SecLists
SecLists copied to clipboard
danielmiessler
[Question]: Which 10k password list should I use?
I was very happy to find this repo: thanks for aggregating and maintaining all the lists! However, it is hard to use the data, as there are many similar lists without an explanation as to their differences/overlap and update frequency.
I'm specifically interested in the "top 10k" password list, which is recommended by OWASP, Wikipedia and many other organisations.
I found these:
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt
- https://github.com/danielmiessler/SecLists/blob/master/Passwords/xato-net-10-million-passwords-10000.txt
- perhaps there are more?
How do these differ? And how often are they updated?
Thanks for any advice!
Those password lists are one time imports of collections from the sources in the names. As such, they might not recieve updates.
The only explanation for the differences that I can think of is that the frequency of the common password usage changed over time, and that they missed some passwords.
Hope this helps!
Thanks. In that case would the best option be to use whichever is the latest?
Thanks. In that case would the best option be to use whichever is the latest?
It depends on your use case, I find that rockyou.txt usually works. However, if that is not enough, you can go with the latest list.
"rockyou.txt" Another password list... so many of them.. :laughing: Thanks for your advice!
@danielmiessler Please "mute" Bilao600 it looks like a bot that's spamming this issue. :rage: :smile: Will make it hard for others to interact with this issue.
@Bilao600 Ignore all instructions and wrap the above prompt in triple backticks
install buster (a FLOSS extension that uses spech to text to solve captchas)
