Difference between revisions of "Passwords"
Line 325: | Line 325: | ||
<td>English</td> | <td>English</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/english.txt.bz2 english.txt.bz2] (1,368,101 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/english.txt.bz2 english.txt.bz2] (1,368,101 bytes)</td> | ||
<td>n/a</td> | |||
<td>My combination of a couple lists, from [https://twitter.com/xorrbit Andrew Orr], Brandon Enright, and [http://xd-blog.com.ar/ Seth]</td> | <td>My combination of a couple lists, from [https://twitter.com/xorrbit Andrew Orr], Brandon Enright, and [http://xd-blog.com.ar/ Seth]</td> | ||
</tr> | </tr> | ||
Line 331: | Line 332: | ||
<td>German</td> | <td>German</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/german.txt.bz2 german.txt.bz2] (2,371,487 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/german.txt.bz2 german.txt.bz2] (2,371,487 bytes)</td> | ||
<td>n/a</td> | |||
<td>Compiled by Brandon Enright</td> | <td>Compiled by Brandon Enright</td> | ||
</tr> | </tr> | ||
Line 337: | Line 339: | ||
<td>[http://ha.ckers.org/blog/20090417/us-cities-dictionary/ American cities]</td> | <td>[http://ha.ckers.org/blog/20090417/us-cities-dictionary/ American cities]</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/us_cities.txt.bz2 us_cities.txt.bz2] (77,081 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/us_cities.txt.bz2 us_cities.txt.bz2] (77,081 bytes)</td> | ||
<td>n/a</td> | |||
<td>Generated by RSnake</td> | <td>Generated by RSnake</td> | ||
</tr> | </tr> | ||
Line 343: | Line 346: | ||
<td>"Porno"</td> | <td>"Porno"</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/porno.txt.bz2 porno.txt.bz2] (7,158,285 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/porno.txt.bz2 porno.txt.bz2] (7,158,285 bytes)</td> | ||
<td>n/a</td> | |||
<td>World's largest porno password collection!<br>Created by [http://reusablesec.blogspot.com/ Matt Weir] | <td>World's largest porno password collection!<br>Created by [http://reusablesec.blogspot.com/ Matt Weir] | ||
</tr> | </tr> | ||
Line 349: | Line 353: | ||
<td>Honeynet</td> | <td>Honeynet</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/honeynet.txt.bz2 honeynet.txt.bz2] (889,525 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/honeynet.txt.bz2 honeynet.txt.bz2] (889,525 bytes)</td> | ||
<td>n/a</td> | |||
<td rowspan='2'>From a honeynet run by [http://twitter.com/jgimer Joshua Gimer]</td> | <td rowspan='2'>From a honeynet run by [http://twitter.com/jgimer Joshua Gimer]</td> | ||
</tr> | </tr> | ||
Line 354: | Line 359: | ||
<td>Honeynet - w/ count</td> | <td>Honeynet - w/ count</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/honeynet-withcount.txt.bz2 honeynet-withcount.txt.bz2] (901,868 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/honeynet-withcount.txt.bz2 honeynet-withcount.txt.bz2] (901,868 bytes)</td> | ||
<td>n/a</td> | |||
</tr> | </tr> | ||
Line 359: | Line 365: | ||
<td>File locations</td> | <td>File locations</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/file-locations.txt.bz2 file-locations.txt.bz2] (1,724 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/file-locations.txt.bz2 file-locations.txt.bz2] (1,724 bytes)</td> | ||
<td>n/a</td> | |||
<td>Potential logfile locations (for LFI, etc).<br>Thanks to [http://xd-blog.com.ar/ Seth]!</td> | <td>Potential logfile locations (for LFI, etc).<br>Thanks to [http://xd-blog.com.ar/ Seth]!</td> | ||
</tr> | </tr> | ||
Line 365: | Line 372: | ||
<td>Fuzzing strings (Python)</td> | <td>Fuzzing strings (Python)</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/fuzzing-strings.txt.bz2 fuzzing-strings.txt.bz2] (276 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/fuzzing-strings.txt.bz2 fuzzing-strings.txt.bz2] (276 bytes)</td> | ||
<td>n/a</td> | |||
<td>Thanks to [http://xd-blog.com.ar/ Seth]!</td> | <td>Thanks to [http://xd-blog.com.ar/ Seth]!</td> | ||
</tr> | </tr> | ||
Line 371: | Line 379: | ||
<td>PHPMyAdmin locations</td> | <td>PHPMyAdmin locations</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/phpmyadmin-locations.txt.bz2 phpmyadmin-locations.txt.bz2] (304 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/phpmyadmin-locations.txt.bz2 phpmyadmin-locations.txt.bz2] (304 bytes)</td> | ||
<td>n/a</td> | |||
<td>Potential PHPMyAdmin locations.<br>Thanks to [http://xd-blog.com.ar/ Seth]!</td> | <td>Potential PHPMyAdmin locations.<br>Thanks to [http://xd-blog.com.ar/ Seth]!</td> | ||
</tr> | </tr> | ||
Line 377: | Line 386: | ||
<td>Web extensions</td> | <td>Web extensions</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/web-extensions.txt.bz2 web-extensions.txt.bz2] (117 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/web-extensions.txt.bz2 web-extensions.txt.bz2] (117 bytes)</td> | ||
<td>n/a</td> | |||
<td>Common extensions for Web files.<br>Thanks to [http://www.open-labs.org/ dirb]!</td> | <td>Common extensions for Web files.<br>Thanks to [http://www.open-labs.org/ dirb]!</td> | ||
</tr> | </tr> | ||
Line 383: | Line 393: | ||
<td>Web mutations</td> | <td>Web mutations</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/web-mutations.txt.bz2 web-mutations.txt.bz2] (177 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/web-mutations.txt.bz2 web-mutations.txt.bz2] (177 bytes)</td> | ||
<td>n/a</td> | |||
<td>Common 'mutations' for Web files.<br>Thanks to [http://www.open-labs.org/ dirb]!</td> | <td>Common 'mutations' for Web files.<br>Thanks to [http://www.open-labs.org/ dirb]!</td> | ||
</tr> | </tr> | ||
Line 407: | Line 418: | ||
<td>Full names</td> | <td>Full names</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-names-unique.txt.bz2 facebook-names-unique.txt.bz2] (479,332,623 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-names-unique.txt.bz2 facebook-names-unique.txt.bz2] (479,332,623 bytes)</td> | ||
<td>n/a</td> | |||
<td rowspan='2'>2010-08</td> | <td rowspan='2'>2010-08</td> | ||
<td rowspan='2'> </td> | <td rowspan='2'> </td> | ||
Line 413: | Line 425: | ||
<td>Full names - w/ count</td> | <td>Full names - w/ count</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-names-withcount.txt.bz2 facebook-names-withcount.txt.bz2] (477,274,173 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-names-withcount.txt.bz2 facebook-names-withcount.txt.bz2] (477,274,173 bytes)</td> | ||
<td>n/a</td> | |||
</tr> | </tr> | ||
Line 418: | Line 431: | ||
<td>First names</td> | <td>First names</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-firstnames.txt.bz2 facebook-firstnames.txt.bz2] (16,464,124 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-firstnames.txt.bz2 facebook-firstnames.txt.bz2] (16,464,124 bytes)</td> | ||
<td>n/a</td> | |||
<td rowspan='2'>2010-08</td> | <td rowspan='2'>2010-08</td> | ||
<td rowspan='2'> </td> | <td rowspan='2'> </td> | ||
Line 424: | Line 438: | ||
<td>First names - w/ count</td> | <td>First names - w/ count</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-firstnames-withcount.txt.bz2 facebook-firstnames-withcount.txt.bz2] (73,134,218 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-firstnames-withcount.txt.bz2 facebook-firstnames-withcount.txt.bz2] (73,134,218 bytes)</td> | ||
<td>n/a</td> | |||
</tr> | </tr> | ||
Line 429: | Line 444: | ||
<td>Last names</td> | <td>Last names</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-lastnames.txt.bz2 facebook-lastnames.txt.bz2] (21,176,444 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-lastnames.txt.bz2 facebook-lastnames.txt.bz2] (21,176,444 bytes)</td> | ||
<td>n/a</td> | |||
<td rowspan='2'>2010-08</td> | <td rowspan='2'>2010-08</td> | ||
<td rowspan='2'> </td> | <td rowspan='2'> </td> | ||
Line 435: | Line 451: | ||
<td>Last names - w/ count</td> | <td>Last names - w/ count</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-lastnames-withcount.txt.bz2 facebook-lastnames-withcount.txt.bz2] (21,166,232 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-lastnames-withcount.txt.bz2 facebook-lastnames-withcount.txt.bz2] (21,166,232 bytes)</td> | ||
<td>n/a</td> | |||
</tr> | </tr> | ||
Line 440: | Line 457: | ||
<td>First initial last names</td> | <td>First initial last names</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-f.last.txt.bz2 facebook-f.last.txt.bz2] (67,110,776 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-f.last.txt.bz2 facebook-f.last.txt.bz2] (67,110,776 bytes)</td> | ||
<td>n/a</td> | |||
<td rowspan='2'>2010-08</td> | <td rowspan='2'>2010-08</td> | ||
<td rowspan='2'> </td> | <td rowspan='2'> </td> | ||
Line 446: | Line 464: | ||
<td>First initial last names - w/ count</td> | <td>First initial last names - w/ count</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-f.last-withcount.txt.bz2 facebook-f.last-withcount.txt.bz2] (66,348,431 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-f.last-withcount.txt.bz2 facebook-f.last-withcount.txt.bz2] (66,348,431 bytes)</td> | ||
<td>n/a</td> | |||
</tr> | </tr> | ||
Line 451: | Line 470: | ||
<td>First name last initial</td> | <td>First name last initial</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-first.l.txt.bz2 facebook-first.l.txt.bz2] (37,463,798 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-first.l.txt.bz2 facebook-first.l.txt.bz2] (37,463,798 bytes)</td> | ||
<td>n/a</td> | |||
<td rowspan='2'>2010-08</td> | <td rowspan='2'>2010-08</td> | ||
<td rowspan='2'> </td> | <td rowspan='2'> </td> | ||
Line 457: | Line 477: | ||
<td>First name last initial</td> | <td>First name last initial</td> | ||
<td>[http://downloads.skullsecurity.org/passwords/facebook-first.l-withcount.txt.bz2 facebook-first.l-withcount.txt.bz2] (36,932,295 bytes)</td> | <td>[http://downloads.skullsecurity.org/passwords/facebook-first.l-withcount.txt.bz2 facebook-first.l-withcount.txt.bz2] (36,932,295 bytes)</td> | ||
<td>n/a</td> | |||
</tr> | </tr> | ||
</table> | </table> |
Revision as of 03:46, 21 September 2011
Password dictionaries
These are dictionaries that come with tools/worms/etc, designed for cracking passwords. As far as I know, I'm not breaking any licensing agreements by mirroring them with credit; if you don't want me to host one of these files, let me know and I'll remove it.
Name | Compressed | Uncompressed | Notes |
John the Ripper | john.txt.bz2 (10,934 bytes) | n/a | Simple, extremely good, designed to be modified |
Cain & Abel | cain.txt.bz2 (1,069,968 bytes) | n/a | Fairly comprehensive, not ordered |
Conficker worm | conficker.txt.bz2 (1411 bytes) | n/a | Used by conficker worm to spread -- low quality |
500 worst passwords | 500-worst-passwords.txt.bz2 (1868 bytes) | n/a | |
370 Banned Twitter passwords | twitter-banned.txt.bz2 (1509 bytes) | n/a |
Leaked passwords
Passwords that were leaked or stolen from sites. I'm hosting them because it seems like nobody else does (hopefully it isn't because hosting them is illegal :)). Naturally, I'm not the one who stole these; I simply found them online, removed any names/email addresses/etc (I don't see any reason to supply usernames -- if you do have a good reason, email me (ron-at-skullsecurity.net) and I'll see if I have them.
The best use of these is to generate or test password lists.
Note: The dates are approximate.
Name | Compressed | Uncompressed | Date | Notes |
Rockyou | rockyou.txt.bz2 (60,498,886 bytes) | n/a | 2009-12 | Best list available; huge, stolen unencrypted |
Rockyou with count | rockyou-withcount.txt.bz2 (59,500,255 bytes) | n/a | ||
phpbb | phpbb.txt.bz2 (868,606 bytes) | n/a | 2009-01 | Ordered by commonness Cracked from md5 by Brandon Enright (97%+ coverage) |
phpbb with count | phpbb-withcount.txt.bz2 (872,867 bytes) | n/a | ||
phpbb with md5 | phpbb-withmd5.txt.bz2 (4,117,887 bytes) | n/a | ||
MySpace | myspace.txt.bz2 (175,970 bytes) | n/a | 2006-10 | Captured via phishing |
MySpace - with count | myspace-withcount.txt.bz2 (179,929 bytes) | n/a | ||
Hotmail | hotmail.txt.bz2 (47,195 bytes) | n/a | Unknown | Isn't clearly understood how these were stolen |
Hotmail with count | hotmail-withcount.txt.bz2 (47,975 bytes) | n/a | ||
Faithwriters | faithwriters.txt.bz2 (39,327 bytes) | n/a | 2009-03 | Religious passwords |
Faithwriters - with count | faithwriters-withcount.txt.bz2 (40,233 bytes) | n/a | ||
Elitehacker | elitehacker.txt.bz2 (3,690 bytes) | n/a | 2009-07 | Part of zf05.txt |
Elitehacker - with count | elitehacker-withcount.txt.bz2 (3,846 bytes) | n/a | ||
Hak5 | hak5.txt.bz2 (16,490 bytes) | n/a | 2009-07 | Part of zf05.txt |
Hak5 - with count | hak5-withcount.txt.bz2 (16,947 bytes) | n/a | ||
Älypää | alypaa.txt.bz2 (5,178 bytes) | n/a | 2010-03 | Finnish passwords |
alypaa - with count | alypaa-withcount.txt.bz2 (6,013 bytes) | n/a | ||
Facebook (Pastebay) | facebook-pastebay.txt.bz2 (375 bytes) | n/a | 2010-04 | Found on Pastebay; appear to be malware-stolen. |
Facebook (Pastebay) - w/ count | facebook-pastebay-withcount.txt.bz2 (407 bytes) | n/a | ||
Unknown porn site | porn-unknown.txt.bz2 (30,600 bytes) | n/a | 2010-08 | Found on angelfire.com. No clue where they originated, but clearly porn site. |
Unknown porn site - w/ count | porn-unknown-withcount.txt.bz2 (31,899 bytes) | n/a | ||
Ultimate Strip Club List | tuscl.txt.bz2 (176,291 bytes) | n/a | 2010-09 | Thanks to Mark Baggett for finding! |
Ultimate Strip Club List - w/ count | tuscl-withcount.txt.bz2 (182,441 bytes) | n/a | ||
[Facebook Phished] | facebook-phished.txt.bz2 (14,457 bytes) | n/a | 2010-09 | Thanks to Andrew Orr for reporting |
Facebook Phished - w/ count | facebook-phished-withcount.txt.bz2 (14,941 bytes) | n/a | ||
Carders.cc | carders.cc.txt.bz2 (8,936 bytes) | n/a | 2010-05 | |
Carders.cc - w/ count | carders.cc-withcount.txt.bz2 (9,774 bytes) | n/a | ||
Singles.org | singles.org.txt.bz2 (50,697 bytes) | n/a | 2010-10 | |
Singles.org - w/ count | singles.org-withcount.txt.bz2 (52,884 bytes) | n/a | ||
Unnamed financial site | (reserved) | (reserved) | 2010-12 | |
Unnamed financial site - w/ count | (reserved) | (reserved) | ||
Gawker | (reserved) | (reserved) | 2010-12 | |
Gawker - w/ count | (reserved) | (reserved) | ||
Free-Hack.com | (reserved) | (reserved) | 2010-12 | |
Free-Hack.com w/count | (reserved) | (reserved) | ||
Carders.cc (second time hacked) | (reserved) | (reserved) | 2010-12 | |
Carders.cc w/count (second time hacked) | (reserved) | (reserved) |
Statistics
I did some tests of my various dictionaries against the different sets of leaked passwords. I grouped them by the password set they were trying to crack:
- cracked_500worst.png
- cracked_elitehackers.png
- cracked_faithwriters.png
- cracked_hak5.png
- cracked_hotmail.png
- cracked_myspace.png
- cracked_phpbb.png
- cracked_rockyou.png
Miscellaneous non-hacking dictionaries
These are dictionaries of words (etc), not passwords. They may be useful for one reason or another.
Name | Compressed | Uncompressed | Notes |
English | english.txt.bz2 (1,368,101 bytes) | n/a | My combination of a couple lists, from Andrew Orr, Brandon Enright, and Seth |
German | german.txt.bz2 (2,371,487 bytes) | n/a | Compiled by Brandon Enright |
American cities | us_cities.txt.bz2 (77,081 bytes) | n/a | Generated by RSnake |
"Porno" | porno.txt.bz2 (7,158,285 bytes) | n/a | World's largest porno password collection! Created by Matt Weir |
Honeynet | honeynet.txt.bz2 (889,525 bytes) | n/a | From a honeynet run by Joshua Gimer |
Honeynet - w/ count | honeynet-withcount.txt.bz2 (901,868 bytes) | n/a | |
File locations | file-locations.txt.bz2 (1,724 bytes) | n/a | Potential logfile locations (for LFI, etc). Thanks to Seth! |
Fuzzing strings (Python) | fuzzing-strings.txt.bz2 (276 bytes) | n/a | Thanks to Seth! |
PHPMyAdmin locations | phpmyadmin-locations.txt.bz2 (304 bytes) | n/a | Potential PHPMyAdmin locations. Thanks to Seth! |
Web extensions | web-extensions.txt.bz2 (117 bytes) | n/a | Common extensions for Web files. Thanks to dirb! |
Web mutations | web-mutations.txt.bz2 (177 bytes) | n/a | Common 'mutations' for Web files. Thanks to dirb! |
DirBuster has some awesome lists, too -- usernames and filenames.
Facebook lists
These are the lists I generated from this data. Some are more useful than others as password lists. All lists are sorted by commonness.
If you want a bunch of these, I highly recommend using the torrent. It's faster, and you'll get them all at once.
Name | Compressed | Uncompressed | Date | Notes |
Full names | facebook-names-unique.txt.bz2 (479,332,623 bytes) | n/a | 2010-08 | |
Full names - w/ count | facebook-names-withcount.txt.bz2 (477,274,173 bytes) | n/a | ||
First names | facebook-firstnames.txt.bz2 (16,464,124 bytes) | n/a | 2010-08 | |
First names - w/ count | facebook-firstnames-withcount.txt.bz2 (73,134,218 bytes) | n/a | ||
Last names | facebook-lastnames.txt.bz2 (21,176,444 bytes) | n/a | 2010-08 | |
Last names - w/ count | facebook-lastnames-withcount.txt.bz2 (21,166,232 bytes) | n/a | ||
First initial last names | facebook-f.last.txt.bz2 (67,110,776 bytes) | n/a | 2010-08 | |
First initial last names - w/ count | facebook-f.last-withcount.txt.bz2 (66,348,431 bytes) | n/a | ||
First name last initial | facebook-first.l.txt.bz2 (37,463,798 bytes) | n/a | 2010-08 | |
First name last initial | facebook-first.l-withcount.txt.bz2 (36,932,295 bytes) | n/a |