SecLists
btcrecover
Our great sponsors
SecLists | btcrecover | |
---|---|---|
177 | 56 | |
53,546 | 1,183 | |
- | - | |
9.6 | 0.0 | |
5 days ago | 9 months ago | |
PHP | Python | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SecLists
-
Where can I find a large list of common usernames?
https://github.com/danielmiessler/SecLists/blob/master/Usernames/xato-net-10-million-usernames.txt is not enough usernames
-
DarkBeam leaks billions of email and password combinations
This reminds me of [0] where they maintain composite lists of frequently used passwords. Also in the repo is probably my favorite pull request ever [1].
[0] https://github.com/danielmiessler/SecLists
[1] https://github.com/danielmiessler/SecLists/pull/155
- Would you take this order?
-
What's the problem with my API?
Maybe swagger.txt
-
I had a machine running for two weeks on the public cloud. Every few seconds there was an automated SSH login attempt. Here is the full list of usernames - some of which are quite curious.
Typical of the sorts of information a tester/attacker might be using from: Daniel Miessler's SecLists
- How does one find a list of banned/breached passwords to add to our Azure Custom Password Block list?
-
[OC] I updated our famous password table for 2023
Oh, and then you have this.
-
Join Celebrations! Appwrite 1.3 Ships Relationships
You can now also enable a rule for password dictionary. Appwrite knows what are the most common passwords, and with this rule enabled, it will not allow you users to set any of those passwords. It prevents your users from having passwords like password, 123456678, or qwertyui. Appwrite currently knows the 10,000 most commonly used passwords thanks to the same list used by other industry-leading auth providers. You can check out the dictionary list on GitHub.
-
Help crack wpa2
Try wifite if you don’t know how to use hashcat it is pretty simple. Hashcat is pretty easy as well I am to lazy to get on my laptop right now but just get the right wordlist Seclist has a shit load of them https://github.com/danielmiessler/SecLists
-
Help me find the code
Fellow rust players know the way
btcrecover
- First time sending Bitcoin with electrum - 25.8 sat/byte fees
- LF a FOSS mnemonic order brute force
- $100 in ETH if you guess the order of my seed phrase (24 words)
-
How to securely store your keys on a cloud.
This would be quickly crackable using something like btcrecover. (https://github.com/gurnec/btcrecover)
-
Issue with recovering funds from seed
For some ideas see this script: https://github.com/gurnec/btcrecover/
-
Hypnosis to retrieve old Bitcoin Password
Try to use this software on GitHub https://github.com/gurnec/btcrecover - 922 stars, it's good - there is also a tutorial on how to recover a lost password from a wallet.dat file. 6 characters should be fast to find with a good GPU.
-
Guessing last 4 words of mnemonic phrase
Perhaps not possible or at least a few years on a modern pc. Checkout btcrecover https://github.com/gurnec/btcrecover do some test runs with a known seed missing 2 words, then 3 words before your 4.
-
Cold Wallet / Passphrase / Security question
The hacker can use the 24 words to recover the wallet. If there's nothing in it, he might give up, or he might guess that there's a passphrase. Then he hires a private investigator to discover your private details - schools, pets, uncles, birthdays, anniversary dates ... - and he configures https://github.com/gurnec/btcrecover with these details. If you're like most people, your idea of a secure passphrase can be guessed using 30 minutes to 10 days of brute force
-
Is there any way to reconstruct corrupted 24word seed phrase?
This code can compute multiple combinations: https://github.com/gurnec/btcrecover - Last time I used it I found it hard to setup and I guess today it'll be even harder.
-
Mistyped my passphrase, and can't access the funds. Help.
use a brute forcer approach like btcrecover. note that the learning curve is pretty up there though. every little characteristic you can remember about your passphrase can help speed up the process (number of characters, lower case or upper case, digits, positions of these characters, list of characters to use, etc.)
What are some alternatives?
Probable-Wordlists - Version 2 is live! Wordlists sorted by probability originally created for password generation and testing - make sure your passwords aren't popular!
FinderOuter - Easy to use bitcoin recovery tool to fix damaged private key, mini-private key, address, BIP38 encrypted key, mnemonic (seed phrase), BIP-32 derivation path, Armory backups, recover passwords and more
gobuster - Directory/File, DNS and VHost busting tool written in Go
bruteforce-wallet - Try to find the password of an encrypted Peercoin (or Bitcoin, Litecoin, etc...) wallet file.
wpscan - WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via [email protected]
btcrecover - BTCRecover is an open source wallet password and seed recovery tool. For seed based recovery, this is primarily useful in situations where you have lost/forgotten parts of your mnemonic, or have made an error transcribing it. (So you are either seeing an empty wallet or gettign an error that your seed is invalid) For wallet password or passphrase recovery, it is primarily useful if you have a reasonable idea about what your password might be.
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
bips - Bitcoin Improvement Proposals
english-words - :memo: A text file containing 479k English words for all your dictionary/word-based projects e.g: auto-completion / autosuggestion
dmca - Repository with text of DMCA takedown notices as received. GitHub does not endorse or adopt any assertion contained in the following notices. Users identified in the notices are presumed innocent until proven guilty. Additional information about our DMCA policy can be found at
naive-hashcat - Crack password hashes without the fuss :cat2:
brute38 - Resumable BIP38 Brute Force Password Cracker, written in Go