暴力破解字典及字典生成器

GitHub上的：

https://github.com/danielmiessler/SecLists/tree/master/Passwords/Leaked-Databases

https://github.com/duyetdev/bruteforce-database

 

一些博客的：

Large Password Lists: Password Cracking Dictionary’s Download For Free

by

Noor Qureshi

posted on

December 9, 2016

from：https://thehacktoday.com/password-cracking-dictionarys-download-for-free/

 

For cracking passwords, you might have two choices

1. Dictionary Attack

2. Brute Force Attack.

The Dictionary attack is much faster then as compared to Brute Force Attack. (There is another method named as 「Rainbow table」, it is similar to Dictionary attack).

In order to achieve success in a dictionary attack, we need a large size of Password lists.

Here is the list of 1,717,681 passwords & More (Free to download):

If you didn’t get your required password in that dictionary or file you might wanna follow our custom wordlist tutorial for creating your own wordlist.

10-million-combos.zip 85MB

36.4GB-18_in_1.lst.7z 5GB

WPA-PSK WORDLIST 3 Final (13 GB).rar  4GB

b0n3z-wordlist-sorted_REPACK-69.3GB.7z  9GB

b0n3z_dictionary-SPLIT-BY-LENGTH-34.6GB.7z  3GB

crackstation-human-only.txt.gz 246MB

crackstation.txt.gz 4GB

 

---

You can find 20+ wordlists here: https://www.hacktoday.net/t/password-dictionaries/47

 

Password List Download Best Word List – Most Common Passwords

from:https://www.darknet.org.uk/2008/02/password-cracking-wordlists-and-tools-for-brute-forcing/

Last updated: October 9, 2017 | 692,250 views

 

Password list download below, best word list and most common passwords are super important when it comes to password cracking and recovery, as well as the whole selection of actual leaked password databases you can get from leaks and hacks like Ashley Madison, Sony and more.

 

 

Generate your own Password List or Best Word List

There are various powerful tools to help you generate password lists or wordlists for brute forcing based on information gathered such as documents and web pages such as:

– Wyd – password profiling tool
– Crunch – Password Cracking Wordlist Generator
– CeWL v5.1 – Password Cracking Custom Word List Generator
– RSMangler – Keyword Based Wordlist Generator For Bruteforcing
– The Associative Word List Generator (AWLG) – Create Related Wordlists

These are useful resources that can add unique words that you might not have if your generic lists, using a combination of generated lists, most common passwords and leaked password databases you can generate a very powerful selection of passwords for brute force cracking.

Also, add all the company related words you can and if possible use industry-specific word lists (chemical names for a lab, medical terms for a hospital etc).

And always brute force in the native language. There are some language-specific resources below.

Password List Download Best Word Lists

Although old, one of the most complete word list sets is here (easily downloadable by FTP too):

Oxford Uni Wordlists

This includes a whole bunch of language specific resources too (Afrikaans, American, Aussie, Chinese, Croatian, Czech, Danish, French, German, Hindi, Japanese, Polish, Russian, Spanish and more).

This is another famous pass list txt which is over 2GB uncompressed, Argon v2:

The Argon Wordlists

Here we have 50,000 words, common login/passwords and African words (this used to be a great resource):

 

 

Totse Word Lists

One of the most famous lists is still from Openwall (the home of John the Ripper) and now costs money for the full version:

Openwall Wordlists Collection

Some good lists here organized by topic including surnames, family names, given names, jargon, hostnames, movie characters etc.

Outpost9 Word lists

Packetstorm has some good topic-based lists including sciences, religion, music, movies and common lists.

Packetstorm word lists

French Spanish & Language Specific Word Lists

There’s a good French word list here with and without accents, also has some other languages including names:

french.gz

Spanish password list that has 172122 words:

spanish.gz

Russian wordlist that has 296790 words:

russian2.tgz

Swedish password wordlist that contains 24292 words:

swedish.gz

Tools for Password List Brute Forcing

 

 

You can also check out some default password lists and if you aren’t sure what tools to use I suggest checking out:

• Medusa 1.4 – Parallel Password Cracker
• THC-Hydra – The Fast and Flexible Network Login Hacking Tool
• Cain And Abel Download – Windows Password Cracker
• JTR (Password Cracking) – John the Ripper 1.7 Released

Enjoy! And as always if you have any good resources or tools to add – do mention them in the comments.

 

此外，還能夠使用crunch來生成密碼。

crunch默認安裝在kali環境中(05-Password Attacks)，Crunch能夠按照指定的規則生成密碼字典，生成的字典字符序列能夠輸出到屏幕、文件或重定向到另外一個程序中，Crunch能夠參數可能的組合和排列，其最新版本爲3.6。並具有以下特徵：

• Crunch能夠以組合和排列的方式生成字典
• 它能夠經過行數或文件大小停止輸出
• 如今支持恢復
• 如今支持數字和符號模式
• 如今分別支持大小寫字符模式
• 在生成多個文件時添加狀態報告
• 新的-l選項支持@，%^
• 新的-d選項能夠限制重複的字符，能夠經過man文件查看詳細信息
• 如今支持unicode

Crunch其實最厲害的是知道密碼的一部分細節後，能夠針對性的生成字典，這在滲透中就特別有用，好比知道用戶密碼的習慣是taobao2013(taobao+數字年)，這能夠經過Crunch生成taobao+全部的年份字典，用來進行暴力破解攻擊其效果尤佳!

例如：比較有用的命令

(1)生成pass01-pass99全部數字組合

crunch 6 6 -t pass%%  >>newpwd.txt

(2)生成六位小寫字母密碼，其中前四位爲pass

crunch 6 6 -t pass@@  >>newpwd.txt

(3)生成六位密碼，其中前四位爲pass，後二位爲大寫

crunch 6 6 -t pass,,  >>newpwd.txt

(4)生成六位密碼，其中前四位爲pass，後二位爲特殊字符

crunch 6 6 -t pass^^  >>newpwd.txt

(5)製做8爲數字字典

crunch 8 8 charset.lst numeric -o num8.dic

(6)製做6爲數字字典

crunch 6 6  0123456789 –o num6.dic

(7)製做139開頭的手機密碼字典

crunch 11 11  +0123456789 -t 139%%%%%%%% -o num13.dic

文件大小爲1144 MB，還能夠每次生成文件大小爲20M，自動生成文件：

crunch 11 11  +0123456789 -t 139%%%%%%%% -b 20mib -o START

(8)在線使用生成的密碼

不用把龐大的字典保存在硬盤上，生成一個密碼用一個，不過消耗的時間多，比較佔用cpu，參數最後面的-表示引用crunch生成的密碼，例如無線密碼在線破解：

原文地址：https://www.cnblogs.com/bonelee/p/9323488.html