Password cracking and how to create a bruteforce dictionary with crunch

Table of Content

Today I will show you the most basic password cracking attack that pentesters needs to execute when no other options are available: the password cracking with dictionary attack or bruteforce attack. This is the way that a pentester uses to generate an own wordlist for password cracking. One of the most used tools out there for this task is CRUNCH. It is included in Kali Linux of course. In Kali Linux you can easily get crunch by exploring Application > Password Attacks > Crunch

Crunch can generate a wordlist subject to the conditions you specify and its output file can be used in any other another program or file.

Installing crunch from scratch

If you are not using Kali, you can install it with just a single pip command.

1
2
3
4
5

pip install virtualenv
virtualenv venv
chmod +x ./venv/bin/activate
source ./venv/bin/activate
pip install crunch

Now test crunch installation with

1

crunch

It should print something like

1
2
3
4
5
6
7
8

crunch version 3.6

Crunch can create a wordlist based on criteria you specify.  The output from crunch can be sent to the screen, file, or to another program.

Usage: crunch <min> <max> [options]
where min and max are numbers

Please refer to the man page for instructions and examples on how to use crunch.

Create a dictionary wordlist with crunch

We are using crunch version 3.6 for this tutorial and followed given below parameters for generating a wordlist.

crunch command syntax: <min> <max> [character-string] [options]

• min: This parameter specify minimum length string required for crunch to start generating wordlist.

• max: This parameter specifies maximum length string required for crunch to end.

• charset: This parameter specifies character sets for crunch to use for generating wordlist from that string, if you have not specified any string then crunch will default characters string.

• options: crunch serves you a list of options which increase its functionality for generating wordlist as per your requirement.

crunch wordlist generation examples

Create a dictionary wordlist with crunch and charset numeric and length between 1 and 4

1

crunch 1 4 0123456789 -o dict.txt

1
2
3
4
5
6
7
8

Crunch will now generate the following amount of data: 54320 bytes
0 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 11110 

crunch: 100% completed generating output

Time to compute using crunch:

1

time crunch 1 4 0123456789 -o dict.txt

1

0,01s user 0,00s system 0% cpu 3,006 total

crunch command result

• Time to execute: 3 second
• Dictionary word size: 11110
• Dictionary size: 54kb

Create a dictionary wordlist with crunch and charset lower_alpha_numeric and length between 1 and 5

1

crunch 1 5 abcdefghijlkmnñopqrstuvwxyz0123456789 -o alpha_numeric_1_5.txt

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14

Notice: Detected unicode characters.  If you are piping crunch output
to another program such as john or aircrack please make sure that program
can handle unicode input.

Do you want to continue? [Y/n] y
Crunch will now generate the following amount of data: 435218939 bytes
415 MB
0 GB
0 TB
0 PB
Crunch will now generate the following number of lines: 71270177 

crunch:  55% completed generating output
crunch: 100% completed generating output

Time to compute using crunch:

1

time crunch 1 5 abcdefghijlkmnñopqrstuvwxyz0123456789 -o alpha_numeric_1_5.txt

1

17,12s user 0,74s system 64% cpu 27,679 total

crunch command result

• Time to execute: 28 second
• Dictionary word size: 71270177
• Dictionary size: 415 Mb

Now you can use created wordlist files for any purpose you need. Take into account, the bigger the password length or the charset, the more computation time and disk space will take.

Subscribe, donate or become premium

💬 Share this post in social media

Thanks for checking this out and I hope you found the info useful! If you have any questions, don't hesitate to write me a comment below. And remember that if you like to see more content on, just let me know it and share this post with your colleges, co-workers, FFF, etc.