Crunch is a wordlist generating tool that comes pre-installed with Kali Linux. It is used to generate custom keywords based on wordlists. It generates a wordlist with permutation and combination. We could use some specific patterns and symbols to generate a wordlist.when an attacker wants to make a brute force attack he/she needs to generate a strong wordlist. And for this Crunch is here.
1. To check the installation and manual, enter man crunch on terminal
2. To create a word list of specific characters we can use this command .
crunch <min-len> <max-len> specific characters
crunch 2 3 5852
3.To create a word list and save on file use this command:
crunch <min-len> <max-len> specific character > filename.txt
crunch 2 3 kali23 > pass.txt
4.To generate a wordlist with a specific pattern, we can use this command.
crunch 9 9 -t kali^%%%%
Here we have 4 characters to represent some group of characters which are as follows:
- , for all uppercase letters
- @ for all lowercase letters
- % for all numeric characters
- ^ for all special characters
So the above command will output all the words starting with “kali” and then after that a special character and then 4 digit number.
5.To generate a wordlist with a permutation of some strings or characters we can use this command
crunch 1 10 -p hack kali now
Here -p ignore the min and max size.
Common User Password Profiler (CUPP)
Common User Password Profiler, also known as CUPP is a very useful tool on Kali. Essentially, it is a python script, capable of generating targeted wordlists on an individual, by collecting basic data on them. We can also make a strong wordlist using this tool.
In kali it is not pre-install, so we need to install it from GitHub.
For Clone use this command:
git clone https://github.com/mebus/cupp.git
Then goto cupp dir and run python3 cupp.py -h
It will show the manual of cupp:
Use the following command to launch CUPP in an interactive mode:
python3 cupp.py -i
Now CUPP will prompt you for answers to certain questions. Based on those answers cupp generates a wordlist.So you need to provide the target person information and answer those questions.
— — — — Happy Hacking — — —