This content originally appeared on DEV Community and was authored by Rijul Rajesh
If you are new to cybersecurity or penetration testing, one term you will encounter frequently is wordlist. Understanding what it is and how to use it effectively is important before diving into tools like Crunch.
What is a Wordlist
A wordlist is simply a collection of words or phrases, usually stored in a text file. In cybersecurity, wordlists are most commonly used for password cracking. Tools like John the Ripper or Hashcat use wordlists to try different passwords against a target system.
Think of a wordlist as a giant set of possible keys you can try to unlock a door. The more relevant and targeted the words, the higher your chances of success.
There are prebuilt wordlists available online, like the famous rockyou.txt, but sometimes you need something custom. That is where Crunch comes in.
Why Custom Wordlists Matter
Passwords often follow patterns. For example, a user might use a favorite word combined with a number, or follow a specific capitalization style. Generic wordlists may not cover these combinations, but with a custom wordlist, you can generate passwords that are more likely to match your target.
Custom wordlists are also useful for testing software or systems with specific rules, like PINs, usernames, or serial keys.
What is Crunch
Crunch is a command-line tool that allows you to generate wordlists based on your specifications. You can define the length of the words, the characters to use, and even patterns that match real-world password rules.
Unlike static wordlists that come prebuilt, Crunch can dynamically create combinations, giving you more control and flexibility.
Installing Crunch
On most Linux distributions, installing Crunch is straightforward. For Debian or Ubuntu, run:
sudo apt update
sudo apt install crunch
After installation, check it with:
crunch -h
This will display the help menu with all the options you can use.
Generating Basic Wordlists
To start simple, you can generate all possible combinations of a character set for a specific length. For example, to create all combinations of lowercase letters from length 3 to 5, run:
crunch 3 5 abcdefghijklmnopqrstuvwxyz -o wordlist.txt
This command generates a file called wordlist.txt containing every possible combination of the letters a to z for lengths 3, 4, and 5.
Even with a small character set, wordlists can grow large quickly, so it is important to manage the size.
Using Patterns for More Control
Crunch allows you to define patterns for more precise wordlists. For instance, if you know a password starts with a capital letter followed by lowercase letters and ends with a number, you can use a pattern like:
crunch 3 3 -t ,@@%
Here:
-
,represents an uppercase letter -
@represents a lowercase letter -
%represents a number
Patterns help mimic real-world passwords more accurately.
Output Options
Crunch can output to the terminal or a file using -o. You can also pipe the output directly into tools like Hashcat. For example:
crunch 4 6 abc123 -o mylist.txt
For very large lists, compress the output on the fly to save space:
crunch 6 6 abcdef123 -o - | gzip > mylist.gz
Tips for Using Crunch Effectively
- Understand Your Target: Collect information about the target to focus your wordlist on relevant characters and patterns.
- Limit Wordlist Size: Start with smaller lengths and common patterns before generating massive lists.
- Use Piping: Avoid writing huge files by sending Crunch output directly into password cracking tools.
- Combine with Other Tools: Crunch works well with other tools to filter, sort, or merge wordlists.
Wrapping up
Wordlists are an essential part of penetration testing, and Crunch is a powerful tool for creating custom lists. By understanding what a wordlist is and how to use Crunch effectively, you can create targeted and manageable lists that increase your chances of success in password testing and security research.
If you’re a software developer who enjoys exploring different technologies and techniques like this one, check out LiveReview.
LiveReview delivers high-quality feedback on your PRs/MRs within minutes.
It saves hours per review by providing fast, automated first-pass insights. This helps both junior and senior engineers move faster.
If you’re tired of waiting on peer reviews or unsure about the quality of feedback you’ll receive, LiveReview is here to help.
This content originally appeared on DEV Community and was authored by Rijul Rajesh