Awesome

Bad Passwords

A list of the top 10,000 most-used passwords from hacked password lists.

Mutated list was generated by installing John the Ripper and running:

john --wordlist=raw.txt --rules --stdout > raw-mutated.txt

This produces a list which starts with the top 10,000 and makes commonplace alterations to that list. This increases the size of the list from 10,000 → over 422,000.

See Also…

NOTE: This is a list of known-bad clear text passwords. For a list of known-bad password SHA-1 hashes, see https://github.com/skyzyx/bad-password-hashes.

Requirements

Required

The following software is required for Bad Passwords to run:

• PHP 5.3.0+

Installation

Bundle with Composer (recommended!)

To add Bad Passwords as a Composer dependency in your composer.json file:

{
    "require": {
        "skyzyx/bad-passwords": ">=1.0"
    }
}

And include it in your scripts:

require_once 'vendor/autoload.php';

Contributing

To view the list of existing contributors, run the following command from the Terminal:

git shortlog -sne --no-merges

How?

Here's the process for contributing:

1. Fork Bad Passwords to your GitHub account.
2. Clone your GitHub copy of the repository into your local workspace.
3. Write code, fix bugs, and add tests with 100% code coverage.
4. Commit your changes to your local workspace and push them up to your GitHub copy.
5. You submit a GitHub pull request with a description of what the change is.
6. The contribution is reviewed. Maybe there will be some banter back-and-forth in the comments.
7. If all goes well, your pull request will be accepted and your changes are merged in.

Authors, Copyright & Licensing

My intention is to release all rights to this documentation and make it available under the Public Domain. Unfortunately, in the U.S. it's not quite that cut-and-dry. So, I am dual-licensing this work under CC0 and the Unlicense. You can choose whichever license you would prefer to adhere to.