crunch

Create wordlists from character sets

TLDR

Output a list of words of length 1 to 3 with only lowercase characters

$ crunch [1] [3]

Output a list of hexadecimal words of length 8

$ crunch [8] [8] [0123456789abcdef]

Output a list of all permutations of abc (lengths are not processed)

$ crunch [1] [1] -p [abc]

Output a list of all permutations of the given strings (lengths are not processed)

$ crunch [1] [1] -p [abc] [def] [ghi]

Output a list of words generated according to the given pattern and a maximum number of duplicate letters

$ crunch [5] [5] [abcde123] -t [@@@12] -d 2@

Write a list of words in chunk files of a given size, starting with the given string

$ crunch [3] [5] -o [START] -b [10kb] -s [abc]

Write a list of words stopping with the given string and inverting the wordlist

$ crunch [1] [5] -o [START] -e [abcde] -i

Write a list of words in compressed chunk files with a specified number of words

$ crunch [1] [5] -o [START] -c [1000] -z [gzip|bzip2|lzma|7z]

SYNOPSIS

crunch <min_len> <max_len> [options]

<min_len>
    Specifies the minimum length of the strings to be generated.

<max_len>
    Specifies the maximum length of the strings to be generated.

-o <filename>
    Specifies the output file where the generated wordlist will be saved.

-f <charset.lst> <charset_name>
    Loads a predefined character set from a file (e.g., `charset.lst`). You must also specify the name of the character set within that file (e.g., `numeric`, `lowercase`).

-p
    Permutes values, often used in conjunction with patterns to arrange characters in all possible orders.

-s <string>
    Specifies the starting string for the wordlist generation. Generation will begin from this string.

-e <string>
    Specifies the ending string for the wordlist generation. Generation will stop once this string is reached.

-t <pattern>
    Defines a pattern for the generated strings using placeholders: @ (lowercase), , (uppercase), % (numeric), ^ (symbols). Example: -t @@%^ for two lowercase, one number, one symbol.

-d <num>
    Limits the number of consecutive duplicate characters allowed in the generated strings.

-c <lines>
    Specifies the maximum number of lines (passwords) per output file when splitting the wordlist.

-z <type>
    Compresses the output file using the specified type (e.g., gzip, bzip2, lzma, 7z).

-b <bytes>
    Specifies the maximum size of the output file in bytes (e.g., 100MB) when splitting the wordlist.

-q <filename>
    Quiet mode: loads character sets from `charset.lst` without displaying internal characters, often used to prevent screen clutter.

-m <bytes>
    Specifies the maximum amount of RAM in bytes that crunch can use during wordlist generation.

DESCRIPTION

Crunch is a powerful and flexible wordlist generator used primarily in security auditing and penetration testing. It allows users to create custom wordlists by specifying minimum and maximum lengths, character sets (alphanumeric, special characters, or custom), and specific patterns. This tool can generate all possible combinations and permutations of characters, making it invaluable for dictionary attacks and brute-force attempts against password hashes or login forms. It supports various output options, including file compression and splitting large wordlists into manageable chunks. Its efficiency and customization options make it a staple for anyone needing to generate targeted dictionaries for security assessments.

CAVEATS

• Generating large wordlists can consume significant disk space and CPU resources. Always ensure you have sufficient storage and processing power before running crunch for extensive lists.
• The ethical use of crunch is crucial; it is intended for authorized penetration testing and security auditing, not for malicious activities.
• Without proper options, a seemingly simple command can generate billions of combinations, quickly filling up disk space.

CHARACTER SETS

Crunch supports several predefined character sets, including numeric (0-9), lowercase (a-z), uppercase (A-Z), symbols (!@#$%^&*()-_+=~`[]{}\|:;"'<>,./?), and all (a combination of common character types). Users can also define custom character sets directly on the command line or by using the -f option with a `charset.lst` file for more complex or application-specific character requirements.

PATTERN GENERATION WITH <B>-T</B>

The -t option allows for highly specific pattern generation, enabling users to define the exact structure of the generated strings. It uses placeholders:
• @: Represents a lowercase character (a-z)
• ,: Represents an uppercase character (A-Z)
• %: Represents a numeric character (0-9)
• ^: Represents a symbol
For example, `crunch 8 8 -t @@@@%^^^` would generate 8-character strings starting with four lowercase letters, followed by one number and three symbols. This level of control is invaluable for targeted dictionary attacks.

HISTORY

Crunch emerged as a dedicated and highly efficient tool within the information security community, specifically for generating customized dictionaries. Its development was driven by the pervasive need for a robust wordlist generator capable of handling complex character sets and patterns, which is essential for modern password cracking and security auditing techniques. It has become a standard utility in penetration testing distributions like Kali Linux due to its speed, flexibility, and comprehensive feature set.