:keyboard: Wordlists, Dictionaries and Other Data Sets for Writing Software Security Test Cases

View on GitHub


        Folder  Name         Description of Contents
10k-most-common 10,000 most commonly used passwords in one file (one per line)
1k-most-common 1,000 most commonly used passwords..
1mil-activedir-passwords list of potential Active Directory passwords used by the icebreaker tool https://github.com/DanMcInerney/icebreaker/blob/master/1mil-AD-passwords.txt
500-worst-passwords 500 of the worst passwords that people tend to commonly use
antipublic-top-1000 word list taken from www_brute Chrome extension GitHub repository https://github.com/USSCltd/www_brute/blob/master/antipublic-top-1000.txt
basic-spanish-list very basic list of Spanish words
best-1050-passes a copy of the file best1050.txt
brutespray-passwords-list A combination of all password files packaged with the brutespray
brutex-password-medium password_medium.txt from BruteX
case-mutation-full dictionary of alternating capitalization passwords from http://index-of.es/Word-Lists/gdataonline/Case_Mutation_Full.txt.gz
conficker-worm-dictionary word list used by the Conficker worm to brute force NetBIOS ADMIN$ shares
english-wikipedia-words 10,000 most used words in the English Wikipedia
fabian-honeypot-passes almost 1MB worth of passwords collected from decentralized honeypots via https://pw.fabian-fingerle.de/pass.txt
fifty-common-passwords 50 common passwords that lack complexity
fgdump-userpass-list list of usernames and passwords delimited by colon for use with the fgdump tool
fuzzdb-unix-passwords unix_passwords.txt file taken from fuzzdb
fuzzdb-user-passwds more passwords taken from fuzzdb
govolution-smtp-credentials List of SMTP usernames and passwords (one of each per line seperated by a comma) via https://raw.githubusercontent.com/govolution/honeypotwordlist/master/smtpcredentials.txt
john-password-list the password.lst file distributed with John The Ripper
l33t-dict-full dictionary of leetspeak passwords from http://index-of.es/Word-Lists/gdataonline/L33t_Dict_Full.txt.gz
military-pass-words passwords typically found in military information systems
nmap-passwords-list taken from nmap nselib/data/passwords.lst
oracle-default-userpass default usernames and password for the Oracle RDBMS https://github.com/1N3/BruteX/blob/master/wordlists/oracle-default-userpass.txt
password-leetspeak-permutations various leetspeak permutations of password https://testnetworkalpha.com/uni/Crack/Passwords/password-permutations.txt
snmp-community-strings SNMP commmunity strings taken from https://raw.githubusercontent.com/1N3/BruteX/master/wordlists/snmp-strings.txt
ssh-honeypot-passwords Passwords attempted during brute force attacks collected from an SSH honeypot and publicized via https://github.com/droope/pwlist
tpx-brute-users users list included with the TPX-Brute tool–an IBM z/OS mainframe TPX panel account enumerator and brute forcer
two-word-full sorted dictionary of passwords consisting of two adjacent words
weak-passwords-table Weak passwords
zxcvbn-passwords-list passwords from passwords.txt included with zxcvbn

Alpha Weak Passwords
A a, A.M.I, A52896nG93096a, aaa, aammii, abc, abcd, academia, academic, accept, access, ACCESS, account, accounting, action, adam, ADAMS, adfexc, adm, admin, ADMIN, Admin, admin2, administrator, Administrator, adminttd, ADMN, admn, adrian, adrianna, adtran, adult, Advance, ADVMAIL, aerobics, alfarome, ALFAROME, ALLIN1, ALLIN1MAIL, ALLINONE, aLLy, ALLy, alpha, AM, AMI, AMI!SW, AMI.KEY, AMI.KEZ, AMI?SW, AMI_SW, AMI~, AMIAMI, AMIDECOD, amipswd, AMIPSWD, AMISETUP, anicust, anon, anonymous, any@, ANYCOM, AP2SVP, aPAf, APL2PP, APPLSYS, APPS, AQDEMO, AQUSER, ARCHIVIST, Asante, ascend, Ascend, asdf, asdfgh, at4400, attack, AURORA$ORB$UNAUTHENTICATED, AURORA@ORB@UNAUTHENTICATED, autocad, AUTOLOG1, Award, award, AWARD?SW, AWARD_SW, awkward
B BACKUP, BATCH, BATCH1, BATCH2, bbs, bciim, bciimpw, bcms, bcmspw, bcnas, bcnaspw, bell9, BIGO, bin, bintec, BIOS, BIOSPASS, biosstar, biostar, Biostar, BIOSTAR, BLAKE, blue, bluepw, boss, BRIDGE, browse, browsepw
C c, cablecom, cable-docsis, cangetin, CAROLIAN, cascade, CATALOG, cc, CCC, ccrusr, CDEMO82, CDEMOCOR, CDEMORID, CDEMOUCB, central, CHANGE_ON_INSTALL, changeme, checkfs, checkfsys, checksys, CHEY_ARCHSVR, circ, cisco, Cisco router, CLARK, client, CLOTH, cmaker, CMSBATCH, CMSUSER, CNAS, COGNOS, Col2ogro2, comcomcom, COMPANY, Compaq, Compleri, computer, CONCAT, condo, CONDO, Congress, CONV, CPNUC, CPRM, cr0wmt 911, craft, craftpw, Crystal, CSPUSER, CTX_123, CTXDEMO, CTXSYS, cust, custpw, CVIEW
D d.e.b.u.g, d8on, daemon, Daewuu, Database, databse, DATAMOVE, Daytec, DBSNMP, DCL, DDIC, death, debug, DECMAIL, DECNET, default, DEFAULT, Dell, DEMO, demo, DEMO1, DEMO8, DEMO8, demos, deskalt, deskman, desknorm, deskres, DESQUETOP, dhs3mt, dhs3pms, diag, diamond, DIGITAL, DISC, disttech, D-Link, dn_04rjc, dni, DS, DSA
E EARLYWATCH, echo, EMP, enable, eng, engineer, enquiry, enquirypw, enter, ESSEX, EVENT, Ezsetup
F fal, FAX, fax, FAXUSER, FAXWORKS, FIELD, field, FIELD.SUPPORT, FINANCE, FND, foobar, friend, ftp
G g6PJ, games, ganteng, GATEWAY, GEN1, gen1, GEN2, gen2, glftpd, gnumpf, god, godblessyou, gonzo, gopher, GPLD, gropher, guessme, guest, GUEST, Guest, guest1, GUESTGUE, guestgue, GUESTGUEST
H h6BB, hacker, halt, HARRIS, hax0r, HELGA-S, HELLO, hello, HELP, help, HELPDESK, HEWITT RAND, hewlpack, HLT, home, Home, HOST, HP, hp, HPDESK, HPLASER, HPOFFICE, HPOFFICE DATA, HPONLY, HPP187, HPP187 SYS, HPP189, HPP196, HPWORD PUB, hydrasna
I I5rDv2b2JjA8Mm, ibm, IBM, ibmcel, ihavenopass, ILMI, inads, indspw, INFO, informix, INGRES, init, initpw, install, Internet, IntraStack, IntraSwitch, INTX3, INVALID, IPC, IS_$hostname, ITF3000, iwill
J j09F, j256, j262, j322, j64, JDE, Jetform, JONES
K kermit, kiddie, komprie, ksdjfg934t
L l2, l3, laflaf, lantronix, LASER, LASERWRITER, last, lesarotl, letacla, letmein, LIBRARY, lineprin, LINK, lkw peter, lkwpeter, LKWPETER, Lkwpeter, llatsni, locate, locatepw, login, looker, LOTUS, love, lp, lpadm, lpadmin, lucenttech1, lucenttech2, lynx
M MAIL, mail, MAILER, maint, maintain, maintpw, man, manager, Manager, MANAGER, MANAGER.SYS, Master, MASTER, masterkey, MBIU0, MBMANAGER, MBWATCH, mcp, MDSYS, me, merlin, mfd, MFG, MGR, MGR.SYS, MICRO, MILLER, mirc, mlusr, mMmM, MMO2, MODTEST, monitor, MOREAU, mountfs, mountfsys, mountsys, MPE, mtch, mtcl, MTYSYS, my_DEMARC, mypass, mypc
N n/a, naadmin, NAMES, ncrm, NETBASE, NETCON, NETFRAME, NetICs, netlink, netman, NETMGR, NETNONPRIV, NETOP, netopia, NETPRIV, netrangr, netscreen, NETSERVER, NETWORK, NEWINGRES, NEWS, news, NeXT, NF, NFI, NICONEX, nms, nmspw, nobody, noway, NONPRIV, ntacdmax, nuucp
O OCITEST, oem_temp,op, OP.OPERATOR, operator, OPERATOR, OPERVAX, oracle, ORDPLUGINS, ORDSYS, OUTLN, OutOfBox, owner
P PAPER, pass, PASS, Pass, passwd, Passwd, PASSWORD, password, Password, pat, patrick, PBX, pc, PCUSER, PDP11, PDP8, PFCUser, PHANTOM, phoenix, piranha, pmd, PO, PO8, poll, Polrty, POST, Posterie, postmast, POSTMASTER, postmaster, POWERCARTUSER, powerdown, PRIMARY, prime, primenet, primeos, primos, primos_cs, PRINT, PRINTER, PRIV, private, prost, PSEAdmin, public, PUBSUB, pw, pwd, pwp
Q q, Q54arwms, QDI, qpgmr, qsecofr, qserv, qsrvbas, qsvr, qsysopr, quser, qwer
R raidzone, rcust, rcustpw, RE, read, readonly, readwrite, REGO, REMOTE, replicator, REPORT, RJE, rje, RM, RMAIL, rmnetlm, RMUser1, ro, ROBELLE, ROOT, root, Root, ROOT500, ROUTER, router, RSBCMON, RSX, rw, rwa, rwmaint
S sa, SABRE, SAMPLE, san fran 8, SAP*, satan, SCOTT, script, scriptkiddie, SECDEMO, secoff, secofr, secret, secure, security, SECURITY, SER, sertafu, server, service, SERVICE, servlet, SETUP, setup, sex, shutdown, signa, SKY_FOX, sldkj754, smile, snake, SnuFG5, software, sp99dd, Spacve, spcl, speedxess, SPOOLMAN, spooml, star, STEEL, STUDENT, su, Super, super, SUPERVISOR, support, SUPPORT, supportpw, switch, SWITCHES_SW, Sxyz, SY_MB, sybase, sync, synnet, SYS, sys, sysadm, SYSADM, sysadmin, sysbin, SYSDBA, SYSLIB, syslib, SYSMAINT, SYSMAN, Sysop, system, SYSTEM, system_admin, SYSTEST, SYSTEST_CLIG, syxz, SZYX
T t0ch20x, t0ch88, TCH, teacher, tech, technolgi, tele, TELEDEMO, TELESUP, temp, temp1, TEST, test, testing, teX1, tiara, TIGER, tini, Tiny, tlah, topicalt, topicnorm, topicres, Toshiba, toshy99, tour, TRACE, TRACESRV, trancell, trouble, TSDEV, TSEUG, TSUSER, TTPTHA, tutor, TzqF
U uClinux, UETP, umountfs, umountfsys, umountsys, unix, User, user, USER, USER_TEMPLATE, USER0, USER1, USER2, USER3, USER4, USER5, USER6, USER7, USER8, USER9, USERP, uucp, uucpadm, uwontguessme
W WANGTEK, web, WebAdmin, WebBoard, webdb, weblogic, webmaster, win, WINDOWS_PASSTHRU, WINSABRE, winterm, wodj, WOOD, WORD, WP, wradmin, write, www
X xljlbj, XLSERVER, xo11nE, xp, xxx, xxxx, xxxxx, xxxxxx, xxxxxxx, xxxxxxxx, xxxxxxxxx, xyzall
Y YES, youwontguessme, yxcv
Z zbaaaca, Zenith, zeosx, zxcv
Numeric 0, 1, 1.1, 2, 5, 7, 12, 30, 110, 111, 123, 1111, 1234, 2002, 2003, 2222, 2600, 8429, 12345, 54321, 111111, 121212, 123123, 123456, 166816, 256256, 654321, 1234567, 1322222, 7061992, 11111111, 12345678, 19920706, 22222222, 88888888, 123456789, 1. 1, 1234qwer, 123abc, 123asd, 123qwe, 1RRWTTOOI, 240653C9467E45, 24Banc81, 3098z, 3ep5w2u, 4Dgifts, 4getme2, 4tas, 57gbzb
Other !@#$, !@#$%, !@#$%^, !@#$%^&, !@#$%^&*, !root, $ALOC$, $secure$, $system, %username%12, %username%123, %username%1234, (none), ?award, }