initstring / Passphrase Wordlist
Licence: mit
Passphrase wordlist and hashcat rules for offline cracking of long, complex passwords
Stars: ✭ 556
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Passphrase Wordlist
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+1203.24%)
Mutual labels: hacking, pentesting, penetration-testing, infosec, wordlist
Infosec reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+648.56%)
Mutual labels: hacking, pentesting, penetration-testing, infosec
Webmap
A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
Stars: ✭ 188 (-66.19%)
Mutual labels: hacking, pentesting, penetration-testing, wordlist
Nmap
Idiomatic nmap library for go developers
Stars: ✭ 391 (-29.68%)
Mutual labels: hacking, pentesting, penetration-testing, infosec
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+56.47%)
Mutual labels: hacking, pentesting, penetration-testing, infosec
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-88.85%)
Mutual labels: hacking, pentesting, penetration-testing, infosec
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-67.27%)
Mutual labels: hacking, pentesting, penetration-testing, infosec
Awesome Shodan Queries
🔍 A collection of interesting, funny, and depressing search queries to plug into shodan.io 👩💻
Stars: ✭ 2,758 (+396.04%)
Mutual labels: hacking, pentesting, penetration-testing, infosec
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras
Stars: ✭ 2,775 (+399.1%)
Mutual labels: hacking, pentesting, penetration-testing, infosec
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+533.27%)
Mutual labels: hacking, pentesting, penetration-testing
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-31.29%)
Mutual labels: hacking, pentesting, penetration-testing
Pentestkit
Useful tools and scripts during Penetration Testing engagements
Stars: ✭ 463 (-16.73%)
Mutual labels: hacking, pentesting, penetration-testing
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+530.04%)
Mutual labels: hacking, pentesting, penetration-testing
Thc Archive
All releases of the security research group (a.k.a. hackers) The Hacker's Choice
Stars: ✭ 474 (-14.75%)
Mutual labels: hacking, pentesting, penetration-testing
Faraday
Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.
Stars: ✭ 3,198 (+475.18%)
Mutual labels: pentesting, penetration-testing, infosec
Bopscrk
Tool to generate smart and powerful wordlists
Stars: ✭ 273 (-50.9%)
Mutual labels: hacking, wordlist, password-cracking
Archstrike
An Arch Linux repository for security professionals and enthusiasts. Done the Arch Way and optimized for i686, x86_64, ARMv6, ARMv7 and ARMv8.
Stars: ✭ 401 (-27.88%)
Mutual labels: hacking, pentesting, penetration-testing
Nishang
Nishang - Offensive PowerShell for red team, penetration testing and offensive security.
Stars: ✭ 5,943 (+968.88%)
Mutual labels: hacking, penetration-testing, infosec
Penetration Testing Study Notes
Penetration Testing notes, resources and scripts
Stars: ✭ 461 (-17.09%)
Mutual labels: hacking, pentesting, penetration-testing
Dradis Ce
Dradis Framework: Colllaboration and reporting for IT Security teams
Stars: ✭ 443 (-20.32%)
Mutual labels: pentesting, penetration-testing, infosec
Overview
People think they are getting smarter by using passphrases. Let's prove them wrong!
This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1,000 permutations of each phase.
To use this project, you need:
WORDLIST LAST UPDATED: July-15-2019
Usage
Generally, you will use with hashcat's -a 0 mode which takes a wordlist and allows rule files. It is important to use the rule files in the correct order, as rule #1 mostly handles capital letters and spaces, and rule #2 deals with permutations.
Here is an example for NTLMv2 hashes: If you use the -O option, watch out for what the maximum password length is set to - it may be too short.
hashcat -a 0 -m 5600 hashes.txt passphrases.txt -r passphrase-rule1.rule -r passphrase-rule2.rule -O -w 3
Sources Used
So far, I've scraped the following:
- IMDB dataset using the "primaryTitle" column from
title.basics.tsv.gzfile available here grabbed May 25. - From the Wikipedia
pages-articles-multistream-indexdump generated May-20-2019 here, article titles and category names. - From Wiktionary's similar index dump here, the entries generated May-20-2019.
- Urban Dictionary dataset pulled May 27 2019 using this great script.
- 15,000 Useful Phrases
- Song lyrics for Rolling Stone's "top 100" artists using my lyric scraping tool.
- Meme titles from KnownYourMeme scraped using my tool here on July 15 2019.
- Movie titles and lines from this Cornell project.
- Global POI dataset using the 'allCountries' file.
- Quotables dataset on Kaggle.
- 1,800 English Phrases
- 2016 US Presidential Debates dataset on Kaggle.
- Goodreads Book Reviews from Kaggle. I scraped the titles of over 300,000 books.
- US & UK top album names, artists, and track names from the 1950s - 2018 using mwkling's tool here.
- Note: I modified that python script to download multiple charts, as opposed to just US Billboard
Hashcat Rules
The rule files are designed to both "shape" the password and to mutate it. Shaping is based on the idea that human beings follow fairly predictable patterns when choosing a password, such as capitalising the first letter of each word and following the phrase with a number or special character. Mutations are also fairly predictable, such as replacing letters with visually-similar special characters.
Given the phrase take the red pill the first hashcat rule will output the following:
take the red pill
take-the-red-pill
take.the.red.pill
take_the_red_pill
taketheredpill
Take the red pill
TAKE THE RED PILL
tAKE THE RED PILL
Taketheredpill
tAKETHEREDPILL
TAKETHEREDPILL
Take The Red Pill
TakeTheRedPill
Take-The-Red-Pill
Take.The.Red.Pill
Take_The_Red_Pill
Adding in the second hashcat rule makes things get a bit more interesting. That will return a huge list per candidate. Here are a couple examples:
[email protected]!
[email protected]
taketheredpill2020!
T0KE THE RED PILL
Additional Info
Optionally, some researchers might be interested in:
- My best-effort to maintain raw sources here.
- The script I use to clean the raw sources into the wordlist here.
The cleanup script works like this:
$ python3.6 cleanup.py infile.txt outfile.txt
Reading from ./infile.txt: 505 MB
Wrote to ./outfile.txt: 250 MB
Elapsed time: 0:02:53.062531
Enjoy!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].