- Then you can feed that wordlist to a C program that will if any of the hashes of those words matches the hash you are trying to crack. It also has other tools, like a hacking header file and a benchmarker and a random password generator - dont use a password that can be cracked! This project is very unfinished though and I will update it soon.
- Kali ini saya akan share wordlist password indonesia ( bahasa indonesia ) cocok untuk anda yang suka bermain bruteforce attack atau digunakan untuk aircrack dan lain-lain password ini buatan oleh hacker legendaris asal indonesia Jim Geovedi kenal kan hehehe silahkan download wordlistnya Password 1 = Download Disini Password 2 = Download Disini.
1.4 billion password breach compilation wordlist
breachcompilation.txt
Large Password List: Free Download Dictionary File for Password Cracking. For password cracking, you can choose two different methods 1. Dictionary Attack 2. Brute Force Attack. The Dictionary attack is much faster when compared to Brute force attack.(There is another method named as “Rainbow table”, it is similar to Dictionary attack).
wordlist created from original 41G stash via: |
grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt |
Then, compressed with: |
7z a breachcompilation.txt.7z breachcompilation.txt |
Size: |
4.1G compressed |
9.0G uncompressed |
No personal information included - just a list of passwords. |
magnet url: |
magnet:?xt=urn:btih:5a9ba318a5478769ddc7393f1e4ac928d9aa4a71&dn=breachcompilation.txt.7z |
commented Dec 19, 2017
Also forgot to note: 1012024699 total lines in the file |
commented Dec 19, 2017
full base magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337 |
![Download Wordlist Password Download Wordlist Password](/uploads/1/2/5/0/125066623/373330049.jpg)
commented Dec 19, 2017
modInfo, is it txt file? |
commented Dec 19, 2017 • edited
edited
Welp, looks like this is not sorted, so not a unique list. :(
LC_ALL=C sort --parallel=8 -u breachcompilation.txt -o breachcompilation.sorted.txt
sed -i -e's/^s*//' breachcompilation.sorted.txt Check out this thread for more info: |
commented Dec 20, 2017 • edited
edited
There is about 38% of the list that is unique (with sort & uniq I get 384149228 lines). And a lot are not only password but email:password |
commented Dec 20, 2017 • edited
edited
There are quite a few lines like this in the list as well:
|
commented Dec 20, 2017
je n'arrive pas a la télécharger y'aurais pas un autre liens ? |
commented Dec 20, 2017
@folet1992 il te faut bittorrent ou autre client de torrents puis utilise le magnet sur le post original. |
commented Dec 20, 2017
grep -rohP '(?<=:).*$' |sort |uniq -c|sort -nr > breachcompilation_index.txt cat breachcompilation_index.txt |cut -b 9- > breachcompilation.txt uncompressed filesize: 6.7G Dec 20 19:35 breachcompilation_index.txt 3.8G Dec 20 23:14 breachcompilation.txt I have a file with a password count and one without.. |
commented Dec 21, 2017 • edited
edited
It seems just over half this file is wasted space. The uniq command only removed duplicates that are directly following each other.3.8G breachcompilation_sorted.txt 9.0G breachcompilation.txt |
commented Dec 31, 2017
@cFire can you give the sorted text link for download? |
commented Jan 8, 2018
@cFire can you please share the link to the sorted one please? |
commented Jan 10, 2018
that would be great yes |
commented Jan 11, 2018
There is no sorted text link. You have to download the magnet link provided above and run the line cFire provided. |
commented Feb 1, 2018
Hello there! Here is my experience of importing Breach Compilation in Postgres: https://gist.github.com/spacepatcher/8f94289236612a40ed93efc5645c0ccd |
commented Feb 17, 2018
If anybody wants to quickly look up their own address and is unable to set it up themselves, I've set up a telegram bot for that. It's running on a weak server, so please don't look up more than a few addresses. And I might remove that functionality any time. but if you have no better option whatsoever, it's something ;) Direct Telegram Link Usage: /q [email protected] I also feature regex searching the results. |
commented Feb 27, 2018 • edited
edited
Does anyone know where is this new leak? https://www.hackread.com/3000-databases-200-million-unique-accounts-exposed-dark-web/ with email and password as the link @modInfo provided. |
commented Mar 11, 2018
@adon90 if you happen to find out, please let us know. But I assume that is a database that was sold in some darkweb marketplace, not a public dump. |
commented Apr 13, 2018
is it also possible to use a domain name instead of a full email adres, like *@outlook.com |
commented Jul 15, 2018
can anyone suggest me how to import all the db in sql? |
commented Jul 31, 2018
Can you explain me why you have used 'ohP '(?<=:).*$’ ' in grep command? Thanks |
![Download Download](/uploads/1/2/5/0/125066623/801103219.jpg)
commented Aug 12, 2018
certain lines have ; as delimiter and not : How to extract the passwords in such a case Like in file data/n/a/0 line 955 Delete files on macbook pro. |
commented Jan 2, 2019
@mayankmetha replace all ; with : |
commented Jan 6, 2019
How can I specifically see one of the dumps, e.g. only the LinkedIn one or another one ? |
commented Jan 6, 2019
commented Jan 13, 2019
can someone zip and repost breachcompilation_sorted.txt? |
commented Jan 18, 2019 • edited
edited
Ran sort/uniq the breachcompilation list and repackaged it. Compressed size runs around a gig. magnet:?xt=urn:btih:ac0df29b6ae2061a1f547056eee37343646e11de&dn=breaches.7z&tr=http%3A%2F%2Ftracker1.wasabii.com.tw%3A6969%2Fannounce&tr=udp%3A%2F%2Fexplodie.org%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fipv4.tracker.harry.lu%3A80%2Fannounce |
Free Wordlist Download
commented Mar 21, 2019
is there any way we can edit the query.sh file and make it search like *@gmail.com and get all gmails. ? |
commented Apr 3, 2019
Are there any special characters in password list? Did you delete a partial of password? I just wondered that I can check whether or not my client is vulnerable. |
commented Jul 15, 2019
For anyone who has DHT disabled and need trackers, I would recommend @ngosang @ https://github.com/ngosang/trackerslist |
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
Do you know what the world's most common passwords are?
Do you know what they look like?
You'll want to avoid them to be secure!
Do you know what they look like?
You'll want to avoid them to be secure!
Thinking of Cloning?
This repository does not contain code, but links to a group of lists.
A clone may not be necessary to get the files you need.
Visit the downloads page for more information.
A clone may not be necessary to get the files you need.
Visit the downloads page for more information.
Check out the Password Trend Analysis - and learn!
I visualized the trends of passwords that appeared 10 times or more in the Version 1 files.The charts contain immediately actionable advice on how to make your passwords more unique.
Methodology: Why and How
The Why
Password wordlists are not hard to find. It seems like every few weeks we hear about a massive, record-breaking data breach that has scattered millions of credentials across the internet for everyone to see. If our data is leaked, we'll change our passwords, the hard-working security teams will address the vulnerabilities and everyone will wait until they hear about the next breach.
While leaks may be published with malicious intent, I see an opportunity here for the us to make ourselves a bit more secure online.
Passwords, by definition, are meant to be secret. If it weren't for these leaks, we might not have any idea what a password looks like. Sure, we might know the password to a friend's home Wifi network, or for a company expense account, but passwords are usually only intended to be known by the user and an authentication system.
But, consider this:
If you are never supposed to tell me yours, and I am never going to tell you mine..
How do we know that we aren't using the same passwords?
If you are never supposed to tell me yours, and I am never going to tell you mine..
How do we know that we aren't using the same passwords?
How do we know we aren't using the same passwords as millions of other people?
If crooks are the only ones who understand what common passwords look like, then the rest of us may never change our passwords! Without this knowledge, we may just continue believing that our password is one of a kind. Data shows that frequently, passwords certainly are not one of a kind.
This is confirmed year after year when
password
is found to be among the top 3 password for the umpteenth time in a row. Until we know what common passwords look like, we will come up with passwords that appear on dozens of leaks.If any of your passwords has been published on the internet for everyone to see, then can you really claim it as your password?
The How
While studying password wordlists, I noticed most were either sorted alphabetically or not sorted at all. This might be okay computerized analysis, but I wanted to learn something about the way people think.
I determined that for the most practical analysis, lists had to be sorted in a manner that reflected actual human behavior, not an arbitrary alphabet system or random chronology.
For the better part of a year, I went to sites like SecLists, Weakpass, and Hashes.org to download nearly every single Wordlist containing real passwords I could find. After attempting to remove non-pertinent information, this harvest yielded 1600 files spanning more than 350GB worth of leaked passwords.
For each file, I removed internal duplicates and ensured that they all used the same style of newline character. Some of these lists were composed of smaller lists, and some lists were exact copies, but I took care that the source material was as 'pure' as possible. Then, all files were combined into a single amalgamation that represented all of the source files.
Each time a password was found in this file represented a time it was found in the source materials. I considered the number of times a password was found across all of the files to be an approximation of its overall popularity. If an entry was found in less than 5 files, it isn't commonly used. But, if an entry could be found more than 350 files, it is incredibly popular. The passwords that were found in the highest number of source files are considered to be the most popular and are placed at top of the list. Files that didn't appear frequently were placed at the bottom.
The giant source file represented nearly 13 billion passwords! However, since this project aims to find the most popular passwords, and not just list as many passwords as I could find, a password needed to be found at least 5 times in analysis to be included on these lists.
The end result is a list of approximately 2 Billion real passwords, sorted in order of their popularity, not by the alphabet.
Directories In This Repository
Files sorted by popularity will include
probable-v2
in the filenameThese are REAL passwords.
The files in this folder come from sites like https://github.com/danielmiessler/SecLists, https://weakpass.com/ and https://hashes.org/
Some files contain entries between 8-40 characters. These can be found in the Real-Passwords/WPA-Length directory.
Files including dictionaries, encyclopedic lists and miscellaneous. Wordlists in this folder were not necessarily associated with the 'password' label.
Some technically useful lists, such as common usernames, tlds, directories, etc. are included.
Files useful for password recovery and analysis. Includes HashCat Rules and Character Masks.
These files were generated using the PACK project.
Attributions
- Ian Norden for helping with duplicates and volunteering his time to make me a little less noobish
- The folks over at OWASP's SecLists for providing sources and inspiration
- Sources like Weakpass, Crackstation, Hashkiller and Hashes.Org for inspiration and lists.
People Are Talking About Probable-Wordlists?!
Note that the author is not affiliated with or officially endorsing the visiting of any of the links below.
I found most (if not all) of these mentions by simply searching for the project in various engines
- Netmux/Joshua Picolet's Hashcrack 2.0 - CreateSpace Independent Publishing Platform; 2 edition (September 1, 2017) - ISBN: 978-1975924584
- Probable-Wordlists has made the Security Now Podcast! Shout out to Steve Gibson and Leo Laporte!
Thanks for the shout-outs!
Disclaimer and License
- These lists are for LAWFUL, ETHICAL AND EDUCATIONAL PURPOSES ONLY.
- The files contained in this repository are released 'as is' without warranty, support, or guarantee of effectiveness.
- However, I am open to hearing about any issues found within these files and will be actively maintaining this repository for the foreseeable future. If you find anything noteworthy, let me know and I'll see what I can do about it.
The author did not steal, phish, deceive or hack in any way to get hold of these passwords.All lines in these files were obtained through freely available means.
The author's intent for this project is to provide information on insecure passwords in order to increase overall password security. The lists will show you what passwords are the most common, what patterns are the most common, and what you should avoid when creating your own passwords.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.