UNIQPASS is a large password list for use with John the Ripper (JtR) wordlist mode to translate large number of hashes, e.g. MD5 hashes, into cleartext passwords. While we have had good success rate with our standard password list passwords.txt, we found that the list can be made more useful and relevant by including commonly used passwords from the recently leaked databases that have been made public. As a result, we have compiled millions of these unique passwords into UNIQPASS. Such list is especially handy for pentesters to perform comprehensive password audit and also for IT administrators to expose insecure passwords used by their users.
|Version 14 released on September 30, 2013 with 241,584,732 entries|
|1.||For use with JtR wordlist mode with |
|2.||All passwords are unique and listed in sorted order according to their native byte values using UNIX |
|3.||192,916 of the passwords (UNIQPASS v1) came from English dictionary|
|4.||The remaining passwords were collected from leaked databases from various websites (including major sites e.g. Sony Pictures, Gawker)|
|5.||Max. password length is 30 characters long|
|6.||Password may consist of |
|7.||UNIX end-of-line character is used as the newline character|
|8.||Trailing spaces, trailing tabs and NULL bytes have been removed from all passwords|
|9.||List compressed size is 428.0 MB, i.e. the downloadable size|
|10.||The total entries, 241,584,732, is based on UNIX |
In the following test, we compare the success rate of JtR wordlist cracking mode against a list of 551,638 MD5 hashes using our standard password list passwords.txt vs. UNIQPASS v14. We use JtR 1.7.9 community-enhanced version for this test. The hashes are passwords for accounts from several leaked databases described in LulzSec (final release).
$ john --format=raw-MD5 --wordlist=passwords.txt --rules hashes.txt .. $ john --format=raw-MD5 --show hashes.txt .. 219722 password hashes cracked, 331916 left
$ john --format=raw-MD5 --wordlist=uniq.txt --rules hashes.txt .. $ john --format=raw-MD5 --show hashes.txt .. 515043 password hashes cracked, 36595 left
john --format=raw-MD5 --incremental --max-run-time=3600 hashes.txt.
Password Length Distribution The chart below shows the password length distribution for UNIQPASS v14. Each slice represents the number of entries having the specified length.
Get a copy of UNIQPASS v14
The preview copy of UNIQPASS v14 is available for download at uniqpass_preview.txt (21MB). The complete list of UNIQPASS is available for purchase at only $12.99 USD. We accept Bitcoins where we charge the equivalent BTC amount as per current exchange rate at BTC-e.com. Alternatively, you may transfer $12.99 USD to our PayPal account at firstname.lastname@example.org. For other payment method, please contact us directly at email@example.com.
Depending on your use cases, we recommend one or more of the following password recovery tools for use with UNIQPASS: