Crunch Cheat Sheet
crunch is a wordlist generator used for brute-force and dictionary-based password attacks. It is commonly used with tools like aircrack-ng, hashcat, and john the ripper.
Basic Syntax
crunch <min> <max> <charset> [options]
Simple Wordlist
Generate all combinations of length 8 using lowercase letters:
crunch 8 8 abcdefghijklmnopqrstuvwxyz
Specify Output File
crunch 6 8 abc123 -o wordlist.txt
Use Built-in Character Sets
@→ lowercase letters,→ uppercase letters%→ numbers^→ symbols
Example:
crunch 8 8 @,%
Custom Character Set
crunch 4 6 abcABC123
Pattern / Mask Mode
crunch 8 8 -t @@@@%%%%
@→ lowercase,→ uppercase%→ numbers^→ symbols
Fixed Prefix / Suffix
crunch 8 8 -t password%%
Limit Output Size
crunch 1 10 abc -c 1000000
Stops after generating 1,000,000 words.
Pipe to Other Tools
Pipe directly to aircrack-ng:
crunch 8 8 abc123 | aircrack-ng -w - capture.cap
Pipe to hashcat:
crunch 8 8 abc123 | hashcat -m 2500 hash.hccapx -
Resume Wordlist Generation
crunch 6 6 abc -s cab
Resumes from word cab.
Estimate Wordlist Size
crunch 8 8 abc -u
Shows estimated size without generating output.
Typical Workflow (Wi-Fi)
airodump-ng wlan0mon
aireplay-ng -0 5 -a AP_MAC wlan0mon
aircrack-ng -w <(crunch 8 8 abc123) capture.cap
Performance Tips
Tip
- Avoid huge wordlists unless necessary
- Use masks instead of full brute-force
- Prefer GPU cracking for large spaces
Common Issues
Disk fills quickly
Crunch wordlists grow exponentially. Use pipes when possible.
Slow generation
Reduce charset or password length.
Related Tools
aircrack-nghashcatjohn the ripperhydra
Legal Notice
Danger
Use crunch only for authorized security testing.