How to use the command 'crunch' (with examples)

How to use the command 'crunch' (with examples)

The ‘crunch’ command is a powerful wordlist generator. It can be used to create custom wordlists for various purposes such as password cracking, data analysis, or network security testing. This article will illustrate each of the provided use cases for the ‘crunch’ command.

Use case 1: Output a list of words of length 1 to 3 with only lowercase characters

Code:

crunch 1 3

Motivation: This use case is helpful if you need to quickly generate a wordlist containing all possible combinations of lowercase characters with lengths ranging from 1 to 3. It can be used in password cracking scenarios where the password length is relatively short.

Explanation:

  • ‘1’ is the minimum length of the word generated.
  • ‘3’ is the maximum length of the word generated.

Example output:

a
b
c
...
z
aa
ab
ac
...
zzz

Use case 2: Output a list of hexadecimal words of length 8

Code:

crunch 8 8 0123456789abcdef

Motivation: Generating a wordlist of hexadecimal words can be useful in various scenarios, such as testing web applications or recovering hexadecimal-encoded data. This use case allows generating all possible combinations of hexadecimal characters with a fixed length of 8.

Explanation:

  • ‘8’ is the minimum length of the word generated.
  • ‘8’ is the maximum length of the word generated.
  • ‘0123456789abcdef’ represents the hexadecimal characters used in the generation process.

Example output:

00000000
00000001
00000002
...
fffffffd
fffffffe
ffffffff

Use case 3: Output a list of all permutations of ‘abc’ (lengths are not processed)

Code:

crunch 1 1 -p abc

Motivation: Permutations can be useful in creating password wordlists where the order of characters matters. This use case generates all possible permutations of the characters ‘a’, ‘b’, and ‘c’ without considering their lengths.

Explanation:

  • ‘1’ is the minimum length of the word generated.
  • ‘1’ is the maximum length of the word generated.
  • ‘-p’ flag indicates that permutations should be generated.
  • ‘abc’ represents the characters used in the generation process.

Example output:

a
b
c
ab
ac
ba
bc
ca
cb
abc
acb
bac
bca
cab
cba

Use case 4: Output a list of all permutations of the given strings (lengths are not processed)

Code:

crunch 1 1 -p abc def ghi

Motivation: Similar to the previous use case, this example generates all possible permutations of multiple given strings. It can be used to create complex wordlists with varying characters or words.

Explanation:

  • ‘1’ is the minimum length of the word generated.
  • ‘1’ is the maximum length of the word generated.
  • ‘-p’ flag indicates that permutations should be generated.
  • ‘abc def ghi’ represents the strings used in the generation process.

Example output:

a
b
c
d
e
f
g
h
i
ab
ac
ad
...
ghi
hig

Use case 5: Output a list of words generated according to the given pattern and a maximum number of duplicate letters

Code:

crunch 5 5 abcde123 -t @@@12 -d 2@

Motivation: Generating words according to a specific pattern can be beneficial in cases where password policies restrict the format of passwords. This use case allows specifying a pattern and a maximum number of duplicate letters in the generated words.

Explanation:

  • ‘5’ is the minimum length of the word generated.
  • ‘5’ is the maximum length of the word generated.
  • ‘abcde123’ represents the characters used in the generation process.
  • ‘-t’ flag specifies the template/pattern for the word generation. ‘@@@12’ means that the first three characters will be any of ‘abcde123’, followed by the characters ‘12’.
  • ‘-d’ flag specifies the maximum number of duplicate letters. ‘2@’ means that only two duplicate letters are allowed.

Example output:

abcde12
abcde21
abecd12
...
3deab21
3deab12

Use case 6: Write a list of words in chunk files of a given size, starting with the given string

Code:

crunch 3 5 -o START -b 10kb -s abc

Motivation: Generating wordlists in chunk files can be useful for reducing memory usage or when processing large amounts of data. This use case allows generating wordlists in chunk files with a given size, starting with a specific string.

Explanation:

  • ‘3’ is the minimum length of the word generated.
  • ‘5’ is the maximum length of the word generated.
  • ‘-o’ flag specifies the prefix string for the generated files. In this case, the wordlists will be named with the prefix ‘START’.
  • ‘-b’ flag specifies the size of the chunk files. ‘10kb’ means each file will be approximately 10 kilobytes in size.
  • ‘-s’ flag specifies the starting string. In this case, all generated words will start with the characters ‘abc’.

Example output:

STARTaa
STARTab
STARTac
...
STARTzy
STARTzzz

Use case 7: Write a list of words stopping with the given string and inverting the wordlist

Code:

crunch 1 5 -o START -e abcde -i

Motivation: Sometimes, it is necessary to create wordlists that end with a specific string. Additionally, inverting the wordlist can be helpful in certain scenarios. This use case generates wordlists that stop with a given string and then inverses the order of the words.

Explanation:

  • ‘1’ is the minimum length of the word generated.
  • ‘5’ is the maximum length of the word generated.
  • ‘-o’ flag specifies the prefix string for the generated files. In this case, the wordlists will be named with the prefix ‘START’.
  • ‘-e’ flag specifies the ending string. In this case, all generated words will end with the characters ‘abcde’.
  • ‘-i’ flag indicates that the wordlist should be inverted.

Example output:

edcba
edcbae
edcbaed
...
a
ba
cba
dcba

Use case 8: Write a list of words in compressed chunk files with a specified number of words

Code:

crunch 1 5 -o START -c 1000 -z gzip|bzip2|lzma|7z

Motivation: In some cases, it is desirable to compress wordlists to save storage space. This use case allows generating wordlists in compressed chunk files, with each file containing a specified number of words. Multiple compression algorithms, such as gzip, bzip2, lzma, and 7z, are supported.

Explanation:

  • ‘1’ is the minimum length of the word generated.
  • ‘5’ is the maximum length of the word generated.
  • ‘-o’ flag specifies the prefix string for the generated files. In this case, the wordlists will be named with the prefix ‘START’.
  • ‘-c’ flag specifies the number of words to be stored in each compressed chunk file. In this example, each file will contain 1000 words.
  • ‘-z’ flag specifies the compression algorithm to be used. Multiple options are supported, such as ‘gzip’, ‘bzip2’, ’lzma’, and ‘7z’.

Example output:

START.gz
START.zst
START.bz2
...
START.7z

Conclusion:

The ‘crunch’ command is a versatile wordlist generator that can be extremely useful in various scenarios such as password cracking, data analysis, and network security testing. By following the provided use cases, users can utilize the command’s flexibility to generate custom wordlists tailored to their specific needs.

Tags :

Related Posts

How to use the command journalctl (with examples)

How to use the command journalctl (with examples)

Journalctl is a command-line utility for querying the systemd journal, which is a centralized collection of logs from a variety of sources on a Linux system.

Read More
How to use the command 'vpnd' (with examples)

How to use the command 'vpnd' (with examples)

The ‘vpnd’ command is used to listen for incoming VPN (Virtual Private Network) connections.

Read More
How to use the command mons (with examples)

How to use the command mons (with examples)

Mons is a tool that allows users to easily manage two displays.

Read More