Crunch - Wordlist Generator
Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations.
Features:
- crunch generates wordlists in both combination and permutation ways
- it can breakup output by the number of lines or file size
- now has resume support
- pattern now supports number and symbols
- pattern now supports upper and lower case characters separately
- adds a status report when generating multiple files
- new -l option for literal support of @,%^
- new -d option to limit duplicate characters see man file for details
- now has unicode support
The output from crunch can be sent to the screen, file, or to another program.
Usage:
crunch[options]
where min and max are numbers
Options:
-b : maximum bytes to write to output file. depending on the blocksize
files may be some bytes smaller than specified but never bigger.
-c : numbers of lines to write to output file, only works if "-o START"
is used, eg: 60 The output files will be in the format of starting
letter - ending letter for example:
crunch 1 5 -f /pentest/password/charset.lst mixalpha -o START -c 52
will result in 2 files: a-7.txt and 8-\ .txt The reason for the
slash in the second filename is the ending character is space and
ls has to escape it to print it. Yes you will need to put in
the \ when specifying the filename.
-d : specify -d [n][@,%^] to suppress generation of strings with more
than [n] adjacent duplicates from the given character set. For example:
./crunch 5 5 -d 2@
Will print all combinations with 2 or less adjacent lowercase duplicates.
-e : tells crunch to stop generating words at string. Useful when piping
crunch to another program.
-f : path to a file containing a list of character sets, eg: charset.lst
name of the character set in the above file eg:
mixalpha-numeric-all-space
-i : inverts the output so the first character will change very often
-l : literal characters to use in -t @,%^
-o : allows you to specify the file to write the output to, eg:
wordlist.txt
-p : prints permutations without repeating characters. This option
CANNOT be used with -s. It also ignores min and max lengths.
-q : Like the -p option except it reads the strings from the specified
file. It CANNOT be used with -s. It also ignores min and max.
-r : resume a previous session. You must use the same command line as
the previous session.
-s : allows you to specify the starting string, eg: 03god22fs
-t [FIXED]@,%^ : allows you to specify a pattern, eg: @@god@@@@
where the only the @'s will change with lowercase letters
the ,'s will change with uppercase letters
the %'s will change with numbers
the ^'s will change with symbols
-u : The -u option disables the printpercentage thread. This should be the last option.
-z : adds support to compress the generated output. Must be used
with -o option. Only supports gzip, bzip, lzma, and 7z.
Examples:
- This will compute all passwords between 3 and 7 chars using 'abcdef' as the character set and dump it to stdout:
crunch 3 7 abcdef
- Generate a dictionary file containing words with a minimum and maximum length of 6 using the given characters (0123456789abcdef), saving the output to a file (6chars.txt):
crunch 6 6 0123456789abcdef -o 6chars.txt
You might also like:
- Cansina - Web Content Discovery Tool
- GoatDroid - Self-Contained Android Pentesting Environment
- ike-scan - Tool For Discovering, Fingerprinting, & Testing IPsec VPN Systems
- Wapiti - Web Application Vulnerability Scanner
- Wireless Attack Toolkit - A Push-button Wireless Hacking & Man-In-The-Middle Attack Toolkit
- SQL Injection Test Environment - A Collection Of Web Pages Vulnerable To SQL Injection
- MKBRUTUS - A Password Bruteforcer For MikroTik Devices or Boxes Running RouterOS
- NoSQLMap - Automated Mongo Database & NoSQL Web Application Exploitation Tool
- Blue|Smash - A Bluetooth Pentest Suite
- Harald Scan - A Bluetooth Scanner for Linux and Mac OS X
- Mellivora - A CTF (Capture The Flag) Engine
- Lynis - Security Auditing Tool For Unix/Linux Systems
- FoxOne - Server Reconnaissance Scanner
- Umap - The USB Host Security Assessment Tool
- FS-NyarL - Network Takeover & Forensic Analysis Tool
- aidSQL - SQL Injection Detection Tool
- LANs.py - Tool For Injecting codes, Jamming WiFi, & Spying on WiFi Users
- WebSurgery - Web Application Security Testing Suite
- Beleth - Multi-threaded SSH Password Auditor
- pyClamd - Using Clamav with Python
from Effect Hacking full article here