Backup_Repos/SecLists
1
0
Fork 0
mirror of https://github.com/danielmiessler/SecLists synced 2026-01-03 22:54:13 +01:00
Code Issues Projects Releases Wiki Activity
3585 commits 2 branches 30 tags 2.5 GiB
Commit graph

317 commits

Author SHA1 Message Date
PinkDev1
74dbbb7f95 Added scraped-JWT-secrets.txt 2022-06-24 00:31:22 -03:00
Kevin Hicks
c9486f6a41
add opnsense to default-passwords 2022-06-13 11:37:11 -05:00
alins.ir
9255b8090b
Converting 500-worst-passwords.txt.bz2 to .txt 2022-05-05 19:24:56 +04:30
zevlag
806526b1dd
Add Baicells default creds from CVE-2022-24693 2022-03-30 10:37:15 -04:00
g0tmi1k
52fbc4a631
Merge pull request #680 from 5tr1x/patch-3 
Create months.txt

for i in `cat $1`; do echo ${i}; echo ${i}2019; echo ${i}2020; echo ${i}2021; echo ${i}2022; echo ${i}1; echo ${i}123; done >> n
for i in `cat n`; do echo ${i}; echo ${i}'!'; echo ${i}'@'; echo ${i}'#'; echo ${i}'$'; echo ${i}'%'; echo ${i}'^'; echo ${i}'&'; echo ${i}'*'; echo ${i}'?'; done >> s
hashcat s -r /usr/share/hashcat/rules/leetspeak.rule --stdout > hc
wordlister --input s --perm 1 --min 4 --max 48 --leet &>/dev/null
mv output.txt wl
cat hc wl | sort -u > vvv
wordlister --input vvv --perm 1 --min 4 --max 48 --cap --up &>/dev/null
cat output.txt | sort -u > $2
rm n s hc wl vvv output.txt
 2022-02-02 23:36:41 +00:00
g0tmi1k
bf2d2a996d
Merge pull request #681 from 5tr1x/patch-4 
Create days.txt

for i in `cat $1`; do echo ${i}; echo ${i}2019; echo ${i}2020; echo ${i}2021; echo ${i}2022; echo ${i}1; echo ${i}123; done >> n
for i in `cat n`; do echo ${i}; echo ${i}'!'; echo ${i}'@'; echo ${i}'#'; echo ${i}'$'; echo ${i}'%'; echo ${i}'^'; echo ${i}'&'; echo ${i}'*'; echo ${i}'?'; done >> s
hashcat s -r /usr/share/hashcat/rules/leetspeak.rule --stdout > hc
wordlister --input s --perm 1 --min 4 --max 48 --leet &>/dev/null
mv output.txt wl
cat hc wl | sort -u > vvv
wordlister --input vvv --perm 1 --min 4 --max 48 --cap --up &>/dev/null
cat output.txt | sort -u > $2
rm n s hc wl vvv output.txt
 2022-02-02 23:36:21 +00:00
g0tmi1k
0d9870d28d
Merge pull request #679 from 5tr1x/patch-2 
Create seasons.txt



for i in `cat $1`; do echo ${i}; echo ${i}2019; echo ${i}2020; echo ${i}2021; echo ${i}2022; echo ${i}1; echo ${i}123; done >> n
for i in `cat n`; do echo ${i}; echo ${i}'!'; echo ${i}'@'; echo ${i}'#'; echo ${i}'$'; echo ${i}'%'; echo ${i}'^'; echo ${i}'&'; echo ${i}'*'; echo ${i}'?'; done >> s
hashcat s -r /usr/share/hashcat/rules/leetspeak.rule --stdout > hc
wordlister --input s --perm 1 --min 4 --max 48 --leet &>/dev/null
mv output.txt wl
cat hc wl | sort -u > vvv
wordlister --input vvv --perm 1 --min 4 --max 48 --cap --up &>/dev/null
cat output.txt | sort -u > $2
rm n s hc wl vvv output.txt
 2022-02-02 23:35:58 +00:00
g0tmi1k
eaf1c8263f
Merge pull request #695 from elitejake/patch-2 
Remove duplicated entries
 2022-01-31 23:23:47 +00:00
elitejake
d95f0016bb
Remove duplicated entries 
Fixes #689
 2022-01-29 05:47:02 +00:00
Wernfried
398154efdf
Added default passwords from Huawei 2022-01-21 20:31:21 +01:00
5tr1x
15a8115ef8
Create days.txt 2021-12-15 15:11:20 -06:00
5tr1x
9b32f5a54d
Create months.txt 2021-12-15 15:10:21 -06:00
5tr1x
d2043bd9ab
Create seasons.txt 2021-12-15 15:04:49 -06:00
g0tmi1k
55f526662b
Merge pull request #648 from hhc0null/fix_row_column_quantity_to_4 
Fix row column quantity to 4
 2021-11-24 09:58:16 +00:00
g0tmi1k
7b9d0b826a
Merge pull request #653 from soufianetahiri/master 
Fortinet VPN leaked passwords

Source: https://therecord.media/fortinet-warns-customers-after-hackers-leak-passwords-for-87000-vpns/
 2021-11-24 09:55:42 +00:00
g0tmi1k
9f0e7eb8de
Merge pull request #664 from clem9669/master 
Converting default-password.csv to .txt
 2021-11-24 09:53:11 +00:00
Siddharth Reddy
c3f29b1567
Update default-passwords.csv 2021-11-20 23:40:12 +05:30
clem9669
f3a6c06404 Converting default-password.csv to .txt 2021-11-04 22:02:46 +01:00
Soufiane Tahiri
c1dc95bc1e
Fortinet VPN leaked passwords 
more info at https://therecord.media/fortinet-warns-customers-after-hackers-leak-passwords-for-87000-vpns/
 2021-09-10 09:32:35 +02:00
hhc0null
02cdfa5f2d Fix row column quantity to 4 2021-08-31 23:54:51 +09:00
g0t mi1k
545e57b02d dos2unix 2021-08-28 21:29:32 +01:00
g0t mi1k
efeb38808c Replace ' ' with ' ' (Empty Characters) 2021-08-28 21:05:13 +01:00
g0tmi1k
38ba2a007a
Merge pull request #602 from sAsPeCt488/master 
Add Base64 Encoded tomcat-betterdefaultpasslist
 2021-08-27 21:16:56 +01:00
cbk914
229fa3f855 Updated Citrix and Avaya default passwords 2021-07-22 00:21:57 +02:00
cbk914
83b091396c Updated cryptominers 2021-07-16 22:01:51 +02:00
cbk914
49c5e8c0c4 Updated cryptominers 2021-07-16 20:49:52 +02:00
cbk914
2a78823f25 Add cryptominers default passwords 2021-07-13 05:13:43 +02:00
cbk914
9a871facf1
Merge branch 'danielmiessler:master' into master 2021-06-26 23:06:55 +02:00
g0tmi1k
9121b47c75
Merge pull request #618 from chacka0101/patch-6 
Updates
 2021-06-12 19:16:53 +01:00
g0tmi1k
0ff688e83c
Merge pull request #616 from chacka0101/patch-5 
Insert F5 Default passwords products
 2021-06-12 19:16:38 +01:00
CHackA0101
3be6e4e6e7
Updates 
1034 - Hikvision Network Camera,admin,12345,https://www.hikvision.com/UploadFile/image/EN-user%20manual%20of%20%20network%20camera%20v3.0.0.pdf

689 - Dell Switch PowerConnect,admin,admin,https://www.192-168-0-1login.org/router/dell/switch-powerconnect/12568/

1203 - IBM Storwize V7000,superuser,passw0rd,https://www.ibm.com/docs/en/flashsystem-7x00/7.8.1?topic=problem-procedure-resetting-superuser-password

2348 - SolarWinds,admin,<BLANK>,
 2021-06-09 20:49:26 -06:00
cbk914
cd20324f79 Merge branch 'danielmiessler:master' into master 2021-06-09 13:09:19 +02:00
CHackA0101
d0fba77aee
Insert F5 Default passwords products 
892 - F5 BIG-IP Configuration utility,admin,admin,https://support.f5.com/csp/article/K13148,
893 - F5 BIG-IP command line,root,default,https://support.f5.com/csp/article/K13148,
894 -F5 BIG-IQ Configuration utility,admin,admin,https://support.f5.com/csp/article/K13148,
895 -F5 BIG-IQ command line,root,default,,https://support.f5.com/csp/article/K13148,
896 -F5 FirePass Administrative Console,admin,admin,https://support.f5.com/csp/article/K13148,
897 -F5 FirePass Maintenance Console,maintenance,n/a,https://support.f5.com/csp/article/K13148,
 2021-06-07 10:43:20 -06:00
CHackA0101
fc2d2ff14d
Update with Sonatype Nexus Default Passwords: 
1568 - Sonatype Nexus Repository Manager,admin,admin123,https://help.sonatype.com/repomanager2/maven-and-other-build-tools/sbt
1569 - Sonatype Nexus Repository Manager,nexus,nexus,
 2021-06-02 16:09:40 -06:00
CHackA0101
2b447c7d19
Update default-passwords.csv 
2240	SeedDMS		admin		admin		https://www.seeddms.org/index.php?id=2

POC:
https://demo.seeddms.org/out/out.Login.php
User ID: admin
Password: admin
 2021-05-17 16:43:21 -06:00
cbk914
cb4febae37 Merge branch 'danielmiessler:master' into master 2021-05-11 16:10:42 +02:00
Thanasis Mitragkas
7eab0af4e4
Add Base64 Encoded tomcat-betterdefaultpasslist 2021-05-01 20:43:44 +03:00
CHackA0101
872ccb43b0
Include line 2020, Raspberrypi password default. 
2020: Raspberrypi,pi,raspberry,https://www.raspberrypi.org/documentation/linux/usage/users.md
 2021-04-02 12:57:56 -06:00
GraoMelo
33b0ba07cf
Add all 20th century anniversary dates 
some time ago I created a list with all the possible birthday dates of the 20th century.
and also all the anniversary dates from 2001-2020 (yes already in the 21st century, partial)

the reason this list was created, because many people use dates of living people as passwords.

the file name is: 1900-2020.txt 

insertion suggestion
SecLists/
├── Passwords
├── ── Common-Credentials

previously informed in: #567 
https://github.com/danielmiessler/SecLists/issues/567
 2021-03-18 19:24:36 -03:00
g0tmi1k
e9127d389b
Merge pull request #556 from govolution/patch-7 
Update ssh-betterdefaultpasslist.txt

Source: https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/
 2021-02-11 20:53:34 +00:00
g0tmi1k
1e286083e4
Merge pull request #552 from mwoolweaver/patch-1 
Add default password for jailbroken iOS (iPhone, iPad, iPod Touch, AppleTV)

Source: https://blog.elcomsoft.com/2020/05/ios-jailbreaks-ssh-and-root-password/
 2021-02-11 20:52:35 +00:00
g0tmi1k
42a8b633de
Merge pull request #551 from m4p0/master 
Added Zyxel default username and password (CVE-2020-29583 / CVE-2016-10401)

Source: https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
 2021-02-11 20:51:37 +00:00
govolution
e12b9a1499
Update ssh-betterdefaultpasslist.txt 
added zyxel hard coded credentials (see https://www.zdnet.com/article/backdoor-account-discovered-in-more-than-100000-zyxel-firewalls-vpn-gateways/)
 2021-01-06 17:05:59 +01:00
Michael Woolweaver
83660320c8
Add default password for jailbroken iOS 
once jailbroken this is the default password for both root and mobile
 2021-01-05 13:50:44 -06:00
m4p0
ac068e75b5 Added Zyxel default username and password based on CVE-2020-29583 and CVE-2016-10401 2021-01-05 09:08:32 +01:00
cbk914
a03ac0af08 Add citrix default password file 2020-11-30 11:00:02 +01:00
rf-peixoto
26b3b873b0
Create 2020-200_most_used_passwords.txt 
Add list of the two hundred most used passwords in 2020, compiled by Nordpass.
 2020-11-19 21:08:49 -03:00
cbk914
003bfef95f
Merge pull request #6 from danielmiessler/master 
Update
 2020-11-12 02:44:53 +01:00
cbk914
1b38c0429f Add Avaya default hardcoded passwords 2020-11-05 16:37:22 +01:00
g0tmi1k
7d7b9f70e9
Merge pull request #536 from g0tmi1k/misc 
dos2unix
 2020-11-04 00:01:12 +00:00
g0t mi1k
50ec8b1dc6 dos2unix 2020-11-03 23:57:08 +00:00
shelld3v
7f8c28c6e0
Added Donald Trump leaked passwords (2016 + 2020) 2020-11-03 18:55:07 +07:00
g0tmi1k
d2fdef60e8
Merge pull request #525 from n3k00n3/master 
Adding passwords found on public leak from Nord.
 2020-11-02 20:59:44 +00:00
Fernando Pinheiro
16593c1287 remove equal pass 2020-10-14 15:19:57 -03:00
Fernando Pinheiro
f139e0774f Adding passwords from PUBLIC leak 2020-10-14 15:15:22 -03:00
MusicGivesMeLife
2047e272cf
BiblePass Project 2020-10-06 00:58:51 -04:00
cbk914
ae8aabcfed Merge branch 'master' of https://github.com/cbk914/SecLists 2020-09-30 16:37:47 +02:00
cbk914
b66822b6e7
Merge pull request #5 from danielmiessler/master 
Update
 2020-09-20 15:36:24 +02:00
g0tmi1k
e4e65c3510
Merge pull request #478 from LethargicLeprechaun/master 
10-million-password-list-top-1000000.txt Corrections
 2020-09-16 07:30:17 +01:00
Dirk Wetter
0ccff1e425
Create german_misc.txt 
Hi there,

this is a list of modern German words. Source is myself :-) and merged are some new words from the semi-official language bible (Duden, new edition 2020). Idea was from a pentest where too simple words from the current world just were allowed.

Actually I wanted to add this to ``Miscellaneous/lang-german.txt`` but this file is somewhat broken, and I didn't want to add it to a broken file (I read this before here but as a reminder Umlaute are missing (file is 7 bit US ASCII) and some words just don't make sense like Aangriff, AanschlusS, Bil (is Danish/Norwegian), Bikuspidat, Cgeknatter, Cfamilien,CharaktergroBe,... Probably like 30% of the content is useless. IMHO this file needs to be replaced.

Some of the words in this PR like **Schmähgedicht** appear also in ``Passwords/dutch_common_wordlist.txt`` which kind of surprised me. But I thought it would be important to add those words to a separate file bc users might not look there.

Cheers, Dirk
 2020-08-21 12:01:37 +02:00
cbk914
e06aacd937 Revert "Merge pull request #4 from danielmiessler/master" 
This reverts commit c266835781, reversing
changes made to fd4968f43b.
 2020-08-11 14:25:56 +02:00
cbk914
af33ee93bc Add 500 worst passwords 2020-08-11 14:19:17 +02:00
LethargicLeprechaun
74c24b574f move words to correct places 2020-07-25 06:06:44 -07:00
g0tmi1k
dea731202f
Merge pull request #471 from maxkleinke/master 
renamed files in Passwords/Default-Credentials for better parsing
 2020-07-22 16:25:27 +01:00
g0t mi1k
df66ea4c82 Fix issues with wordlists 2020-07-22 16:19:47 +01:00
Maximilian Kleinke
e3ae394144 renamed files in Passwords/Default-Credentials for better parsing 2020-07-18 13:59:44 +02:00
govolution
ff84e4dafa
Update telnet-betterdefaultpasslist.txt 
source for new passwords: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/
 2020-07-11 17:51:50 +02:00
clem9669
7da5c78bf7
PR about the issue: #438 
Typo
https://github.com/danielmiessler/SecLists/issues/438
 2020-06-18 14:18:55 +00:00
g0tmi1k
0a39d3dcb4
Merge pull request #417 from muhammedck113/patch-1 
Update 10-million-password-list-top-100.txt
 2020-06-05 16:30:30 +01:00
Karim Kanso
607c3293b4 strip trailing whitespace 2020-05-27 14:26:51 +01:00
Karim Kanso
a3416ba706 standardisze line endings 2020-05-27 14:10:50 +01:00
Jony Schats
e0d074bb83 added dutch passwordlist 2020-04-29 12:21:51 -04:00
muhammedck113
492d80186a
Update 10-million-password-list-top-100.txt 2020-04-26 20:19:21 +05:30
Karim Kanso
0080212eb5 refreshed and fixed couple issues with cirt credentials 2020-02-15 09:46:06 +00:00
osku
a7b446ce8c 51k random creds obtained by running Heralding for two weeks in Sep/2019 2019-10-20 17:02:07 +03:00
g0tmi1k
6fae58fa9b
Merge pull request #357 from govolution/patch-3 
Update ssh-betterdefaultpasslist.txt

https://github.com/SamuraiWTF/samuraiwtf
http://docs.graylog.org/en/2.4/pages/installation/virtual_machine_appliances.html
https://openvpn.net/vpn-server-resources/deploying-the-access-server-appliance-on-vmware-esxi/
https://www.circl.lu/services/misp-training-materials/
https://documentation.wazuh.com/3.10/installation-guide/virtual-machine.html
https://my.nps.edu/web/c3o/virtual-machine-images
https://virtualboxes.org/images/centos/
 2019-10-10 12:13:29 +01:00
g0tmi1k
8e42ce0a0e
Merge pull request #358 from govolution/patch-4 
Update windows-betterdefaultpasslist.txt

Source: https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1
 2019-10-10 12:13:11 +01:00
govolution
993893e0dc
Update mssql-betterdefaultpasslist.txt 
Source: https://github.com/fgrehm/vagrant-mssql-express
 2019-10-10 12:31:10 +02:00
govolution
2942b4d373
Update windows-betterdefaultpasslist.txt 
Source:
https://github.com/PowerShellMafia/PowerSploit/blob/master/Privesc/PowerUp.ps1
 2019-10-10 12:29:05 +02:00
govolution
3bafebc1ea
Update ssh-betterdefaultpasslist.txt 
https://github.com/SamuraiWTF/samuraiwtf
http://docs.graylog.org/en/2.4/pages/installation/virtual_machine_appliances.html
https://openvpn.net/vpn-server-resources/deploying-the-access-server-appliance-on-vmware-esxi/
https://www.circl.lu/services/misp-training-materials/
https://documentation.wazuh.com/3.10/installation-guide/virtual-machine.html
https://my.nps.edu/web/c3o/virtual-machine-images
https://virtualboxes.org/images/centos/
 2019-10-10 12:26:41 +02:00
XalfiE
e685bfabe0
Oracle EBS default passwords 2019-10-07 13:16:17 +03:00
XalfiE
7b896da2c4
Oracle EBS default users 2019-10-07 13:15:41 +03:00
Mike van de Ven
a732f905a8
Added dutchwordlist 2019-10-01 12:22:18 +02:00
Eric Range
7c84d582db
New Default Password List 
Default Password List from http://phenoelit.org/dpl/dpl.html.
Syntax:
<username>:<password>
<username>: => no password
<>:<> => no user nor password at all
 2019-08-23 15:57:08 +02:00
Eric Range
1978345e87
Remove admin:password 
Duplicate String
 2019-08-20 10:13:02 +02:00
g0tmi1k
37bb3c0f4d Add scrabble 
Source: 4cf8811b8f/SCRABBLE-wordlist.tgz
 2019-08-13 12:42:49 +01:00
Dwight Spencer
23bf1c051f
Create stupid-ones-in-production.txt 2019-08-08 14:59:22 -05:00
Anıl Baş
12170c487d
Update vnc-betterdefaultpasslist.txt 
It is one of the most common credentials
 2019-07-26 14:31:07 +03:00
maxence-schmitt
6a8724a628
Adding sha256 magic hash 
More info: https://github.com/spaze/hashes/blob/master/README.md
 2019-07-11 15:47:42 +02:00
g0tmi1k
11b967a88f Merge branch 'master' of https://github.com/danielmiessler/SecLists into misc 
# Conflicts:
#	Discovery/Infrastructure/common-router-ips.txt
 2019-07-09 12:15:28 +01:00
g0tmi1k
465a00dbe0 Close #154 - 1.4 billion password breach compilation wordlist 2019-07-09 12:12:33 +01:00
g0tmi1k
c9a56c3fe0
Merge pull request #312 from g0tmi1k/richelieu 
Add richelieu
 2019-07-03 14:11:25 +01:00
g0tmi1k
cb68eaf66a Add richelieu 
Source: https://github.com/tarraschk/richelieu
 2019-07-03 14:04:48 +01:00
g0tmi1k
6d1ff64270 Add MSSQL from guardicore: labs_campaigns-Nansh0u 
Source: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/common_passwords.txt
Source: https://github.com/guardicore/labs_campaigns/blob/master/Nansh0u/common_usernames.txt
 2019-05-30 12:20:13 +01:00
g0tmi1k
c731e1c9aa Better filenames 2019-05-08 12:28:10 +01:00
g0tmi1k
782d018267 Cleaned up filename phpBB 2019-05-08 12:08:11 +01:00
g0tmi1k
9239f0a284 find . -name '*_*' -exec rename 's/_/-/g' "{}" \; 2019-05-08 11:54:39 +01:00
g0tmi1k
a65f6bd665 Close #291 - Fix encoding issues 
$ for x in $( find . -type f ); do iconv -f utf-8 -t utf-8 -c ${x} | sed '/^$/d' > tmp; mv tmp ${x}; done
 2019-05-08 11:04:00 +01:00
g0tmi1k
6d3b37a3c9 Close #293 - Ten Million Passwords 
Source: https://xato.net/today-i-am-releasing-ten-million-passwords-b6278bbe7495

https://wpengine.com/unmasked/

https://mega.nz/#!SdYnkJRJ!HmD04LH8Gk8JtlNG6O2NnF2yH9qWJPWtSXbLU2ZR9Q8

$ awk -F '\t' '{print $1}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-usernames.txt
$ awk -F '\t' '{print $2}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-passwords.txt
$ awk -F '\t' '{print $1}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | grep -v ' 1 ' | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-usernames-dup.txt
$ awk -F '\t' '{print $2}' 10-million-combos.txt | LC_ALL=C sort | LC_ALL=C uniq -c | LC_ALL=C sort -nr | grep -v ' 1 ' | awk -F ' ' '{for (i=2; i<=NF; i++) print $i}' > xato-net-10-million-passwords-dup.txt
 2019-05-08 10:30:38 +01:00
Beverdam
c1c63869ba
Rename 100k_most_used_passwords_NCS.txt to 100k_most_used_passwords_NCSC.txt 
Changed filename
 2019-04-22 19:32:00 +02:00