Wordlists for Password Cracking and Other Brute Force Resources

Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on RedditPin on PinterestShare on StumbleUponEmail this to someoneDigg thisShare on LinkedInShare on Tumblr

Biggest password cracking wordlistBrute Forcing and Dictionary Attacks are two methods of getting the same result, a password. Dictionary Cracking can mostly rely on the quality of your word list. Quite often, I have people ask me where they can get wordlists. It would not be easy for me to just pass them a wordlist, because as you may know, they are Ginormous!

Note:

  • There are also various tools to generate wordlists for Dictionary Attacks, based on information gathered such as documents and web pages (such as Wyd – password profiling tool) These are useful resources that can add unique words that you might not otherwise have if your generic lists.
  • Add all the company related words you can and if possible use industry specific word lists (chemical names for a lab, medical terms for a hospital etc).
  • And always brute force in the native language.

Openwall

One of the most famous lists is still from Openwall (the home of John the Ripper) and now costs money for the full version:

Openwall Wordlists Collection

Outpost9

Some good lists here organized by topic:

Outpost9 Word lists

Packetstorm

Packetstorm has some good topic based lists including sciences, religion, music, movies and common lists.

Packetstorm word lists

SCOWL

SCOWL (Spell Checker Oriented Word Lists) is a collection of word lists split up in various sizes, and other categories, intended to be suitable for use in spell checkers. However, I am sure it will have numerous other uses as well.

zip (rev 7.1, 2.5 MB) (release notes & changelog)

AGID

AGID is an Automatically Generated Inflection Database from an insanely large word list. My goal is for the non-questionable entries to be 100% accurate.

zip (rev 4, 0.9 MB) (release notes & changelog)

VarCon

VarCon (Variant Conversion Info) contains tables to convert between American, British (both “ise” and “ize” spellings), and Canadian spellings and vocabulary as well as well as a table listing the equivalent forms of other variants.

zip (rev 5.1, 0.2 MB) (release notes & changelog)

Part Of Speech Database

The Part Of Speech Database is a combination of “Moby ™ Part-of-Speech II” and the WordNet database.

zip (1.2 MB)

Unofficial Jargon File Word Lists

The Unofficial Jargon File Word Lists is a collection of useful Word Lists created from the Jargon file.

tar.gz

Ispell English Word Lists

This package contains the contents of the Ispell (ver 3.1.20) word list after being expand from there affix compressed form used by Ispell.

zip (0.4 MB)

Unofficial Alternate 12 Dicts Package

The Unofficial Alternate 12 Dicts Package contains almost all the information in the official 12Dicts package but in a different format as well as a good deal of additional information. However it is not meant as a replacement for the official 12Dicts package. It simply offers the information in a different way.

zip (rev 4, 1.0 MB)

Other Word Lists:

I like to keep 3 size word lists:

  1. small and fast: usually based on the output of one of the tools i’m about to tell you about.
  2. medium: this is my custom list that I add passwords I find / crack and generally think are good to add. I’m pretty picky about what goes into this list.
  3. huge: any wordlist I come across gets added to this list, it gets sorted and uniqued and restored.

Tools of the Trade

Now the two tools that I like for generating small lists is are CeWL and wyd:

They have some very similar lists of features, your mileage may vary. But they basically parse files and web pages for words and generate password lists based on the words found.

You can also check out some default password lists and if you aren’t sure what tools to use I suggest checking out:

  • Medusa 1.4 – Parallel Password Cracker
  • THC-Hydra – The Fast and Flexible Network Login Hacking Tool
  • Cain & Abel – Password Cracker with Network Sniffing
  • JTR (Password Cracking) – John the Ripper 1.7 Released
  • Dr-Crack – Combination Dictionary and Rainbow Table Cracker

Enjoy! And as always if you have any good resources or tools to add – do mention them in the comments.


Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on RedditPin on PinterestShare on StumbleUponEmail this to someoneDigg thisShare on LinkedInShare on Tumblr
Tagged , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>