kali linux使用crunch生成字典

kali linux使用crunch生成字典


(本文过于冗长且不成熟,为方便使用,请参考别的文章)
crunch是一款密码生成工具,使用字符集生成字典。是kali linux自带软件,也自己安装。安装步骤:

1. wget https://nchc.dl.sourceforge.net/project/crunch-wordlist/crunch-wordlist/crunch-3.6.tgz
2. tar -zxvf crunch-3.6.tgz
3. cd crunch-3.6
4. make

手动编译会比kali自动安装的程序多一个unicode_test.lst,可以将手动编译中的该文件复制到kali中的/usr/share/crunch/文件夹下。

一、查看crunch使用方法

man crunch

(注:man命令为Linux系统自带软件查询手册,自己安装的软件默认用man查询不到,但可以手动写入man手册。)

SYNOPSIS
       crunch   [] [options]

min-len:密码最小长度;
max-len:密码最大长度;
charset string(可选):用户自定义用来生成字典的字符集,不设置的话使用默认字符集即26位小写字母集[a-z];
option(可选):选择参数。
简单用法示例:

生成一位或两位由数字组成的字符串集,并将字符串集输出到指定文件 wordlist.txt 中。

crunch 1 2 0123456789 -o wordlist.txt

二、参数介绍

  1. -b number[type]
    (block)指定输出文件的大小。例如:在使用-o START时, crunch 4 5 -b 20mib -o START 生成4个文件;crunch 4 5 -b 10mib -o START生成8个文件; type参数为kb, mb, gb, kib, mib,gib.(注:1mb=1000kb,1mib=1024kib,U盘插入电脑后比商品标注的容量小的原因之一是,商品标注的是以gb为单位,操作系统以gib为单位)
    注意:-b number[type],中间不能有空格,如-b 20mib(正确),-b 20 mib(错误)。

  2. -c number
    (column)指定要写入的行数到输出文件。例如: 在使用-o START时,crunch 1 1 -c 10 -o START生成3个文件;crunch 1 1 -c 1 -o START生成26个文件。

  3. -d numbersymbol
    限制连续重复的字符数。number 指允许最大连续重复的字符数,symbol 是@、%、^,详细见examples 17-19。简单举例:

crunch 3 3 ab
Crunch will now generate the following number of lines: 8 
aaa
aab
aba
abb
baa
bab
bba
bbb

只允许字符连续出现2次

crunch 3 3 ab -d 2@
Crunch will now generate the following number of lines: 6 
aab
aba
abb
baa
bab
bba

没有aaa,bbb.

  1. -e string
    遇到指定字符停止,例如
crunch 1 1 01234
Crunch will now generate the following number of lines: 5 
0
1
2
3
4
crunch 1 1 01234 -e 2
Crunch will now generate the following number of lines: 3 
0
1
2
  1. -f /path/to/charset.lst charset-name
    从charset.lst指定字符集,例如kali Linux字符集文件在/usr/share/crunch/charset.lst中。查看文件里的字符集:
cat /usr/share/crunch/charset.lst | grep mixalpha-numeric-all-space
mixalpha-numeric-all-space = [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]
mixalpha-numeric-all-space-sv = [abcdefghijklmnopqrstuvwxyzåäöABCDEFGHIJKLMNOPQRSTUVWXYZÅÄÖ0123456789!@#$%^&*()-_+=~`[]{}|\:;"'<>,.?/ ]

使用方法例如:(mixalpha-numeric-all-space字符集生成结果占空间大,只是试下语句建议换其他字符集)

crunch 8 8 -f /usr/share/crunch/charset.lst mixalpha-numeric-all-space -o START
  1. -i
    将结果倒置;例子:
crunch 3 3 012
Crunch will now generate the following number of lines: 27 
000
001
002
crunch 3 3 012 -i
Crunch will now generate the following number of lines: 27 
000
100
200
  1. -l
    与-t选项一起使用,此选项告诉crunch哪些符号应该被视为文字。这将允许您使用占位符的图案字母。 -l选项应该与-t选项是相同长度。见example15。

  2. -m
    -p合并了-m,请用“-p”代替。

  3. -o wordlist.txt
    将输出写入指定的文件wordlist.txt。

  4. -p charset 或者 -p word1 word2 …
    以排列组合的方式来生成字典。如果生成没有重复字符的话,默认情况下,crunch将产生#of_chars_in_charset ^ MAX_LENGTH的词表大小。此选项将代替产生#of_chars_in_charset!,这个!代表阶乘。例如说字符集是ABC和最大长度为4 …crunch将默认生成3 ^ 4 = 81个字符串。此选项将代替产生3! = 3x2x1 = 6个字符串(ABC,ACB,BAC,BCA,CAB,CBA)。这必须是最后的选择!此选项不能与-s一起使用,并且忽略最小和最大长度但是仍然必须指定两个数字

  5. -q filename.txt
    从filename.txt读入数据,将读入的数据作为字符集a(a为代称),然后执行像-p a的步骤。看例子:(1.txt按行存储了11、2、3,11作为word1,为一个整体)

crunch 1 1 -q 1.txt
Crunch will now generate the following number of lines: 6 
1123
1132
2113
2311
3112
3211
  1. -r
    告诉crunch从停止的地方继续产生字符串。 -r只有在使用-o时有效。作为原始命令用来生成的话,你必须使用相同的命令。唯一的例外是-s选项。如果你原来的命令中使用-s选项你恢复会话之前,你必须将其删除。只需添加-r到原来的命令结束。

  2. -s startblock
    指定起始字符串,与-e对应,例如:

crunch 1 1 01234 -s 2
Crunch will now generate the following number of lines: 3 
2
3
4
  1. -t @,%^
    指定模式
    @ 将插入小写字符
    ,将插入大写字符
    %将插入数字
    ^ 将插入符号

  2. -u
    -u选项禁用printpercentage线程。这个应该是最后的选项。

  3. -z gzip, bzip2, lzma, and 7z
    将-o输出的文件压缩,支持gzip, bzip2, lzma, and 7z.gzip是最快压缩率最低,bzip2是稍微慢于gzip,但比其压缩率搞,7z最慢,但压缩率最高。

三、crunch给的案例
Example 1

crunch 1 8

crunch will display a wordlist that starts at a and ends at zzzzzzzz.
生成由小写字母组成的字符串集,字符串长度为1~8。

Example 2

 crunch 1 6 abcdefg

crunch will display a wordlist using the character set abcdefg that starts at a and ends at gggggg.
生成由指定字符集(abcdefg)组成的字符串集,字符串长度为1~6。

Example 3

  crunch 1 6 abcdefg\ 

there is a space at the end of the character string. In order for crunch to use the space you will need to escape it using the \ character. In this example you could also put quotes around the letters and not need the , i.e. "abcdefg “. Crunch will display a wordlist using the character set abcdefg that starts at a and ends at (6 spaces).
生成由指定字符集(abcdefg和空格)组成的字符串集,字符串长度为1~6。若要使用空格,需要用\转义,即”\ "。或者使用双引号,如 crunch 1 6 "abcdefg "

Example 4

 crunch 1 8 -f charset.lst mixalpha-numeric-all-space -o wordlist.txt

crunch will use the mixalpha-numeric-all-space character set from charset.lst and will write the wordlist to a file named wordlist.txt. The file will start with a and end with " "

生成由字符库charset.lst中mixalpha-numeric-all-space字符集的字符串集,字符串长度为1~6。并将结果输出到wordlist.txt。

Example 5

 crunch 8 8 -f charset.lst mixalpha-numeric-all-space -o wordlist.txt -t @@dog@@@ -s cbdogaaa

crunch should generate a 8 character wordlist using the mixalpha-
number-all-space character set from charset.lst and will write the
wordlist to a file named wordlist.txt. The file will start at cb‐
dogaaa and end at " dog "
从cbdogaaa开始,生成’@'由字符库charset.lst中mixalpha-numeric-all-space字符集代替的字符串集,字符串长度为8。(@不限定为小写)

Example 6

 crunch 2 3 -f charset.lst ualpha -s BB

crunch with start generating a wordlist at BB and end with ZZZ.
This is useful if you have to stop generating a wordlist in the middle. Just do a tail wordlist.txt and set the -s parameter to the next word in the sequence. Be sure to rename the original wordlist BEFORE you begin as crunch will overwrite the existing wordlist.
charset.lst中ualpha字符集为26为大写字母。从BB开始,生成由大写字母组成的字符串集,字符串长度为2~3。

Example 7

crunch 4 5 -p abc

The numbers aren’t processed but are needed.crunch will generate abc, acb, bac, bca, cab, cba.
使用排列组合的方式生成字符串集,无论最小、最大长度设为什么值,字符串长度都与字符集长度(此处为3)相等,但一定要设置这两个值,不然结果不准确。

Example 8

 crunch 4 5 -p dog cat bird

The numbers aren’t processed but are needed.crunch will generate birdcatdog, birddogcat, catbirddog, catdogbird, dogbirdcat, dogcatbird.
同上忽略4 5,但需设置。将dog、cat、bird这三个单词以排列组合的方式生成字符串集。

Example 9

 crunch 1 5 -o START -c 6000 -z bzip2

crunch will generate bzip2 compressed files with each file containing 6000 words. The filenames of the compressed files will be first_word-last_word.txt.bz2
将生成的的字符串集以每个文件最多存储6000行的方式拆分存储到各个文件中,并将各文件用bzip2方式压缩。

	   # time ./crunch 1 4 -o START -c 6000 -z gzip
 	   real    0m2.729s
	   user    0m2.216s
	   sys     0m0.360s```
	   
       # time ./crunch 1 4 -o START -c 6000 -z bzip2
       real    0m3.414s
       user    0m2.620s
       sys     0m0.580s

       # time ./crunch 1 4 -o START -c 6000 -z lzma
       real    0m43.060s
       user    0m9.965s
       sys     0m32.634s

       size  filename
       30K   aaaa-aiwt.txt
       12K   aaaa-aiwt.txt.gz
       3.8K  aaaa-aiwt.txt.bz2          
       1.1K  aaaa-aiwt.txt.lzma 

Example 10

crunch 4 5 -b 20mib -o START

will generate 4 files: aaaa-gvfed.txt, gvfee-ombqy.txt, ombqz-wcydt.txt, wcydu-zzzzz.txt. the first three files are 20MBs (real power of 2 MegaBytes) and the last file is 11MB.
将生成的字符串集以每个文件最多存储20mib的形式拆分存储到各个文件中。

Example 11

  crunch 3 3 abc + 123 !@# -t @%^

will generate a 3 character long word with a character as the first character, and number as the second character, and a symbol for the third character. The order in which you specify the characters you want is important. You must specify the order as lower case character, upper case character, number, and symbol. If you aren’t going to use a particular character set you use a plus sign as a placeholder. As you can see I am not using the upper case character set so I am using the plus sign placeholder. The above will start at a1! and end at c3#
生成3位密码,其中第一位由“a,b,c”中的一个;第二位为“1,2,3”中的一个;第三位为“!,@,#”中的一个。比如1a!、2a#、3b@…(此命令在实际测试中存在问题,!在linux为特殊命令,可以使用翻译字符!,
语句为 crunch 3 3 abc + 123 \!@# -t @%^).

Example 12

 crunch 3 3 abc + 123 !@# -t ^%@

will generate 3 character words starting with !1a and ending with#3c
生成3位密码,其中第一位由“!,@,#”中的一个;第二位为“1,2,3”中的一个;第三位为“a,b,c”中的一个。比如1a!、2a#、3b@…(此命令在实际测试中存在问题,!在linux为特殊命令,建议测试时把!去掉).

Example 13

 crunch 4 4  + + 123 + -t %%@^

the plus sign (+) is a place holder so you can specify a character
set for the character type. crunch will use the default character
set for the character type when crunch encounters a + (plus sign)
on the command line. You must either specify values for each
character type or use the plus sign. I.E. if you have two charac‐
ters types you MUST either specify values for each type or use a
plus sign. So in this example the character sets will be:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
123
!@#$%^&*()-_+=~`[]{}|:;"’<>,.?/
there is a space at the end of the above string
the output will start at 11a! and end at "33z ". The quotes show
the space at the end of the string.
生成4位密码,其中格式为“两个数字”+“一个小写字母”+“常见符号”(其中数字这里被指定只能为123组成的所有2位数字组合)。比如12f#,32j^…

Example 14

 crunch 5 5 -t ddd@@ -o j -p dog cat bird

any character other than one of the following: @,%^ is the placeholder for the words to permute. The @,%^ symbols have the same function as -t.If you want to use @,%^ in your output you can use the -l option to specify which character you want crunch to treat as a literal.
So the results are
birdcatdogaa
birdcatdogab
birdcatdogac
dogcatbirdzy
dogcatbirdzz
生成5个元素组成的密码,其中前三个为dog,cat,bird任意组合,后两个为两个小写字母的任意组合。[若ddd@@改为dd@@@,则密码格式为dog,cat,bird任意2个组合+三个小写字母。(aa@@@同dd@@@)这里不知道d,x代表什么,猜测ddd可以是除了@、%、,、^的其他数字或字符,它只是它用来与位数与位置匹配。]

Example 15

 crunch 7 7 -t p@ss,%^ -l a@aaaaa

crunch will now treat the @ symbol as a literal character and not replace the character with a uppercase letter.
this will generate
p@ssA0!
p@ssA0@
p@ssA0#
p@ssA0$
p@ssZ9
加-l选项是将字符串中的@作为文字字符集,而不是做为小写字母进行替换。生成7位密码,格式为“字符p@ss”+大写字母+数字+符号,比如p@ssZ9>…

Example 16

crunch 5 5 -s @4#S2 -t @%^,2 -e @8 Q2 -l @dddd -b 10KB -o START

crunch will generate 5 character strings starting with @4#S2 and ending at @8 Q2. The output will be broken into 10KB sized files named for the files starting and ending strings.
生成5位密码,以@4#S2开始,结束于@8*Q2.,并分割为10k大小,格式为小写字母+数字+符号+大写字母+数字。

Example 17

crunch 5 5 -d 2@ -t @@@%%

crunch will generate 5 character strings staring with aab00 and ending at zzy99. Notice that aaa and zzz are not present.
生成5位密码,格式为三个小写字母+两个数字,并限制每个密码小写字母最多连续重复2次,以aab00开头,以zzy99结束。“-d 2@”表示字母重复最多2次。

Example 18

crunch 10 10 -t @@@^%%%%^^ -d 2@ -d 3% -b 20mb -o START

crunch will generate 10 character strings starting with aab!0001!!
and ending at zzy 9998 The output will be written to 20mb
files.
生成10位密码,格式为三个小写字母+一个符号+四个数字+两个符号,限制每个密码字母最多连续重复2次和数字最多连续重复3次,文件大小为20MB。

Example 19

crunch 8 8 -d 2@

crunch will generate 8 characters that limit the same number of
lower case characters to 2. Crunch will start at aabaabaa and end
at zzyzzyzz.
生成8位密码,每个密码限制字母每次连续重复最多两次。

Example 20

crunch 4 4 -f unicode_test.lst japanese -t @@%% -l @xdd

crunch will load some Japanese characters from the unicode_test
character set file. The output will start at @日00 and end at
@語99.
调用密码库unicode_test.lst中的japanese字符集,生成4位密码,其中格式为@+一位japanese字符集+两数字。kali自带的crunch没有unicode_test.lst。
(求大神留言指教-l @xdd中的xd的含义,感觉用其他字母也可以代替。)

可以将crunch的输出通过管道在线使用生成的密码。两种最流行的方案: aircrack-ng and airolib-ng. 无线密码在线破解,语法如下(参数最后面的-表示引用crunch生成的密码):
crunch 2 4 abcdefghijklmnopqrstuvwxyz | aircrack-ng /root/Mycap‐
file.cap -e MyESSID -w-
crunch 10 10 12345 --stdout | airolib-ng testdb -import passwd -
crunch1 6 0123456789 | john pwd.txt --stdin -

linux密码生成工具crunch使用攻略
crunch-字典制作工具-创建自己的密码字典文件
aircrack-ng+crunch暴力破解WIFI密码

(注:本人菜鸡,如有错误,欢迎评论指出)

你可能感兴趣的:(kali linux使用crunch生成字典)