Today I will continue to write about tools that you can use to generate wordlists. Today we will take a look at crunch.
Background and the functionality:
Crunch is another great tool that can be used to create wordlists. The tool was initially released in 2004 and the author is bofh28 according to tools.kali.org.
You use the tool to generates wordlists based on the charset you specify.
How to get started with Crunch:
To make sure that you have crunch installed, which comes pre-installed with Kali, you just open up the terminal and write crunch.
If you start off by running the tool with only the required parameters you will get all possible words using all characters. So if you for example run “crunch 8 8” you will get all words that are eight characters long.
You can also specify which characters you want to use for your wordlist.
In the example above you can see that we specified all worlds between 5-6 that uses the following charcters: abcd123.
With the -o variable you can chose where the output should be saved.
Example: crunch 8 8 -o wordlist.txt
With the -b parameter you can specify how big wordlist-files you want. In the example below I first created a wordlist with the size of ~2kB. When I use the -b parameter to define that each file only can be 1kB big you see that three files was created instead and none of them were bigger than 1kB.
With the -i parameter you can invert the order of the words. If you use crunch 3 3 without using the -i parameter you will get a file that starts with
If you use -i you will instead get the following result:
The -t parameter is one of my favorites to use. If you know that a password uses a special pattern you can use the -t parameter to specify that pattern and reduce the amount of words in your list significantly and make your wordlist more efficient.
A normal use case can be that you got information about that many users in your targets company creates passwords based on the current season, for example Summer2019! . You can then create a wordlist based on that structure.
You can use the following characters to build your patterns:
- @ will insert lower case characters
- , will insert upper case characters
- % will insert numbers
- ^ will insert symbols
You can also use the -z parameter to compress and create an archive-file. You can choose between gzip, bzip2, lzma and 7z. Gzip is fastest but compression is minimal while 7z is slowest with best compression.
That was everything for this time. Please contact me if you feel like I missed something or if you want to share any special tips and tricks for Crunch.