• Stars
    star
    227
  • Rank 175,900 (Top 4 %)
  • Language
  • License
    GNU General Publi...
  • Created almost 4 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Password lists with top passwords to optimize bruteforce attacks

Password Lists

Introduction

Password lists are going back to the roots of information security. They compile a list of popular passwords. Often to optimize bruteforce attacks to identify (weak) passwords as quickly as possible.

Background

We are using a dedicated infrastructure to collect, import, and analyze leaked passwords. This system helps us to determine and alert customers affected by certain data breaches. It also supports us to do further analysis of password structures, to understand motivations and decisions by users. Details about collecting, processing and importing password leaks are discussed in our article.

Approach

Our password lists are based on our statistical analysis and are an important part of our Red Teaming projects. The goal is to provide ideal password lists for targets with a specific cultural or technological background:

  • general and overall lists
  • by countries (tld, association, meta data)
  • by popular domains (domains, sub-domains)
  • by popular organizations (tld, domains, sub-domains)
  • numeric passwords (PINs, years, DDMM)

Structure

The password lists are ordered by descending popularity. The most popular passwords of a dedicated group are on top of the list. We do only include passwords which were used by at least two different accounts to prevent highly unique or otherwise personally identifying passwords. All passwords are known to be leaked and available to the public.

More information about statistical details are available in our article.

More Repositories

1

vulscan

Advanced vulnerability scanning with Nmap NSE
Lua
3,322
star
2

HardeningKitty

HardeningKitty - Checks and hardens your Windows configuration
PowerShell
1,235
star
3

nac_bypass

Script collection to bypass Network Access Control (NAC, 802.1x)
Shell
260
star
4

btle-sniffer

Passively scan for Bluetooth Low Energy devices and attempt to fingerprint them
Python
124
star
5

httprecon-nse

Advanced web server fingerprinting for Nmap
Lua
113
star
6

PowerShellUtilities

PowerShellUtilities provides various utility commandlets.
PowerShell
47
star
7

browserrecon-php

Advanced Web Browser Fingerprinting
PHP
41
star
8

websocket_fuzzer

Simple WebSocket fuzzer
Python
32
star
9

AttackToolKit

Open-source Exploiting Framework
Visual Basic
28
star
10

KleptoKitty

Invoke-KleptoKitty - Deploys Payloads and collects credentials
PowerShell
26
star
11

RIPv6

Random IPv6 - circumvents restrictive IP address-based filter and blocking rules
Shell
23
star
12

httprecon-win32

Advanced web server fingerprinting
Visual Basic
20
star
13

rbpi_remote

Shell
12
star
14

filerecon

Advanced File Fingerprinting
Visual Basic
11
star
15

ProxyExe

Launch a Windows EXE file with this EXE file (application filter evasion)
Visual Basic
10
star
16

VbscriptUtilities

Simple VBS Utilities
Visual Basic
9
star
17

ContainerKitty

Invoke-ContainerKitty - Automates container scans with Docker Engine
PowerShell
7
star
18

codex

Dissect code, analyze logic, find flaws
Visual Basic
6
star
19

WindowsMobileBackdoor

Backdoor for Windows Mobile Phones
Visual Basic
5
star
20

PHPUtilities

PHPUtilities provides various utility scripts.
PHP
5
star
21

browserrecon-asp

Advanced Web Browser Fingerprinting
ASP
4
star
22

midfp-win32

Mail Message-ID Fingerprinting
Visual Basic
1
star
23

midfp-php

Mail Message-ID Fingerprinting
PHP
1
star