Nmap Development mailing list archives

Re: wordlists for Ncrack

From: ithilgore <ithilgore.ryu.l () gmail com>
Date: Wed, 29 Jul 2009 02:41:52 +0300

Solar Designer wrote:

On Tue, Jul 28, 2009 at 03:59:11AM +0300, ithilgore wrote:

The gathering of username and password lists has gone well so far and I found
out about another great archive of such files here:
http://theargon.com/achilles/wordlists/
However, a proper sorting of all these has to take place. Soon.


As you're probably aware, I've done quite some work sorting, rejecting,
and merging wordlists a few years ago:

http://www.openwall.com/wordlists/
ftp://ftp.openwall.com/pub/wordlists/

Typical reasons for a rejection were a wordlist file being a duplicate
or a wordlist file meant to be language-specific containing too many
words from other languages (detected with a script).

The resulting wordlists all start with comments giving the original file
names that I ended up merging.  For example,
languages/English/3-large/lower.gz starts with:

#!comment: Pre-processed input wordlist files:
#!comment: 10001fr.equ   74550com.mon    famous         pocket-dic
#!comment: 10002fr.equ   Antworth        freja.diku.dk  sf
#!comment: 10196pla.ces  aussie          ftp.cs.vu.nl   shakespeare
#!comment: 113809of.fic  biology         ftp.uu.net     shakesp-glossary
#!comment: 21986na.mes   computer.names  knuth_britsh   simtel20.army.mil
#!comment: 256772co.mpo  CRL             knuth_words    special.eng
#!comment: 354984si.ngl  englex-dict     male-names     Unabr.dict
#!comment: 366often.mis  english.abbrs   minix          Unix.dict
#!comment: 3897male.nam  english.names   muller         web2
#!comment: 4160offi.cia  english.words   myths-legends  web2a
#!comment: 4946fema.len  english-zedz    numbers        words-english
#!comment: 6213acro.nym  engwords.txt    ospd           wordset_4k

languages/English/4-extra/lower.gz adds:

#!comment: Pre-processed input wordlist files:
#!comment: english.maybe  length09.txt  length18.txt  length27.txt
#!comment: english.trash  length10.txt  length19.txt  length28.txt
#!comment: length02.txt   length11.txt  length20.txt  length29.txt
#!comment: length03.txt   length12.txt  length21.txt  length30.txt
#!comment: length04.txt   length13.txt  length22.txt  length31.txt
#!comment: length05.txt   length14.txt  length23.txt  length32.txt
#!comment: length06.txt   length15.txt  length24.txt  misc.names
#!comment: length07.txt   length16.txt  length25.txt  mobythes
#!comment: length08.txt   length17.txt  length26.txt  org.names

Obviously, most of these wordlists are too large to be used with Ncrack.
I'd recommend just password.lst from here:

http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john/run/

maybe with systems' default passwords added.  Please note that this
revision of password.lst (bundled with John the Ripper) is currently
slightly newer than one found in the wordlists collection.


Alexander, do we have your permission to use these lists as part of Ncrack's
lists (that are going to shipped with Ncrack)? This applies to having them as
separate lists as well as having some of the passwords in a greater mix of other
passwords. In either case, please inform us about any requirements to include
any license header or anything similar.


Alexander


Thanks,
ithilgore


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Status Report #14 of 17 Luis M. (Jul 27)
- <Possible follow-ups>
- Status Report #14 of 17 J Marlow (Jul 27)
  - Re: Status Report #14 of 17 ithilgore (Jul 27)
    - Re: Status Report #14 of 17 Joao Correa (Jul 27)
    - Re: Status Report #14 of 17 Patrick Donnelly (Jul 27)
    - Re: Status Report #14 of 17 venkat sanaka (Jul 28)
    - wordlists for Ncrack (was: Status Report #14 of 17) Solar Designer (Jul 28)
    - Re: wordlists for Ncrack ithilgore (Jul 28)
    - Re: wordlists for Ncrack Solar Designer (Aug 12)