CRUNCH INTRO: While cracking the password, attacker always needs an wordlist. Normally, wordlist use thousand of words per second to crack the password. If attacker gathers some information about the victim like – birthday dates, children names, pets name, girlfriend name etc. Attacker can use information in creating of the custom wordlist, say ethical hacking investigators.
While attacking on any organisation we might need an custom wordlist, to generate the wordlist for attacking. Thats why crunch is used. Crunch is an inbuilt tool from Kali Linux. Crunch helps in creating an custom wordlist. And that wordlist can be used in John The Ripper, Cain And Abel, Aircrackng and many more password cracking tools.
Ethical hacking researcher of iicybersecurity says that crunch is mostly used in mass level of attacking on login webpages of popular social media platforms as well as on big tech companies.
Basic Command of Crunch:
crunch <mini. password length> <max. password length>
 You can also specifiy the numbers or the characters in wordlist. If you specify the character the wordlist will generate in characters and if you specify the numbers the wordlist will generate in numbers as shown below.
 Here wordlist will be generated in characters.
 Type crunch 2 4 abcdefgh
 2 is the minimum password length and 4 is the maximum password length.
 abcdefgh characters are used to generate the list.
 You can also use the numbers to generate the wordlist.
 Here wordlist will be generated in numbers.
 Type crunch 2 4 123456789
 2 is the minimum password length and 4 is the maximum password length.
 123456789 numbers are used to generate the list.
START WITH CRUNCH TO SEE MORE OPTIONS:
 Type crunch
 Type man crunch
====================SNIP===================
==================SNIP=================
 The above screen shots are the manual pages of the crunch. These manual pages can be used in knowing the options of crunch command.
CREATING AN SIMPLE WORDLIST:
We are assuming that the target having password between 2 and the 4 characters. So the crunch will make wordlist between 2 to 4 character.
 Type crunch 2 4 in linux terminal.
 2 is the minimum password length and 4 is the maximum password length.
 As you can see that the crunch has started to make the wordlist. Notice one thing that wordlist has been created between 2 to 4 characters.
 You can use the above wordlist for cracking the password.
CREATING THE WORDLIST WITH NUMBERS:
 Type crunch 10 10 9875347821 o /root/numericlist.txt
 9875347821 are the numbers used to generate the list.
 10 is the minimum password length and next 10 is the maximum password length in the above command.
 o /path/to/save/list is used to specify the location to save the wordlist.
[email protected]:~# crunch 10 10 9875347821 o /root/numericlist.txt Crunch will now generate the following amount of data: 11811160064 bytes 11264 MB 11 GB 0 TB 0 PB Crunch will now generate the following number of lines: 1073741824 crunch: 1% completed generating output crunch: 2% completed generating output crunch: 3% completed generating output crunch: 4% completed generating output crunch: 5% completed generating output crunch: 6% completed generating output crunch: 7% completed generating output crunch: 7% completed generating output crunch: 8% completed generating output crunch: 9% completed generating output crunch: 9% completed generating output crunch: 10% completed generating output crunch: 11% completed generating output crunch: 11% completed generating output crunch: 12% completed generating output crunch: 13% completed generating output crunch: 14% completed generating output crunch: 15% completed generating output crunch: 16% completed generating output crunch: 17% completed generating output crunch: 18% completed generating output crunch: 19% completed generating output crunch: 20% completed generating output crunch: 22% completed generating output crunch: 23% completed generating output crunch: 24% completed generating output crunch: 25% completed generating output crunch: 26% completed generating output crunch: 27% completed generating output crunch: 28% completed generating output crunch: 29% completed generating output crunch: 30% completed generating output crunch: 31% completed generating output crunch: 33% completed generating output crunch: 34% completed generating output crunch: 35% completed generating output crunch: 36% completed generating output crunch: 38% completed generating output crunch: 39% completed generating output crunch: 40% completed generating output crunch: 41% completed generating output crunch: 43% completed generating output crunch: 44% completed generating output crunch: 45% completed generating output crunch: 46% completed generating output crunch: 47% completed generating output crunch: 48% completed generating output crunch: 49% completed generating output crunch: 51% completed generating output crunch: 52% completed generating output crunch: 53% completed generating output crunch: 54% completed generating output crunch: 55% completed generating output crunch: 56% completed generating output crunch: 57% completed generating output crunch: 59% completed generating output crunch: 60% completed generating output crunch: 61% completed generating output crunch: 62% completed generating output crunch: 64% completed generating output crunch: 65% completed generating output crunch: 66% completed generating output crunch: 67% completed generating output crunch: 68% completed generating output crunch: 70% completed generating output crunch: 71% completed generating output crunch: 72% completed generating output crunch: 73% completed generating output crunch: 74% completed generating output crunch: 76% completed generating output crunch: 77% completed generating output crunch: 78% completed generating output crunch: 79% completed generating output crunch: 80% completed generating output crunch: 82% completed generating output crunch: 83% completed generating output crunch: 84% completed generating output crunch: 85% completed generating output crunch: 86% completed generating output crunch: 88% completed generating output crunch: 89% completed generating output crunch: 90% completed generating output crunch: 91% completed generating output crunch: 92% completed generating output crunch: 93% completed generating output crunch: 94% completed generating output crunch: 95% completed generating output crunch: 97% completed generating output crunch: 98% completed generating output crunch: 99% completed generating output crunch: 100% completed generating output
 After executing the above command crunch will generate the password list using the numbers <9875347821>.
[email protected]:~# ls [email protected]:~# head numericlist.txt 9999999999 9999999998 9999999997 9999999995 9999999993 9999999994 9999999992 9999999991 9999999989 9999999988
 The above numeric list could be used if the attacker knows the mobile number of the target. It could be an possibility that password must be an mobile number.
CREATING THE WORDLIST WITH OTHER OPTIONS
USING i OPTION:
i is used to inverts the output. This options inverts the output generated without i option. If we don’t use i, crunch will generate list in aa, ab, ac, ad, ae but if you use i, crunch will generate list in aa, ba, ca, da, ea as shown below.
 Type crunch 1 2 abcdefgh i o /root/wordlist2/txt
 abcdefgh are the characters used in generating list.
 1 is the minimum password length and 2 is the maximum password length in the above command.
 o /path/to/save/list is used to specify the location to save the wordlist.
[email protected]:~# crunch 1 2 abcdefgh i o /root/wordlist2.txt Crunch will now generate the following amount of data: 208 bytes 0 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 72 a b c d e f g h aa ba ca da ea fa ga ha ab bb cb db eb fb gb hb ac bc cc dc ec fc gc hc ad bd cd
 The above output is inverting the output generated without i option.
[email protected]:/root$ crunch 2 4 Crunch will now generate the following amount of data: 2357212 bytes 2 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 475228 aa ab ac ad ae af ag ah ai aj ak al am an ao ap aq ar as
For Lower Case Characters:
USING t OPTION:

t allows you to specify a pattern
 @ will insert lower case characters
 , will insert upper case characters
 % will insert numbers
 ^ will insert symbols
Now we will take t commands one by one:
 <@> insert lower case characters.
 Type crunch 10 10 t @@@@@@0316 o /root/birth_datlist.txt
 10 is the minimum and next 10 is the maximum password length in the above command.
 o /path/to/save/list is used to save the list.
 Here 0316 is the birth date used for generating the list.
[email protected]:~# crunch 10 10 t @@@@@@0316 o /root/birth_datlist.txt Crunch will now generate the following amount of data: 3398073536 bytes 3240 MB 3 GB 0 TB 0 PB Crunch will now generate the following number of lines: 308915776 crunch: 2% completed generating output crunch: 5% completed generating output crunch: 8% completed generating output crunch: 10% completed generating output crunch: 13% completed generating output crunch: 16% completed generating output crunch: 18% completed generating output crunch: 21% completed generating output crunch: 24% completed generating output crunch: 27% completed generating output crunch: 29% completed generating output crunch: 32% completed generating output crunch: 35% completed generating output crunch: 37% completed generating output crunch: 40% completed generating output crunch: 43% completed generating output crunch: 45% completed generating output crunch: 48% completed generating output crunch: 51% completed generating output crunch: 54% completed generating output crunch: 56% completed generating output crunch: 59% completed generating output crunch: 62% completed generating output crunch: 64% completed generating output crunch: 67% completed generating output crunch: 70% completed generating output crunch: 72% completed generating output crunch: 75% completed generating output crunch: 78% completed generating output crunch: 81% completed generating output crunch: 83% completed generating output crunch: 87% completed generating output crunch: 90% completed generating output crunch: 92% completed generating output crunch: 95% completed generating output crunch: 99% completed generating output crunch: 100% completed generating output
 As on assumption we can take that target can have password on the birthday dates. So we can generate the wordlist on the birth dates.
[email protected]:~# ls [email protected]:~# head birth_datlist.txt aaaaaa0316 aaaaab0316 aaaaac0316 aaaaad0316 aaaaae0316 aaaaaf0316 aaaaag0316 aaaaah0316 aaaaai0316 aaaaaj0316
 As you can see the above list has been generated using the particular birthday date. The above information can be used in password cracking.
For Upper Characters:
 <,> insert uppercase character.
 Type crunch 10 10 t ,,,,,,0316 o /root/birth_dat2list.txt
 0316 use as birthday dates to generate list.
 10 is the minimum password length and next 10 is the maximum password length in the above command.
[email protected]:~# crunch 10 10 t ,,,,,,0316 o /root/birth_dat2list.txt Crunch will now generate the following amount of data: 3398073536 bytes 3240 MB 3 GB 0 TB 0 PB Crunch will now generate the following number of lines: 308915776 crunch: 2% completed generating output crunch: 5% completed generating output crunch: 8% completed generating output crunch: 11% completed generating output crunch: 13% completed generating output crunch: 16% completed generating output crunch: 18% completed generating output crunch: 21% completed generating output crunch: 24% completed generating output crunch: 27% completed generating output crunch: 29% completed generating output crunch: 32% completed generating output crunch: 34% completed generating output crunch: 36% completed generating output crunch: 39% completed generating output crunch: 42% completed generating output crunch: 44% completed generating output crunch: 47% completed generating output crunch: 50% completed generating output crunch: 52% completed generating output crunch: 55% completed generating output crunch: 58% completed generating output crunch: 60% completed generating output crunch: 63% completed generating output crunch: 66% completed generating output crunch: 69% completed generating output crunch: 71% completed generating output crunch: 74% completed generating output crunch: 77% completed generating output crunch: 80% completed generating output crunch: 83% completed generating output crunch: 86% completed generating output crunch: 89% completed generating output crunch: 92% completed generating output crunch: 94% completed generating output crunch: 97% completed generating output crunch: 100% completed generating output [email protected]:~# ls [email protected]:~# head birth_dat2list.txt AAAAAA0316 AAAAAB0316 AAAAAC0316 AAAAAD0316 AAAAAE0316 AAAAAF0316 AAAAAG0316 AAAAAH0316 AAAAAI0316 AAAAAJ0316
 After the executing the above command, query will generate the wordlist in uppercase letter.
FOR NUMBERS:
 <%> is used to generate numbers.
 Type crunch 10 10 t %%%%%%0618 o /root/petnameslist.txt
 0618 use as birthday dates to generate list.
 o is used to save the path of the list.
[email protected]:~# crunch 10 10 t %%%%%%0618 o /root/petnameslist.txt Crunch will now generate the following amount of data: 11000000 bytes 10 MB 0 GB 0 TB 0 PB Crunch will now generate the following number of lines: 1000000 crunch: 100% completed generating output [email protected]:~# ls [email protected]:~# head petnameslist.txt 0000000618 0000010618 0000020618 0000030618 0000040618 0000050618 0000060618 0000070618 0000080618 0000090618
 The above output can be used in password cracking.
USING THE CHARSET:
Crunch provides a feature where you can generate a list using a specific character set. If you know that your target is using the password of 7 alphanumeric characters. You can generate a list of the possibilities in crunch, explain ethical hacking consultants.
For using the charset first select the charset.
 Type cd /usr/share/crunch
 Then type ls
 Type cat charset.lst
[email protected]:/usr/share/crunch# ls charset.lst [email protected]:/usr/share/crunch# cat charset.lst # charset configuration file for winrtgen v1.2 by Massimiliano Montoro ([email protected]) # compatible with rainbowcrack 1.1 and later by Zhu Shuanglei <[email protected]> hexlower = [0123456789abcdef] hexupper = [0123456789ABCDEF] numeric = [0123456789] numericspace = [0123456789 ] symbols14 = [[email protected]#$%^&*()_+=] symbols14space = [[email protected]#$%^&*()_+= ] symbolsall = [[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/] symbolsallspace = [[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/ ] ualpha = [ABCDEFGHIJKLMNOPQRSTUVWXYZ] ualphaspace = [ABCDEFGHIJKLMNOPQRSTUVWXYZ ] ualphanumeric = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789] ualphanumericspace = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ] ualphanumericsymbol14 = [[email protected]#$%^&*()_+=] ualphanumericsymbol14space = [[email protected]#$%^&*()_+= ] ualphanumericall = [[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/] ualphanumericallspace = [[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/ ] lalpha = [abcdefghijklmnopqrstuvwxyz] lalphaspace = [abcdefghijklmnopqrstuvwxyz ] lalphanumeric = [abcdefghijklmnopqrstuvwxyz0123456789] lalphanumericspace = [abcdefghijklmnopqrstuvwxyz0123456789 ] lalphanumericsymbol14 = [[email protected]#$%^&*()_+=] lalphanumericsymbol14space = [[email protected]#$%^&*()_+= ] lalphanumericall = [[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/] lalphanumericallspace = [[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/ ] mixalpha = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ] mixalphaspace = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ ] mixalphanumeric = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789] mixalphanumericspace = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789 ] mixalphanumericsymbol14 = [[email protected]#$%^&*()_+=] mixalphanumericsymbol14space = [[email protected]#$%^&*()_+= ] mixalphanumericall = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTU[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/] mixalphanumericallspace = [[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/ ] ######################################################################################### # SWEDISH CHARSUPPORT # ######################################################################################### ######################### # Uppercase # ######################### ualphasv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ] ualphaspacesv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ ] ualphanumericsv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ0123456789] ualphanumericspacesv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ0123456789 ] ualphanumericsymbol14sv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+=] ualphanumericsymbol14spacesv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+= ] ualphanumericallsv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/] ualphanumericallspacesv = [ABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/ ] ######################### # Lowercase # ######################### lalphasv = [abcdefghijklmnopqrstuvwxyzåäö] lalphaspacesv = [abcdefghijklmnopqrstuvwxyzåäö ] lalphanumericsv = [abcdefghijklmnopqrstuvwxyzåäö0123456789] lalphanumericspacesv = [abcdefghijklmnopqrstuvwxyzåäö0123456789 ] lalphanumericsymbol14sv = [abcdefghijklmnopqrstuvwxyzåäö[email protected]#$%^&*()_+=] lalphanumericsymbol14spacesv = [abcdefghijklmnopqrstuvwxyzåäö[email protected]#$%^&*()_+= ] lalphanumericallsv = [abcdefghijklmnopqrstuvwxyzåäö[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/] lalphanumericallspacesv = [abcdefghijklmnopqrstuvwxyzåäö[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/ ] ################### # Mixcase # ######################### mixalphasv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ] mixalphaspacesv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ ] mixalphanumericsv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ0123456789] mixalphanumericspacesv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ0123456789 ] mixalphanumericsymbol14sv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+=] mixalphanumericsymbol14spacesv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+= ] mixalphanumericallsv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/] mixalphanumericallspacesv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ[email protected]#$%^&*()_+=~`[]{}:;"'<>,.?/
 You can use any of the char set value to generate the list.
 For showing you we have select ualpha to generate the list.
 For using any char set type:
crunch 8 8 f /usr/share/crunch/charset.lst ualpha o root/newwordlist.txt
 8 is the minimum number of password length and next 8 is the maximum number of password length.
 /usr/share/crunch/charset.lst ualpha will be used particular charset to generate the list.
 f to use the charset.lst in order create crunch.
[email protected]:/usr/share/crunch# crunch 8 8 f /usr/share/crunch/charset.lst ualpha o root/iicybersecurity/newlist.txt Crunch will now generate the following amount of data: 1879443581184 bytes 1792377 MB 1750 GB 1 TB 0 PB Crunch will now generate the following number of lines: 208827064576
 After executing the above command, crunch has generated the list which can be used in mass level of attacks.
As per ethical hacking researcher of International Institute of Cyber security wordlist should be handy while doing penetration testing and there are other method to create wordlist using twofi
Now time to generate your own wordlist and try cracking password using john the ripper