Linux Commands

Crunch for Linux

4 months ago
by Kalyani Rajalingham
Crunch is a very useful tool especially for penetration testers. In essence, crunch is basically just a wordlist generator or a dictionary file generator. The great part is that it can generate the exact set of words that you ask it to generate and this can be in terabytes at times. The sky is truly the limit with such a tool. In this tutorial, we will learn about crunch.

Installing Crunch

On Kali Linux or Parrot OS, crunch comes pre-installed. But it is not the case on Ubuntu. As such, it’s up to us to install it.

Use the following command to install it:

sudo apt-get install crunch

Now that we have crunch, let’s start using it.

Crunch Basics

Basically, you must follow the given syntax to use crunch:

crunch <min-len> <max-len> [<charset string>] [options]

The options and the charset string are not required but the min-len (minimum length) and max-len (maximum length) are indeed required. Min-len and max-len are required even if you’re not going to use it. As such, it must always be provided. In essence, there are scenarios where you will not need the minimum or maximum length but even in those situations, you have to provide an arbitrary value for min-len and max-len just to get crunch going.

Let’s use a simple example to start with:

crunch 0 1 Aa

What just happened?

Crunch first lets you know how big the size of the file is (5 bytes) as well as the number of lines (3). The four lines after the size of the file also specify the size of the file in MB, GB, TB, and PB. Then, it starts generating possible combinations. Here, since we said that the maximum number of characters is 1, the lines will contain a maximum of 1 character. The characters to use are either the capital or the lowercase letter A. So, that’s what it did: A or a. The number of combinations possible in this case is 3. This is because 0 or an empty string is also an option.

Now, note that from here onwards, we won’t be able to show you the full screen that contains the list since it is very long (even the simplest). But we’ll make sure to show you the first part and let you know what the last character combination is.

Let’s try another example:

crunch 1 3 123

This one starts with 1 and ends with 333. Why? It is because the minimum number of characters is 1. That means that 1, 2, and 3 and then 2 character combination (11, 12, 13, …, 33) and finally 3 character combination (111, 123, 113, …333).

Now, you don’t have to keep using your own character set. Crunch comes with a built-in character set called “charset.lst”. This list is located at “/usr/share/crunch/charset.lst”.

Note that in real life, when creating real dictionaries, you’ll be more likely to use the “charset.lst”. For example, when using “aircrack-ng”, note that you’ll be using the “upper-hex” file a lot to create a dictionary file.

crunch 2 3 -f /usr/share/crunch/charset.lst hex-upper

crunch 1 2 ABC -o wordlist.txt

Here, what we do is save it to an output file called “wordlist.txt”.

The next bit is a bit more advanced.

Now, suppose that you want some characters to stay the same in your wordlist. Suppose that we want this:

---CAT

In the given code, the hyphen stands for a character. So, we have three random characters followed by the word CAT.

We write the following:

crunch 6 6 abc -t @@@CAT

The “@” here represents the places where the characters will be combined. The characters that will replace the “@” are a, b, or c.

Here, since we’re generating a word that is at least 6 characters in length, we write 6, 6. It means that crunch will generate a word that is exactly 6 characters in length. It starts with aaaCAT and ends with cccCAT.

Now, suppose that we want it to begin at bbbCAT. We write the following command:

crunch 6 6 abc -t @@@CAT -s bbbCAT

As you can see, the wordlist starts at bbbCAT and ends at cccCAT.

Please note the following:

@ – It inserts the lower case characters.
, – It inserts the uppercase characters.
% – It inserts the numbers.
^ – It inserts the symbols.

Let’s see an example of each of the given code:

crunch 7 7 -t @^%,CAT -c 6

The “c” hyphen is used to set a limit on the number of lines. So, instead of displaying too many lines, we limit it to about 6.

crunch 4 4 ab CD 12 $%  -t @,%^

Here, make sure that you give it a sufficient space between the symbols and the “t” hyphen. If you put it too close together, it will crash.
The next one is a bit trickier.

Now, remember when we say that you absolutely had to put in the minimum and maximum number of characters. It’s true that you have to do it even if it’s of no use. That means that you input the minimum and maximum characters even if you won’t be using those numbers.

crunch 4 5 -p love linux code

crunch 20 24 -q ~/Downloads/wordlist.txt

Here, “q” does the same thing as “p” but it’s fetched from a file instead of having the words written out in the terminal.

Conclusion

Overall, crunch is a fantastic dictionary file generator. It absolutely requires you to put in the minimum and maximum number of characters, but everything else is malleable. You can create a list of words with a pattern to your liking or with a file of your choice. But remember that the longer the file, the longer it takes to generate the list. In order to generate a good dictionary file, you do not only need time but you also need a good external hard drive to save the file. Although the files in the examples are small in size, the generated files in reality are quite large.

Happy Coding!

About the author

Kalyani Rajalingham

I'm a linux and code lover.

View all posts