Security Wordlists
You can use wordlists in many different contexts when it comes to infosec, often creating a fine balance between a raw brute-force and guessing the most probable choice. The following are great wordlist resources from around the web, that can hopefully aid you in a time of need.
The first is an excellent collection of wordlists, that have been neatly categorized for your various needs. This is a super collection, and a great first stop:
https://github.com/danielmiessler/SecLists
Another fantastic collection from lists, again includes dictionaries, wordlists, leaked passwords, and statistics on common words. This is a great one for how real the lists are:
https://wiki.skullsecurity.org/Passwords
https://github.com/danielmiessler/SecLists
Another fantastic collection from lists, again includes dictionaries, wordlists, leaked passwords, and statistics on common words. This is a great one for how real the lists are:
https://wiki.skullsecurity.org/Passwords
The next is a great go-to set of lists that include many seemingly 'random' lists, that come in handy surprisingly often:
http://stormthe.net/wordlists/
RAFT's list of common directories and files, originally built by FishNet Security on the idea to use robots.txt from the top 100 Alexa websites:
https://code.google.com/p/raft/source/browse/trunk/data/wordlists/?r=64
The following wordlist comes out of a project of Sebastien Raveau, in which he pulled down words from wikipedia, wiktionary, and wikibooks, to create a massive wordlist:
http://www.hack3r.com/wordlists/wikipedia-wordlist-sraveau-20090325.txt.bz2
http://stormthe.net/wordlists/
RAFT's list of common directories and files, originally built by FishNet Security on the idea to use robots.txt from the top 100 Alexa websites:
https://code.google.com/p/raft/source/browse/trunk/data/wordlists/?r=64
The following wordlist comes out of a project of Sebastien Raveau, in which he pulled down words from wikipedia, wiktionary, and wikibooks, to create a massive wordlist:
http://www.hack3r.com/wordlists/wikipedia-wordlist-sraveau-20090325.txt.bz2
The next set comes from a set of honeypots and the various real world use of wordlists in attempt to break into said honeypots:
http://tekdefense.com/downloads/wordlists/
http://tekdefense.com/downloads/wordlists/
Finally, the largest and most comprehensive set to date, which operates on a 'pay what you want model', which is always an awesome model:
https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
https://crackstation.net/buy-crackstation-wordlist-password-cracking-dictionary.htm
There is also the great tool CeWL, or Custom Word List generator, which will build custom wordlists based off of scrapping websites. CeWL is a great one for those one off words like a company or product names. You can find that at:
http://www.digininja.org/projects/cewl.php
http://www.digininja.org/projects/cewl.php
It may also be helpful to "mung" or augment your lists, such as replace common letters with numbers and symbols, to build 1337-5p34k (leetspeak) versions of your passwords. On Windows, Cain and Able provides good functionality to quickly apply transformations to your wordlists:
http://www.oxid.it/ca_um/topics/dictionary_password_cracker.htm
On Linux, you can use something like sed to build your 31337 5|*3@|< 1!$7$ :]
http://www.oxid.it/ca_um/topics/dictionary_password_cracker.htm
On Linux, you can use something like sed to build your 31337 5|*3@|< 1!$7$ :]