Kaonashi Project: RootedCON 2019
This repository contains several directories:
- Sorted Masks for hashcat
- Advanced Rules for hashcat
- Links to download the Kaonishi's Wordlists
- Slides used in our talk I know your p4$$w0rd (and if I don't, I will guess it... at RootedCON (2019)
A clone may not be necessary to get the files you need.
When a user has to choose a password, he tends to build it in the same way, using the same personal information, and using the same complexity ideas.
In this study we processed several billions of real passwords in order to make a large-scale analysis of these common behaviors, drawing conclusions that allow us to create specific procedures and tools to improve current Password Cracking techniques.
We used different methods, like behavioral and statistical analysis, neural networks and other advanced techniques, to obtain patterns and relevant information that allow us to crack hashes whose resistance is usually quite high.
These wordlist has been extracted from real password leaksa, and sorted by number of ocurrences. By having this wordlists sorted this way, users can extract TOP n lines/passwords and create custom wordlists based on their needs.
For our study, we created the original wordlist and two additional ones:
You can also find .torrent files inside wordlists/ directory
Authors and Attributions
- Jaime Sánchez @segofensiva)
- Pablo Caro (@pcaro90)
- Thanks to everyone in the password cracking scene for inspiration and lists
Disclaimer and License
- These code and wordlists are for LAWFUL, ETHICAL AND EDUCATIONAL PURPOSES ONLY.
- The files contained in this repository are released "as is" without warranty, support, or guarantee of effectiveness.
- Ee are open to hearing about any issues found within these files and will be actively maintaining this repository for the foreseeable future. If you find anything noteworthy, let us know and we'll see what we can do about it.
The authors did not steal, phish, deceive or hack in any way to get hold of these passwords. All lines in these files were obtained through freely available means.
The intent for this project is to provide information on insecure passwords in order to increase overall password security. The lists will show you what passwords are the most common, what patterns are the most common, and what you should avoid when creating your own passwords.
This work is licensed under a GNU General Public License v3 License.