> For the complete documentation index, see [llms.txt](https://ivalexev.gitbook.io/rednote/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ivalexev.gitbook.io/rednote/pentesting-process/password-cracking/wordlist.md). # Wordlist ## Public Wordlists
WordlistsDetails
WeakpassWebsite with collection of password lists for various purposes. See also API.
SecListsCollection of multiple types of lists.
### Default Credentials {% tabs %} {% tab title="Tools" %}
ToolDetails
DefaultCreds-cheat-sheet

Default credentials collected from multiple sources.
creds update

creds search <STRING> [export]

{% endtab %} {% tab title="Wordlists" %} * [CIRT.NET](https://www.cirt.net/passwords) * [SecList](https://github.com/danielmiessler/SecLists/blob/master/Passwords/Default-Credentials/default-passwords.csv) * [SCADAPASS](https://github.com/scadastrangelove/SCADAPASS/blob/master/scadapass.csv) * [Router](https://www.softwaretestinghelp.com/default-router-username-and-password-list/) {% endtab %} {% endtabs %} ## Wordlist Generation {% tabs %} {% tab title="Tools" %}
ToolDetails
crunchcrunch <MIN> <MAX> <CHARSET> [-t <PATTERN> -o <OUTPUT>]
, for all uppercase letters
@ for all lowercase letters
% for all numeric characters
^ for all special characters
CONST
CeWLWordlists based on the content of websites.
cewl http://<IP> -w <OUTPUT> -d <DEEP> -m <MIN> -x <MAX> --with-numbers --lowercase
cuppWordlists based on the profiling of a user.
cupp -i
pydictorA powerful and useful hacker dictionary builder.
pydictor -sedb
username-anarchyTool for generating possible usernames.
username-anarchy <NAME>
username-anarchy -i <FILE_NAMES>
RSManglerPerforms various manipulations on a wordlist.
rsmangler.rb -f <WORDLIST>
hashcat

Apply rules to a wordlist (/usr/share/hashcat/rules)

c $! $0
c $0 $1

hashcat -r <RULE_FILE> --stdout <WORDLIST>

{% endtab %} {% tab title="Webssite" %} * [Passgen (Weakpass) 1](https://weakpass.com/tools/passgen) * [Passgen (Weakpass) 2](https://zzzteph.github.io/weakpass/passgen/dist/) {% endtab %} {% tab title="To See" %}
ToolDetails
mentalistGraphical tool for generating custom wordlists that allows you to apply various rules.
cookAn overpower wordlist generator, splitter, merger, finder, saver, create words permutation and combinations, apply different encoding/decoding, etc.
{% endtab %} {% endtabs %} ### Common Patterns Globally common passwords {% code overflow="wrap" %} ``` password qwerty admin 123456 ``` {% endcode %} Season + year {% code overflow="wrap" %} ``` Spring2024, Spring2024! Summer2024, Summer2024! Autumn2024, Fall2024, Fall2024! Winter2025, Winter2025! ``` {% endcode %} Company name/app/domain {% code overflow="wrap" %} ``` app123, app2024, app2024! Company01, Company!23 Domain123, Domain! ``` {% endcode %} enterprise/IT patterns {% code overflow="wrap" %} ``` Admin123, Admin1234, Admin123! Password1, Password01, Password123, Password! Welcome1, Welcome01, Welcome123 ChangeMe123, Changeme1 P@ssw0rd, P4ssword!, P@ssword1 User123, User2025, User01 ``` {% endcode %} Usernames pattern {% code overflow="wrap" %} ``` David123, David2024, David! ``` {% endcode %} Keyboard pattern {% code overflow="wrap" %} ``` 1234, 1234567, 987654321 123123, 112233 qwerty1, qwerty12, qwerty! abc123 ``` {% endcode %} ### Leaks Searching for sensitive information via data breach * [HaveIBeenPwned](https://haveibeenpwned.com/) * [DeHashed](https://www.dehashed.com/) * [IntelBase](https://intelbase.is/) * [IntelligenceX](https://intelx.io/) * [SnusBase](https://snusbase.com/) * [Leak-Lookup](https://leak-lookup.com/) * [DataBreach](https://databreach.com/) * [BreachDirectory](https://breachdirectory.org/) * [ScatteredSecrets](https://scatteredsecrets.com/) ## Filtering wordlist It is very important to generate and use a wordlists that meets the **password requirements and policy**. ### I**nfer Policy** You can **infer** the password complexity policy in use on the target in the following ways: * Using the `user registration form`. * If `policy is provided on first error`, and if `policy is provided after n attempts`. * `guess policy by trial and error`, i.e., start with complex and appropriate password and then remove components to see if they are needed. ### Filter Wordlist To **filter** the wordlist you can use `grep`\ `$` : Start/Append, **`^`** : End/Prepend {% tabs %} {% tab title="Filter" %}
CommandDetails
grep [-v] '[[:classname:]]' <WORDLIST>Based on what they contain.
-v (NOT contain)
grep -x '.\{<LEN>\}’Of exact length <LEN>
grep -E '^.{<MIN>,<MAX>}$'Of length between <MIN> and <MAX>
grep -E '^.{6,}$' <WORDLIST> | grep -E '[A-Z]' | grep -E '[a-z]' | grep -E '[0-9]' | grep -E '([!@#$%^&*].*){2,}' > <OUTPUT_FILE>Concatenation
{% endtab %} {% tab title="classname" %}
ClassnameDetails
[[:graph:]] All printable characters except spaces and control characters.
[[:lower:]]All lowercase letters of the alphabet.
[[:print:]]All printable characters, including spaces.
[[:punct:]]All punctuation characters, such as commas, periods, semicolons, etc.
[[:space:]]All spacing characters, including spaces, tabs, line feeds, etc.
[[:upper:]]All capital letters of the alphabet.
[[:digit:]]All digits, from 0 to 9
[[:xdigit:]]All characters that are hexadecimal digits, that is, 0 to 9 and A to F (or a-f).
{% endtab %} {% endtabs %} ### Edit Wordlist Or **edit** the wordlist with `sed`
CommandDetails
sed -ri '/^.{,7}$/d' <WORDLIST>Remove shorter than 8
sed -ri '/[!-/:-@\[-`\{-~]+/!d' <WORDLIST>Remove no special chars
sed -ri '/[0-9]+/!d' <WORDLIST>Remove no numbers
sed -ri '/[A-Z]/!d' <WORDLIST>Remove no uppercase
sed -ri '/[a-z]/!d' <WORDLIST>Remove no lowercase
sed -r '/^.{,7}$/d' <WORDLIST> | sed -r '/[!-/:-@\[-`\{-~]+/!d' | sed -r '/[0-9]+/!d' >> <OUTPUT>Concatenation
--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://ivalexev.gitbook.io/rednote/pentesting-process/password-cracking/wordlist.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.