Creating a WPA wordlist for cracking using JTR (John the Ripper)

Today I am going to go through how to create specific word list for WPA cracking.

John the Ripper is an extraordinary tool that is useful for cracking passwords. First we must understand that using a wordlist is one of the ways to crack is one of the ways to crack a WPA protected router. Rainbow tables can also be used however for today, we shall focus on using rainbow tables to crack the password.

John the Ripper has the following parameters to be configured to allow customization.



Set this to your charset file name. See EXAMPLES for an example on how to generate a custom charset file. There’s no default.


Minimum password length (the number of characters) to try. The default is 0.


Maximum password length to try. The default is 8 (or CHARSET_LENGTH as defined in src/params.h at compile time).

CharCount = COUNT


However, if you are using incremental mode and outputing the results to the file, you will be restricted to a maximum length of 8 only. For WPA, we are more interested to crack weak password of length 8 and the minimum length of passwords are 8 characters.

Therefore, we can use the config file to implement min length=8 and max length=8. Another useful knowledge to know that some of the popular routers such as 2WIRE use 8 digits as their default password. We can use this information to create a wordlist consisting of 8 digits wordlist to a file through this command.

john –stdout –incremental=num >wordlist.txt

(800 MB file will be created)


Lets say we wanna create an alphabets only wordlist, we can use this command

john –stdout –incremental=alpha > wordlist.txt

(300GB+ file will be created)

Contributed by Chee Hong Kun.

Leave a Comment

seven − = 6