)

You just don’t have to wait for the entire wordlist to be created with crunch. You can exit wordlist generation after a specific string is generated. Let’s see an example.

Now, you want to exit crunch after creation of string ‘ab’ in the above wordlist, you can do so as shown below.

Invert the strings (i)

Using this option (-i), we can insert the strings generated in Crunch. In the above wordlist, instead of aa, ab, ac, ba, it will be aa, ba, ca, ab.

Start with a specific string (s)

While creating a wordlist, you may have a feeling to try a specific string as password but not sure. But you want to try it first in your wordlist. You can set a starting string to the wordlist you are creating using the ‘-s’ option.

Don’t you want repeating characters (p)

Crunch can generate words that don’t have repeating characters using the ‘-p” option. Setting this option will generate factorial of characters in charset. For example, if there are 3 character in charset, setting this option will generate 3x2x1=6 words. While by default, crunch generates a wordlist the size of “characters in charset” to the power of maximum length specifically.

This option cannot be used along with ‘-s’ option and must be the last option to be specified. Also, this option ignores the maximum and minimum length specified but still needs two numbers to the specified.

You want to specify a pattern (t)

This option helps you to specify a pattern. The character set can be specified using symbol as shown below.

What if you want symbols to be treated literally (l)

Setting a specific pattern is very helpful while creating wordlists but what if we have to include @, % ^ character in the string. Don’t worry. Crunch has that option too. Using -l option asks crunch to treat the specified characters as literals instead of symbols pointed to other characters.

Save the wordlist as archive: (z)

Sometimes, need arises to save the generated wordlist as a compressed archive. With the “-z” option you can save generated wordlist as gzip, bzip, lzma and 7zip archives.

Resume whenever you want (r)

You may face some unexpected interruption while generating wordlists with crunch. This may be power cut or unexpected shutdown or some other problem which forces crunch to abort generating wordlists. Don’t you worry. Crunch has the resume (-r) option to restart from where it stopped or got aborted.

Disabling print percentage thread (u)

Its very nice to see crunch displaying the print percentage thread at the bottom while generating wordlist. But it you don’t like it, you can just disable this print percentage thread with the -u option.

That’s all about Crunch wordlist generator. Leave comments below.