crunch

crunch min-len max-len [charset] [options]

crunch is a wordlist generator that creates lists of all possible combinations based on specified criteria. It's commonly used in authorized penetration testing for creating password lists, brute-force dictionaries, and testing security measures.The tool generates combinations efficiently, supporting custom character sets, patterns, and size limits. Patterns allow mixing character types (letters, numbers, symbols) in specific positions. The permutation mode creates all arrangements of given words.Output can be piped to other tools or split into manageable file sizes for large wordlists. Compression options help manage disk space for extensive generations.

MIN-LEN

Minimum length of generated strings.

Maximum length of generated strings.

Characters to use for generation (default: lowercase alphabet).

Output to file instead of stdout.

Specify pattern using placeholders (@ , % ^).

Split output into files of specified size.

Number of lines per output file.

Generate permutations of specified words.

Limit consecutive duplicate characters.

Stop generating words at the specified string.

Read character set from a file (e.g., charset.lst).

Invert output so the first character changes most often.

Treat characters as literals in the -t pattern (overrides @,%^).

Start at specified string (for resuming).

Disable the print-percentage thread.

Compress output (gzip, bzip2, lzma, 7z).

Large wordlists can consume significant disk space and generation time. Use responsibly and only for authorized security testing. Ensure adequate storage before generating large lists. Consider the exponential growth of combinations with length.

crunch was developed for the security community as a flexible wordlist generator. It became a standard tool in penetration testing distributions like Kali Linux. The tool enables security professionals to test password policies and authentication systems.

john(1), hashcat(1), hydra(1)