How to create a wordlist with Crunch in Kali Linux
November 22, 2023

How to create a wordlist with Crunch in Kali Linux

By Ovais Mirza

Introduction

Creating a wordlist is a critical step in security testing and password cracking. A wordlist is a collection of words, phrases, and symbols that are used to guess passwords or other sensitive information. While many wordlists are available online, creating a customized wordlist can significantly improve the success rate of password cracking. In this article, we will discuss how to create a wordlist with Crunch in Kali Linux.

What is Crunch?

Crunch is a tool that comes pre-installed in Kali Linux, designed to generate customized wordlists. It is a powerful tool that allows users to specify the minimum and maximum length of the words, the character set, and other parameters. Crunch generates a wordlist by combining various characters and symbols in a specific pattern.

How to Use Crunch to Create a Wordlist

Creating a wordlist with Crunch is a straightforward process. Follow these steps to generate a customized wordlist:

  1. Open the terminal and type crunch to launch the tool.
  2. Specify the minimum and maximum length of the words using -t option. For example, -t @@@@ will generate words of length four characters.
  3. Specify the character set using -f option. For example, -f charset.lst will use the character set specified in the file “charset.lst”.
  4. Specify the output file name using -o option. For example, -o wordlist.txt will save the wordlist in the file “wordlist.txt”.
  5. Press Enter to start the generation process.

Crunch will generate a wordlist based on the parameters specified. The generated wordlist can then be used for various security testing and password cracking purposes.

Tips for Creating a Wordlist with Crunch

While creating a wordlist with Crunch, keep the following tips in mind:

  • Use a targeted approach: A targeted approach means creating a wordlist that is specific to the target. For example, if you are trying to crack a password for a specific user, use their name, date of birth, or other personal information in the wordlist.
  • Use multiple character sets: Using multiple character sets can significantly improve the success rate of password cracking. For example, using a combination of lowercase and uppercase letters, numbers, and symbols can make the wordlist more effective.
  • Keep the wordlist size manageable: A large wordlist can take a lot of time to process and may not be practical for some applications. Keep the wordlist size manageable based on the target and application.
  • Keep the wordlist updated: Updating the wordlist regularly can improve the success rate of password cracking. Add new words and phrases based on the target and application.

FAQs

Also Read: How to install Python on Windows 10 and How to Recover deleted files from Pen drive

Q: Can Crunch generate wordlists in languages other than English?

A: Yes, Crunch supports multiple languages. Specify the character set for the desired language using the -f option.

Q: Can I use Crunch to generate a wordlist for a specific application or website?

A: Yes, you can use Crunch to generate a wordlist for any application or website. However, make sure that the wordlist is specific to the target and includes relevant words and phrases.

Q: Is it legal to use wordlists for password cracking?

A: It is legal to use wordlists for security testing and password cracking as long as you have permission from the target and are using the wordlist for ethical purposes.

Also Read: How to Install Wireshark on Kali Linux and Penetration testing tools for kali linux

Generating a list Crunch in Kali Linux

First of all, to get started open up the terminal. Before that make sure that the crunch is already installed in your device so that it can be combined with the kali. So, all you need to do here is to run the command mentioned below.

# crunch 1 3 0123456789

By this command, there would be a list created of all the possible combination of numbers zero-till nine with the involvement of one, two as well as three characters. To explain more precisely it would be evident to say that the first number is the smallest combination. In such a case it is a small character. At first, all this is mostly considered a bit unrealistic but afterword all this make sense. Now the second number is the longest combination of all the characters present. Now in here, it is three. So now crunch will be able to generate every possible combination with the involvement of three of the main characters provided. Now coming to the last part certain characters crunch make use to form the combinations. One can say that the list is kind of small so it is quite easy to run as soon you start adding more and more characters in and this will increase in combination size. To generate a more realistic list you can make use of this command mentioned below.

# crunch 3 5 0123456789abcdefghijklmnopqrstuvwxyz

The use of this command will create all the possible combination of three, four, five combinations with the number zero through nine and of course using the alphabet of both upper and lower case. This is possible that the password is short but the list will be OfCourse massive. Now if you are having some hardware and well other resources so that you can test the security of the passwords then you may run something like this command mentioned below.

# crunch 3 10 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ

Capturing the output:

All that you have seen till now is just outing the numbers on the screen. That is kind of normal and not that much of use. Now you need to generate a text file. The command below will help you in that.

# crunch 3 5 0123456789abcdefghijklmnopqrstuvwxyz -o Documents/pass.txt
# crunch 3 5 0123456789abcdefghijklmnopqrstuvwxyz >> /usr/share/wordlists/
/share/wordlists/rockyou.txt

Now just by adding an –o flag you can create a wordlist in a specified destination with a proper text file too.   

Also Read: How to Install Windows PowerShell on Kali Linux and How to Install Burp Suite on Linux

Conclusion:

Creating a wordlist with Crunch in Kali Linux is a simple process that can significantly improve the success rate of password cracking and security testing. By following the tips and guidelines