Passphrase-wordlist - Shameless clone of passphrase wordlist

Related tags

Security related resourcespassphrase-wordlist
Overview

This repository is NOT official -- the original repository is located on GitLab at https://gitlab.com/initstring/passphrase-wordlist

This repository is only a tribute

Overview

People think they are getting smarter by using passphrases. Let's prove them wrong!

This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1,000 permutations of each phase.

To use this project, you need:

  • The wordlist hosted here (right-click, save-as).
  • Both hashcat rules here.

WORDLIST LAST UPDATED: 2021-10-04

Usage

Generally, you will use with hashcat's -a 0 mode which takes a wordlist and allows rule files. It is important to use the rule files in the correct order, as rule #1 mostly handles capital letters and spaces, and rule #2 deals with permutations.

Here is an example for NTLMv2 hashes: If you use the -O option, watch out for what the maximum password length is set to - it may be too short.

hashcat -a 0 -m 5600 hashes.txt passphrases.txt -r passphrase-rule1.rule -r passphrase-rule2.rule -O -w 3

Sources Used

Some sources are pulled from a static dataset, like a Kaggle upload. Others I generate myself using various scripts and APIs. I might one day automate that via CI, but for now you can see how I update the dynamic sources here.

source file name source type description
wiktionary-2021-09-29.txt dynamic Article titles scraped from Wiktionary's index dump here.
wikipedia-2021-09-29.txt dynamic Article titles scraped from the Wikipedia pages-articles-multistream-index dump generated 29-Sept-2021 here.
urban-dictionary-2021-09-29.txt dynamic Urban Dictionary dataset pulled using this script.
know-your-meme-2021-09-29.txt dynamic Meme titles from KnownYourMeme scraped using my tool here.
imdb-titles-2021-09-29.txt dynamic IMDB dataset using the "primaryTitle" column from title.basics.tsv.gz file available here
global-poi-2021-09-29.txt dynamic Global POI dataset using the 'allCountries' file from 29-Sept-2021.
billboard-titles-2021-10-04.txt dynamic Album and track names using Ultimate Music Database, scraped with a fork of mwkling's tool, modified to grab Billboard Singles (1940-2021) and Billboard Albums (1970-2021) charts.
billboard-artists-2021-10-04.txt dynamic Artist names using Ultimate Music Database, scraped with a fork of mwkling's tool, modified to grab Billboard Singles (1940-2021) and Billboard Albums (1970-2021) charts.
book.txt static Kaggle dataset with titles from over 300,000 books.
rstone-top-100.txt static
(could be dynamic in future)		 Song lyrics for Rolling Stone's "top 100" artists using my lyric scraping tool.
cornell-movie-titles-raw.txt static Movie titles from this Cornell project.
cornell-movie-lines.txt static Movie lines from this Cornell project.
author-quotes-raw.txt static Quotables dataset on Kaggle.
1800-phrases-raw.txt static 1,800 English Phrases.
15k-phrases-raw.txt static 15,000 Useful Phrases.

Hashcat Rules

The rule files are designed to both "shape" the password and to mutate it. Shaping is based on the idea that human beings follow fairly predictable patterns when choosing a password, such as capitalising the first letter of each word and following the phrase with a number or special character. Mutations are also fairly predictable, such as replacing letters with visually-similar special characters.

Given the phrase take the red pill the first hashcat rule will output the following:

take the red pill
take-the-red-pill
take.the.red.pill
take_the_red_pill
taketheredpill
Take the red pill
TAKE THE RED PILL
tAKE THE RED PILL
Taketheredpill
tAKETHEREDPILL
TAKETHEREDPILL
Take The Red Pill
TakeTheRedPill
Take-The-Red-Pill
Take.The.Red.Pill
Take_The_Red_Pill

Adding in the second hashcat rule makes things get a bit more interesting. That will return a huge list per candidate. Here are a couple examples:

[email protected]!
[email protected]
taketheredpill2020!
T0KE THE RED PILL

Additional Info

Optionally, some researchers might be interested in:

  • The raw source files mentioned in the table above. You can download them by appending the file name to https://f002.backblazeb2.com/file/passphrase-wordlist/.
  • The script I use to clean the raw sources into the wordlist here.

The cleanup script works like this:

$ python3.6 cleanup.py infile.txt outfile.txt
Reading from ./infile.txt: 505 MB
Wrote to ./outfile.txt: 250 MB
Elapsed time: 0:02:53.062531

Enjoy!

Owner
Jeff McJunkin
Jeff McJunkin
GitHub Repository
Python APK Reverser & Patcher Tool

DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (

DedSecTL 10 Oct 31, 2022
A small POC plugin for launching dumpulator emulation within IDA, passing it addresses from your IDA view using the context menu.

Dumpulator-IDA Currently proof-of-concept This project is a small POC plugin for launching dumpulator emulation within IDA, passing it addresses from

Michael 9 Sep 21, 2022
๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

๐™พ๐š™๐šŽ๐š— ๐š‚๐š˜๐šž๐š›๐šŒ๐šŽ ๐š‚๐šŒ๐š›๐š’๐š™๐š - ๐™ฝ๐š˜ ๐™ฒ๐š˜๐š™๐šข๐š›๐š’๐š๐š‘๐š - ๐šƒ๐šŽ๐šŠ๐š– ๐š†๐š˜๐š›๐š” - ๐š‚๐š’๐š–๐š™๐š•๐šŽ ๐™ฟ๐šข๐š๐š‘๐š˜๐š— ๐™ฟ๐š›๐š˜๐š“๐šŽ๐šŒ๐š - ๐™ฒ๐š›๐šŽ๐šŠ๐š๐šŽ๐š ๐™ฑ๐šข : ๐™ฐ๐š•๐š• ๐šƒ๐šŽ๐šŠ๐š– - ๐™ฒ๐š˜๐š™๐šข๐™ฟ๐šŠ๐šœ๐š ๐™ฒ๐šŠ๐š— ๐™ฝ๐š˜๐š ๐™ผ๐šŠ๐š”๐šŽ ๐šˆ๐š˜๐šž ๐š๐šŽ๐šŠ๐š• ๐™ฟ๐š›๐š˜๐š๐š›๐šŠ๐š–๐š–๐šŽ๐š›

CodeX-ID 2 Oct 27, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
Reusable Lightweight Pythonic Dependency Injection Library

Vacuna Inject everything! Vacuna is a little library to provide dependency management for your python code. Install pip install vacuna Usage import va

Fernando Martรญnez Gonzรกlez 16 Sep 15, 2021
AutoScan ๆœ‰ๅคšไธช็›ฎๆ ‡ๆ—ถ๏ผŒ่ฐƒ็”จxray+rad่ฟ›่กŒ่‡ชๅŠจๆ‰ซๆ

Usage: ๅœจ้ซ˜็บง็‰ˆXrayๅ’ŒradๅŒ็›ฎๅฝ•ไธ‹่ฟ่กŒ python3 X-AutoXray.py xxxx.txt ๅ†™็š„่›ฎไบบๆ€งๅŒ–็š„ๅ“ฆ๏ผŒos,linux,windows้€š็”จ ็”Ÿๆˆ็š„xrayๆŠฅๅ‘Šไผšๅœจๅฝ“ๅ‰็›ฎๅฝ•็š„/resultไธ‹้ข Ctrl+c ๆ‰“ๆ–ญ่„šๆœฌ่ฟ่กŒๆ—ถ่ฟ˜ๅฏไปฅ็ป“็ฎ—ๆ‰ซๆ่ฟ›ๅบฆ๏ผŒ็”Ÿๆˆๅทฒๆ‰ซๆๅ’Œๆœชๆ‰ซๆ็š„่ฟ›ๅบฆๆ–‡ไปถ๏ผŒ

ๆ–ฏๆ–‡ 73 Jan 01, 2023
CC CAMERA HACKING TOOL

CAM-HACK CC CAMERA HACKING TOOL Installation On Termux $ apt update

Aryan 10 Sep 25, 2022
Dome - Subdomain Enumeration Tool. Fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports.

DOME - A subdomain enumeration tool Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtai

Vadi 329 Jan 01, 2023
Utility for Extracting all passwords from ConnectWise Automate

CWA Password Extractor Utility for Extracting all passwords from ConnectWise Automate (E.g. while migrating to a new system). Outputs a csv file with

Matthew Kyles 1 Dec 09, 2021
A security system to warn you when people enter your room ๐ŸŽฅ

Get Out My Room v0.1 I hate people coming in my room when i'm not there. Get Out My Room is a simple security system that sends notifications with vid

ScriptLine 1 Jan 11, 2022
Automated tool to exploit basic buffer overflow remotely and locally & x32 and x64

Automated tool to exploit basic buffer overflow (remotely or locally) & (x32 or x64)

5 Oct 09, 2022
Implementation of an attack on a tropical algebra discrete logarithm based protocol

Implementation of an attack on a tropical algebra discrete logarithm based protocol This code implements the attack detailed in the paper: On the trop

3 Dec 30, 2021
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
xp_CAPTCHA(็™ฝๅซ–็‰ˆ) burp ้ชŒ่ฏ็  ่ฏ†ๅˆซ burpๆ’ไปถ

xp_CAPTCHA(็™ฝๅซ–็‰ˆ) ่ฏดๆ˜Ž xp_CAPTCHA (็™ฝๅซ–็‰ˆ) ้ชŒ่ฏ็ ่ฏ†ๅˆซ burpๆ’ไปถ ๅฎ‰่ฃ… ้œ€่ฆpython3 ๅฐไบŽ3.7็š„็‰ˆๆœฌ ๅฎ‰่ฃ… muggle_ocr ๆจกๅ—๏ผˆๅคงๆฆ‚400Mๅทฆๅณ๏ผ‰ python3 -m pip install -i http://mirrors.aliyun.com/

็ฎ—ๅ‘ฝ็ธ–ๅญ 588 Jan 09, 2023
NExfil is an OSINT tool written in python for finding profiles by username.

NExfil is an OSINT tool written in python for finding profiles by username. The provided usernames are checked on over 350 websites within few seconds.

thewhiteh4t 1.4k Jan 01, 2023
EMBArk - The firmware security scanning environment

Embark is being developed to provide the firmware security analyzer emba as a containerized service and to ease accessibility to emba regardless of system and operating system.

emba 175 Dec 14, 2022
Huskee: Malware made in Python for Educational purposes

๐‡๐”๐’๐Š๐„๐„ Caracteristicas: Discord Token Grabber Wifi Passwords Grabber Googl

chew 4 Aug 17, 2022
SSH Tool For OSINT and then Cracking.

sshmap SSH Tool For OSINT and then Cracking. Linux Systems Only Usage: Scanner Syntax: scanner start/stop/status - Sarts/stops/sho

Miss Bliss 5 Apr 04, 2022
STATS305C: Applied Statistics III (Spring, 2022)

STATS305C: Applied Statistics III Instructor: Scott Linderman TA: Matt MacKay, James Yang Term: Spring 2022 Stanford University Course Description: Pr

Scott Linderman 14 Aug 11, 2022
Cloud One Container Security Runtime Events Forwarder

Example on how to query events by a RESTful API, compose CEF event format and send the events to an UDP receiver.

Markus Winkler 3 Feb 10, 2022