• Home
  • /
  • Blog
  • /
  • Kali Linux
  • /
  • Download A Collection of Passwords & Wordlists for Kali Linux (2023)

Download A Collection of Passwords & Wordlists for Kali Linux (2023)

Today you'll be able to download a collection of passwords and wordlist dictionaries for cracking in Kali Linux.

A wordlist or a password dictionary is a collection of passwords stored in plain text. It's basically a text file with a bunch of random passwords in it. 

Most of the wordlists you can download online including the ones I share with you here, are a collection of uncommon and common passwords that were once (and probably still are) used by real people. 

You can create your own wordlist or use existing ones that's been compiled by others. Usually wordlists are derived from data breaches like when a company gets hacked. The data stolen is then sold on the dark web or leaked on certain websites such as Pastebin.

You can download the full collection of wordlists on Github. Note, I sorted and separated them in alphabetical order in order to meet Github's upload size requirements.

For more information on how to download and decompress the files, please continue reading.

Download: https://github.com/kennyn510/wpa2-wordlists

Where did you get the passwords from?

I dug them up using advanced Google search operators. The majority I found from websites that share leaked passwords.

How do I use this?

A wordlist is used to perform dictionary attacks. For example, you can use it to crack WiFi WPA2 using aircrack-ng:

aircrack-ng handshake.cap -w /path/to/wordlist.txt

I've personally tried it and was able to crack 3/10 wifi networks near me. Just bare in mind that using password cracking tools takes a lot of time, especially if done on a computer without a powerful GPU.

Also, this might be obvious to most, but I had a few people email me telling me none of the wordlists worked for them...so I'm about to say it

THIS ONLY WORKS IF THE PASSWORD IS INCLUDED IN THE WORDLIST.

If they use a strong password like this one:
6VlgB@.|dI11@o5JG3LH!8ZBF3gH*N2$0E$$_

Then you're pretty much out of luck. You could do a brute force attack in such cases but even that could take millions of years depending on how much computer resources you have.

How To Download Wordlists

1. Download wordlists using git clone

git clone https://github.com/kennyn510/wpa2-wordlists.git

2. Choose a wordlist you want to use

cd wpa2-wordlists/Wordlists/Crackdown2016

3. Decompress (if applicable)

gunzip *.gz

4. Merge all text files into one

cat *.txt >> full.txt

Clean Up Wordlists Using Bash One-Liners

The following bash one-liners are useful commands for manipulating wordlists (or any text file).

For instance, if you need to remove all blank lines from a file, a one-liner will do the trick. Similarly, if you need to remove duplicate passwords (or text), you can do that too.

If you have multiple wordlists, you can also combine them into one large file.

Remove duplicates

awk '!(count[$0]++)' old.txt > new.txt

Sort wordlist by length

awk '{print length, $0}' old.txt | sort -n | cut -d " " -f2- > new.txt

Sort by alphabetical order

sort old.txt | uniq > new.txt

Merge multiple text files into one

cat file1.txt file2.txt > combined.txt

Remove all blank lines

egrep -v "^[[:space:]]*$" old.txt > new.txt

Did you find this helpful? Please let me know.

RecommendHow To Boot Kali Linux From USB (With Installation Procedure) 

related posts:

  • Thanks for putting this together. I was using the cat command for removing the duplicates , and the merging command is much easier. Now my question for you is… how would i remove character symbols from the example below?

    `~!@#$%^
    `-=`-=`-=
    `;`;`;`;
    `??????^

    I notice a lot of files have these kind of symbols and I want to remove them.

    thanks again.

    • Like kenneth said above, complex passwords generally harder to crack as word lists won’t contain them. You can try a bruteforce attack if you have some parts of the password, otherwise your shit outta luck.

      • He isn’t shit out of luck. He will just have to be patient. Using a bruteforce will allow him to use any character and any case but it can take over 3000 years to complete the process.

  • Has there been any 2018 word list you have come across yet or built yet? Just trying to keep my word list up to date.

    Thanks,

  • I have done everything like you sad, but when i put command cat *.txt >> full.txt terminal shows me cat: full.txt: input file is output file What am id doing wrong ?

  • I’ve had one problem after another since getting Kali…now I can’t get your instructions to work after the download completes. I put in “gunzip *.gz”, but there are no .gz files in half of the folders! How do I use the Ultimate2016 if there is no .gz file associated with it??

  • Thanks for putting this together. I was using the cat command for removing the duplicates , and the merging command is much easier. Now my question for you is… how would i remove character symbols from the example below?

    `~!@#$%^
    `-=`-=`-=
    `;`;`;`;
    `??????^

    I notice a lot of files have these kind of symbols and I want to remove them.

    thanks again.

  • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
    >