UNIQPASS is a large password list for use with John the Ripper (JtR) wordlist mode to translate large number of hashes, e.g. MD5 hashes, into cleartext passwords. While we have had good success rate with our standard password list passwords.txt, we found that the list can be made more useful and relevant by including commonly used passwords from the recently leaked databases that have been made public. As a result, we have compiled millions of these unique passwords into UNIQPASS. Such list is especially handy for pentesters to perform comprehensive password audit and also for IT administrators to expose insecure passwords used by their users.


Version 16 released on March 27, 2016 with 253,207,687 entries
1.For use with JtR wordlist mode with --rules set
2.All passwords are unique and listed in sorted order according to their native byte values using UNIX sort command
3.192,916 of the passwords (UNIQPASS v1) came from English dictionary
4.The remaining passwords were collected from leaked databases from various websites (including major sites e.g. Sony Pictures, Gawker)
5.Max. password length is 30 characters long
6.Password may consist of a-z, 0-9, spaces and special characters ` ~ ! @ # $ % ^ & * ( ) _ - + = { [ } ] | \ : ; " ' < , > . ? /
7.UNIX end-of-line character is used as the newline character
8.Trailing spaces, trailing tabs and NULL bytes have been removed from all passwords
9.List compressed size is 472.6 MB, i.e. the downloadable size
10.The total unmangled entries, 253,207,687, is based on UNIX wc -l output


In the following test, we compare the success rate of JtR wordlist cracking mode against a list of 551,638 MD5 hashes using our standard password list passwords.txt vs. UNIQPASS v16. We use JtR 1.8.0 community-enhanced version for this test. The hashes are passwords for accounts from several leaked databases published by LulzSec back in June 2011.

$ john --format=raw-MD5 --wordlist=passwords.txt --rules hashes.txt
$ john --format=raw-MD5 --show hashes.txt
219722 password hashes cracked, 331916 left
passwords.txt cracked 40% of the hashes using JtR wordlist mode with rules enabled.
$ john --format=raw-MD5 --wordlist=uniq.txt --rules hashes.txt
$ john --format=raw-MD5 --show hashes.txt
515571 password hashes cracked, 36067 left
UNIQPASS v16 cracked 93% of the hashes using JtR wordlist mode with rules enabled.

Upon completing a dictionary attack (wordlist mode), the next step is to resume the same session with JtR incremental mode leaving it to run for a couple hours or until we achieve a desirable yield. This can done with e.g. john --format=raw-MD5 --incremental --max-run-time=3600 hashes.txt.

Password Length Distribution

The chart below shows the password length distribution for UNIQPASS v16. Each slice represents the number of entries having the specified length.

Get a copy of UNIQPASS v16

The preview copy of UNIQPASS v16 is available for download at uniqpass_preview.txt (21MB). The complete list of UNIQPASS is available for purchase at only $12.99 USD. We accept Bitcoins where we charge the equivalent BTC amount as per current exchange rate. Alternatively, you may transfer $12.99 USD to our PayPal account at PayPal accepts all credit cards (Visa, MasterCard, American Express, Discover), so a PayPal account is not required. For other payment method, please contact us directly at

We will deliver UNIQPASS (its private download link) to you via email within 24 hours once we have confirmed your payment. We will also deliver newer copy of UNIQPASS (announced via @UNIQPASS) to the same email address for free upon request - so you only need to purchase UNIQPASS once and receive future updates for free.

Recommended Tools

Depending on your use cases, we recommend one or more of the following password recovery tools for use with UNIQPASS:

John the Ripper (JtR)
Our current default tool to audit most of the leaked hashes
De facto standard GPU-based password cracker
Useful set of utilities to manipulate wordlist
Fast network logon cracker
Cain & Abel
Password recovery tool for Microsoft Operating Systems
802.11 WEP and WPA-PSK keys cracking program
Los Angeles Times (June 16, 2011) (June 17, 2011)
PCWorld (December 27, 2011)
Forbes (December 28, 2011)
CNN (December 30, 2011)
MSNBC (January 4, 2012)
FOX News (January 5, 2012)
Wired (July 12, 2012)