When conducting penetration testing, manually collecting password dictionaries is very time-consuming. Using password dictionary generation tools can greatly shorten the time and increase the width of blasting.
crunch
Kali comes with crunch, Kali installation reference: [Network Security | Tools] Kali virtual machine installation tutorial and detailed error analysis
Crunch is a commonly used password cracking tool that can generate various possible passwords based on specified character sets, lengths and patterns and perform brute force cracking. At the same time, Crunch can save the generated password to a file for use in cracking tools.
Tutorial
Basic syntax: crunch min-len max-len [options]
1) Basic parameters (required)
- min-len: minimum length string to start with
- max-len: the maximum length of the ending string
- charset string: The character set contained in the password to be generated (lowercase characters, uppercase characters, numbers, symbols)
2) Common options [options] (optional)
- -o: Output the generated password to the specified file;
- -s: Specifies the starting character, used when generating a numeric dictionary
- -b: Split the dictionary file into several dictionaries of specified sizes according to the specified size unit to avoid one dictionary file being too large. Use with -o START
- -c: The number of rows each password dictionary contains, used with -o START
- -f: Call the password library file, for example: /usr/share/crunch/charset.lst
- -t: Define the password output format (@ represents inserting lowercase letters, , represents inserting uppercase letters, % represents inserting numbers, ^ represents inserting special symbols)
- -z: Compress the generated dictionary file. Valid parameters are gzip, bzip2, lzma, and 7z. Among them, gzip has the fastest compression and 7z has the slowest compression.
- -d: -dx means that consecutive numbers or letters cannot exceed x digits
Examples are as follows:
Generate a 3-digit digital password dictionary composed of 0~9 and output it to the pass.txt file
crunch 3 3 01234566789 -o Desktop/pass.txt
Generate a 4-digit digital password dictionary composed of 0~9, and separate each dictionary into 1mb.
crunch 4 4 0123456789 -b 1mb -o START
Generate a 5-digit numeric password dictionary composed of 0~9, and the number of lines separating each dictionary is 500
crunch 5 5 0987654321 -o START -c 500
Generate a 4-digit numeric password dictionary composed of 0~9. The number of rows separating each dictionary is 10,000. Continuously repeated numbers cannot exceed 2 digits.
crunch 4 4 0123456789 -o START -d 2 -c 100000
It can be seen that 0111 does not appear.
Use crunch's own lowercase character set to generate a 4-digit password dictionary and output it to file 1.txt
crunch 4 4 -f /usr/share/crunch/charset.lst lalpha -o Desktop/1.txt
Generate a 3-digit digital password dictionary composed of 0~9, starting from 123, and output it to the 2.txt file
crunch 3 3 01234566789 -s 123 -o Desktop/2.txt
Randomly generate a 4-digit character dictionary into 3.txt, requiring the first digit to be lowercase, the second digit to be uppercase, the third digit, and the fourth digit to be a special character.
crunch 4 4 -t @,%^ -o Desktop/3.txt
Use the lowercase character set that comes with crunch to generate a 5-digit password dictionary and output it to the 4.txt file. The second requirement is the character d.
crunch 5 5 -f /usr/share/crunch/charsetset.lst lalpha -t @d@@@ -o 4.txt
Note: Since a 5-digit password dictionary needs to be generated, -t should be followed by @d@@@ instead of @d or @d@, etc.
If the character set path is wrong, EXP can also be:
crunch 5 5 -c abcdefghijklmnopqrstuvwxyz -t @d@@@ -o Desktop/4.txt
Randomly generate a 4-digit character dictionary (the first digit is lowercase, the second digit is uppercase, the third digit, and the fourth digit is a special character) into 5.txt, and finally package it into a gzip file
crunch 4 4 -t @,%^ -o 5.txt -z gzip
Just unzip it:
cupp
Kali comes with cupp. Here is how to download and install cupp in windows.
Install
Create a new cupp folder in the Python3 directory, enter the directory, open cmd, and enter the following command:
pip install cupp
If there is a network error, the error will be reported as follows:
Can switch to domestic mirror source:
pip install -i https://pypi.tuna.tsinghua.edu.cn/simple cupp
At this point, cupp is installed.
Tutorial
We can duppview tool information using:
- -h: often read help information
- -i: Create a user password dictionary by filling in the information
- -v: View version information
- -q: Quiet mode
1. View the help information:
cupp -h
2. Check version information:
cupp -v
3. Quiet mode:
cupp -q
4. Create a dictionary:
cupp -i
surname means surname
firstname means first name
Nickname means nickname
Enter words separated by comma. [ie hacker,security,crack] means: Please enter a series of words separated by comma, such as hacker, security, crack
In the directory where the cupp command is executed, you can view the generated password dictionary file (named after the last name of the target user), here it is san:
