强大的Crunch字典生成工具

计算机里的字典这东西,说白了就是保存着大量的可知数据,一般是用来暴力破解的……而要想要爆破成功,就得有一个强大而又有用的字典.
而Linux下的一个开源程序 crunch 就是为了对字典的生成而被创造出来的.

crunch

安装很简单:apt-get install crunch
crunch的使用方法建议 man crunch 查看帮助文档,并且其中也有一些例子.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
CRUNCH(1)                        General Commands Manual                        CRUNCH(1)
NAME
       crunch - generate wordlists from a character set
SYNOPSIS
       crunch <min-len> <max-len> [<charset string>] [options]
DESCRIPTION
       Crunch  can  create  a  wordlist  based  on criteria you specify.  The output from
       crunch can be sent to the screen, file,  or  to  another  program.   The  required
       parameters are:
       min-len
              The  minimum  length  string  you  want crunch to start at.  This option is
              required even for parameters that won't use the value.
       max-len
              The maximum length string you want  crunch  to  end  at.   This  option  is
              required even for parameters that won't use the value.
       charset string
              You  may specify character sets for crunch to use on the command line or if
              you leave it blank crunch will use the default character sets.   The  order
              MUST  BE  lower  case  characters, upper case characters, numbers, and then
              symbols.  If you don't follow this order you will not get the  results  you
              want.   You  MUST  specify  either  values for the character type or a plus
              sign.  NOTE: If you want to include the space character in  your  character
              set  you must escape it using the \ character or enclose your character set
              in quotes i.e. "abc ".  See the examples 3, 11, 12, and 13 for examples.
OPTIONS
       -b number[type]
              Specifies the size of the output file, only works  if  -o  START  is  used,
              i.e.:  60MB  The output files will be in the format of starting letter-end
              ing letter for example: ./crunch 4 5 -b 20mib  -o  START  will  generate  4
              files:  aaaa-gvfed.txt,  gvfee-ombqy.txt,  ombqz-wcydt.txt, wcydu-zzzzz.txt
              valid values for type are kb, mb, gb, kib, mib, and gib.  The  first  three
              types are based on 1000 while the last three types are based on 1024.  NOTE
              There is no space between the number and type.  For example 500mb  is  cor‐
              rect 500 mb is NOT correct.
       -c number
              Specifies  the  number  of  lines to write to output file, only works if -o
              START is used, i.e.: 60  The output files will be in the format of starting
              letter-ending   letter   for   example:  ./crunch  1  1  -f  /pentest/pass‐
              word/crunch/charset.lst mixalpha-numeric-all-space  -o  START  -c  60  will
              result  in  2 files: a-7.txt and 8-\ .txt  The reason for the slash in  the
              second filename is the ending character is space and ls has to escape it to
              print  it.   Yes you will need to put in the \ when specifying the filename
              because the last character is a space.
       -d numbersymbol
              Limits the number of duplicate characters.  -d 2@  limits  the  lower  case
              alphabet to output like aab and aac.  aaa would not be generated as that is
              3 consecutive letters of a.  The format is number then symbol where  number
              is the maximum number of consecutive characters and symbol is the symbol of
              the the character set you want to limit i.e. @,%^   See examples 17-19.
       -e string
              Specifies when crunch should stop early
       -f /path/to/charset.lst charset-name
              Specifies a character set from the charset.lst
       -i  Inverts  the   output   so   instead   of   aaa,aab,aac,aad,   etc   you   get
              aaa,baa,caa,daa,aba,bba, etc
       -l  When  you  use  the -t option this option tells crunch which symbols should be
              treated as literals.  This will allow you to use the placeholders  as  let‐
              ters  in  the  pattern.   The -l option should be the same length as the -t
              option.  See example 15.
       -m Merged with -p.  Please use -p instead.
       -o wordlist.txt
              Specifies the file to write the output to, eg: wordlist.txt
       -p charset OR -p word1 word2 ...
              Tells crunch to generate words that don't have  repeating  characters.   By
              default  crunch  will  generate  a  wordlist size of #of_chars_in_charset ^
              max_length.  This option will instead generate #of_chars_in_charset!.   The
              !  stands for factorial.  For example say the charset is abc and max length
              is 4..  Crunch will by default generate 3^4 = 81 words.  This  option  will
              instead generate 3! = 3x2x1 = 6 words (abc, acb, bac, bca, cab, cba).  THIS
              MUST BE THE LAST OPTION!  This option CANNOT be used with -s and it ignores
              min and max length however you must still specify two numbers.
       -q filename.txt
              Tells  crunch  to read filename.txt and permute what is read.  This is like
              the -p option except it gets the input from filename.txt.
       -r Tells crunch to resume generate words from where it left off.  -r only works if
              you  use -o.  You must use the same command as the original command used to
              generate the words.  The only exception to this is the -s option.  If  your
              original  command  used  the -s option you MUST remove it before you resume
              the session.  Just add -r to the end of the original command.
       -s startblock
              Specifies a starting string, eg: 03god22fs
       -t @,%^
              Specifies a pattern, eg: @@god@@@@ where the only the @'s,  ,'s,  %'s,  and
              ^'s will change.
              @ will insert lower case characters
              , will insert upper case characters
              % will insert numbers
              ^ will insert symbols
       -u
              The -u option disables the printpercentage thread.  This should be the last
              option.
       -z gzip, bzip2, lzma, and 7z
              Compresses the output from the  -o  option.   Valid  parameters  are  gzip,
              bzip2, lzma, and 7z.
              gzip  is  the  fastest  but  the compression is minimal.  bzip2 is a little
              slower than gzip but has better compression.  7z is  slowest  but  has  the
              best compression.

命令格式为: crunch <min-len> <max-len> [<charset string>] [options]

  • min-len: 生成字典的最小长度
  • max-len: 生成字典的最大长度

其中,几个比较重要的参数:

参数 描述
-b 指定写入文件最大字节数,类型可为kb, mb, gb, kib, mib, and gib.注意此参数必须跟 -o START 一起使用
-c 指定写出文件的行数
-s 指定crunch从该字符串开始生成字典
-e 指定crunch从该字符串结束生成字典
-f 指定一个字符集合,默认路径 /usr/share/crunch/charset.lst,作用见下文
-l 类似于转义的操作
-o 指定写出文件名,要分清楚 -o START
-t 指定生成字典的特殊格式,此参数乃crunch的核心!
-z 指定压缩生成的字典文件,格式为:gzip, bzip2, lzma, and 7z,且与 -o START 使用
-p 这个参数可以理解为把指定的字符串看做一个整体并自由组合

注意:在使用crunch生成字典时,一定要看生成的字典文件的预计大小.比如:[ crunch 1 8 ] 就是输出 1812GB 的数据!! 这样的话硬盘早就撑爆了!!

example1

$ crunch 1 8
这将会显示出从 a 到 zzzzzzzz 的数据,也就是1812GB!

example2

$ crunch 1 6 abcdefg -o mydict.lst
这将会生成一个从 a 到 gggggg 的字典文件

example3

$ crunch 8 8 -f /usr/share/crunch/charset.lst mixalpha-numeric-all-space
这将生成 8位 大小写以及特殊符号的字典

charset.lst文件如下:
img

可以看到 mixalpha-numeric-all-space 表示 a-z,A-Z大小写+0-9数字+特殊字符:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345 6789!@#$%^&*()-_+=~`[]{}|:;”‘<>,.?/

当指定 -f 参数时,必须要指明一个变量,如 mixalpha-numeric-all-space

example4

$ crunch 6 6 -s xxdog5 -t @@dog%
注意这里的格式,这里以 xxdog5 开始且字符个数必须为6,因为这里最小字符数为6,同时 -t 指定的该格式也必须时 -s 指定的格式.

一般地,crunch的4个通配符代表了不同的意思

  • @ :表示一个 a-z 小写字符
  • , :表示一个 A-Z 大写字符
  • % :表示一个 0-9 的数字
  • ^ :表示一个象征符号

弄清楚这几个后,上面的也就可以明白了,如果把 xxdog5 换成 xxdoga 就错了

example5

$ crunch 3 3 -p abc
这里指定了 -p 参数,意味着吧 a,b,c 这三个字符进行组合 .输出结果为:
abc
acb
bac
bca
cab
cba

当然这里也可以写成 crunch 3 3 -p a b c
举一反三,再来一个例子:

$ crunch 3 3 -p i love you
输出:
iloveyou
iyoulove
loveiyou
loveyoui
youilove
youlovei
可看到,该参数吧一个词看做整体来进行匹配

example6

$ crunch 3 3 abc -o START -c 10 -z bzip2
最后会生成3个.bz2压缩文件
aaa-baa.txt.bz2
bab-cab.txt.bz2
cac-ccc.txt.bz2

这里使用参数 -o START, -c 表示生成的字典文件每个10行数据,直到生成结束,加入 -z bzip2 表示然后再把这些 .txt文件压缩成后缀为 .bz2的压缩包

注意,这里没有必要再指定生成字典的文件名!

结尾

关于crunch的例子,可以查看文档,文档是个好东西~
熟悉crunch的使用,还是很重要的……

bye~

Others
Linux

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!