avatar
oxasploits
One Zero Day at a Time
  • HOME
  • SERVICES
  • CATEGORIES
  • ARCHIVES
  • TAGS
  • ABOUT
Home Password cracking wordlists reprise
Post
Cancel

Password cracking wordlists reprise

By Marshall Whittaker
Posted Mar 26 1 min read

Passwords

Wordlists for Password Cracking

These wordlists are some of my favorite to use for password cracking. Generally the larger the wordlist the longer it will take to crack a password, but the higher probabilty it will be in the list. These lists are line-by-line, suitable for use with John the Ripper or OCLHashcat to name a few.

If you need help cracking hashes, you can read my walkthrough of John the Ripper.


super_wpa.lst.gz - WPA wifi wordlist.
adjective_noun_3_digits_router.lst.gz - Some routers have this naming scheme.
rockyou.lst.gz - Good medium size all around wordlist.
john.lst.gz - Shorter password list bundled with John The Ripper.
bt4-password.lst.gz - Snother medium short wordlist of common passwords.
darkweb-top100000.lst.gz - Passes in order from most used.

The Lists

All lists are gzipped to save bandwidth. Total passwords included in each file is noted to the side, and was generated with:

zcat passfile.gz | wc -l

Total all lists: 2779697215 unique passwords

adjective_noun_3_digits_router.lst.gz: 1802841920 lines 4.1G

bt4-password.lst.gz: 1652903 lines 5.2M

rockyou.lst.gz: 14344391 lines 51M

super-wpa.lst.gz: 982963903 lines 4.3G

john_password.lst.gz: 3559 lines 14K

darkweb2017-top10000.lst.gz: 9999 lines 40K

I have also compiled this into a torrent for those who want them all.

Update Jun 19 2022: Sorry folks, I had to remove one of the larger wordlists because of bandwidth and disk usage limitations.

I have been struggling to keep this site going! Servers, domains, and widget feeds cost money!
I work a day job, but work hard to bring people information security related topics.
You can donate via Bitcoin: 3Ht1soLAdcBXrxbZLDJ53vry819E3rw49d
Thank you!

passwords
wordlist passwords cracking aircrack-ng john thc-hydra oclhashcat
This post is licensed under CC BY 4.0 by the author.
Share
Trending Tags
exploit vulnerabilities PoC 0day code-injection perl bugs config fuzzing RCE
  

Further Reading

Apr 4

A quick walkthrough of how to crack hashed passwords with John the Ripper

So you’ve aquired a shadow file So… you have finally rooted the server and aquired the coveted /etc/shadow file. You want to reassure your access later on. What do you do now? If installing a...

Jul 30

Authentication Bypass Techniques using SQLi, PHP, XPath, and LDAP injection

Introduction to Authentication and Authorization One of the most obvious things us as hackers need to do is bypass authentication methods. As authentication and authorization are different, you ...

May 25

Fuzz testing program file descriptors with deliverance

File Descriptors A file descriptor identifies where a file is opened in a computer system’s memory. File descriptors are most commonly used for reading and writing to files, usually on disk. The...

Site wide release of my semi-private exploit archive

A quick walkthrough of how to crack hashed passwords with John the Ripper

Comments powered by Disqus.

© 2022 Marshall Whittaker. Some rights reserved.

Trending Tags
exploit vulnerabilities PoC 0day code-injection perl bugs config fuzzing RCE