Seclists: Password |best|

WORDLISTS = "10k_most_common": "url": f"SECLISTS_BASE_URL/Common-Credentials/10k-most-common.txt", "description": "10,000 most common passwords", , "500_worst": "url": f"SECLISTS_BASE_URL/500-worst-passwords.txt", "description": "500 worst passwords", , "rockyou_20": "url": f"SECLISTS_BASE_URL/RockYou-20.txt", "description": "Top 20 from RockYou leak", , "xato_10k": "url": f"SECLISTS_BASE_URL/xato-net-10-million-passwords-10000.txt", "description": "Xato 10k most common", , "linkedin": "url": f"SECLISTS_BASE_URL/LinkedIn-common-passwords.txt", "description": "LinkedIn leak common passwords", , Download & Cache Management ---------------------------------------------------------------------- def download_wordlist(name: str, cache_dir: Path) -> Path: """Download wordlist to cache directory, return local path.""" if name not in WORDLISTS: raise ValueError(f"Unknown wordlist: name. Choose from list(WORDLISTS.keys())")

args = parser.parse_args()

if cache_file.exists(): print(f"[✓] Using cached: cache_file") return cache_file seclists password

return result def sample_passwords(passwords: List[str], n: int, unique: bool = True) -> List[str]: """Randomly sample n passwords.""" if n <= 0: return [] if n >= len(passwords): return passwords[:] if unique: return random.sample(passwords, n) else: return [random.choice(passwords) for _ in range(n)]

print(f"[↓] Downloading name from url") cache_dir.mkdir(parents=True, exist_ok=True) Use --sample or --output to manage

if args.verbose: print(f"[*] Loaded len(all_passwords) passwords from 'args.list'")

# Output to stdout or file if args.output: # Determine format fmt = args.format if not fmt: ext = args.output.suffix.lower() if ext == ".json": fmt = "json" elif ext == ".csv": fmt = "csv" else: fmt = "txt" export_results(result, args.output, fmt) else: # Print to stdout (limit to 1000 lines to avoid spam) if len(result) > 1000 and not args.sample: print(f"Warning: len(result) passwords. Showing first 100. Use --sample or --output to manage.", file=sys.stderr) result = result[:100] for pwd in result: print(pwd) if == " main ": main() Usage Examples 1. Install dependency pip install requests 2. Basic – Show first 20 of 10k most common python seclists_password.py | head -20 3. Search for passwords containing "admin" python seclists_password.py --search admin 4. Regex pattern: passwords starting with "pass" and at least 6 chars python seclists_password.py --pattern "^pass.*" --min-len 6 5. Only numeric passwords between 4–6 digits python seclists_password.py --only-digits --min-len 4 --max-len 6 6. Sample 10 random passwords python seclists_password.py --sample 10 7. Use the "500 worst passwords" list, export to JSON python seclists_password.py --list 500_worst --output worst.json --format json 8. Statistics & verbose python seclists_password.py --stats --verbose --only-lower --min-len 8 9. Must contain "123" and exclude special chars python seclists_password.py --must-contain "123" --exclude-special Programmatic Usage (in your own Python scripts) from seclists_password import load_passwords, filter_passwords, sample_passwords passwords = load_passwords("10k_most_common") filtered = filter_passwords(passwords, min_len=8, only_alpha=True) random_10 = sample_passwords(filtered, 10) only_alpha=True) random_10 = sample_passwords(filtered

if args.search: filtered = search_passwords(filtered, args.search, args.case_sensitive) if args.verbose: print(f"[*] After substring search 'args.search': len(filtered) passwords")