Comprehensive Guide on Crunch Tool

Hello friends!! Today we will demonstrate how a pentester can generate his own wordlist for username either password using the most powerful tool CRUNCH. In Kali Linux you can easily get crunch by exploring Application > Password Attacks > Crunch

Crunch can generate a wordlist subject to the conditions you specify and its output file can be used in any other another program or file.

We are using crunch version 3.6 for this tutorial and followed given below parameters for generating a wordlist.

Syntax: <min> <max> [character-string] [options]

Min-len:  This parameter specify minimum length string required for crunch to start generating wordlist.

Max-len: This parameter specifies maximum length string required for crunch to end.

Charset string: This parameter specifies character sets for crunch to use for generating wordlist from that string, if you have not specified any string then crunch will default characters string.

Options: crunch serves you a list of options which increase its functionality for generating wordlist as per your requirement.

Generating wordlist without using the character string

Execute given below command which will generate a dictionary that contains minimum 2 character letters and maximum 3 by using default character sets. It will start from aa and end with zzz.

Here we had used the following parameters for generating a dictionary:

Min_len: 2 for two character letters

Max_len: 3 for three character letters

-o: This option denotes the path to save the output in a text file.

From given below image you can observe that it has generated 18252 number of lines and saved in the 0.txt file.

Now here we had used cat command to read the content from the inside 0.txt file where we can perceive that it has started from aa and end with zzz as shown in given below image.

Generating wordlist using the character string

Now execute given below command which will generate a dictionary that contains minimum 3 character letters and maximum 4 by using “raj” as the specified string. Similarly, it will start from rrr and end with jjjj.

From given below image you can observe that it has generated 108 number of lines and saved in the 1.txt file.

Now we had used the cat command to read the content from the inside 1.txt file where we can perceive that it has started from rrr and end with jjjj.

Similarly, we can use the string of any number for making a dictionary which contains numeric characters.

For example, some users set their date of birth as password and we would like to generate a dictionary that contains a combination of four number such that it represents month and date for instant 25th May as 2505 then you can use “2505” as a character string for generating a numeric wordlist.

Generating alpha-numeric wordlist

You can generate your own alpha-numeric wordlist, execute given below command which will generate a dictionary that contains minimum 2 character letters and maximum 3 by using “raj123” as the specified string. 

You can set minimum and maximum length for your wordlist as per your requirement.

Again we had used the cat command to read the content from the inside 3.txt file where we can perceive that it has a combination of alpha-numeric character.

Generating wordlist along with space character

The following command will generate wordlist using space character (\) with string “raj”. Instead of using (\) you can also use double quotes around string as “raj ” along with space within double quotes. 

Create wordlist using character set file of RainbowCrack

As we have known rainbow crack has a character set file which is used for cracking hashes by using a rainbow table, but we’ll use this character set file for generating a complex wordlist as per situation demands.

We had used the cat command to express the list of the character set that has been stored in charset.txt of rainbow crack.  From given below image you can observe that it is showing the following list of the character set.

  • Numeric
  • Alpha
  • Alpha-numeric
  • Loweralpha
  • Loweralpha numeric
  • Mixalpha
  • Mixalpha-numeric
  • Ascii -32-95
  • Ascii -32-65-123-4
  • Alpha-numeric-symbol32-space

Now you can choose any character set for generating a wordlist. Let suppose I want to generate a wordlist which contains lower alphabets letter along with a numeric number for 5 letter words so for that I will execute the following command.

Here –f denotes Specifies a character set from the charset.lst

Again we had used the cat command to read the content from the inside 5.txt file where we can perceive that it has a combination of alpha-numeric character.

Generate wordlist with specific Pattern

Crunch provides –t option to generate a wordlist using a specific pattern as per your requirement.

Using option –t you can generate 4 type patters as specified below:

  • Use @ for lowercase alphabets
  • Use , for uppercase alphabets
  • Use % for numeric character
  • Use ^ for special character symbol

For generating a wordlist that contains 3 numeric characters on the right side of string “raj” for instant raj123, we need to execute the following command.

Since we have 3 letters from string raj and we are assuming 3 more numeric number after the given string, therefore the minimum length should be the sum of string and pattern character.

Here –t denotes % pattern is used for editing 3 numeric characters.

Again we had used the cat command to read the content from the inside 6.txt file where we can perceive that it has a combination of alpha-numeric character.

Generate wordlist with Duplicate character limit

Crunch let you bound the repetition of character by using –d parameters along with the given pattern. 

As we saw, above the pattern for raj%%% starts with raj000 which means every single number will consecutive either twice or thrice such as it will contain word as raj000, raj001, raj111, raj110 and so on in the wordlist.

If you don’t wish to create a wordlist with the repeated number then you can use –d option to set the filter for repetition.

For example, I want to generate a wordlist by using the above pattern i.e. raj%%% and consecutive repetition of each number almost twice. For implementing such type of dictionary we need to execute below command.

here we had use following parameter

–t denotes % pattern is used for editing 3 numeric character

-d denote % pattern is used for editing 3 numeric characters with the repetition of each number almost twice.

Again we had used the cat command to read the content from inside 6.1.txt file where we can perceive that it has a combination of alpha-numeric character with repetition of each number two times.

Now if you will compare output file 6.txt and 6.1.txt then you can notice the difference of number repetition.

Generate wordlist with Pattern for uppercase letter

For generating a wordlist that contains 3 uppercase characters on the right side of string “raj” for instant rajABC, we need to execute the following command.

Since we have 3 letters from string raj and we are assuming 3 more uppercase letters after the given string, therefore the minimum length should be the sum of string and pattern character.

Here –t denotes (,) pattern is used for editing 3 uppercase letter character.

Again we had used the cat command to read the content from the inside 7.txt file where we can perceive that it has a combination of mix-alpha character.

Similarly, we can set the limit for uppercase letter repletion as done above. So if I want that alphabets should not be consecutive then we can execute given below command for generating such type of dictionary.

–t denotes (,) pattern is used for editing 3 uppercase character

-d denote (,) pattern is used for editing 3 uppercase characters with repetition of each number almost one.

Again we had used the cat command to read the content from inside 7.1.txt file where we can perceive that it has a combination of mix-alpha character with repetition of each number two times.

Now if you will compare output file 7.txt and 7.1.txt then you can notice the difference of alphabet repetition.

Use Permutation for generating a wordlist

-p option is used for generating wordlist with help of permutation, here can ignore min and max length of the character string. Moreover, it can be used with one-word string or multiple words string as given below.

From given below image you can analysis the output result and get the maximum number of permutation generated.

Generate a Dictionary with limited words

If you will observe above all output result then you will find crunch has generated dictionary and displays the number of the line for each dictionary. For instance, text file 0.txt has 18252 number of line and each line contains one word only.

So if you wish to set the filter for a certain number of the line should be generated then execute given below line.

It will generate a dictionary of 25 words only and save output in 8.txt.

Again we had used the cat command to read the content from an inside 8.txt file where we can perceive that it has only 25 alpha character.

Wordlist Fragmentation

Use –b option for wordlist fragmentation that split a single wordlist into multi wordlist. It is a quite useful option for dividing wordlist which is in GB can break into MB.

From given below image you can observe that it has divided a 7MB file into three text file.

Generate compressed Dictionary

Crunch let you generate compress wordlist with option –z and other parameters are gzip, bzip2, lzma, and 7z, execute given below command for compression.

 From given below image you can observe that it has generated the compress text file.

Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an Information Security Consultant Social Media Lover and Gadgets. Contact here

1 Comment Comprehensive Guide on Crunch Tool

  1. NochlasAB

    Hallo Raj, and thanks for this article!
    i’m new to crunch and i’m trying to make at wordlist with min. 5 and max 9 characters from the charset “adeimnorstvASM01239”, but i gives me over 300 billions of combinations. So i want specify for crunch, that only lowercase “t” and the numbers “1” and “9”, can be use’d twice and everyother character only are allows once?
    i really hope you can help me write that syntax.
    NochlasAB

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *