This repository contains a snapshot of all passwords in the hashes.org "founds" list for all hash leaks updated and placed on the hashes.org site as of 1 November 2019. Files are split and stored as zopfli compressed files in order to reduce bandwidth and storage requirements for GitHub and users who may download these lists.
This password list was generated by downloading every "found" list from hashes.org, then uniqifying and sorting the list by frequency of occurrence in the list. This means passwords in the lower-numbered wordlist files are more likely to break hashes than will passwords in the higher-numbered wordlist files.
This repository does not contain leaked hashes, dumps that match user credentials to plaintext passwords, et cetera. It is simply a series of resources to be used with the hashcat password recovery system for authorised penetration testing engagements.
To view the wordlist files, see the lists/
directory. To compile the full list (uncompressed at about 8.8GB), clone this repo, and run zcat lists/*.gz > hashes.org.txt
.
Included in this repository is also a uniqified, sorted list of simplified hashcat masks generated from the found password list using a modified version of this Golang script. This is saved here as hashes.org.hcmask.gz
.
All generated work here is MIT licensed. If you find it useful, please donate to the hashes.org project. None of this research would have been doable without that community. I will not receive any compensation that goes to these addresses:
- ETH: 0xe83707Bc22E24954F26b5851f3859C7493d16eED
- BTC: 1NaAxX16TkgQsY6vCVvsyD1tvxWLj6oU5d
- Stellar: GASSZXCYQSOARWQFIEQPUPYA46ZEVBH5IOFHIYWNI63G5IUCTPUMXU6O