Creating Wordlist for Brute Force Attack

Brute force is an old attack technique but it can be still gold. For brute force attack, we need a wordlist/password list that will be tried by the tool we use, including possible passwords. Then, the tool will try thousands of these passwords per second. This is also referred to dictionary attack. The stronger your list is, the more successful you will be on cracking passwords.

For different targets, we may need different wordlists. Sometimes we would have some indicators about the target’s password since the knowledge about the target, like children’s name, pet’s name, birthday, etc. We may also know the password policy of the application, maybe having a policy with minimum 12 characters. In such cases, we may need different wordlists, that we can use for different targets. And a correct wordlist we have, saves our time. Especially, considering how long brute force attack takes, it can save our hours or days.

“Crunch” is a tool that enables us to create custom wordlists in the way we want. Both Kali and Parrot include crunch. It is very easy to create wordlists with crunch. Let’s take a look;

I will use Parrot for crunch, and it is in Pentesting > Password Attacks > Password Profiling & Wordlists menu in Parrot.


Crunch does not provide much information about its usage at the beginning. The screenshot below shows the opening screen of crunch;

The basic syntax is;
# crunch <min> <max> <char set> -o <output file>
min = Minimum password length
max = Maximum password length
char set = The character set to be used generating passwords
-o = Wordlist file being created by crunch

By default, when we want to generate a wordlist for 8 characters, crunch estimates how large the file be;

By default, this command will generate password with small letters only. If we want a wordlist with 8 characters mixed with small letters and numbers, we can type like below;

We can define the character set as we want. Sure, the creation of the file takes much time, and it becomes a very big file. So, it would be better to guess some indicators about the password and create a wordlist for that.

It is also possible to use charsets defined in /usr/share/rainbowcrack/charset.txt file. We can get the same file with the command below;

The charsets in charset.txt is;

Leave a Reply