web123456

Brute force dictionary list

On GitHub:

/danielmiessler/SecLists/tree/master/Passwords/Leaked-Databases

/duyetdev/bruteforce-database

Some blogs:

/password-cracking-dictionarys-download-for-free/

/2008/02/password-cracking-wordlists-and-tools-for-brute-forcing/

In addition, you can also use crunch to generate passwords.

crunch is installed in the kali environment by default (05-Password Attacks). Crunch can generate password dictionaries according to specified rules. The generated dictionary character sequence can be output to the screen, file or redirected to another program. Crunch can combine and arrange parameters with the latest version of 3.6. And have the following characteristics:

  • Crunch can generate dictionaries in combination and arrangement
  • It can abort the output by number of lines or file size
  • Recovery is now supported
  • Number and symbolic modes are now supported
  • Now support case character modes separately
  • Add status reports when generating multiple files
  • The new -l option supports @, %^
  • The new -d option can limit duplicate characters and you can view detailed information through the man file.
  • Now support unicode

In fact, the most powerful thing about Crunch is that after knowing some details of the password, you can generate dictionaries in a targeted manner. This is particularly useful in penetration. For example, the habit of knowing the user's password is taobao2013 (taobao+number year), which can generate all year dictionaries of taobao+ through Crunch, which are especially effective for brute-force cracking attacks!

For example:More useful commands

(1) Generate all number combinations of pass01-pass99

  1. crunch 6 6 -t pass%%  >> 

(2) Generate six-digit lowercase letter passwords, of which the first four are pass

  1. crunch 6 6 -t pass@@  >> 

(3) Generate a six-digit password, of which the first four digits are pass and the last two digits are capitalized

  1. crunch 6 6 -t pass,,  >> 

(4) Generate a six-digit password, where the first four digits are pass and the last two digits are special characters

  1. crunch 6 6 -t pass^^  >> 

(5) Make 8 as a number dictionary

  1. crunch 8 8  numeric -o  

(6) Make 6 as a number dictionary

  1. crunch 6 6  0123456789 –o  

(7) Make a mobile phone password dictionary starting with 139

  1. crunch 11 11  +0123456789 -t 139%%%%%%%% -o  

The file size is 1144 MB, and the file size can be generated at 20M each time, and the file size can be generated automatically:

  1. crunch 11 11  +0123456789 -t 139%%%%%%%% -b 20mib -o START 

(8) Use generated passwords online

There is no need to save the huge dictionary on the hard disk, and use one to generate a password, but it takes a lot of time and takes up more CPU. The last parameter is - indicating that the password generated by crunch is referenced, such as wireless password cracking online:

  1. crunch 2 4 0123456789 | aircrack -ng a,cap -e MyESSID -w - 
  2. crunch 10 1012345 --stodout | airolib -ng testdlb -import passwd –  
  3. crunch 1 6 0123456789 | john  --stdin -