• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
KaliTut

KaliTut

Kali Linux tutorial and Linux system tips

  • Home
  • Raspberry Pi
  • Privacy Policy
  • About us

Password Dictionary where to download and how to make them

Last Updated on June 12, 2021 by Walid Salame 79 Comments

One of the most used password pentesting method is password dictionary attack. In this case, the cracking tool sequentially checks all possible passwords stored in special files called password dictionary.

Typically, password dictionary store frequently used passwords and familiar words, such as names and place names.

Password Dictionaries may contain words from various languages ​​of the world. Password crackers check them one by one in search of a suitable one.

rockyou password list

If you decide to use password dictionary attack, you will need some basic dictionaries or whats called password list.

 

  • Kali password dictionary
  • Best password dictionary Download
    • weakpass
    • skullsecurity
  • Password dictionary attack

Kali password dictionary

These hacking dictionaries are already present o Kali Linux. So we can safely use it without download anything.

RockYou (/usr/share/wordlists/rockyou) is the most popular pentest dictionary for any business. It can also be used for WiFi, but I recommend that you first clean up inappropriate passwords using the same pw-inspector.

So if you are using Kali Linux before you download any password dictionary you may check rockyou password list that comes in every kali Linux image.

You can use it to perform a dictionary attack, at least try the one you have before you download a new one.

Kali Linux provides some Password dictionary files as part of its standard installation named rockyou.txt.
you can find that file here :

/usr/share/wordlists/rockyou.txt.gz

if this one doesn’t work check the end of this article and you will find what you want.
but for now let’s check rockyou.txt.gz.

So let’s take a copy of rockyou.txt.gz to root directory
To do so write this command:

cp /usr/share/wordlists/rockyou.txt.gz .

Now to unzip rockyou wordlist type:

gunzip rockyou.txt.gz

you will get a new file rockyou.txt
To know how many passwords this file contains type:

wc -l rockyou.txt

The password inside this file include password’s with more and less then 8 characters
so if you want to use it for WPA2 Penetration Testing you should make a dictionary that contains passwords with minimum 8 characters so it becomes a wpa dictionary and Make sure you have a monitor mode wifi adapter that support WPA2 cracking
To do that type this command :

cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 63 > rockyoulist.txt

rockyoulist.txt contains 9606665 passwords that’s a huge list πŸ˜‰
I called mine rockyoulist.txt but maybe you should call it passwordlist.txt if you are making it for WiFi penetration or anything you want just remember it.

rockyou.txt

Now you have a good password list containing the most used password in the world.

Best password dictionary Download

To download new password dictionary / password lists to make your list even bigger check those tow website with an updated dictionary

weakpass

Weakpass is the best place to get new password list with fresh and updated password, the website update it’s list almost everyday, honestly you wont need any other place to download password list after trying weakpass.com

password dictionary

you can download by direct link or using torrent both are availabl

skullsecurity

https://wiki.skullsecurity.org/Passwords

Skullsecurity is not updating it’s list at all but you may check it ! it was one of the best one day.

Password dictionary attack

Not all software contains exploitable vulnerabilities (as some would like). But the chain, as you know, breaks at the weakest link. And it doesn’t matter how strong the rest of the links are if we find the weak.

Very often, the weak link is the person. That is why social engineering is quite popular. Another type of attack, which I would also attribute to the human factor, is an attack on weak passwords. As it became known from recent news , even some computer security professionals, real hackers, sometimes use weak passwords.

Password attacks can be divided into two large groups: a hash attack and an attempt to pick up a password for authentication. We will not dwell on their characteristics in detail. Since password dictionary attack is possible in both groups.

So we come to the most important thing – where to get the dictionaries. Different tasks require different dictionaries:

  • if we brute force login to a remote service, then we need not very large dictionaries, but with the most common usernames and passwords. This is due to the fact that most network services have a customized brute force protection. Those. so that our IP is not blocked by an automatic script, we must make a long interval between attempts. It will take a lot of time, so it makes sense to start only with the most popular sets of words;
  • Bruteforcing a Wi-Fi network password (in an intercepted handshake), we still need a high-quality dictionary with popular passwords, but the larger the dictionary, the better, especially if you have medium or strong hardware;
  • Bruteforcing the addresses of admin areas, subdomains, directories, files – you need a specialized dictionary with the most common addresses.

I think the meaning is clear: you can’t have one best dictionary for all occasions. There should be several such dictionaries.

Filed Under: Tutorials Tagged With: Password dictionary

Comments

  1. Unknown says

    February 8, 2016 at 1:52 pm

    hi bro i want to became the best hacker because i want to be came the govermet tools too and now am in military base

    Reply
    • me says

      June 12, 2022 at 4:58 am

      You certainly have the keyboarding skills down.

      Reply
  2. Walid Salame says

    February 9, 2016 at 12:42 am

    okay so what can i do for you ?
    how can i help you ?

    Reply
  3. Sabir Ali says

    April 12, 2016 at 8:05 am

    Dear Walid i am new in kali linux i see many use full tutorial and guide kindly share with us some basic terminal command with us will be thankful to you and some basic how to use kali Linux and Terminal commands.

    Reply
    • DerrXh says

      December 2, 2021 at 12:16 am

      sudo wifite
      sudo airmon-ng
      nmap

      Reply
  4. Walid Salame says

    April 17, 2016 at 11:49 am

    hi sabir welcome to kali community

    you can check this post for some basic terminal command
    https://kalitut.com/kali-linux-commands/
    and keep on mind terminal command its about the tools you are using

    Reply
  5. Unknown says

    April 21, 2016 at 3:44 pm

    Hey can you post a link for country wise most used passwords?

    Reply
  6. Unknown says

    May 1, 2016 at 2:45 am

    I did the cat thing and now it doesn't say anything after it i dont even have a new line to type something in

    Reply
  7. Unknown says

    May 1, 2016 at 2:46 am

    nvm

    Reply
  8. Walid Salame says

    May 6, 2016 at 4:11 pm

    i will try to do that , there is a torrent file i saw few years ago i hope it still there , it list the passwords by the country , for every country a text file

    Reply
  9. Walid Salame says

    May 6, 2016 at 4:12 pm

    the cut thing may take sometime ,
    i think its working fine now right ? if you still have errors let me know

    Reply
  10. Unknown says

    May 7, 2016 at 7:44 pm

    i want something from you … iwant wordlist called common size 358 M … if you have this passwordlist please give me link

    Reply
  11. Anonymous says

    May 12, 2016 at 8:47 pm

    So when i use aircrack-ng the command i use is : "aircrack-ng -w /root/wordlists/rockyou.txt capfile.cap"
    my 1st question is whats the difference between useing a txt file and a having a .dic file? is one better then the other?

    my 2nd question is by the command i use is there something im doing wrong that makes Aircrack tell me no wordlist found if i use anyother file type or file for that matter. is there a command im missing that would let it use a .dic file?

    Reply
  12. Walid Salame says

    May 13, 2016 at 4:03 pm

    file type its all about the tools you are using and with what file type it can work …
    plus a .dic file would be too big for wordlist and too slow even if you get a tool to work with it …

    the command you are using is right and there is nothing wrong with it …

    Reply
  13. Unknown says

    May 16, 2016 at 1:16 pm

    Is the wordlists contains words and the aircrack will match all the words that contains in the wordlists or is the another way that aircrack will use to crack the passwoard

    Reply
  14. Walid Salame says

    May 16, 2016 at 7:48 pm

    the wordlist contains words and the aircrack will match all the words that contains in the wordlists to find out the right one , but this is done offline
    i mean it wont be sending wrong passwords to the AP , it will do that by checking the handcheck file

    Reply
  15. kuntong khuasak says

    May 24, 2016 at 12:44 pm

    hi bro
    now iam using bt5r3 and l cant get pw for my terget wifi.l am also using wordlist for inside software bt.rockyou and dackcode.but cant.so,help me some.

    Reply
  16. Walid Salame says

    May 24, 2016 at 7:05 pm

    there is nothing we can do about it ! the victim is using a strong password !

    Reply
  17. Unknown says

    June 2, 2016 at 10:29 pm

    skype?

    Reply
  18. Unknown says

    July 8, 2016 at 6:39 am

    hello! i captured .cap files but unable to crack it by using inbuilt kali rockyou.txt then how can i crack?

    Reply
  19. Anonymous says

    July 9, 2016 at 10:09 am

    Thanks @Walid Salame. it's Awesome

    Reply
  20. Walid Salame says

    July 9, 2016 at 11:19 am

    You are welcome πŸ™‚

    Reply
  21. Walid Salame says

    July 9, 2016 at 11:21 am

    you may try another password wordlist and if non work for you then simply the password is not on any of the list you are trying with

    Reply
  22. Unknown says

    July 23, 2016 at 9:29 am

    Thanks dear u made a great help for me

    Reply
  23. Walid Salame says

    July 23, 2016 at 9:32 pm

    you are welcome πŸ™‚

    Reply
  24. Harsimran kaur says

    July 31, 2016 at 3:25 am

    Hi Walid,

    I have cracked 4 passwords out of 10 with the rockyou file. What other files do you recommend for password cracking I have tried all the files listed above.

    Reply
  25. Walid Salame says

    August 3, 2016 at 6:07 pm

    it seems rockyou is the best Password dictionary for now,
    if you tried all the files on the list above then i don't have anymore to recommend now , but soon a new dictionary should arrive and it will be the best , a dictionary based on linkedin passwords

    Reply
  26. Unknown says

    August 5, 2016 at 8:49 pm

    This comment has been removed by the author.

    Reply
  27. Unknown says

    August 14, 2016 at 1:02 pm

    Hello! Like many people here on this page, I too am new to kali and backtrack Linux penetration. I wanted to know if the password lists need to be in some way imported into aircrack ng, or if it just finds them anywhere on the HDD? Thank you very much!

    Reply
  28. Walid Salame says

    August 14, 2016 at 4:19 pm

    you don't have to import anything into aircrack ng ,
    check this post please to know how to use password list with aricrack

    Cracking WiFi with aircrack ng

    Reply
  29. Unknown says

    August 23, 2016 at 10:25 am

    Hello. i am searching for 8 characters mix alphanumeric wordlist. my WPA password consists of 8 characters which includes Uppercase,lowercase alphabets and numbers. i tried to used Crunch to generate it but the size was too big to be created in my device.So,i will be very grateful to you if you could advise me on this.. Thanks

    Reply
  30. Unknown says

    August 25, 2016 at 9:31 am

    I just come across this site and i find the wordlists posted very usefull but i have a question in mind – when i know some characters of the wpa pw of the victims wifi (e.g. fantasy word etc.), how can i pre set them additionally to the wordlists like for instance u figured out ur victim uses this characters 'Z-E-L-D-A'(Zelda) and behind it a normal word (which i wish should be written together as one word)??

    Id appreciate a quick response, i remembered once reading something like that in the aircrack documentation

    Reply
  31. Unknown says

    September 12, 2016 at 6:55 pm

    Hello, i am using kali linux in vm i have already downloaded dictionary in my windows folder can u suggest me a way how can i find that in linux (vm), or is there any process which needs to be done.. Thank you in adv

    Reply
  32. Unknown says

    September 12, 2016 at 6:56 pm

    Anyone have any suggestions plz

    Reply
  33. Walid Salame says

    September 13, 2016 at 7:28 pm

    you must move the file to Linux vm , did you install the vm guest tools ?

    Reply
  34. Walid Salame says

    September 16, 2016 at 12:13 pm

    you can make an 8 characters mix alphanumeric wordlist by using this command

    cat rockyou.txt | sort | uniq | pw-inspector -m 8 -M 8 > dictionaries.txt

    rockyou.txt is the name of the file you are extracting the passowrd from

    dictionarie.txt is the name of the new password dictionaries

    Reply
  35. Unknown says

    September 29, 2016 at 8:56 am

    HI WALID….
    PLEASE HELP HOW TO DOWNLOAD WORDLIST.TXT AND U HAVE LINK OF WORDLIST SO KINDLY SEND THEN I WILL DOWNLOAD THE WORDLIST

    Reply
  36. Walid Salame says

    September 30, 2016 at 11:45 am

    Hi ali
    if you are looking for a file named Wordlist.txt then i think you can find that file on torrent website's i don't have any direct link for it sorry

    Reply
  37. Nate Curry Photography says

    October 18, 2016 at 4:29 pm

    The rockyou.txt wordlist comes with kali..

    It is located in /usr/share/wordlists/

    You'll also find a bunch of other wordlist you can use in there

    Reply
  38. Ashfaq2805 says

    October 29, 2016 at 10:03 am

    I will download this on Windows but how to send this to Kali Linux's desktop pls help me

    Reply
  39. Walid Salame says

    October 29, 2016 at 8:53 pm

    how Install VMware Tools on Kali Linux so you can from from windows to kali
    check this YouTube video in the link below
    how Install VMware Tools on Kali Linux

    Reply
  40. kr1 says

    November 4, 2016 at 9:33 am

    how do i install rainbowcrack from a usb stick and any helpful commands to get it to run in aircrack

    Reply
  41. Walid Salame says

    December 2, 2016 at 11:24 am

    hi … wish i could help you but i haven't work with Reaver before …
    but maybe you should check my new post about wifi password hacking

    how to hack wifi password

    Reply
  42. You wing says

    December 2, 2016 at 11:18 am

    I am from Malaysia~can I just use this wpa dictionary for beini 1.2.3 version?

    Reply
  43. elmobarmg says

    December 2, 2016 at 11:19 am

    Hi walid
    I have some terrible with reaver
    The problem is it trying the same first 4 pin from start executed to end
    Trying pin 1234****
    Other numbers changed but first 4pin don't
    I sheared in google many several time and no luck
    My WiFi adapter is tplink tl wn722n
    Operation system Kali Linux 2016.2,Ubuntu 16.4
    Reaver versions I tried 1.4,1.5.2

    Reply
  44. Walid Salame says

    December 2, 2016 at 11:19 am

    sure you can

    Reply
  45. Unknown says

    December 31, 2016 at 9:47 am

    Why doesn't anyone just post a txt file with all minimum 8 character passwords.

    Reply
  46. Walid Salame says

    December 31, 2016 at 9:49 am

    cause password dictionary are not made only for WiFi cracking

    Reply
  47. Dr. Dumitrescu says

    January 15, 2017 at 9:10 pm

    it seems like my previous comment didn't post…

    Long story short, my world lists are in lst and txt formats…can a compile them, remove the duplicates and compile them into one txt file without having to convert the lst file to a txt file? The bash command that I'm using simply writes out an empty txt file.
    The bash command that I'm using is:
    cat filename.txt filename.lst | sort | uniq > output.txt

    Thanks!

    Reply
  48. Dr. Dumitrescu says

    January 15, 2017 at 9:10 pm

    Hi Walid,

    I got a few word list and one of them is in .lst a format and others are in .txt format. I'm still learning linux but I was wondering, is it possible to compile the txt and lst files together and write it out as a txt file?
    The current bash command that I am using (and it simply just write out a blank text file) is:
    cat filename.txt filename.lst | sort | uniq > output.txt

    P.S. this is my first time that I've came across your website and this is an amazing place. Great job on everything bud!

    Reply
  49. Walid Salame says

    January 15, 2017 at 9:16 pm

    hi sorry for late reply … yes you can do that and mix both file and get an output of text password file…
    Google : how to generate wordlist with crunch

    Reply
  50. Unknown says

    February 1, 2017 at 8:24 pm

    Hi Mr: walid salame .. did you found the word list by the country?
    and what is the best wordlist for hack facebook account ?

    Reply
  51. Dr. Dumitrescu says

    February 1, 2017 at 8:24 pm

    sorry I had double posted and thank you for replying. So I ended up with a 43gb world list file but at the moment I don't have a strong GPU and I'm running cracking passwords on CPU. I tried 2 small word lists (~130mb and a ~700mg) and I couldn't crack the password.
    What is the fasted CPU method that you would recommend to cracking a WPA2 password?
    Thanks!

    Reply
  52. Walid Salame says

    February 1, 2017 at 8:26 pm

    no i didn't find it ,
    a wordlist for hacking facebook … hummm you can't hack facebook using this method .

    Reply
  53. Akshay says

    February 6, 2017 at 7:45 pm

    Hi I want to hack a website
    How it should be done please tell me

    Reply
  54. kdhakal says

    February 20, 2017 at 5:33 am

    I could not find the rockyou.txt.gz file in kali.
    The folder wordlists does not exist in the /usr/share folder.
    How do I download this file?

    Reply
  55. Wepso says

    February 28, 2017 at 8:11 pm

    Hi. I just started usind Kali Linux but i need some wordlist like 0209va20.. can you please tell me where i can find some or is there a way i can hack without a wordlist? Thank you in advance πŸ™‚

    Reply
  56. Unknown says

    February 28, 2017 at 8:11 pm

    hi bro thanks alot for all informations πŸ™‚ but i have some problems with airgeddon i can't resolve the problem of bettercap please help me !

    Reply
  57. Unknown says

    April 1, 2017 at 8:01 pm

    how to type this symbol "|" in kali linux terminal command,as like on that tutorial up there,what ever i do copy past didn't works.. πŸ˜• ASOP,thanks…

    Reply
  58. Lucian says

    April 29, 2017 at 7:29 pm

    I also named mine Kalitut.txt
    rockyou.txt didnt work.
    its just an 8 number password.
    what would be the path to file for Kalitut.txt?

    Reply
  59. Walid Salame says

    April 29, 2017 at 7:37 pm

    it should be in your root …
    open terminal and type ls , can you find the file Kalitut.txt or rockyou.txt in the list ?

    normally it should be on the same folder where the rockyou.txt was coped to …

    Reply
  60. Unknown says

    May 21, 2017 at 10:59 am

    Tryed kali linux 2017 password list to hack one pass word but got no ware from it is there any newest word lists other then whats here or a wps2 passwords only please help im not jokeing

    Reply
  61. Unknown says

    May 31, 2017 at 8:28 pm

    do you have dictionary for perl scripts?

    Reply
  62. Unknown says

    September 7, 2017 at 9:22 pm

    what will happen if the password of the target network is not available in the dictionary? is there a way to try bruteforce attack?

    Reply
  63. Unknown says

    September 7, 2017 at 9:22 pm

    Hey can I run multiple wordlist attack in Kali at a same machine at a same time with different wordlist can i

    Reply
  64. Unknown says

    September 7, 2017 at 9:22 pm

    So i need some help i can unlock the rockyou.txt but it doesnt show up anywhere. I dont get it. I got it to work the first time and thats it

    Reply
  65. Walid Salame says

    September 7, 2017 at 9:25 pm

    if the password is not in the dictionary it will give you a massege password not found

    Reply
  66. RThacker says

    October 8, 2017 at 8:23 am

    Hey bro if any fluxion or password list is not connecting then how to hack wifi ……P

    Reply
  67. Unknown says

    February 24, 2018 at 12:00 pm

    Please provide me the password list of Bangladesh.

    Reply
  68. KEEGAN says

    March 5, 2018 at 10:15 am

    im using kali on the raspberry pi 3, mostly the same, but doesnt have the wordlist file. ive tried about a dozen different lists now and all come back saying "passphrase not in dictionary" 3/0 keys tested immediately after i put the command in. Using aircrack, have the WPA handshake and all

    Reply
  69. Unknown says

    March 5, 2018 at 10:15 am

    As you listed above that the kali linux have its own password list. Ok fine, but i want to know that are every computer using kali linux has this location as you listed above. AND is that list is .cap file…… Thank You for Reply………

    Reply
  70. KEEGAN says

    March 12, 2018 at 5:01 pm

    im using kali on the raspberry pi 3, mostly the same, but doesnt have the wordlist file. ive tried about a dozen different lists now and all come back saying "passphrase not in dictionary" 3/0 keys tested immediately after i put the command in. Using aircrack, have the WPA handshake and all

    Reply
  71. Hanuman Prasad JI poddar-Bhaiji says

    January 9, 2019 at 8:07 pm

    What is the easiest way to hack wpa2 ? Because some person use some password which are not in the dictionary.

    Reply
  72. Anonymous says

    October 19, 2019 at 12:02 pm

    look at all these script kiddies wanting to hack others for profit, you all need to go work on your spelling and not worry about trying to steal shit that is not yours to begin with you bunch of idiots.

    Reply
  73. Tony says

    August 17, 2021 at 6:23 am

    I am very new to Linux, so apologies if I am completely ignorant about what I’m asking, im just curious. Right now, when I run wifite and capture a handshake, it immediately runs aircrack with top4800-probable.txt. is there a way to change this so the default wordlist is rockyou.txt?

    Reply
    • admin says

      August 18, 2021 at 8:31 pm

      check this tutorial of how to use wifite https://kalitut.com/wifite-automated-wi-fi-hacking-tool/
      so you can se the wordlist you want

      Reply
  74. alex says

    December 28, 2021 at 6:21 am

    Hi there.

    I have a question.
    How can I use RockYou2021.txt.gz ?
    for example, after I downloaded it and put it on Kali linux in any folders, what should I do that wifite2 use it as wordlist as default?
    because I can not replace it on /usr/share/wordlist/.

    do you have any ideas?

    Reply
    • admin says

      February 2, 2022 at 10:46 pm

      you have to check how to change wordlist in wifite2

      Reply
  75. ABDULBOSS says

    June 27, 2022 at 1:12 am

    Hi Sir how to appreciate with the app

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow us

  • Facebook
  • Twitter
  • YouTube

Categories

  • Android pentesting tools
  • Arduino
  • Books
  • Darknet
  • database
  • General
  • Github Tools
  • Hacking
  • Kali Linux
  • Linux
  • Linux Commands
  • Network Administrator
  • Penetration Testing
  • Penetration Testing Tools
  • PowerShell
  • Raspberry Pi
  • resources
  • Review
  • Termux
  • Tutorials
  • Ubuntu
  • Uncategorized
  • Video Tutorials
  • vmware
  • WiFi Adapter
  • WiFi Pentesting
  • Wireless Router
  • Wireshark

Recent Posts

  • Hijacked Wi-Fi? Thorough explanation of hacking techniques
  • Windows PowerShell tutorial for beginners
  • Learn to Hack Steps from Beginner to Hacker
  • PowerShell Tutorial – GUIDE introduction with basics
  • Top Hacking Tools
  • Home
  • About us
  • Privacy Policy
  • Affiliate disclaimer

Copyright © 2023