Table of Content
Today I will show you the most basic password cracking attack that pentesters needs to execute when no other options are available: the password cracking with dictionary attack or bruteforce attack. This is the way that a pentester uses to generate an own wordlist for password cracking. One of the most used tools out there for this task is CRUNCH. It is included in Kali Linux of course. In Kali Linux you can easily get crunch by exploring Application > Password Attacks > Crunch
Crunch can generate a wordlist subject to the conditions you specify and its output file can be used in any other another program or file.
Installing crunch from scratch
If you are not using Kali, you can install it with just a single pip
command.
|
|
Now test crunch installation with
|
|
It should print something like
|
|
Create a dictionary wordlist with crunch
We are using crunch version 3.6 for this tutorial and followed given below parameters for generating a wordlist.
crunch command syntax: <min> <max> [character-string] [options]
min
: This parameter specify minimum length string required for crunch to start generating wordlist.max
: This parameter specifies maximum length string required for crunch to end.charset
: This parameter specifies character sets for crunch to use for generating wordlist from that string, if you have not specified any string then crunch will default characters string.options
: crunch serves you a list of options which increase its functionality for generating wordlist as per your requirement.
crunch wordlist generation examples
Create a dictionary wordlist with crunch and charset numeric
and length between 1 and 4
|
|
|
|
Time to compute using crunch:
|
|
|
|
crunch command result
- Time to execute: 3 second
- Dictionary word size: 11110
- Dictionary size: 54kb
Create a dictionary wordlist with crunch and charset lower_alpha_numeric
and length between 1 and 5
|
|
|
|
Time to compute using crunch:
|
|
|
|
crunch command result
- Time to execute: 28 second
- Dictionary word size: 71270177
- Dictionary size: 415 Mb
Now you can use created wordlist files for any purpose you need. Take into account, the bigger the password length or the charset, the more computation time and disk space will take.
Subscribe, donate or become premium
💬 Share this post in social media
Thanks for checking this out and I hope you found the info useful! If you have any questions, don't hesitate to write me a comment below. And remember that if you like to see more content on, just let me know it and share this post with your colleges, co-workers, FFF, etc.