Git Product home page Git Product logo

passphrase-wordlist's Introduction

Overview

People think they are getting smarter by using passphrases. Let's prove them wrong!

This project includes a massive wordlist of phrases (over 20 million) and two hashcat rule files for GPU-based cracking. The rules will create over 1,000 permutations of each phase.

To use this project, you need:

  • The wordlist passphrases.txt, which you can find under releases.
  • Both hashcat rules here.

WORDLIST LAST UPDATED: November 2022

Usage

Generally, you will use with hashcat's -a 0 mode which takes a wordlist and allows rule files. It is important to use the rule files in the correct order, as rule #1 mostly handles capital letters and spaces, and rule #2 deals with permutations.

Here is an example for NTLMv2 hashes: If you use the -O option, watch out for what the maximum password length is set to - it may be too short.

hashcat -a 0 -m 5600 hashes.txt passphrases.txt -r passphrase-rule1.rule -r passphrase-rule2.rule -O -w 3

Sources Used

Some sources are pulled from a static dataset, like a Kaggle upload. Others I generate myself using various scripts and APIs. I might one day automate that via CI, but for now you can see how I update the dynamic sources here.

source file name source type description
wiktionary-2022-11-19.txt dynamic Article titles scraped from Wiktionary's index dump here.
wikipedia-2022-11-19.txt dynamic Article titles scraped from the Wikipedia pages-articles-multistream-index dump generated 29-Sept-2021 here.
urban-dictionary-2022-11-19.txt dynamic Urban Dictionary dataset pulled using this script.
know-your-meme-2022-11-19.txt dynamic Meme titles from KnownYourMeme scraped using my tool here.
imdb-titles-2022-11-19.txt dynamic IMDB dataset using the "primaryTitle" column from title.basics.tsv.gz file available here
global-poi-2022-11-19.txt dynamic Global POI dataset using the 'allCountries' file from 29-Sept-2021.
billboard-titles-2022-11-19.txt dynamic Album and track names using Ultimate Music Database, scraped with a fork of mwkling's tool, modified to grab Billboard Singles (1940-2021) and Billboard Albums (1970-2021) charts.
billboard-artists-2022-11-19.txt dynamic Artist names using Ultimate Music Database, scraped with a fork of mwkling's tool, modified to grab Billboard Singles (1940-2021) and Billboard Albums (1970-2021) charts.
book.txt static Kaggle dataset with titles from over 300,000 books.
rstone-top-100.txt static
(could be dynamic in future)
Song lyrics for Rolling Stone's "top 100" artists using my lyric scraping tool.
cornell-movie-titles-raw.txt static Movie titles from this Cornell project.
cornell-movie-lines.txt static Movie lines from this Cornell project.
author-quotes-raw.txt static Quotables dataset on Kaggle.
1800-phrases-raw.txt static 1,800 English Phrases.
15k-phrases-raw.txt static 15,000 Useful Phrases.

Hashcat Rules

The rule files are designed to both "shape" the password and to mutate it. Shaping is based on the idea that human beings follow fairly predictable patterns when choosing a password, such as capitalising the first letter of each word and following the phrase with a number or special character. Mutations are also fairly predictable, such as replacing letters with visually-similar special characters.

Given the phrase take the red pill the first hashcat rule will output the following:

take the red pill
take-the-red-pill
take.the.red.pill
take_the_red_pill
taketheredpill
Take the red pill
TAKE THE RED PILL
tAKE THE RED PILL
Taketheredpill
tAKETHEREDPILL
TAKETHEREDPILL
Take The Red Pill
TakeTheRedPill
Take-The-Red-Pill
Take.The.Red.Pill
Take_The_Red_Pill

Adding in the second hashcat rule makes things get a bit more interesting. That will return a huge list per candidate. Here are a couple examples:

T@k3Th3R3dPill!
T@ke-The-Red-Pill
taketheredpill2020!
T0KE THE RED PILL

Additional Info

Optionally, some researchers might be interested in the script I use to clean the raw sources into the wordlist here.

The cleanup script works like this:

$ python3.6 cleanup.py infile.txt outfile.txt
Reading from ./infile.txt: 505 MB
Wrote to ./outfile.txt: 250 MB
Elapsed time: 0:02:53.062531

Enjoy!

passphrase-wordlist's People

Contributors

initstring avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

passphrase-wordlist's Issues

naming suggestion

You might consider naming the rules something more descriptive like initstring-passphrase1.rule. "rule1.rule" and "rule2.rule" aren't very helpful in my directory of rules. :-)

rules being skipped

First let me thank you for this innovative approach to pass phrases and rules. I am running hashcat 6.2.6 on windows. (I know, windows, but thats the machine with my Nvidia 3070 Cards)

anyway, hashcat does not like most of the rules. the log is too large to paste, but I am getting this error over and over again

Skipping invalid or unsupported rule in file rules\passphrase-rule2.rule on line 531: </li>
Skipping invalid or unsupported rule in file rules\passphrase-rule2.rule on line 533:             </ul>
Skipping invalid or unsupported rule in file rules\passphrase-rule2.rule on line 534:           </nav>
Skipping invalid or unsupported rule in file rules\passphrase-rule2.rule on line 536:         <div class="d-lg-flex flex-items-center px-3 px-lg-0 mb-3 mb-lg-0 text-center text-lg-left">
Skipping invalid or unsupported rule in file rules\passphrase-rule2.rule on line 537:             <div class="d-lg-flex min-width-0 mb-2 mb-lg-0">
Skipping invalid or unsupported rule in file rules\passphrase-rule2.rule on line 542: <div class="header-search flex-auto position-relative js-site-search flex-self-stretch flex-md-self-auto mb-3 mb-md-0 mr-0 mr-md-3 scoped-search site-scoped-search js-jump-to"

get this type of error on both rules running a command like this:
hashcat.exe -m 22000 spncdump.hc22000 wordlists\passphrases.txt -S -r rules\passphrase-rule2.rule

Skipping invalid or unsupported rule

Hello,
if i run the Script i get many error for unsupport rule..

can you Help me?

C:\hashcat>hashcat -a 0 -m 1000 hashes.txt passphrases.txt -r passphrase-rule1.rule -r passphrase-rule2.rule -O -w 3
hashcat (v6.2.5) starting

Unsupported AMD HIP runtime version '0.0.3188' detected! Falling back to OpenCL...

OpenCL API (OpenCL 2.1 AMD-APP (3188.4)) - Platform #1 [Advanced Micro Devices, Inc.]

  • Device #1: AMD Radeon RX 6900 XT, 8064/8192 MB (6745 MB allocatable), 32MCU
  • Device #2: Radeon (TM) RX 470 Graphics, 8064/8192 MB (6745 MB allocatable), 32MCU
  • Device #3: AMD Radeon RX 6900 XT, 16256/16368 MB (13695 MB allocatable), 40MCU

OpenCL API (OpenCL 3.0 WINDOWS) - Platform #2 [Intel(R) Corporation]

  • Device #4: AMD Ryzen 5 1600 Six-Core Processor, skipped

Minimum password length supported by kernel: 0
Maximum password length supported by kernel: 27

Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 7:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 8:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 9:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 10:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 11:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 12:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 13:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 14:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 15:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 16:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 20:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 21:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 22:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 23:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 27:
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 29: <script crossorigin="anonymous" defer="defer" integrity="sha512-K/kjAAGVhlckApEbskyYOB+ASq3m0GKyJk3y0JoEafwknEbUpmilodEuQQJG09c0v1eCRlX7mSQp+GLGtXmWQg==" type="application/javascript" src="https://github.githubassets.com/assets/environment-2bf92300.js"></script>
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 30: <script crossorigin="anonymous" defer="defer" integrity="sha512-43iG02uHDU3x1xWQNOFjY5BxmQ+LTKcrSjWdiPtpjTMSrAK3WPEHC62jVFyRTq7jjdbZF3Vn265iEWYBCd5GIQ==" type="application/javascript" src="https://github.githubassets.com/assets/chunk-frameworks-e37886d3.js"></script>
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 31: <script crossorigin="anonymous" defer="defer" integrity="sha512-pEuiC5g/bPxJ6DWhOK4vgGNJ82p1B9O9OrUM4c8qCrzkZqAsDILOk8S3wr7ToHsGAa0UOyM7Y4dscERce7tARQ==" type="application/javascript" src="https://github.githubassets.com/assets/chunk-vendor-a44ba20b.js"></script>
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 33: <script crossorigin="anonymous" defer="defer" integrity="sha512-M3/Rihza1N1EAYmwRjrDWMWE2/pK+XEKJIgaCYtWV0kQXABGP3X2QLVlkXWzA313a8TxZxyGDRXPdCd2R/VTyQ==" type="application/javascript" src="https://github.githubassets.com/assets/behaviors-337fd18a.js"></script>
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 35: <script crossorigin="anonymous" defer="defer" integrity="sha512-ODZJzCJpaOfusrIka5QVZQcPiO9LBGyrrMYjhhJWSLuCN5WbZ5xiEiiOPOKVu71dqygyRdB2TY7AKPA1J5hqdg==" type="application/javascript" data-module-id="./chunk-unveil.js" data-src="https://github.githubassets.com/assets/chunk-unveil-383649cc.js"></script>
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 36: <script crossorigin="anonymous" defer="defer" integrity="sha512-emPgUbSwW9ezLCgRnTE7n4fbbfc/MqEEDHmnkmG61dTyjWKHTYKN4wN3OPS7SY0fwmSJ8mB5+gng2nZw4/HsUg==" type="application/javascript" data-module-id="./chunk-animate-on-scroll.js" data-src="https://github.githubassets.com/assets/chunk-animate-on-scroll-7a63e051.js"></script>
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 37: <script crossorigin="anonymous" defer="defer" integrity="sha512-x6L94lNXrnj4GyXhVug6j63GettxBVe/yQmgJU42IbfJet6sW2RBDG4tbZVkLbOCiYrNy+1Zwvoc1gA6uzSPow==" type="application/javascript" data-module-id="./chunk-input-demux.js" data-src="https://github.githubassets.com/assets/chunk-input-demux-c7a2fde2.js"></script>
Skipping invalid or unsupported rule in file passphrase-rule1.rule on line 38: <script crossorigin="anonymous" defer="defer" integrity="sha512-d9zLk770daEV3pV4uNV22h2h49h/QxYstihxVyOEMetKZVhZcWW9bbqXOp2e1I7sIpuIj3xcpUSdlZKJxdl3tw==" type="application/javascript" data-module-id="./chunk-ref-selector.js" data-src="https://github.githubassets.com/assets/chunk-ref-selector-77dccb93.js"></script>

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.