Jump to content

13GB (4.4gb compressed) - WPA WPA2 Word List - 982,963,904 Words


Recommended Posts

Thank You for this List and all of the extra information!

I've actually been running the entire list through aircrack-ng, it loaded the list with 0 issues and has been running for almost a week now (LOL) on 1 WPA2 network handshake. It's gone through about 920 million of the keys as I write this and is still going. I'm starting to feel that it's going to finish unsuccessfully. Reason I used aircrack-ng is because I'm most familiar with it then pyrit, and I actually didn't know about pyrit till I started aircrack. Plus I'm not sure how much better pyrit will be when the PC running the list doesn't have a high end gfx card, it's running off an on-board Intel HD for gfx I think.

On the note of WPS cracking, I have had a ton of success with reaver. I agree on using the -S command with reaver as it really speeds up the process a lot. And cyberjack, thank you for the info on lowering my data rate with the iwconfig, never tried that before.

A question: After aircrack-ng finishes with the list, assuming it fails, what should my next step be? Should I find another wordlist, attempt a bruteforce, just give up? This network doesn't have a custom essid, its a 2Wire, would there be a default set key (not set by the user)?

Edited by DigitalGeek
Link to comment
Share on other sites

default set key on 2wire. ? sadly so mate to be fare if it got wps turnd off i would'nt have given it a try, chances of cracking a default set key is 1,0000 to 1. and its unikly the wpa key algorithm bean leakd ( SKY got thares crackd awile ago) hears the link for that xxx.cm9.net/skypass/

Link to comment
Share on other sites

Ah. Thank you, Unfortunatly no WPS, if there was I would have never attempted a wordlist. Though the wordlist failing really makes me want to try harder at trying to get into the network, but if wordlists and/or bruteforceing are the only options then it kinda seems pointless.

BTW, if anyone was wondering, aircrack-ng finished this entire wordlist in about a full week on a Intel Core 2 Duo, 4GB RAM without anything else running on Backtrack 5 R3.

Link to comment
Share on other sites

yeah i guess so, sometimes you just plane unlucky, and not much you can do. .... A week for wordlist to finish :( ... thank god for pyrit and GPU's .. its takes about 3 days on mine. .. Fastest i ever seen was with a dual tesla card think it was around 26,000 pmks ... ha well be nice if we all had £600 to spend on graphics card(s)... :unsure: .. even if you was to generate all combos with crunch (8 chrs) it would be well over a 1.5TB ... i know ive tryed it .. hardly practical...

Link to comment
Share on other sites

  • 3 weeks later...

LOL... crashed my PC when attempting to aircrack. I bet it has to do with something with the nearly one billion combinations. Hard to cache that and pass that.

Mounting /tmp on another partition would make it to where your whole system doesn't crash if there's too much data.

Link to comment
Share on other sites

Try the Amazon EC2 service...it has all the power you could ever want to rent - at low cost!

Would be interested in doing this, i have heard chit chat about it in the past. Are there any tuts out there? i wouldn't know where to start.

Link to comment
Share on other sites

  • 4 weeks later...

Thanks for the list, although as mentioned, there is a lot of duplicates.

Regarding cracking handshakes with this list: guys, you are going it wrong! :)

The only proper way to do this is to use ocl-hashcat.

You do NOT need an expensive GPU, great example is AMD HD5830, which can be had on eBay etc for £50 and gives you over 70.000 H/s of processing power.

It needs less than 4 hours to go through the entire list.

Hashcat is also amazing if you want to check certain only combinations of characters in passwords, for instance to check all passwords ranging from 00000000 to 99999999 you just type:

oclhashcat-plus64.exe -m 2500 -a3 handshake.hccap -1 0123456789 ?1?1?1?1?1?1?1?1

Quick explanation:

-m 2500: type of hash, in this case WPA (it can also crack myriad of other hash types)

-a3: indicates brute force attack, but you can just point it to the dictionary file directly instead (no problem processing multi-gigabyte files)

-handshake.hccap: your handshake to crack, file in hccap format can be generated by aircrack-ng (-J option)

-1: your character set space - for brute force attack you essentially list all the characters you expect to see in password (there are some macros available as well, like ?d - al digits), you don't need this for dictionary attack

- ?1?1?1?1?1?1?1?1: defines format of password for brute force attack, in this case it is 8 characters, each from the '-1' space defined above. Again, no need to specify this for dictionary attack.

Thee is more combinations possible, you can for instance have multiple character spaces and mix them with static strings, e.g. if you know that the password is markus + 4 digits, but you do not remember the digits and you do not remember if 'm' is upercase or lowercase, you can create the flowing rule:

-1 mM ?1arkus?d?d?d?d

All super fast and in real time, no need to generate static combinations lists or any of such nonsense.


- adding '-n 32 -u 2048' options to hashcat command line will significantly speed up processing speed (usually by over 50%), at the expense of desktop responsiveness.

- if your cracking crashes/stops at any point, you can restore it by using --restore option. It is also worth to specify --restore-timer interval, so it saves your progress regularly.

I am really impressed by hashcat, it makes aircrack and other contraptions totally obsolete.

Edited by aszu
Link to comment
Share on other sites

  • 5 months later...

It has many many duplicates in there, but I could see the problem with trying to get rid of them due to it's size. :smile:

Use CudaOclHashCat64 (for x64 Windows), or CudaOclHashCat32 (for x86 Windows) to tame this 13 gig beast :tongue:

CudaOclHashCat64 -m 2500 -a3 capture.hccap -1 0123456789ABCDEF -2 ?l?u -3 ?l?d ?1?2?3?1?1?1?1?1

-m 2500 tells hashcat that we're targetting WPA/WPA2

-a3 capture.hccap tells hashcat to load attack mode 3 (Brute-Force), & use capture.hccap


  • 0 Straight
  • 1 Combination
  • 3 Brute-Force
  • 6 Hybrid Dictionary + Mask
  • 7 Hybrid Mask + Dictionary

-1 0123456789ABCDEF tells hashcat to use a Custom Charset (0123456789ABCDEF), & set it's shortcut to ?1

Where ever ?1 is found in the mask ?1?2?3?1?1?1?1?1

it will be replaced with a character from 0123456789ABCDEF (which is assigned to -1)

The same for -2, & -3... ?2, & ?3 respectively.

Built-in Charset Shortcuts

  • ?l = abcdefghijklmnopqrstuvwxyz
  • ?d = 0123456789
  • ?a = ?l?u?d?s (Use all charsets)
  • ?s = !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

-2 ?u?l tells hashcat to replace ?2 in the mask with a character from abcdefghijklmnopqrstuvwxyz or ABCDEFGHIJKLMNOPQRSTUVWXYZ

Aaaaaaanywhooo... here's an easier way :tongue:

CudaOclHashCat64 -m 2500 -a0 capture.hccap A13GigMonsterList.lst

-a0 tells hashcat that A13GigMonsterList.lst is a plain text list

-m 2500 tells hashcat that we're targetting WPA/WPA2

What you could/should do is get a list of the top 10,000 (or whatever) most used passwords that has leaked from hacks against places like facebook, myspace, google, & the like, & load that list into a password generator that will permutate each word of that list into a new file. Now that list would be worth downloading... especially if you have bandwidth like mine! :grin: 0.5 mbps down, & 0.5 up.

ps: I saw a list where the top facebook password was used by MILLIONS of users!

pps: Hak5 Rocks! :ph34r:

Edited by DTeCH
Link to comment
Share on other sites

  • 1 month later...
  • 3 weeks later...

I have had successful results and nice speed with pyrit cuda

Longest I have seen was about 8hr crack at 14000per second

pre computed results is insane if you have hard drive space to waist you may see a few million per second

any one with this torrent... get your self a cuda powered rig and u must learn the basics of pyrit

Link to comment
Share on other sites

Can you explain me about that program? I have Intel HD Graphics card on my laptop, does that mean that I can't run pyrit cuda? Sorry for my bad english, I hope you understand. Best regards.

Edited by Burn54
Link to comment
Share on other sites

CUDA is nVidia proprietary technology, so your intel card is unable to make use of it. If there's an OpenCL version of this, there's a chance it might, but no guarantees.

Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...

Hi sorry if this is a dump question....

I am trying to use the downloaded wordlist in Kali, but the files won't run. I unzipped them using winrar. Do the files not need to be text files? or am i missing something? do i need to do anything else?

Any help appreciated

Link to comment
Share on other sites

  • 1 month later...
  • 2 weeks later...

Compressed File Size: 4.4gb Decompressed File Size: 13gb

Just thought i would share the link for those who are looking for a decent list to pen test their networks.

The list contains 982,963,904 words exactly no dupes and all optimized for wpa/wpa2. Would also just like to point out that this is not my work, instead it was a guy who compiled a whole load of useful lists, including his own to come up with 2 lists (one is 11gb and one is 2gb) i will be seeding this torrent indefinitely since it is shareware! 20mb up!


This is my final series of WPA-PSK wordlist(S) as you can't get any better than this !

My wordlist is compiled from all known & some unknown internet sources such as; 

1. openwall
2. coasts password collections
3. Xploitz Master Password Collection(s)  vol 1 and vol 2 (official Backtrack 3/4/4R1 wordlist collections, Thanks Xploitz) 
4. ftp sites such as; ftp://ftp.ox.ac.uk/pub/wordlists/ & others
5. all wordlists onand(as of 07/11/2010)
6. all wordlists hosted on; 
7. all usernames from "100 million Facebook usernames and personal details" as leaked onto Torrent sites 
8. all wordlists from the Argon (site now closed)

And as a bonus my personal wordlist of 1.9 GB ! 

Which also includes; 

My "WPA-PSK WORDLIST 2 (107MB).rar" & "WPA-PSK WORDLIST (40 MB).rar" Torrent
& random usernames grabed from over 30,000+ websites such as youtube, myspace, bebo 
& outhers sites witch i can't mention .... he he




Hope you enjoy. :¬)

******** P.L.E.A.S.E  S.E.E.D  W.H.E.N ********   

The Pirate Bay Download Link

ISO Hunt Download Link

Torrent Hound Download Link

Hope this helps any one who is starting out and learning about pen testing and network security, and don't forget to seed for others!

Umm... you might want to check your facts before blindly posting false claims - you're not doing your street cred any favors, bro.

Long story short... more than half the words are duplicates.

Long story long...

1) This mega list "...982,963,904 words exactly no dupes..." contains only half over what you claim. After sorting and using 'uniq' command to output unique words to another file, we end up with just 493,220,993 words. For those keeping count, that's about half.

2) Then as a "bonus", he includes his personal list of 1.9GB, which equates to around 180 million words (checked using command "wc -l Custom-WPA" . Well... hate to burst another bubble, but after sorting and removing all dups, we end up with an adjusted bonus of 769MB, or 71 million words. This time we're left with way less than half.

While I appreciate the millions of words, I really have a problem with the grand, false claims, which also makes me wonder how "decent" these lists really are. Also, it seems a waste to be torrenting around all that extra fat, if you know what I mean.

So... all that to say... I have combined both lists, sorted and stripped out all duplicates, and am left with a 6.1GB file containing 494,564,103 words. I'm going to call this list "ForRealz-Super-WPA", and put it in my toolbox :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...