The list contains every wordlist, dictionary, and password database leak that I could find on the internet (and I spent a LOT of time looking). It also contains every word in the Wikipedia databases (pages-articles, retrieved 2010, all languages) as well as lots of books from Project Gutenberg. It also includes the passwords from some low-profile database breaches that were being sold in the underground years ago. The format of the list is a standard text file sorted in non-case-sensitive alphabetical order. Lines are separated with a newline " " character. You can test the list without downloading it by giving SHA256 hashes to the free hash cracker or to @PlzCrack on twitter. Here s a tool for computing hashes easily. Here are the results of cracking LinkedIn s and eHarmony s password hash leaks with the list. The list is responsible for cracking about 30% of all hashes given to CrackStation s free hash cracker, but that figure should be taken with a grain of salt because s

Password dictionaries:

8-more-passwords.txt sorting only passwords with more than 8 characters, removed all numeric passes, removed consecutive characters (3 characters or more), removed all-lowercase passwords, passwords without a capital letter and also a number (61,682 passwords). 7-more-passwords.txt it consists of passwords 7 characters or more, and numeric passwords removed (528,136 passwords). 1000000_password_seclists.txt 1,000,000 password from SecLists bitcoin-brainwallet.lst bitcoin-brainwallet with 394,748 lines usernames.txt collection username of/at US - 403,355 lines us-cities.txt list 20,580 cities at US facebook-firstnames.txt 4,347,667 of Facebook first names. 2151220-passwords.txt 2,151,220 passwords from dazzlepod.com subdomains-10000.txt 10,000 subdomain for domain scanner. 38650-password-sktorrent.txt 38,650 passwords from sktorrent.eu. uniqpass_v16_password.txt UNIQPASS is a large password list for use with John the Ripper (JtR) wordlist mode to translate large number of hashes, e.g. MD5 hashes, into cleartext passwords indo-cities.txt list 102 cities at Indonesia 38650-username-sktorrent.txt 38,650 usernames from sktorrent.eu. forced-browsing every wordlist you need for forced browsing.

MIT License

Copyright (c) 2015 Van-Duyet Le

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Data is sourced from Information is Beautiful, with the graphic coming from the same group here.

There's lots of additional information about password quality & strength in the source Doc. Please note that the "strength" column in this dataset is relative to these common aka "bad" passwords and YOU SHOULDN'T USE ANY OF THEM!

Wikipedia has a nice article on password strength as well.

Data Dictionary

passwords.csv

The statistic shows the distribution of password character sets found among various databases leaked online as of 2017. From 320 million hashed passwords that were analyzed, 49 percent were found to be a mix of numbers and lowercase alphabetic characters. Just two percent of passwords were a mix of numbers, upper- and lowercase alphabetic characters, and symbols.

8-more-passwords.txt: Contains passwords with more than 8 characters. Excludes numeric-only passwords, consecutive characters (3 or more), all-lowercase passwords, and passwords without at least one capital letter and one number. Total: 61,682 passwords. 7-more-passwords.txt: Includes passwords with 7 characters or more. Numeric passwords are removed. Total: 528,136 passwords. 1000000_password_seclists.txt: A collection of 1,000,000 passwords from SecLists. bitcoin-brainwallet.lst: Bitcoin brainwallet with 394,748 entries. usernames.txt: Collection of 403,355 usernames from the US. us-cities.txt: List of 20,580 cities in the US. facebook-firstnames.txt: Contains 4,347,667 first names from Facebook. 2151220-passwords.txt: Collection of 2,151,220 passwords from dazzlepod.com. subdomains-10000.txt: List of 10,000 subdomains for domain scanning. 38650-password-sktorrent.txt: Contains 38,650 passwords from sktorrent.eu. uniqpass_v16_password.txt: UNIQPASS is a large password list for use with John the Ripper (JtR) in wordlist mode to convert large numbers of hashes, such as MD5, into cleartext passwords. indo-cities.txt: List of 102 cities in Indonesia. 38650-username-sktorrent.txt: Contains 38,650 usernames from sktorrent.eu. forced-browsing: Contains every wordlist needed for forced browsing.

Image

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F1842206%2Ff29f742e3d48f66bf0eccf60abf631d1%2Frockyo2.png?generation=1720539563047126&alt=media" alt="">

Kaggle Previous Version of RockYou.txt

https://www.googleapis.com/download/storage/v1/b/kaggle-forum-message-attachments/o/inbox%2F1842206%2F0e4b20e3662c065318f7feefb42ef785%2Foriginal.png?generation=1720578063663708&alt=media" alt="">

The original RockYou.txt dataset was uploaded by @wjburns 5 years ago, with 95K downloads and 640 upvotes, which means Kaggle allows this type of data for research and educational purposes.

Files

I separated the single 160GB txt file into smaller files with filenames based on first character to make it easier to utilize for those with less powerful machines.

• letters (A-Z)
• digits (0-9)
• dollarsymbol ($)
• symbols (other symbols)
• others (those that cant be categorized by any of those above)

Note

• The original 160GB file was written with an encoding of utf8, I used the same encoding for the files above.
• The contents of the files above are UNSORTED
• The contents are NOT DEDUPLICATED

History

• https://en.wikipedia.org/wiki/RockYou

Everyone involved with Capture The Flag (CTF) has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

https://www.youtube.com/watch?v=0_mQACSn6XM" alt="">

RockYou2024.txt

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare” . This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but punctualize the new data comes from recent leaked databases.

From The New RockYou2024 Collection has been published!

Source

I got it from https://github.com/hkphh/rockyou2024.txt, but it was originally shared by a certain aka ObamaCare which I don't have any affiliation nor association with.

Original TxtFile

In case you'd like to process the RockYou2024.txt yourself, you can find it here ❗Original RockYou2024.txt zip file

Strong Passwords Only

In case you'd like to see only the "Strong Passwords", you can find it here ❗180 Million "Strong Passwords" in RockYou2024.txt

Cover Image

Generated with Bing Image Generator

Over 3.2 billion email addresses with passwords posted on Dark Web from massive Google platform data leaks

Image

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F1842206%2F4a05853cd3e61cc5414534f8c8a82c32%2Fstrongpassword2.png?generation=1720631443593955&alt=media" alt="">

Description

I extracted all entries from the RockYou2024.txt with the following characteristics - Between 8 to 32 characters - Has at least one upper-case character - Has at least one small-case character - Has at least one digit - Has at least one punctuation mark

Note

• The contents per file are DEDUPLICATED
• The contents per file are SORTED
• White spaces between characters are INCLUDED

Kaggle Previous Version of RockYou.txt

https://www.googleapis.com/download/storage/v1/b/kaggle-forum-message-attachments/o/inbox%2F1842206%2F0e4b20e3662c065318f7feefb42ef785%2Foriginal.png?generation=1720578063663708&alt=media" alt="">

The original RockYou.txt dataset was uploaded by @wjburns 5 years ago, with 95K downloads and 640 upvotes, which means Kaggle allows this type of data for research and educational purposes.

Note

• The original 160GB file was written with an encoding of utf8, I used the same encoding for the files above.

History

• https://en.wikipedia.org/wiki/RockYou

Everyone involved with Capture The Flag (CTF) has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

https://www.youtube.com/watch?v=0_mQACSn6XM" alt="">

RockYou2024.txt

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare” . This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but punctualize the new data comes from recent leaked databases.

From The New RockYou2024 Collection has been published!

Source

I got it from https://github.com/hkphh/rockyou2024.txt, but it was originally shared by a certain aka ObamaCare which I don't have any affiliation nor association with.

Variations of Dataset

• In case you'd like to process the RockYou2024.txt yourself, you can find it here ❗Original RockYou2024.txt zip file
• In case you'd like to download the contents segmentized by contents' first characters, you can find it here ❗RockYou2024.zip| 10 BILLION Common Passwords List For your Research and Analysis needs (160GB)

Reminder

Use responsibly

Cover Image

Generated with Bing Image Generator

Covers data on bonds issued in Washington State since 2000 Search by issuer name, user name, or date range Many official statements and bond covenants for bonds issued since 2008 can be viewed and downloaded No password required

This database contains benchmark results for simulation of plasma population kinetics and emission spectra. The data were contributed by the participants of the 3rd Non-LTE Code Comparison Workshop who have unrestricted access to the database. The only limitation for other users is in hidden labeling of the output results. Guest users can proceed to the database entry page without entering userid and password.

The Ligand Protein Database is designed to allow the selection of complexes based on various properties of receptors and ligands for the design and parametrization of new scoring functions or to assess and improve existing ones. Moreover, for each complex, a continuum of ligand positions ranging from the crystallographic position to points on the surface of the protein receptor allows an assessment of the energetic behavior of particular scoring functions. Access to the database is password protected. To obtain access to the LPDB, complete a form, available online, have it signed by your research advisor, and fax the completed form back to the attention of Professor Charles L. Brooks III, (858) 784-8688. There is no fee for academic use of the LPDB. We are currently working out details for licensing to our colleagues in industry. Please contact Professor Brooks to obtain current information on access to the LPDB.

In 2022, the most used authentication technology by companies worldwide was multi-factor authentication (MFA), followed by cloud-based single sign-on. Moreover, ** percent of respondents stated that their company used a passwordless authentication system.

An additional layer of security over the passwords

MFA uses extra verification information over a generic password, resulting in an additional layer of authentication for security, with a market size close to ** billion U.S. dollars worldwide in 2022. Most MFA authentication methods rely on one of three types of information: something you know - like a password or PIN; something you have - like a security token or smartphone; or something you are - like a biometric such as fingerprints or facial recognition.

Barriers to the adoption of MFA

Implementing MFA can be challenging due to user resistance with concerns of mass surveillance using linked databases. Some of the other concerns include poor user experience and difficulties in integration into legacy systems. To overcome these adoption barriers, educating users about the benefits and risks of MFA with regard to biometrics and making the authentication process as seamless and user-friendly as possible is essential. 

Introduction

This datasets have SQL injection attacks (SLQIA) as malicious Netflow data. The attacks carried out are SQL injection for Union Query and Blind SQL injection. To perform the attacks, the SQLMAP tool has been used.

NetFlow traffic has generated using DOROTHEA (DOcker-based fRamework fOr gaTHering nEtflow trAffic). NetFlow is a network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated. A flow is defined as a unidirectional sequence of packets with some common properties that pass through a network device.

Datasets

The firts dataset was colleted to train the detection models (D1) and other collected using different attacks than those used in training to test the models and ensure their generalization (D2).

The datasets contain both benign and malicious traffic. All collected datasets are balanced.

The version of NetFlow used to build the datasets is 5.

    Dataset
    Aim
    Samples
    Benign-malicious
    traffic ratio




    D1
    Training
    400,003
    50%


    D2
    Test
    57,239
    50%

Infrastructure and implementation

Two sets of flow data were collected with DOROTHEA. DOROTHEA is a Docker-based framework for NetFlow data collection. It allows you to build interconnected virtual networks to generate and collect flow data using the NetFlow protocol. In DOROTHEA, network traffic packets are sent to a NetFlow generator that has a sensor ipt_netflow installed. The sensor consists of a module for the Linux kernel using Iptables, which processes the packets and converts them to NetFlow flows.

DOROTHEA is configured to use Netflow V5 and export the flow after it is inactive for 15 seconds or after the flow is active for 1800 seconds (30 minutes)

Benign traffic generation nodes simulate network traffic generated by real users, performing tasks such as searching in web browsers, sending emails, or establishing Secure Shell (SSH) connections. Such tasks run as Python scripts. Users may customize them or even incorporate their own. The network traffic is managed by a gateway that performs two main tasks. On the one hand, it routes packets to the Internet. On the other hand, it sends it to a NetFlow data generation node (this process is carried out similarly to packets received from the Internet).

The malicious traffic collected (SQLI attacks) was performed using SQLMAP. SQLMAP is a penetration tool used to automate the process of detecting and exploiting SQL injection vulnerabilities.

The attacks were executed on 16 nodes and launch SQLMAP with the parameters of the following table.

    Parameters
    Description




    '--banner','--current-user','--current-db','--hostname','--is-dba','--users','--passwords','--privileges','--roles','--dbs','--tables','--columns','--schema','--count','--dump','--comments', --schema'
    Enumerate users, password hashes, privileges, roles, databases, tables and columns


    --level=5
    Increase the probability of a false positive identification


    --risk=3
    Increase the probability of extracting data


    --random-agent
    Select the User-Agent randomly


    --batch
    Never ask for user input, use the default behavior


    --answers="follow=Y"
    Predefined answers to yes

Every node executed SQLIA on 200 victim nodes. The victim nodes had deployed a web form vulnerable to Union-type injection attacks, which was connected to the MYSQL or SQLServer database engines (50% of the victim nodes deployed MySQL and the other 50% deployed SQLServer).

The web service was accessible from ports 443 and 80, which are the ports typically used to deploy web services. The IP address space was 182.168.1.1/24 for the benign and malicious traffic-generating nodes. For victim nodes, the address space was 126.52.30.0/24. The malicious traffic in the test sets was collected under different conditions. For D1, SQLIA was performed using Union attacks on the MySQL and SQLServer databases.

However, for D2, BlindSQL SQLIAs were performed against the web form connected to a PostgreSQL database. The IP address spaces of the networks were also different from those of D1. In D2, the IP address space was 152.148.48.1/24 for benign and malicious traffic generating nodes and 140.30.20.1/24 for victim nodes.

To run the MySQL server we ran MariaDB version 10.4.12. Microsoft SQL Server 2017 Express and PostgreSQL version 13 were used.

The dataset is a structured image dataset designed to facilitate research in spatial localization, pattern recognition, and character classification. It contains high-resolution images of 53 distinct alphabet characters, each systematically placed within a standardized 5×5 grid layout. Each 5×5 grid consists of 25 individual cells. Within each grid, we define 16 overlapping 2×2 sub-grids. These sub-grids serve as local regions of interest for fine-grained spatial analysis. In each 2×2 sub-grid, there are 9 specific positional locations where an alphabet image can be placed—cantered within or slightly offset relative to the subgrid to provide a range of spatial variation. This results in a total of 144 unique placement positions for each character across the entire 5×5 grid. For every alphabet character, the dataset includes an image placed in each of these 144 locations, leading to a comprehensive total of 7,632 labeled samples (53 characters × 144 positions). All samples are consistent in size and format, and the position of each character is precisely annotated to facilitate supervised learning tasks. The Devanagari 53 Alphabet dataset is ideal for training and evaluating models on tasks such as character localization, grid-based graphical password , and few-shot learning under positional variation. The structured spatial layout and extensive position coverage also make it suitable for research in visual attention models, object detection benchmarks, and spatially-aware neural architectures.

This database contains benchmark results for simulation of plasma population kinetics and emission spectra. The data were contributed by the participants of the 4th Non-LTE Code Comparison Workshop who have unrestricted access to the database. The only limitation for other users is in hidden labeling of the output results. Guest users can proceed to the database entry page without entering userid and password.

In 2018 the IPERION-CH Grounds Database was presented to examine how the data produced through the scientific examination of historic painting preparation or grounds samples, from multiple institutions could be combined in a flexible digital form. Exploring the presentation of interrelated high resolution images, text, complex metadata and procedural documentation. The original main user interface is live, though password protected at this time. Work within the SSHOC project aimed to reformat the data to create a more FAIR data-set, so in addition to mapping it to a standard ontology, to increase Interoperability, it has also been made available in the form of open linkable data combined with a SPARQL end-point. A draft version of this live data presentation can been found Here. This is a draft data-set and further work is planned to debug and improve its semantic structure.This deposit contains the CIDOC-CRM mapped data formatted in XML and an example model diagram representing some of the key relationships covered in the data-set. Live access to this data, with documentation and worked examples, can be found at: https://rdf.ng-london.org.uk/sshoc

This is supporting online material for the submission ``Supporting Quality Assurance with Automated Process-Centric Quality Constraints Checking''Contains:- Neo4J database containing the Jira issues and changes from the Dronology data set (all names of involved users have been anonymized in the issues and change events)- Process definitions and constraints for Dronology (a set of Drools .drl files in ProcessConstraints.zip) - java package names have been obfuscated to adhere to doubleblind requirements. DRL files are informative only, as due to double-blind requirements, we cannot provide the source code at this stage. We will make it available publicly via Github upon paper publication.- jupyter notebook analysing the output from evaluation runs (Evaluation.ipynb)- Raw data from the evaluation runs ( .csv files zipped in PerProcessedAndPerConstraintsCSVfiles.zip)Due to confidentiality agreements, we cannot provide any data from the industrial case study.To install the Neo4J database:1) Prepare an empty Neo4J database (version 3.5.15) e.g., useing Neo4J Desktop2) Extract the databases.zip file3) Copy the graph.db folder and store_lock file into the databases folder of your neo4j database4) Start the neo4j database, the password is: dronology

The Regional DataBase, RDB, is a database and estimation system where countries upload catch and sample data for commercial fish species requested in Regional Coordination Groups' Data Call for coordination of sampling of commercial fish species. To upload data, work on data, raise/estimate data and to download data, a password is required.

Image

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F1842206%2Fd4dd9853c2214e89f179cfb72f85be9b%2Fhacker2.png?generation=1720601229197012&alt=media" alt="">

Kaggle Previous Version of RockYou.txt

https://www.googleapis.com/download/storage/v1/b/kaggle-forum-message-attachments/o/inbox%2F1842206%2F0e4b20e3662c065318f7feefb42ef785%2Foriginal.png?generation=1720578063663708&alt=media" alt="">

The original RockYou.txt dataset was uploaded by @wjburns 5 years ago, with 95K downloads and 640 upvotes, which means Kaggle allows this type of data for research and educational purposes.

Files

This is the original RockYou2024.txt file just Zipped and spliced into 11 parts.

History

• https://en.wikipedia.org/wiki/RockYou

Everyone involved with Capture The Flag (CTF) has used the infamous rockyou.txt wordlist at least once, mainly to perform password cracking activities. The file is a list of 14 million unique passwords originating from the 2009 RockYou hack making a piece of computer security history. The “rockyou lineage” has evolved over the years.

https://www.youtube.com/watch?v=0_mQACSn6XM" alt="">

RockYou2024.txt

With the 2021 version we touched high numbers but with the newest release is the (apparently) ultimate amalgamation. RockYou2024 has been released by the user “ObamaCare” . This new version added 1.5 billion of records to the 2021 version reaching the 10 billions records. A wordlist can potentially be used for a multitude of tasks and having this number of records in a single file, especially in 2024 with increasingly aggressive data breaches, is a dream come true for attackers. The user have not specified the nature of the additional records but punctualize the new data comes from recent leaked databases.

From The New RockYou2024 Collection has been published!

Source

I got it from https://github.com/hkphh/rockyou2024.txt, but it was originally shared by a certain aka ObamaCare which I don't have any affiliation nor association with.

Cover Image

Generated with Bing Image Generator

There are three main goals for this project. 1. To compile information on plant traits, seed dispersal, seed predation, and frugivory in Africa. 2. To store the information in a way that enables analyses of plant-animal interactions. 3. To share information about plants and animals in the database. We are compiling information from published literature. Our team uses a password-protected data entry form. If you would like to add published information that is not currently in our database, please contact us. One of the scientific goals of this project is to be able to find broad patterns and trends in seed dispersal relationships across Africa. The database is structured in a way to enable analysis of plant traits along with dispersers/predators and location information. Information about plants and the animals associated with them is viewable through this database, as well as through the Encyclopedia of Life (ATD is a content partner). Several hundred photographs of plants are viewable in Flickr and the Encyclopedia of Life.