Fosstodon

postmodern<a href="https://github.com/BlackArch/wordlistctl/blob/master/repo.json" rel="nofollow noopener" target="_blank">wordlistctl</a> lists installable wordlists from SecLists, but lists them by file name (ex: <code>SecLists/Fuzzing/Databases/NoSQL.txt</code> -> <code>NoSQL</code>). Would it be better to list installable wordlists by relative path (ex: <code>Fuzzing/Databases/NoSQL</code>) or file name (ex: <code>NoSQL</code>)?<a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a>

postmodernI saw <a href="https://gitlab.com/initstring/passphrase-wordlist" rel="nofollow noopener" target="_blank">this passphrase wordlist</a> project popup. Just like to remind folks that passphrase passwords (ex: correcthorsebatterystapler), even with character substitution, can be enumerated and that GPUs will eventually be able to bruteforce the inevitable password dumps from data breaches. In fact a certain someone wrote up a blog post two years ago showing how you could <a href="https://postmodern.github.io/blog/2022/01/23/enumerating-xkcd-style-passwords-with-ruby.html" rel="nofollow noopener" target="_blank">enumerate all permutations of passphrases using Ruby</a> to build your own custom passphrase wordlists; which of course was met with immediate poo-pooing upon. <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/passphrase" class="mention hashtag" rel="nofollow noopener" target="_blank">#passphrase</a> <a href="https://infosec.exchange/tags/enumeration" class="mention hashtag" rel="nofollow noopener" target="_blank">#enumeration</a> <a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#ruby</a>

postmodernDoes anyone actually use the <code>User-Agent</code> wordlists from SecLists that are grouped by OS/platform? Some of these files only contain a single <code>User-Agent</code> (lol) because apparently LG adds a random string to their UAs. /cc <a href="https://infosec.exchange/@danielmiessler" class="u-url mention" rel="nofollow noopener" target="_blank">@danielmiessler</a> <a href="https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/User-Agents/operating-platform/" rel="nofollow noopener" translate="no" target="_blank">https://github.com/danielmiessler/SecLists/blob/master/Fuzzing/User-Agents/operating-platform/</a> <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/seclists" class="mention hashtag" rel="nofollow noopener" target="_blank">#seclists</a>

postmodernTop recommendations so far are:<ul><li><a href="https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-small-directories.txt" rel="nofollow noopener" target="_blank">raft-small-directories</a></li><li><a href="https://raw.githubusercontent.com/Isona/dirble/master/dirble_wordlist.txt" rel="nofollow noopener" target="_blank">dirble_wordlist</a><a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a></li></ul>

postmodernIf a password is manually typed in, it is probably going to be a combination of a few common words, and maybe some random numbers on the end, and maybe a random deliminator character between the words/numbers. For that purpose you can just do a cartesian product of multiple wordlits, a list of numbers/years, and an array of symbol characters. This can be done using the Ruby <a href="https://postmodern.github.io/blog/2022/01/23/enumerating-xkcd-style-passwords-with-ruby.html" rel="nofollow noopener" target="_blank">wordlist</a> <a href="https://github.com/postmodern/wordlist.rb#examples" rel="nofollow noopener" target="_blank">library</a> and <a href="https://github.com/postmodern/wordlist.rb#synopsis" rel="nofollow noopener" target="_blank">CLI</a>. Do you suspect they did any "leet speak" character substitutions? Both the <code>wordlist</code> library and CLI supports enumerating over every possible substitution mutation of every generated word.If a password is generated by a password manager, than all you need to do is pick a character set (usually visible ASCII characters), and generate all strings of a range of lengths. This can be done using using the Ruby <a href="https://github.com/postmodern/chars.rb#readme" rel="nofollow noopener" target="_blank">chars</a> library (ex: <code>Chars::VISIBLE.strings_of_length(10..14).each { |password| ... }</code>). <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#ruby</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>

postmodernI want to know what the purpose/value of the highly-specific wordlist generator template syntax that <a href="https://infinitelogins.com/2020/11/16/using-hashcat-rules-to-create-custom-wordlists/" rel="nofollow noopener" target="_blank">hashcat</a>/<a href="https://null-byte.wonderhowto.com/how-to/tutorial-create-wordlists-with-crunch-0165931/" rel="nofollow noopener" target="_blank">crunch</a> use? Like where is the value in specifying that character 2 is alphabetic, but character 3 is symbolic, and character 4 is numeric? How do you even get that highly-specific information about someone's password, yet don't know the full password? Shoulder surfing? Hidden camera? Trying to decode the keystrokes via the microphone? And why do wordlist builder utils always use a confusing and difficult to remember syntax for their wordlist template format (ex: "@ represents lowercase letters"). <a href="https://infosec.exchange/tags/rant" class="mention hashtag" rel="nofollow noopener" target="_blank">#rant</a> <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/hashcat" class="mention hashtag" rel="nofollow noopener" target="_blank">#hashcat</a> <a href="https://infosec.exchange/tags/crunch" class="mention hashtag" rel="nofollow noopener" target="_blank">#crunch</a>

nemo™ 🇺🇦<a href="https://mas.to/tags/Create" class="mention hashtag" rel="nofollow noopener" target="_blank">#Create</a> <a href="https://mas.to/tags/Custom" class="mention hashtag" rel="nofollow noopener" target="_blank">#Custom</a> <a href="https://mas.to/tags/Wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wordlists</a> Using <a href="https://mas.to/tags/Crunch" class="mention hashtag" rel="nofollow noopener" target="_blank">#Crunch</a> in <a href="https://mas.to/tags/Kali" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kali</a> <a href="https://mas.to/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://www.geeksforgeeks.org/create-custom-wordlists-using-crunch-in-kali-linux/" rel="nofollow noopener" translate="no" target="_blank">https://www.geeksforgeeks.org/create-custom-wordlists-using-crunch-in-kali-linux/</a>

postmodernJust released wordlist 1.1.0, the Ruby library/CLI for reading, combining, mutating, and building wordlists. It slices, it dices, and it now supports reading and writing zip and 7zip compressed wordlists. <a href="https://github.com/postmodern/wordlist.rb#readme" rel="nofollow noopener" translate="no" target="_blank">https://github.com/postmodern/wordlist.rb#readme</a> <a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#ruby</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/wordlist" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlist</a> <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a>

postmodernIf a wordlist generator util has an option to allow digits in words, should it only allow ASCII digits or all <a href="https://www.compart.com/en/unicode/category/Nd" rel="nofollow noopener" target="_blank">unicode digits</a>? <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/unicode" class="mention hashtag" rel="nofollow noopener" target="_blank">#unicode</a>

postmodernWhat would be a good sub-command name for downloading a wordlist into the current working directory? <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/cli" class="mention hashtag" rel="nofollow noopener" target="_blank">#cli</a> <a href="https://infosec.exchange/tags/namingthings" class="mention hashtag" rel="nofollow noopener" target="_blank">#namingthings</a>

postmodernWhat would be a good sub-command name for downloading a wordlist into a cache directory? <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/cli" class="mention hashtag" rel="nofollow noopener" target="_blank">#cli</a> <a href="https://infosec.exchange/tags/namingthings" class="mention hashtag" rel="nofollow noopener" target="_blank">#namingthings</a>

postmodernWhat's a good directory bruteforcing wordlist that balances wordlist size with not pissing off the admin? <a href="https://infosec.exchange/tags/recon" class="mention hashtag" rel="nofollow noopener" target="_blank">#recon</a> <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a>

postmodernIf you installed a library called "wordlists", would you expect it to come bundled with common wordlists (ex: subdomains-1000), or would it allow downloading those common wordlists upon user selection, maybe even auto-download them on first use? <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a>

postmodernWhich wordlists do people use the most frequently or know by name? <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/recon" class="mention hashtag" rel="nofollow noopener" target="_blank">#recon</a> <a href="https://infosec.exchange/tags/enumeration" class="mention hashtag" rel="nofollow noopener" target="_blank">#enumeration</a> <a href="https://infosec.exchange/tags/bruteforcing" class="mention hashtag" rel="nofollow noopener" target="_blank">#bruteforcing</a>

woFFEvening fun with <a href="https://infosec.exchange/tags/chatgpt" class="mention hashtag" rel="nofollow noopener" target="_blank">#chatgpt</a> to write a python script to create custom <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> based on google search results. Yeah... I'm relaxing by <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> in <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> programs just for fun: <a href="https://medium.com/@woff/coding-a-custom-wordlist-generator-with-chat-gpt-ca2c60c41a8d" rel="nofollow noopener" target="_blank">https://medium.com/@woff/coding-a-custom-wordlist-generator-with-chat-gpt-ca2c60c41a8d</a>

Erik BerndtYou're gonna need a bigger boat.<a href="https://fosstodon.org/tags/wordlists" class="mention hashtag" rel="tag">#wordlists</a> <a href="https://fosstodon.org/tags/crunch" class="mention hashtag" rel="tag">#crunch</a>

n0kovo 🇩🇰:anarchy::comm::terminal::vegan::debian::python::tor::signal:I've made a collection of Danish base wordlists useful for cracking danish passwords or fuzzing Danish targets:<a href="https://github.com/n0kovo/danish-wordlists" rel="nofollow noopener" target="_blank">https://github.com/n0kovo/danish-wordlists</a>Give it a ⭐️ on GitHub and boost the post if you found it useful ❤️<a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#passwords</a> <a href="https://infosec.exchange/tags/hashcat" class="mention hashtag" rel="nofollow noopener" target="_blank">#hashcat</a> <a href="https://infosec.exchange/tags/passwordsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#passwordsecurity</a> <a href="https://infosec.exchange/tags/passwordcracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#passwordcracking</a> <a href="https://infosec.exchange/tags/OSINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#OSINT</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://infosec.exchange/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#fuzzing</a>

janPiteJansekeLiberator Core Vocabulary Word Lists<a href="https://www.liberatorsupport.com/Pages/core_words.html" rel="nofollow noopener" target="_blank">https://www.liberatorsupport.com/Pages/core_words.html</a><a href="https://mastodon.host/tags/english" class="mention hashtag" rel="nofollow noopener" target="_blank">#English</a> <a href="https://mastodon.host/tags/corewords" class="mention hashtag" rel="nofollow noopener" target="_blank">#CoreWords</a> <a href="https://mastodon.host/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://mastodon.host/tags/nimi_pasila" class="mention hashtag" rel="nofollow noopener" target="_blank">#nimi_pasila</a> <a href="https://mastodon.host/tags/talika_nimi" class="mention hashtag" rel="nofollow noopener" target="_blank">#talika_nimi</a> <a href="https://mastodon.host/tags/inli" class="mention hashtag" rel="nofollow noopener" target="_blank">#Inli</a>

janPiteJanseke1000 word families (3760 words)<a href="http://www.robwaring.org/vocab/wordlists/full1000.txt" rel="nofollow noopener" target="_blank">http://www.robwaring.org/vocab/wordlists/full1000.txt</a>2500 wordsGSLBAUMAN <a href="http://jbauman.com/gsl.html" rel="nofollow noopener" target="_blank">http://jbauman.com/gsl.html</a>New-GSLVACLAV BREZINA and DANA GABLASOVA <a href="http://corpora.lancs.ac.uk/vocab/docs/new_GSL_rank.pdf" rel="nofollow noopener" target="_blank">http://corpora.lancs.ac.uk/vocab/docs/new_GSL_rank.pdf</a>NGSLCHARLIE BROWNE <a href="http://www.newgeneralservicelist.org/" rel="nofollow noopener" target="_blank">http://www.newgeneralservicelist.org/</a>Dale-Chall List of Simple Words (2942 words)<a href="https://www.usingenglish.com/resources/wordcheck/list-dale-chall+list+of+simple+words.html" rel="nofollow noopener" target="_blank">https://www.usingenglish.com/resources/wordcheck/list-dale-chall+list+of+simple+words.html</a>3000 wordsVocabulary Workshop: 3000 Most Common Words in American English <a href="http://easy-english.com.ua/wp-content/uploads/2014/12/3000_most_common_words.pdf?32d2ec" rel="nofollow noopener" target="_blank">http://easy-english.com.ua/wp-content/uploads/2014/12/3000_most_common_words.pdf?32d2ec</a>3000 Most Common Words in American English<a href="http://www.pensaremingles.com/3000MostCommonWordsinAmericanEnglish.pdf" rel="nofollow noopener" target="_blank">http://www.pensaremingles.com/3000MostCommonWordsinAmericanEnglish.pdf</a>3000 most common words in English<a href="http://www.ef.com/english-resources/english-vocabulary/top-3000-words/" rel="nofollow noopener" target="_blank">http://www.ef.com/english-resources/english-vocabulary/top-3000-words/</a>The first three thousand English words<a href="http://eclexam.eu/the-first-three-thousand-english-words/" rel="nofollow noopener" target="_blank">http://eclexam.eu/the-first-three-thousand-english-words/</a>English 3000 common words<a href="http://www.paulnoll.com/Books/Clear-English/English-3000-common-words.html" rel="nofollow noopener" target="_blank">http://www.paulnoll.com/Books/Clear-English/English-3000-common-words.html</a>Collins COBUILD English Dictionary Frequently Wordlist<a href="https://wenku.baidu.com/view/644688aedd3383c4bb4cd220.html" rel="nofollow noopener" target="_blank">https://wenku.baidu.com/view/644688aedd3383c4bb4cd220.html</a>Longman Communication 3000<a href="http://www.lextutor.ca/freq/lists_download/longman_3000_list.pdf" rel="nofollow noopener" target="_blank">http://www.lextutor.ca/freq/lists_download/longman_3000_list.pdf</a>4000 wordsJACET 4000 WORD LIST<a href="http://www.j-varg.sakura.ne.jp/about/log/4000/4000.html" rel="nofollow noopener" target="_blank">http://www.j-varg.sakura.ne.jp/about/log/4000/4000.html</a>WordZone for 4,000 simple word families<a href="http://www.textproject.org/assets/library/resources/WordZones_4000-simple-word-families.pdf" rel="nofollow noopener" target="_blank">http://www.textproject.org/assets/library/resources/WordZones_4000-simple-word-families.pdf</a>top 5000 words/lemmas<a href="http://www.wordfrequency.info/free.asp?s=y" rel="nofollow noopener" target="_blank">http://www.wordfrequency.info/free.asp?s=y</a>6,000 most frequently used English words<a href="http://www.naturalenglish.club/esl/" rel="nofollow noopener" target="_blank">http://www.naturalenglish.club/esl/</a>8000 wordsJACET8000<a href="http://language.sakura.ne.jp/s/doc/voc/j8.xlsx" rel="nofollow noopener" target="_blank">http://language.sakura.ne.jp/s/doc/voc/j8.xlsx</a>10000 words10 000 English words<a href="http://www.mit.edu/~ecprice/wordlist.10000" rel="nofollow noopener" target="_blank">http://www.mit.edu/~ecprice/wordlist.10000</a>10 000 Most common English words (Proficiency)<a href="http://sherwoodschool.ru/vocabulary/proficiency/" rel="nofollow noopener" target="_blank">http://sherwoodschool.ru/vocabulary/proficiency/</a>List of 10,000 Words from the Brown Corpus <a href="http://emustru.sourceforge.net/list_words_sfi.pdf" rel="nofollow noopener" target="_blank">http://emustru.sourceforge.net/list_words_sfi.pdf</a>Top 10000 English Words<a href="http://archive.is/Se5yZ" rel="nofollow noopener" target="_blank">http://archive.is/Se5yZ</a>The most frequent and common 10000 words used in English and Example Sentences<a href="http://www.use-in-a-sentence.com/english-words/10000-words/the-most-frequent-10000-words-of-english.html" rel="nofollow noopener" target="_blank">http://www.use-in-a-sentence.com/english-words/10000-words/the-most-frequent-10000-words-of-english.html</a>15 000 word(form)s<a href="http://www.audiencedialogue.net/bnc15knum.txt" rel="nofollow noopener" target="_blank">http://www.audiencedialogue.net/bnc15knum.txt</a>Most-Used Words Online (27 693 words) blogoscoped.com/words/word-hits.zip28000 word families<a href="https://enroots.neocities.org/" rel="nofollow noopener" target="_blank">https://enroots.neocities.org/</a>50 000 English word via OpenSubtitles 2016<a href="https://github.com/hermitdave/FrequencyWords/blob/master/content/2016/en/en_50k.txt" rel="nofollow noopener" target="_blank">https://github.com/hermitdave/FrequencyWords/blob/master/content/2016/en/en_50k.txt</a>Wiktionary 100 000 most frequent words<a href="https://gist.github.com/h3xx/1976236" rel="nofollow noopener" target="_blank">https://gist.github.com/h3xx/1976236</a>Norvig Google Book Frequencies<a href="http://norvig.com/google-books-common-words.txt" rel="nofollow noopener" target="_blank">http://norvig.com/google-books-common-words.txt</a><a href="https://mastodon.host/tags/english" class="mention hashtag" rel="nofollow noopener" target="_blank">#English</a> <a href="https://mastodon.host/tags/wordlists" class="mention hashtag" rel="nofollow noopener" target="_blank">#wordlists</a> <a href="https://mastodon.host/tags/nimi_pasila" class="mention hashtag" rel="nofollow noopener" target="_blank">#nimi_pasila</a> <a href="https://mastodon.host/tags/talika_nimi" class="mention hashtag" rel="nofollow noopener" target="_blank">#talika_nimi</a> <a href="https://mastodon.host/tags/inli" class="mention hashtag" rel="nofollow noopener" target="_blank">#Inli</a>

Recent searches

Search options

Administered by:

Server stats:

#wordlists