Skip to content

Password lists with top passwords to optimize bruteforce attacks

License

Notifications You must be signed in to change notification settings

scipag/password-list

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Password Lists

Introduction

Password lists are going back to the roots of information security. They compile a list of popular passwords. Often to optimize bruteforce attacks to identify (weak) passwords as quickly as possible.

Background

We are using a dedicated infrastructure to collect, import, and analyze leaked passwords. This system helps us to determine and alert customers affected by certain data breaches. It also supports us to do further analysis of password structures, to understand motivations and decisions by users. Details about collecting, processing and importing password leaks are discussed in our article.

Approach

Our password lists are based on our statistical analysis and are an important part of our Red Teaming projects. The goal is to provide ideal password lists for targets with a specific cultural or technological background:

  • general and overall lists
  • by countries (tld, association, meta data)
  • by popular domains (domains, sub-domains)
  • by popular organizations (tld, domains, sub-domains)
  • numeric passwords (PINs, years, DDMM)

Structure

The password lists are ordered by descending popularity. The most popular passwords of a dedicated group are on top of the list. We do only include passwords which were used by at least two different accounts to prevent highly unique or otherwise personally identifying passwords. All passwords are known to be leaked and available to the public.

More information about statistical details are available in our article.