Today you'll be able to download a collection of passwords and wordlist dictionaries for cracking in Kali Linux.
A wordlist or a password dictionary is a collection of passwords stored in plain text. It's basically a text file with a bunch of random passwords in it.
Most of the wordlists you can download online including the ones I share with you here, are a collection of uncommon and common passwords that were once (and probably still are) used by real people.
You can create your own wordlist or use existing ones that's been compiled by others. Usually wordlists are derived from data breaches like when a company gets hacked. The data stolen is then sold on the dark web or leaked on certain websites such as Pastebin.
You can download the full collection of wordlists on Github. Note, I sorted and separated them in alphabetical order in order to meet Github's upload size requirements.
For more information on how to download and decompress the files, please continue reading.
Where did you get the passwords from?
I dug them up using advanced Google search operators. The majority I found from websites that share leaked passwords.
How do I use this?
A wordlist is used to perform dictionary attacks. For example, you can use it to crack WiFi WPA2 using aircrack-ng:
aircrack-ng handshake.cap -w /path/to/wordlist.txt
I've personally tried it and was able to crack 3/10 wifi networks near me. Just bare in mind that using password cracking tools takes a lot of time, especially if done on a computer without a powerful GPU.
Also, this might be obvious to most, but I had a few people email me telling me none of the wordlists worked for them...so I'm about to say it
THIS ONLY WORKS IF THE PASSWORD IS INCLUDED IN THE WORDLIST.
If they use a strong password like this one:
6VlgB@.|dI11@o5JG3LH!8ZBF3gH*N2$0E$$_
Then you're pretty much out of luck. You could do a brute force attack in such cases but even that could take millions of years depending on how much computer resources you have.
How To Download Wordlists
1. Download wordlists using git clone
git clone https://github.com/kennyn510/wpa2-wordlists.git
2. Choose a wordlist you want to use
cd wpa2-wordlists/Wordlists/Crackdown2016
3. Decompress (if applicable)
gunzip *.gz
4. Merge all text files into one
cat *.txt >> full.txt
Clean Up Wordlists Using Bash One-Liners
The following bash one-liners are useful commands for manipulating wordlists (or any text file).
For instance, if you need to remove all blank lines from a file, a one-liner will do the trick. Similarly, if you need to remove duplicate passwords (or text), you can do that too.
If you have multiple wordlists, you can also combine them into one large file.
Remove duplicates
awk '!(count[$0]++)' old.txt > new.txt
Sort wordlist by length
awk '{print length, $0}' old.txt | sort -n | cut -d " " -f2- > new.txt
Sort by alphabetical order
sort old.txt | uniq > new.txt
Merge multiple text files into one
cat file1.txt file2.txt > combined.txt
Remove all blank lines
egrep -v "^[[:space:]]*$" old.txt > new.txt
Did you find this helpful? Please let me know.
Recommend: How To Boot Kali Linux From USB (With Installation Procedure)
Thanks for putting this together. I was using the cat command for removing the duplicates , and the merging command is much easier. Now my question for you is… how would i remove character symbols from the example below?
`~!@#$%^
`-=`-=`-=
`;`;`;`;
`??????^
I notice a lot of files have these kind of symbols and I want to remove them.
thanks again.
Could you build a script with slavic / balkan words please?
nice tut i now have a 4gig.txt file of passwords thanks to you
sir he use the strong password example 6VlgB@.|dI11@o5JG3LH!8ZBF3gH*N2$0E$$_ so
help me what i do
Like kenneth said above, complex passwords generally harder to crack as word lists won’t contain them. You can try a bruteforce attack if you have some parts of the password, otherwise your shit outta luck.
He isn’t shit out of luck. He will just have to be patient. Using a bruteforce will allow him to use any character and any case but it can take over 3000 years to complete the process.
U can’t use dictionary or brute force attack in such case …try for hash decrepiter
Has there been any 2018 word list you have come across yet or built yet? Just trying to keep my word list up to date.
Thanks,
can i delete the full.text if i have get the new.text
Brother i need world list 2018 latest. What is the price to purchase plz reply urgently.
sounds like the command has already executed hence it would be the same file thus already merged to one e.g. 26x = 1, 1 = 1
I have done everything like you sad, but when i put command cat *.txt >> full.txt terminal shows me cat: full.txt: input file is output file What am id doing wrong ?
Try using only one “>” instead of 2.
So like this:
cat *.txt > full.txt
I’ve had one problem after another since getting Kali…now I can’t get your instructions to work after the download completes. I put in “gunzip *.gz”, but there are no .gz files in half of the folders! How do I use the Ultimate2016 if there is no .gz file associated with it??
If there’s no “.gz” then you don’t need to decompress. Just jump to the next step “cat *.txt >> full.txt”
Thanks for putting this together. I was using the cat command for removing the duplicates , and the merging command is much easier. Now my question for you is… how would i remove character symbols from the example below?
`~!@#$%^
`-=`-=`-=
`;`;`;`;
`??????^
I notice a lot of files have these kind of symbols and I want to remove them.
thanks again.
Dead indited articles, regards for information .