Introduction
Crunch is a powerful open-source tool used to create custom wordlists for password cracking, security testing, and auditing. Ethical hackers and security professionals use Crunch to generate wordlists based on specific criteria such as character sets, patterns, and lengths. These wordlists can be used with tools like John the Ripper, Hashcat, and Hydra for brute-force and dictionary attacks.
Why Pen Testers Use Crunch
In many cases, website passwords are related to company names, admin names, or common keywords. Security testers use Crunch to generate custom wordlists that include these relevant words, increasing the likelihood of cracking weak passwords during security assessments. By creating a tailored customer list based on the target’s naming conventions and industry-specific terms, testers can improve password auditing efficiency.
Installation
- To install Crunch on Kali Linux:
- sudo apt install crunch
·
If you want
to read extra details about Crunch, use the following command:
-
man crunch
Basic Syntax
- Crunch command format:
crunch <min_length>
<max_length> [options]<min_length>:
Minimum word length<max_length>:
Maximum word length[options]:
Additional parameters for customization
Crunch Tool
Commands and Options
|
Option |
Description |
|
-o |
Specify |
|
-t |
Generate |
|
-p |
Generate |
|
-s |
Specify |
|
-e |
Specify |
|
-l |
Specify |
|
-c |
Only |
|
-f |
Use |
|
-i |
Insert |
|
-b |
Generate |
|
-n |
Include |
|
-h |
Display |
Example
·
Example
1: Basic Wordlist
(Generate lowercase letters of length 4-6)
-
crunch 4 6 abcdefghijklmnopqrstuvwxyz -o
wordlist.txt
· The crunch
command can be used to generate a simple wordlist composed of lowercase
letters. For instance, produces passwords that are 4 to 6 characters in length,
using only lowercase letters. The resulting combinations are saved to the file wordlist.txt, making it a straightforward option for creating basic
password lists.
·
Example
2: Alphanumeric Wordlist
(Generate letters and numbers of length 3-4)
-
crunch 3 4
abcdefghijklmnopqrstuvwxyz0123456789 -o wordlist.txt
· To generate a
wordlist consisting of alphanumeric combinations, you can use the crunch
command with a specified length range. creates passwords that are either 3 or 4
characters long, using lowercase letters and numbers. The generated
combinations are saved to the file wordlist.txt,
making it a useful resource for various password-cracking tasks.
·
Example
3: Generate a specific pattern of passwords:
-
- crunch 10 10 0123456789@ -t tester@%%%
-o generated_passwords.txt
- crunch 10 10 0123456789@ -t tester@%%%
·
Generates
10-character passwords starting with the prefix “tester,” followed by
a single lowercase letter or symbol represented by @, and
ending with three characters from the specified character set (digits and @).
The results are saved in the file generated_passwords.txt, showcasing the tool’s flexibility in producing targeted
wordlists for password cracking.
Example
4: Generate Passwords with Special Characters
-
crunch 10 10 @ -t tester@%%% -o
generated_passwords.txt
·
The crunch command is an essential tool for creating custom
wordlists, particularly useful in password cracking scenarios. This example
demonstrates how to generate passwords with a specific pattern, including
special characters.
·
Example
5: Generating Wordlist Combinations with Crunch
-
crunch 3 3 -t aaa -p admin user tester
-o wordlist.txt
· In this
section, we demonstrate how to generate a wordlist of permutations from a set
of specific words using the crunch
command. This command is useful for creating custom wordlists for penetration
testing and security assessments.
Dynamic Wordlist Generation with Crunch for Password Cracking Tools (Without Saving)
Introduction
In this section, briefly explain the significance of password cracking and how dynamically generating wordlists with crunch enhances the effectiveness of various cracking tools without the need for saving intermediate files.
Aircrack-ng
Command: crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | aircrack-ng -b
[bssid] -w - [file.cap]
Explanation:
- This command generates passwords of length 8 and pipes them directly into
aircrack-ngto crack WPA/WPA2 handshakes.
Example Usage: crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | aircrack-ng -b
00:11:22:33:44:55 -w - capture.cap
John the Ripper
Command: crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | john --stdin
[hash_file]
Explanation:
- This command generates passwords of length 8 and pipes them directly into John the Ripper for cracking specified hashes.
Example Usage: crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | john --stdin
hashes.txt
Hashcat
Command:crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | hashcat -m
[hash_type] -a 0 [hash_file] -
Explanation:
- This command generates passwords of length 8 and uses them in a straight dictionary attack against the specified hash type without saving them to a file.
Example Usage: crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | hashcat -m 0
-a 0 hashes.txt -
THC-Hydra
Command: crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | hydra -l
[username] -P - [protocol] [target]
Explanation:
- This command generates passwords and pipes them directly into THC-Hydra for brute force attacks on various protocols.
Example Usage: crunch 8 8
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 | hydra -l admin
-P - ssh://192.168.1.1
Conclusion
In summary, crunch is a powerful tool for generating custom wordlists tailored to your password cracking needs. Its versatility allows you to create lists with specific character sets, lengths, and patterns, enhancing your efficiency in security assessments.
By mastering crunch commands, you can streamline your workflow and improve your effectiveness in penetration testing. Always remember to use these tools ethically and with permission. With practice, you can leverage crunch to boost your skills in cybersecurity.
