暴力破解字典及字典生成器

GitHub上的：

https://github.com/danielmiessler/SecLists/tree/master/Passwords/Leaked-Databases

https://github.com/duyetdev/bruteforce-database

一些部落格的：

Large Password Lists: Password Cracking Dictionary’s Download For Free

by

Noor Qureshi

posted on

December 9, 2016

from：https://thehacktoday.com/password-cracking-dictionarys-download-for-free/

For cracking passwords, you might have two choices

1. Dictionary Attack

2. Brute Force Attack.

The Dictionary attack is much faster then as compared to Brute Force Attack. (There is another method named as “Rainbow table”, it is similar to Dictionary attack).

In order to achieve success in a dictionary attack, we need a large size of Password lists.

Here is the list of 1,717,681 passwords & More (Free to download):

If you didn’t get your required password in that dictionary or file you might wanna follow our custom wordlist tutorial for creating your own wordlist.

10-million-combos.zip 85MB

36.4GB-18_in_1.lst.7z 5GB

WPA-PSK WORDLIST 3 Final (13 GB).rar  4GB

b0n3z-wordlist-sorted_REPACK-69.3GB.7z  9GB

b0n3z_dictionary-SPLIT-BY-LENGTH-34.6GB.7z  3GB

crackstation-human-only.txt.gz 246MB

crackstation.txt.gz 4GB

You can find 20+ wordlists here: https://www.hacktoday.net/t/password-dictionaries/47

Password List Download Best Word List – Most Common Passwords

from:https://www.darknet.org.uk/2008/02/password-cracking-wordlists-and-tools-for-brute-forcing/

Last updated: October 9, 2017 | 692,250 views

Password list download below, best word list and most common passwords are super important when it comes to password cracking and recovery, as well as the whole selection of actual leaked password databases you can get from leaks and hacks like Ashley Madison, Sony and more.

Generate your own Password List or Best Word List

There are various powerful tools to help you generate password lists or wordlists for brute forcing based on information gathered such as documents and web pages such as:

– Wyd – password profiling tool

– Crunch – Password Cracking Wordlist Generator

– CeWL v5.1 – Password Cracking Custom Word List Generator

– RSMangler – Keyword Based Wordlist Generator For Bruteforcing

– The Associative Word List Generator (AWLG) – Create Related Wordlists

These are useful resources that can add unique words that you might not have if your generic lists, using a combination of generated lists, most common passwords and leaked password databases you can generate a very powerful selection of passwords for brute force cracking.

Also, add all the company related words you can and if possible use industry-specific word lists (chemical names for a lab, medical terms for a hospital etc).

And always brute force in the native language. There are some language-specific resources below.

Password List Download Best Word Lists

Although old, one of the most complete word list sets is here (easily downloadable by FTP too):

Oxford Uni Wordlists

This includes a whole bunch of language specific resources too (Afrikaans, American, Aussie, Chinese, Croatian, Czech, Danish, French, German, Hindi, Japanese, Polish, Russian, Spanish and more).

This is another famous pass list txt which is over 2GB uncompressed, Argon v2:

The Argon Wordlists

Here we have 50,000 words, common login/passwords and African words (this used to be a great resource):

Totse Word Lists

One of the most famous lists is still from Openwall (the home of John the Ripper) and now costs money for the full version:

Openwall Wordlists Collection

Some good lists here organized by topic including surnames, family names, given names, jargon, hostnames, movie characters etc.

Outpost9 Word lists

Packetstorm has some good topic-based lists including sciences, religion, music, movies and common lists.

Packetstorm word lists

French Spanish & Language Specific Word Lists

There’s a good French word list here with and without accents, also has some other languages including names:

french.gz

Spanish password list that has 172122 words:

spanish.gz

Russian wordlist that has 296790 words:

russian2.tgz

Swedish password wordlist that contains 24292 words:

swedish.gz

Tools for Password List Brute Forcing

You can also check out some default password lists and if you aren’t sure what tools to use I suggest checking out:

• Medusa 1.4 – Parallel Password Cracker
• THC-Hydra – The Fast and Flexible Network Login Hacking Tool
• Cain And Abel Download – Windows Password Cracker
• JTR (Password Cracking) – John the Ripper 1.7 Released

Enjoy! And as always if you have any good resources or tools to add – do mention them in the comments.

此外，還可以使用crunch來生成密碼。

crunch預設安裝在kali環境中(05-Password Attacks)，Crunch可以按照指定的規則生成密碼字典，生成的字典字元序列可以輸出到螢幕、檔案或重定向到另一個程式中，Crunch可以參數可能的組合和排列，其最新版本為3.6。并具備如下特征：

• Crunch可以以組合和排列的方式生成字典
• 它可以通過行數或檔案大小中止輸出
• 現在支援恢複
• 現在支援數字和符号模式
• 現在分别支援大小寫字元模式
• 在生成多個檔案時添加狀态報告
• 新的-l選項支援@，%^
• 新的-d選項可以限制重複的字元，可以通過man檔案檢視詳細資訊
• 現在支援unicode

Crunch其實最厲害的是知道密碼的一部分細節後，可以針對性的生成字典，這在滲透中就特别有用，比如知道使用者密碼的習慣是taobao2013(taobao+數字年)，這可以通過Crunch生成taobao+所有的年份字典，用來進行暴力破解攻擊其效果尤佳!

例如：比較有用的指令

(1)生成pass01-pass99所有數字組合

1. crunch 6 6 -t pass%%  >>newpwd.txt 

(2)生成六位小寫字母密碼，其中前四位為pass

1. crunch 6 6 -t pass@@  >>newpwd.txt 

(3)生成六位密碼，其中前四位為pass，後二位為大寫

1. crunch 6 6 -t pass,,  >>newpwd.txt 

(4)生成六位密碼，其中前四位為pass，後二位為特殊字元

1. crunch 6 6 -t pass^^  >>newpwd.txt 

(5)制作8為數字字典

1. crunch 8 8 charset.lst numeric -o num8.dic 

(6)制作6為數字字典

1. crunch 6 6  0123456789 –o num6.dic 

(7)制作139開頭的手機密碼字典

1. crunch 11 11  +0123456789 -t 139%%%%%%%% -o num13.dic 

檔案大小為1144 MB，還可以每次生成檔案大小為20M，自動生成檔案：

1. crunch 11 11  +0123456789 -t 139%%%%%%%% -b 20mib -o START 

(8)線上使用生成的密碼

不用把龐大的字典儲存在硬碟上，生成一個密碼用一個，不過消耗的時間多，比較占用cpu，參數最後面的-表示引用crunch生成的密碼，例如無線密碼線上破解：

1. crunch 2 4 0123456789 | aircrack -ng a,cap -e MyESSID -w - 
2. crunch 10 1012345 --stodout | airolib -ng testdlb -import passwd –  
3. crunch 1 6 0123456789 | john pwd.txt --stdin -

原文位址：https://www.cnblogs.com/bonelee/p/9323488.html