A combination of tools and resources used during password audits
- Why another set of wordlists?
- I was trying to think about what methods I would use for more complex passphrases and one immediate idea was using titles, characters, artists, etc. from various fields of entertainment. Many of these can come with a lot of the field requirements normal password policies require. For example, "Star Wars: Episode 7 - The Force Awakens" contains upper case, lower case, numbers, and special characters. In its own right a relatively complex and long for most users, but very memorable.
- Don't tools like CeWL and crunch already help make this possible with custom wordlists?
- True, many tools exist for custom wordlists but none are perfect and require running each time for new assessments. They can be great additional aids for pentests, but they are not a replacement for wordlists in general.
- You don't have 'x' in your wordlist!
- I am not going to claim that these lists are perfect. I have taken a few various sources online and tried to condense them to manageable sizes and remove some of the extraneous details. If there is a wordlist you think might be useful that doesn't exist here, let's talk. Perhaps the data is there but just needs to be extracted from sources and put into a plain format for tools like hashcat and JtR to use. If you are looking for a good list of widely available wordlists, may I suggest starting here: https://github.com/danielmiessler/SecLists