Crunch Tool Guide for Wordlist Creation

In penetration testing and cybersecurity assessments, generating custom wordlists is often necessary for password auditing, directory enumeration, and controlled lab testing.
Crunch is a powerful wordlist generator written in C that allows you to create highly customizable dictionaries based on specific patterns and character sets.
⚠️ Important: Use Crunch only in authorized environments such as lab setups, bug bounty programs with permission, or professional security assessments.

What Is Crunch? 🧠​

Crunch is a wordlist generator that creates all possible combinations of characters between a minimum and maximum length.
It is commonly used in:

• Password testing labs 🔑
• Capture The Flag (CTF) challenges 🏴‍☠️
• Directory brute-force simulations 📂
• Security research environments 🔬

Crunch is pre-installed in Kali Linux and widely used in cybersecurity training.

---

Installing Crunch 🛠️​

On Kali Linux, Crunch is usually pre-installed. If not, install it using:

apt install crunch

After installation, you can generate a basic wordlist.

---

Basic Wordlist Generation 📄​

Generate words from 1 to 3 characters:

crunch 1 3 -o dict.txt

This creates lowercase combinations automatically and saves them in dict.txt.

---

Using Custom Character Sets 🎯​

You can define specific characters:

crunch 5 7 pass123 -o dict.txt

This generates combinations using only:

Great for targeted password pattern simulations in authorized labs.

---

Including Space as a Character 🧩​

You can include space in the character set:

crunch 1 3 "raj " -o space.txt

Useful for testing password formats that allow spaces.

---

Viewing Available Character Sets 📚​

Crunch includes predefined character sets:

cat /usr/share/crunch/charset.lst

You can reference built-in combinations for lowercase, uppercase, numbers, and symbols.

---

Using Charset Codenames 🔢​

Example of using predefined mixed sets:

crunch 4 4 -f charset.lst mixalpha-numeric-all -o wordlist.txt

This creates 4-character words using lowercase, uppercase, numbers, and symbols.

---

Using Start Block (-s Option) 🚀​

Start generating from a specific combination:

crunch 4 4 -f charset.lst mixalpha-numeric-all -o wordlist.txt -s abc1

Useful when resuming interrupted generation.

---

Creating Pattern-Based Wordlists 🔍​

Crunch supports pattern placeholders:

• @ → lowercase letters
• , → uppercase letters
• % → numbers
• ^ → symbols

Example:

crunch -t @%^ -o dict.txt

This generates:
lowercase + number + symbol combinations.

---

Fixed Word + Pattern Examples 🧠​

Fixed word + 3 numbers​

crunch 6 6 -t raj%%% -o num.txt

Fixed word + 3 uppercase letters​

crunch 6 6 -t raj,,, -o upper.txt

Fixed word + 3 lowercase letters​

crunch 6 6 -t raj@@@ -o lower.txt

Fixed word + 3 symbols​

crunch 6 6 -t raj^^^ -o symbol.txt

These patterns are extremely useful in controlled password auditing environments.

---

Using Placeholder (+ Operator) ➕​

The + symbol acts as a placeholder when no specific charset is defined.
Example:

crunch 3 3 + + 123 + -t %%@^ -o pattern.txt

Allows combining defined and undefined sets flexibly.

---

Treating Symbols as Literals (-l Option) 🔤​

If you want special characters treated literally instead of pattern placeholders:

crunch 7 7 -t p@ss,%^ -l a@aaaaa > dict.txt

This prevents pattern interpretation.

---

Inverting Wordlist Order (-i) 🔄​

Default behavior fixes the first character first.
To invert:

crunch 5 5 abc12 -t @@@%% -i -o invert.txt

This changes combination order.

---

Limiting Duplicate Characters (-d) 🚫​

To limit repeated characters:

crunch 5 5 abc + 123 -t @@@%^ -d 2@

Prevents more than 2 identical characters together.

---

Early Stop Option (-e) ⏹️​

Stop generation at a specific word:

crunch 3 3 abc -e acc -o 2.txt

Useful when you only need partial combinations.

---

Word Permutations (-p Option) 🔀​

Generate permutations without repetition:

crunch 3 6 -p raj chandel tabcode

Great for creating test word combinations.

---

Permuting Wordlists (-q Option) 📑​

If you already have a list file:

crunch -q list.txt

Generates all permutations from file contents.

---

Splitting Wordlists by Word Count (-c) 📂​

Split into smaller files:

crunch 1 1 -f charset.lst mixalpha-numeric-all-space -o START -c 60

Useful for managing large datasets.

---

Splitting by File Size (-b) 💾​

Split files by size:

crunch 4 7 Pass123 -b 1mb -o START

Keeps files manageable.

---

Compressing Wordlists (-z gzip) 📦​

To compress:

crunch 4 7 Pass123 -z gzip -o START

To extract:

gunzip filename.txt.gz

Compression reduces storage significantly.

---

When Should You Use Crunch? 🎯​

Crunch is ideal for:

• Security lab simulations
• Password strength testing
• Red team training
• CTF practice
• Controlled brute-force research

It is not meant for illegal activities. Always ensure you have proper authorization.

---

Final Thoughts 🔐​

Crunch is a fast and flexible wordlist generator widely used in cybersecurity training and professional penetration testing environments.
Its pattern system, permutation options, and file management features make it extremely powerful for controlled testing scenarios.
Mastering Crunch improves your understanding of password complexity and attack simulation techniques - responsibly and ethically.
Stay ethical. Stay authorized. Stay secure 🛡️💻