Crunch - Scripts for Password List Generation

[derv82]

I was working with WPA passwords and ended up writing a couple of shell scripts that use Crunch to generate password lists. I thought the community might find them useful...

passthrough.sh
I like passing crunch output to aircrack-ng (it saves disk space and time), but I always forget the commands.
This script remembers the arguments so I don't have to.

input:

• location of cap file,
• ESSID of access point,
• minimum length,
• maximum length,
• charset (typed)

output:

• aircrack-ng's output

Note: Ctrl+C then Ctrl+Z will stop the script (not sure why.. oh well)

passthrough.sh is available here (pastebin)

phone.sh
Note: This is only for U.S. cities -- for now
I've found that phone numbers are a common password for access points. I considered creating every possible phone number for an area code ([areacode]####### -- 3 digit areacode, then 7 digit number), but that creates a LOT of numbers that aren't valid (and a lot of numbers in general).

This script uses an online database to find only valid areacodes and prefixes for whatever city you're searching for.
For example, If you type in 'chicago' as the city, it will find all areacodes + prefixes within that area -- not just 'guessing' but the actual prefixes used by the city. The script then uses Crunch to generate the last 4 digits.

The difference between generating all possible numbers and only numbers within valid prefixes can be a HUGE difference! In Albuquerque (one areacode), all possible numbers means 10,000,000 phone numbers; using this script, the valid list was shortened to 2,500,000 phone numbers. This script helped me avoid 7.5 million 'bad phone numbers'!.

Updated!
Included a menu system to select phone number format, also fixed an error for cities with spaces in the name.

Updated Again!
phone.sh now has the option to passthrough (pipe) to aircrack-ng. When prompted, enter an .CAP file containing the 4-way handshake, and the SSID of the access point, and the script will pipe all output to aircrack-ng in hopes of cracking the WPA key. This saves time and memory.
Bug fixed: When generating phone numbers without area codes, the script would sometimes generate duplicates. This has been resolved (sort/uniq removes any duplicates before generating).


input

• name of the city
• one of 5 telephone number formats:
  
  • (555)555-1234
  • 555-555-1234
  • 5555551234
  • 555-1234
  • 5551234
• Do you want to pipe the results to aircrack-ng? (y/n)
  
  • (if yes) Enter path to .CAP file and SSID of access point

output

• every possible valid phone number for that city is..
• ...saved to phone.txt if aircrack passthrough is not selected
• ...piped to aircrack-ng to crack a 4-way handshake instead.

Note: Ctrl+C works, but you have to wait for aircrack to exhaust the current list. (usually takes about 20 seconds).

phone.sh (5th revision) is available here (pastebin)


Feel free to expand/edit/fix these scripts as you see fit.

Enjoy!

[Archangel-Amael]

Moved to a more suitable section.

[fnord0]

both of these scripts are great, and have saved me lots of time. I _REALLY_ dig the phone.sh script, that is just awsome! =) -props- regarding the passthrough.sh script - I've been messing with passing everything to aircrack-ng-cuda and pyrit(cuda-based). again very cool script. many thanks for your time and effort!

[derv82]

Announcing a major update to "phone.sh"...

f0ne.sh



This script still only works in U.S. cities -- international phone numbers are a huge, huge pain, so I don't see it happening anytime soon; People can edit the script to work for whatever country they live in, but that's beyond what I'm willing to do.

Updates:

• Interactive mode has a new user interface - colored text!
  
  • ./f0ne.sh
  • (no arguments)
  
  
• Command-line arguments - you can now pass arguments to f0ne instead of using the interactive menu system
  
  • USAGE: ./f0ne.sh [city] [style]
  • EXAMPLE: ./f0ne.sh "cleveland, oh" 3
  • OUTPUT: all of the phone nubmers in cleveland - to stdout, so piping is recommended:
  • PIPING: ./f0ne.sh "cleveland, oh" 3 > cleveland.txt
  
  
• Can run independent of Crunch
  
  • crunch is VERY fast at generating lists, but not everyone has it.
  • if crunch isn't found on the user's system, a substitute shell script is used instead
  • this substitute script is MUCH MUCH slower than crunch; it's meant as a last-resort.
  
  
• Piping to aircrack is still included, but only in interactive mode
  
• Saves phone numbers to [city].txt instead of the generic "phone.txt"
  
  • So if you asked for "burbank, ca", the program would save the phone numbers in "burbankca.txt"

I hope that some of you can find this script useful.

Available on Pastebin.com

[fnord0]

Announcing a major update to "phone.sh"...

looking good

[shadi]

good work
what about of i make script for 10 numbers like
0795619120 the first 4 number stay the same and the other number will be random
i mean if u can make 10 numbers generator and we can chouse wich number is random and wich is not thats make it easy for all the guys in any cuntry

[bbford]

Excellent tips for crunch and other articles click here:

A day with Tape: Creating wordlists with crunch v2.4

Thanks Tape!

[TAPE]

@bbford
Thanks
But all credit to bofh28 of course !

[shadi]

thxx alot bbford i download crunch work good

[j0eh4x]

i've been looking all over for a script like this. It doesnt seem to be capturing the prefix for my city, is there a way i can enter the first 3 digits?

is there a way to enter the prefix manually and generate a list between 666 [000 0000 - 999 9999] ?