diff --git a/README.md b/README.md index e675e2d..8acfbec 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # pydictor -[![build](https://img.shields.io/badge/build-passing-brightgreen.svg)](https://www.github.com/landgrey/pydictor) [![Python 2.7|3.4](https://img.shields.io/badge/python-2.7|3.4-yellow.svg)](https://www.python.org/) ![release](https://img.shields.io/badge/version-2.0.4-orange.svg) ![License](https://img.shields.io/badge/license-GPLv3-red.svg) +[![build](https://img.shields.io/badge/build-passing-brightgreen.svg)](https://www.github.com/landgrey/pydictor) [![Python 2.7|3.4](https://img.shields.io/badge/python-2.7|3.4-yellow.svg)](https://www.python.org/) ![release](https://img.shields.io/badge/version-2.0.5-orange.svg) ![License](https://img.shields.io/badge/license-GPLv3-red.svg) **README.md [中文版](README_CN.md)** @@ -51,7 +51,7 @@ python pydictor.py ![social engineering dictionary builder](/screenshots/sedb.png "sedb") ## Quick to use: -#### types of generate wordlist(14 types)and descriptions +#### types of generate wordlist(15 types)and descriptions | wordlist type | number| description | |:------------- | :---- |:--------------------------------------------------- | @@ -60,7 +60,7 @@ python pydictor.py | chunk | 3 | permutation and combination wordlist | | conf | 4 | based on configuration file wordlist | | sedb | 5 | social engineering wordlist | -| idcard | 6 | id card last 6/8 char wordlist | +| idcard | 6 | id card last 4/6/8 char wordlist | | extend | 7 | extend wordlist based on rules | | scratch | 8 | wordlist based on web pages keywords | | passcraper | 9 | wordlist against to web admin and users | @@ -69,20 +69,21 @@ python pydictor.py | counter | 12 | word frequency count wordlist | | combiner | 13 | combine the input file generate wordlist | | uniqbiner | 14 | combine and unique the input file generate wordlist | +| birthday | 15 | birthday keyword wordlist in specify datetime scope | #### function and scope of support wordlist number -| function | number (wordlist) | description | -|:---------- | :--------------------------- |:-------------------------------------------------------- | -| len | 1 2 3 4 5 6 7 9 10 11 12 14 | lenght scope | -| head | 1 2 3 4 5 6 7 9 10 11 12 14 | add items prefix | -| tail | 1 2 3 4 5 6 7 9 10 11 12 14 | add items suffix | -| encode | 1 2 3 4 5 6 7 9 10 11 12 14 | encode the items | -| occur | 3 4 5 7 9 10 11 12 14 | filter by occur times of letter、digital、special chars | -| types | 3 4 5 7 9 10 11 12 14 | filter by types of letter、digital、special chars | -| regex | 3 4 5 7 9 10 11 12 14 | filter by regex | -| level | 5 7 9 | set the wordlist level | -| leet | 5 7 9 | 1337 mode | +| function | number (wordlist) | description | +|:---------- | :------------------------------ |:-------------------------------------------------------- | +| len | 1 2 3 4 5 6 7 9 10 11 12 14 15 | lenght scope | +| head | 1 2 3 4 5 6 7 9 10 11 12 14 15 | add items prefix | +| tail | 1 2 3 4 5 6 7 9 10 11 12 14 15 | add items suffix | +| encode | 1 2 3 4 5 6 7 9 10 11 12 14 15 | encode the items | +| occur | 3 4 5 7 9 10 11 12 14 | filter by occur times of letter、digital、special chars | +| types | 3 4 5 7 9 10 11 12 14 | filter by types of letter、digital、special chars | +| regex | 3 4 5 7 9 10 11 12 14 | filter by regex | +| level | 5 7 9 | set the wordlist level | +| leet | 5 7 9 | 1337 mode | ## usage examples @@ -133,7 +134,7 @@ python pydictor.py -extend /names.txt --leet 0 1 2 11 21 --level 1 --len 4 16 -- ``` -#### 7: id card last 6/8 char wordlist +#### 7: id card last 4/6/8 char wordlist ``` pydictor.py -plug pid6 --types ">=0" ">=4" ">=0" --encode b64 @@ -141,15 +142,23 @@ pydictor.py -plug pid6 --types ">=0" ">=4" ">=0" --encode b64 **note**: default sex ='all', it decided by lib/data/data.py default_sex, and 'm' is Male, 'f' is Female + +#### 7-2: birthday range wordlist +``` +pydictor.py -plug birthday 19750101 20001231 --len 6 8 +``` + + #### 8: using passcraper plugin crawl website generating password wordlist based on plain text found and extend rules 1. the rules of passcraper plug and extend function are the same 2. passcraper plug will generate two wordlist,preffix with SCRATCH is raw wordlist by website plain text, and if you feel that there are a lot of unrelated words in the SCRATCH wordlist, you can remove them, and then use the extend function to specify the new file to generate dictionary again. -3. you can modify the funcfg/passcraper_blacklist.conf file,add or delete useless words that need to be filtered out, +3. or directed using scratch plug,then remove some useless words and use the extend function to generate dictionary again. +4. you can modify the funcfg/passcraper_blacklist.conf file,add or delete useless words that need to be filtered out, and also can modify lib/data/data.py file passcraper_filter argument,change the filter regular expressions -4. with same extend function,you can put your weak password in /wordlist/Web,new wordlist will contains them +5. with same extend function,you can put your weak password in /wordlist/Web,new wordlist will contains them ``` python pydictor.py -plug passcraper using default file scraper.sites as multi-input file @@ -161,8 +170,9 @@ python pydictor.py -plug passcraper http://www.example.com ##### this function contains all of "-base" and "-char" capacities,and more precise control ``` -python pydictor.py --conf using default file funcfg/build.conf build the dictionary -python pydictor.py --conf /my/other/awesome.conf using /my/other/awesome.conf build the dictionary +pydictor.py --conf "[1-9]{6,6}" --output six.txt build wordlist +python pydictor.py --conf using default file funcfg/build.conf build the dictionary +python pydictor.py --conf /my/other/awesome.conf using /my/other/awesome.conf build the dictionary ``` **note**: parsing rules details as following,besides referred to build.conf file @@ -208,7 +218,7 @@ python pydictor.py -tool shredder delete the currently specified output path(d python pydictor.py -tool shredder base delete the files of it's prefix is "BASE" in currently specified output path ``` -prefix(case insensitive) range in 14 items: base,char,chunk,conf,sedb,idcard,extend,handler,uniqifer,counter,combiner,uniqbiner,scratch,passcraper +prefix(case insensitive) range in 15 items: base,char,chunk,conf,sedb,idcard,extend,handler,uniqifer,counter,combiner,uniqbiner,scratch,passcraper,birthday besides,you can safe shred files or whole directory as following: ``` diff --git a/README_CN.md b/README_CN.md index f3769ce..c2379ca 100644 --- a/README_CN.md +++ b/README_CN.md @@ -1,5 +1,5 @@ # pydictor -[![build](https://img.shields.io/badge/build-passing-brightgreen.svg)](https://www.github.com/landgrey/pydictor) [![Python 2.7|3.4](https://img.shields.io/badge/python-2.7|3.4-yellow.svg)](https://www.python.org/) ![release](https://img.shields.io/badge/version-2.0.4-orange.svg) ![License](https://img.shields.io/badge/license-GPLv3-red.svg) +[![build](https://img.shields.io/badge/build-passing-brightgreen.svg)](https://www.github.com/landgrey/pydictor) [![Python 2.7|3.4](https://img.shields.io/badge/python-2.7|3.4-yellow.svg)](https://www.python.org/) ![release](https://img.shields.io/badge/version-2.0.5-orange.svg) ![License](https://img.shields.io/badge/license-GPLv3-red.svg) **README.md [English](README.md)** @@ -55,7 +55,7 @@ python pydictor.py ## 快速上手: -#### 可以生成的字典类型(14种)及其说明 +#### 可以生成的字典类型(15种)及其说明 | 类型 | 编号 | 说明 | |:------------- | :---- |:----------------- | @@ -64,7 +64,7 @@ python pydictor.py | chunk | 3 | 排列组合字典 | | conf | 4 | 配置文件生成字典 | | sedb | 5 | 社会工程学字典 | -| idcard | 6 | 身份证后6/8位字典 | +| idcard | 6 | 身份证后4/6/8位字典 | | extend | 7 | 扩展字典 | | scratch | 8 | 网页原始关键词字典| | passcraper | 9 | 网页爆破针对字典 | @@ -73,20 +73,21 @@ python pydictor.py | counter | 12 | 词频统计字典 | | combiner | 13 | 合并字典 | | uniqbiner | 14 | 先合并后去重字典 | +| birthday | 15 | 生日范围字典 | #### 字典类型与功能适用范围对照表 -| 功能 | 适用范围(字典类型编号) | 说明 | -|:---------- | :--------------------------- |:------------------------------------ | -| len | 1 2 3 4 5 6 7 9 10 11 12 14 | 定义长度范围 | -| head | 1 2 3 4 5 6 7 9 10 11 12 14 | 添加前缀 | -| tail | 1 2 3 4 5 6 7 9 10 11 12 14 | 添加后缀 | -| encode | 1 2 3 4 5 6 7 9 10 11 12 14 | 编码或自定义加密方法 | -| occur | 3 4 5 7 9 10 11 12 14 | 字母、数字、特殊字符出现次数范围筛选 | -| types | 3 4 5 7 9 10 11 12 14 | 字母、数字、特殊字符各种类数范围筛选 | -| regex | 3 4 5 7 9 10 11 12 14 | 正则筛选 | -| level | 5 7 9 | 字典级别筛选 | -| leet | 5 7 9 | 1337 模式 | +| 功能 | 适用范围(字典类型编号) | 说明 | +|:---------- | :------------------------------ |:------------------------------------ | +| len | 1 2 3 4 5 6 7 9 10 11 12 14 15 | 定义长度范围 | +| head | 1 2 3 4 5 6 7 9 10 11 12 14 15 | 添加前缀 | +| tail | 1 2 3 4 5 6 7 9 10 11 12 14 15 | 添加后缀 | +| encode | 1 2 3 4 5 6 7 9 10 11 12 14 15 | 编码或自定义加密方法 | +| occur | 3 4 5 7 9 10 11 12 14 | 字母、数字、特殊字符出现次数范围筛选 | +| types | 3 4 5 7 9 10 11 12 14 | 字母、数字、特殊字符各种类数范围筛选 | +| regex | 3 4 5 7 9 10 11 12 14 | 正则筛选 | +| level | 5 7 9 | 字典级别筛选 | +| leet | 5 7 9 | 1337 模式 | ## 使用实例 @@ -138,7 +139,7 @@ webzhang python pydictor.py -extend /names.txt --leet 0 1 2 11 21 --level 1 --len 4 16 --occur "<=10" ">0" "<=2" -o /possbile/wordlist.lst ``` -#### 示例7: 身份证后6/8位生成插件 +#### 示例7: 身份证后4/6/8位生成插件 ##### 使用pid6插件生成中国公民身份证后6位爆破字典, 并规定至少要出现4种不同的数字,并用base64编码 ``` pydictor.py -plug pid6 --types ">=0" ">=4" ">=0" --encode b64 @@ -146,10 +147,18 @@ pydictor.py -plug pid6 --types ">=0" ">=4" ">=0" --encode b64 **注**: 默认的性别为全体'all',它由 lib/data/data.py文件default_sex参数指定,'m'指男性,'f'指女性 + +#### 示例7-2: 生日范围字典生成插件 +``` +pydictor.py -plug birthday 19750101 20001231 --len 6 8 +``` + + #### 示例8: 使用passcraper插件爬行网站指定页面并基于获得的文本词组生成密码字典 1. passcraper 规则和extend完全一致 2. passcraper 插件会生成两个字典,SCRATCH开头的是从网站内容获得的原始词组列表,如果感觉SCRATCH字典中有许多无关词,可以自己去除后,重新使用extend功能指定文件生成字典 +3. 或直接使用scratch插件,只从网站内容中获得原始词列表,人工拣选后,再使用extend功能生成扩展字典 3. 你可以修改 funcfg/passcraper_blacklist.conf 文件,选择需要过滤掉的无用单词,也可以修改lib/data/data.py 中的passcraper_filter,更改过滤正则表达式 4. 和extend一样,你可以将自己的弱密码字典放在 /wordlist/Web 目录下,生成的字典会包含它们 @@ -163,11 +172,15 @@ python pydictor.py -plug passcraper http://www.example.com 1. 此功能可以完成"-base"和"-char"的所有功能,并在此基础上有更精细化的字典控制力; 2. extend.conf 文件支持此功能,具体参考funcfg/extend.conf文件; 3. 可以生成固定模式的字典,比如 lisa【两位到四位数字】@【qq.com, 163.com, some.net 中的一个】,在配置文件中写入 - 'lisa[0-9]{2,4}@[qq.com,163.com,some.net]{1,1}' ,然后指定运行即可 + ``` + lisa[0-9]{2,4}@[qq.com,163.com,some.net]{1,1} + ``` + 然后指定路径运行即可 ``` -python pydictor.py --conf --encode b64 使用默认位置的funcfg/build.conf 配置文件建立字典,并用base64编码 -python pydictor.py --conf /my/other/awesome.conf 使用/my/other/awesome.conf文件建立字典 +pydictor.py --conf "[1-9]{6,6}" --output six.txt 生成6位纯数字字典 +python pydictor.py --conf --encode b64 使用默认位置的funcfg/build.conf 配置文件建立字典,并用base64编码 +python pydictor.py --conf /my/other/awesome.conf 使用/my/other/awesome.conf文件建立字典 ``` **注**: 具体解析规则如下,另可参考build.conf文件示例; @@ -211,7 +224,7 @@ python pydictor.py -tool shredder 删除当前指定的字典输出目 python pydictor.py -tool shredder base 删除当前指定的字典输出目录下,以"BASE"开头的所有字典文件 ``` - 支持的前缀(不区分大小写)有14种:base,char, chunk, conf,sedb,idcard,extend,handler,uniqifer,counter,combiner,uniqbiner,scratch,passcraper + 支持的前缀(不区分大小写)有15种:base,char, chunk, conf,sedb,idcard,extend,handler,uniqifer,counter,combiner,uniqbiner,scratch,passcraper,birthday 另外,还可以像下面这样,将传入的任意位置的一个文件或目录,整个的安全删除 ``` diff --git a/core/CONF.py b/core/CONF.py index e4e9d3f..1b31dbf 100644 --- a/core/CONF.py +++ b/core/CONF.py @@ -29,10 +29,10 @@ def get_conf_dic(minlength, maxlength, objflag, encodeflag, head, tail): return diclist -def build_conf_dic(): - storepath = finalsavepath(paths.results_path, pystrs.CONF_prefix, mybuildtime(), pyoptions.filextension, paths.results_file_name) +def build_conf_dic(source="", file_prefix=pystrs.CONF_prefix): + storepath = finalsavepath(paths.results_path, file_prefix, mybuildtime(), pyoptions.filextension, paths.results_file_name) with open(storepath, "a") as f: - for item in confcore(paths.buildconf_path): + for item in confcore(source): item = filterforfun(item, head=pyoptions.head, tail=pyoptions.tail, lenght_is_filter=pyoptions.args_pick, minlen=pyoptions.minlen, maxlen=pyoptions.maxlen, @@ -59,10 +59,8 @@ def confcore(resource): except IndexError: confdicts = {} exit(cool.red("[-] parse element error, please check your parsing element")) - finalen = len(confdicts[pystrs.conf_head]) listpool = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0] - for x in range(0, finalen): lengthchecker(confdicts[pystrs.conf_minlen][x], confdicts[pystrs.conf_maxlen][x]) listpool[x] = get_conf_dic(int(confdicts[pystrs.conf_minlen][x]), int(confdicts[pystrs.conf_maxlen][x]), @@ -83,6 +81,7 @@ def confcore(resource): elif finalen == 4: countchecker(-1, len(listpool[0]), len(listpool[1]), len(listpool[2]), len(listpool[3])) for item in itertools.product(listpool[0], listpool[1], listpool[2], listpool[3]): + # print("".join(item) + '\n') yield "".join(item) elif finalen == 5: countchecker(-1, len(listpool[0]), len(listpool[1]), len(listpool[2]), len(listpool[3]), len(listpool[4])) diff --git a/core/EXTEND.py b/core/EXTEND.py index 0221ac5..947694c 100644 --- a/core/EXTEND.py +++ b/core/EXTEND.py @@ -217,7 +217,7 @@ def extend_enter(rawlist, leet=True): return unique(res) -def get_extend_dic(target, need_passcratch=False): +def get_extend_dic(target, need_extendscratch=False): rawlist = [] for t in target: if os.path.isfile(t): @@ -226,23 +226,18 @@ def get_extend_dic(target, need_passcratch=False): rawlist.append(line.strip()) else: rawlist.append(t) - extend_magic(rawlist, need_passcratch=need_passcratch) + extend_magic(rawlist, need_extendscratch=need_extendscratch) -def extend_magic(rawlist, need_passcratch=False): +def extend_magic(rawlist, need_extendscratch=False): prefix = pystrs.EXTEND_prefix if rawlist == []: exit(pyoptions.CRLF + cool.red("[-] raw extend resource cannot be empty")) leet = pyoptions.extend_leet - if need_passcratch: + if need_extendscratch: prefix = pystrs.PASSCRAPER_prefix leet = pyoptions.passcraper_leet - rawstorepath = os.path.join(paths.results_path, "%s_%s%s" % (pystrs.SCFATCH_prefix, mybuildtime(), - pyoptions.filextension)) - with open(rawstorepath, "a") as f: - for line in rawlist: - f.write(str(line) + pyoptions.CRLF) storepath = finalsavepath(paths.results_path, prefix, mybuildtime(), pyoptions.filextension, paths.results_file_name) with open(storepath, "a") as f: diff --git a/funcfg/extend.conf b/funcfg/extend.conf index b235ee3..5463e8f 100644 --- a/funcfg/extend.conf +++ b/funcfg/extend.conf @@ -43,27 +43,27 @@ 1 [1q2w3e4r_, qweasdzxc, ] 1 1q2w3e4r5t 1 [0,1]{2,2} -1 [1qa,!QA,2ws,@WS,asdf,mima,site,1qa2ws]{1,1}[@,_,#,.]{1,1} +1 [1qa,!QA,2ws,@WS,asdf,mima,site,1qa2ws]{1,1}[@,_,#,.]{1,1} 2 [001, 111, 1qa, !QA, 2ws, @WS, aaa, qaz, web, ] 2 [asdf, mima, site, test, ] -2 [111abc, admini, 1qa2ws, qazxsw, qweasd, qwerty, QWERTY] +2 [111abc, admini, 1qa2ws, qazxsw, qweasd, qwerty, QWERTY] 2 [1234qwer, 1q2w3e4r, ] -2 [qwert,123qwe,1q2w3e,]{1,1}[@,_,#,.]{1,1} -2 [qwe,QWE,qwer,QWER,qwert,QWERT,qwerty,QWERTY]{1,1}[@,_,#,.]{1,1} +2 [qwert,123qwe,1q2w3e,]{1,1}[@,_,#,.]{1,1} +2 [qwe,QWE,qwer,QWER,qwert,QWERT,qwerty,QWERTY]{1,1}[@,_,#,.]{1,1} 3 [@, _, #, !, .] 3 %space% 3 [123, adm, ] 3 [1234, abcd, qwer, QWER, ] 3 [12345, admin, qwert] 3 [123456, 123qwe, 1q2w3e, ] -3 [test,admin]{1,1}[@,_,#,.]{1,1} +3 [test,admin]{1,1}[@,_,#,.]{1,1} 3 19[8,9]{1,1}[0-9]{1,1} 3 20[0-2]{1,1}[0-9]{1,1} 3 19[8,9]{1,1}[0-9]{1,1}[.,_,@,#,!]{1,1} 3 20[0-2]{1,1}[0-9]{1,1}[.,_,@,#,!]{1,1} 4 [!@#, qwe, QWE, ] 5 a -5 abc +5 abc # # ---------------------- suffix section ---------------------- @@ -80,15 +80,15 @@ 1 [1q2w3e4r, !@#$%^&*] 1 asdfghjkl 1 1q2w3e4r5t -1 %-%[adm,test,demo,1q2w3e4r]{1,1} -1 [#,@,!,_,.]{1,1}[adm,test,demo,1q2w3e4r]{1,1} -2 [4-9] +1 %-%[adm,test,demo,1q2w3e4r]{1,1} +1 [#,@,!,_,.]{1,1}[adm,test,demo,1q2w3e4r]{1,1} +2 [4-9] 2 [11, 12, 88, aa, ] 2 [741, aaa, ] 2 [abcd, asdf, test, ] 2 [!@#$%, admin, qwert, test1, ] 2 [1q2w3e, 666666, 888888, 999999, qazxsw, qweasd, ] -2 0[4-9]{1,1} +2 0[4-9]{1,1} 3 [., !, #, @, ?, \, /, A, _, a, ] 3 [000, 007, 321, 520, 521, 678, 789, 999, @qq, ABC, XYZ, xyz, ] 3 [_qwer, 11111, 12345, 54321, admin] @@ -102,18 +102,18 @@ 3 [#,@,!,_,.,?]{1,1}20[0-2]{1,1}[0-9]{1,1} 3 %-%[qq,123,126,163,qwe,QWE,qwer,QWER,qwert,1q2w3e,123.com,163.com,QWERT,qwerty,QWERTY]{1,1} 3 [#,@,!,_,.,?]{1,1}[qq,123,126,163,qwe,QWE,qwer,QWER,qwert,1q2w3e,123.com,163.com,QWERT,qwerty,QWERTY]{1,1} -3 %-%[111,123,321,666,888,999,abc,1111,1234,4321,12345,54321,admin,123456,654321,abc123,123abc]{1,1} -3 [#,@,!,_,.,?,!@#]{1,1}[111,123,321,666,888,999,abc,1111,1234,4321,12345,54321,admin,123456,654321,abc123,123abc]{1,1} -3 [111,123,321,666,888,999,abc,1111,1234,4321,12345,54321,admin,123456,654321,abc123,123abc]{1,1}[#,.,!]{1,1} +3 %-%[111,123,321,666,888,999,abc,1111,1234,4321,12345,54321,admin,123456,654321,abc123,123abc]{1,1} +3 [#,@,!,_,.,?,!@#]{1,1}[111,123,321,666,888,999,abc,1111,1234,4321,12345,54321,admin,123456,654321,abc123,123abc]{1,1} +3 [111,123,321,666,888,999,abc,1111,1234,4321,12345,54321,admin,123456,654321,abc123,123abc]{1,1}[#,.,!]{1,1} 4 [0-3] 4 0[0-3]{1,1} 4 00[1-3]{1,1} 4 [!@#, 111, 666, 888, ] -4 1111 -4 11111 -4 111111 +4 1111 +4 11111 +4 111111 5 [123, abc, ] -5 1234 +5 1234 5 12345 5 123456 @@ -128,12 +128,12 @@ 1 %[% %]% 1 %{% %}% 1 aaa [., _, #, !, ...] -2 [., #, @, !] [a, ., #, @, !, _, ?, abc, ABC, 123] +2 [., #, @, !] [a, ., #, @, !, _, ?, abc, ABC, 123] 2 xyz XYZ 2 ABC [123, abc, ] 3 a [qwe, QWE, zxc, ZXC, qwer, QWER, qwert, QWERT, qq.com, 1q2w3e, 123.com, 163.com, qwerty, QWERTY] 3 a [_, #, !, 1, 01, 001, 111, 666, 888, 999, !@#, ABC, abc, xyz, XYZ, 1111, 11111, 111111, %-%, %space%, ] -3 a [@,#,_]{1,1}[qwe, QWE, zxc, ZXC, qwer, QWER, qwert, QWERT, qq.com, 1q2w3e, 123.com, 163.com, qwerty, QWERTY] +3 a [@,#,_]{1,1}[qwe, QWE, zxc, ZXC, qwer, QWER, qwert, QWERT, qq.com, 1q2w3e, 123.com, 163.com, qwerty, QWERTY] 4 abc [., _, #, !, xyz, XYZ, 123, abc, ABC, ] 5 a [., 123, 1234, 12345, 123456, ] @@ -144,6 +144,6 @@ 1 [0-9]{2,2} 2 [a-z] 2 [0-9] -3 [*, %, &] -4 %-% +3 [*, %, &] +4 %-% 5 [#, !, @, _, ., ] diff --git a/lib/data/data.py b/lib/data/data.py index 3d7c6d7..0030f06 100644 --- a/lib/data/data.py +++ b/lib/data/data.py @@ -53,7 +53,7 @@ def init_pystrs(): # start time pystrs.startime = time.time() - pystrs.version = '2.0.4#dev' + pystrs.version = '2.0.5#dev' # file prefix strings pystrs.BASE_prefix = "BASE" @@ -62,6 +62,7 @@ def init_pystrs(): pystrs.CONF_prefix = "CONF" pystrs.SEDB_prefix = "SEDB" pystrs.IDCARD_prefix = "IDCARD" + pystrs.BIRTHDAY_prefix = "BIRTHDAY" pystrs.EXTEND_prefix = "EXTEND" pystrs.SCFATCH_prefix = "SCRATCH" pystrs.PASSCRAPER_prefix = "PASSCRAPER" @@ -70,10 +71,11 @@ def init_pystrs(): pystrs.COUNTER_prefix = "COUNTER" pystrs.COMBINER_prefix = "COMBINER" pystrs.UNIQBINER_prefix = "UNIQBINER" - pystrs.prefix_range = (pystrs.BASE_prefix, pystrs.CHAR_prefix, pystrs.CHUNK_prefix, pystrs.CONF_prefix, - pystrs.SEDB_prefix, pystrs.IDCARD_prefix, pystrs.EXTEND_prefix, pystrs.SCFATCH_prefix, - pystrs.PASSCRAPER_prefix, pystrs.HANDLER_prefix, pystrs.UNIQIFER_prefix, pystrs.COUNTER_prefix, - pystrs.COMBINER_prefix, pystrs.UNIQBINER_prefix) + pystrs.prefix_range = (pystrs.BASE_prefix, pystrs.CHAR_prefix, pystrs.CHUNK_prefix, + pystrs.CONF_prefix, pystrs.SEDB_prefix, pystrs.IDCARD_prefix, + pystrs.BIRTHDAY_prefix, pystrs.EXTEND_prefix, pystrs.SCFATCH_prefix, + pystrs.PASSCRAPER_prefix, pystrs.HANDLER_prefix, pystrs.UNIQIFER_prefix, + pystrs.COUNTER_prefix, pystrs.COMBINER_prefix, pystrs.UNIQBINER_prefix) # build configuration file element description pystrs.conf_head = "head" @@ -99,7 +101,7 @@ def init_pystrs(): pystrs.tool_range = ("shredder", "uniqifer", "counter", 'combiner', 'uniqbiner', "handler", ) # plug function string - pystrs.plug_range = ("pid6", "pid8", "passcraper") + pystrs.plug_range = ("pid4", "pid6", "pid8", "scratch", "passcraper", "birthday") # encode function string pystrs.encode_range = ("none", "b64", "md5", "md516", "sha1", "url", "sha256", "sha512", "test") diff --git a/lib/parse/argsparse.py b/lib/parse/argsparse.py index c10eb87..58278e0 100644 --- a/lib/parse/argsparse.py +++ b/lib/parse/argsparse.py @@ -12,35 +12,49 @@ import time from core.CONF import build_conf_dic -from lib.data.data import paths, pystrs, pyoptions from lib.fun.fun import cool + +from tools.counter import counter_enter from plugins.idcard import idcard_magic -from plugins.passcraper import scraper_magic from tools.handler import get_handler_dic from tools.combiner import combiner_enter -from tools.counter import counter_enter +from tools.uniqifer import uniqifer_enter from tools.shredder import shredder_enter from tools.uniqbiner import uniqbiner_enter -from tools.uniqifer import uniqifer_enter +from plugins.birthday import birthday_magic +from plugins.passcraper import scraper_magic +from lib.data.data import paths, pystrs, pyoptions def plug_parser(): if pyoptions.args_plug[0] not in pystrs.plug_range: - exit("[!] Choose plug from ({0}, {1}, {2})".format + exit("[!] Choose plug from ({0}, {1}, {2}, {3}, {4}, {5})".format (cool.fuchsia(pystrs.plug_range[0]), cool.fuchsia(pystrs.plug_range[1]), - cool.fuchsia(pystrs.plug_range[2]))) + cool.fuchsia(pystrs.plug_range[2]), cool.fuchsia(pystrs.plug_range[3]), + cool.fuchsia(pystrs.plug_range[4]), cool.fuchsia(pystrs.plug_range[5]), )) else: # id card plugin if len(pyoptions.args_plug) == 1 and pyoptions.args_plug[0] == pystrs.plug_range[0]: idcard_magic(pystrs.plug_range[0]) elif len(pyoptions.args_plug) == 1 and pyoptions.args_plug[0] == pystrs.plug_range[1]: idcard_magic(pystrs.plug_range[1]) + elif len(pyoptions.args_plug) == 1 and pyoptions.args_plug[0] == pystrs.plug_range[2]: + idcard_magic(pystrs.plug_range[2]) + # scratch plugin + elif len(pyoptions.args_plug) == 1 and pyoptions.args_plug[0] == pystrs.plug_range[3] and \ + os.path.isfile(paths.scrapersites_path): + scraper_magic(only_scratch=True) + elif len(pyoptions.args_plug) == 2 and pyoptions.args_plug[0] == pystrs.plug_range[3]: + scraper_magic(pyoptions.args_plug[1], only_scratch=True) # passcraper plugin - elif len(pyoptions.args_plug) == 1 and pyoptions.args_plug[0] == pystrs.plug_range[2] and \ + elif len(pyoptions.args_plug) == 1 and pyoptions.args_plug[0] == pystrs.plug_range[4] and \ os.path.isfile(paths.scrapersites_path): scraper_magic() - elif len(pyoptions.args_plug) == 2 and pyoptions.args_plug[0] == pystrs.plug_range[2]: + elif len(pyoptions.args_plug) == 2 and pyoptions.args_plug[0] == pystrs.plug_range[4]: scraper_magic(pyoptions.args_plug[1]) + # birthday + elif len(pyoptions.args_plug) == 3 and pyoptions.args_plug[0] == pystrs.plug_range[5]: + birthday_magic(pyoptions.args_plug[1], pyoptions.args_plug[2]) elif len(pyoptions.args_plug) == 1: exit(pyoptions.CRLF + "[-] Plug %s need other arguments" % cool.red(pyoptions.args_plug[0])) else: @@ -51,17 +65,14 @@ def conf_parser(): if pyoptions.args_conf == 'const': if os.path.isfile(paths.buildconf_path): build_conf_dic() - elif os.path.isfile(pyoptions.args_conf): - paths.buildconf_path = pyoptions.args_conf - build_conf_dic() else: - exit(pyoptions.CRLF + cool.red("[-] Please specify the exists configuration file")) + paths.buildconf_path = pyoptions.args_conf + build_conf_dic(source=paths.buildconf_path) def tool_parser(): if len(pyoptions.args_tool) >= 1: if pyoptions.args_tool[0] in pystrs.tool_range: - # shredder if pyoptions.args_tool[0] == pystrs.tool_range[0]: if len(pyoptions.args_tool) == 1 and os.listdir(paths.results_path): diff --git a/lib/parse/command.py b/lib/parse/command.py index e3b1d48..7a2c09f 100644 --- a/lib/parse/command.py +++ b/lib/parse/command.py @@ -27,11 +27,11 @@ def parse_args(): -char [custom_char] -chunk [chunk1] [chunk2] ... -extend [str_or_file] - -plug [{p0},{p1},{p2}] - --conf [config_file_path] + -plug [{p0},{p1},{p2},{p3},{p4},{p5}] + --conf [expression_or_file] --sedb -o,--output [directory] - -tool [{t5},{t0},{t1},{t2},{t3},{t4}] [args] ... + -tool [{t5},{t0},{t1},{t2},{t3},{t4}] --len [minlen] [maxlen] --head [prefix_string] --tail [suffix_string] @@ -41,7 +41,9 @@ def parse_args(): --regex [regex] --level [code] --leet [code]'''.format(p0=pystrs.plug_range[0], p1=pystrs.plug_range[1], - p2=pystrs.plug_range[2], t0=pystrs.tool_range[0], + p2=pystrs.plug_range[2], p3=pystrs.plug_range[3], + p4=pystrs.plug_range[4], p5=pystrs.plug_range[5], + t0=pystrs.tool_range[0], t1=pystrs.tool_range[1], t2=pystrs.tool_range[2], t3=pystrs.tool_range[3], t4=pystrs.tool_range[4], t5=pystrs.tool_range[5], @@ -77,10 +79,15 @@ def parse_args(): help=cool.yellow('Extend the string list or file')) parser.add_argument('-plug', dest='plug', metavar='arg', nargs='+', type=str, default='', - help=cool.yellow('''Choose from ({0}, {1}, {2}, {3}) - {0:10} [idcard_last_6_digit] default sex:{3} - {1:10} [idcard_last_8_digit] default sex:{3} - {2:10} [url_or_file_path]'''.format(pystrs.plug_range[0], pystrs.plug_range[1], pystrs.plug_range[2], pystrs.default_sex))) + help=cool.yellow('''Choose from ({1}, {2}, {3}, {4}, {5}, {6}) + {1:10} [idcard_last_4_digit] + {2:10} [idcard_last_6_digit] default sex:{0} + {3:10} [idcard_last_8_digit] default sex:{0} + {4:10} [url_or_file_path] + {5:10} [url_or_file_path] + {6:10} [YYYYMMDD] [YYYYMMDD]''' + .format(pystrs.default_sex, pystrs.plug_range[0], pystrs.plug_range[1], pystrs.plug_range[2], pystrs.plug_range[3], + pystrs.plug_range[4], pystrs.plug_range[5],))) parser.add_argument('--conf', dest='conf', nargs='?', metavar='file_path', default='default', const='const', help=cool.yellow('''Use the configuration file build the dictionary diff --git a/lib/parse/confparse.py b/lib/parse/confparse.py index 8686d8b..7caad4c 100644 --- a/lib/parse/confparse.py +++ b/lib/parse/confparse.py @@ -17,7 +17,7 @@ def confmatcher(resource): configures = [] if not os.path.isfile(resource): - matches = re.findall(pyoptions.confpattern, resource) + matches = re.findall(pyoptions.confpattern, resource.strip()) for match in matches: for m in match: configures.append(m.strip()) diff --git a/plugins/birthday.py b/plugins/birthday.py new file mode 100644 index 0000000..8ffd8f5 --- /dev/null +++ b/plugins/birthday.py @@ -0,0 +1,56 @@ +#!/usr/bin/env python +# coding:utf-8 +# +""" +Copyright (c) 2016-2017 LandGrey (https://github.com/LandGrey/pydictor) +License: GNU GENERAL PUBLIC LICENSE Version 3 +""" + +from __future__ import unicode_literals + +import datetime +from lib.fun.fun import cool +from rules.BaseTrick import dateshaper +from lib.fun.filter import filterforfun +from lib.data.data import paths, pystrs, pyoptions +from lib.fun.fun import finishprinter, finishcounter, finalsavepath, mybuildtime, unique + + +def birthday_magic(begin_date, end_date): + def check_date(dt, desc="datetime"): + if len(dt) != 8 or not dt.isdigit(): + exit(cool.fuchsia("[!] {} format:[YYYYMMDD], such as:19900512{}".format(desc, pyoptions.CRLF))) + elif int(dt[4:6]) > 12 or int(dt[4:6]) < 1 or int(dt[6:8]) > 31 or int(dt[6:8]) < 1: + exit(cool.fuchsia("[!] {} date format: 1<= month <=12 and 1<= day <=31{}".format(desc, pyoptions.CRLF))) + else: + return int(dt[:4]), int(dt[4:6]), int(dt[6:]) + + def check_range(s, e): + if s[0] > e[0] or (s[0] == e[0] and s[1] > e[1]) or (s[1] == e[1] and s[2] > e[2]): + exit(cool.fuchsia("[!] Start date should later than End date" + pyoptions.CRLF)) + else: + return True + + start_valid = check_date(begin_date, desc="Start datetime") + end_valid = check_date(end_date, desc="End datetime") + valid = check_range(start_valid, end_valid) if start_valid and end_valid else False + storepath = finalsavepath(paths.results_path, pystrs.BIRTHDAY_prefix, mybuildtime(), pyoptions.filextension, + paths.results_file_name) + if valid: + res = [] + begin = datetime.datetime.strptime(begin_date, "%Y%m%d") + end = datetime.datetime.strptime(end_date, "%Y%m%d") + while begin <= end: + date_str = begin.strftime("%Y%m%d") + res.extend(dateshaper(date_str)) + begin += datetime.timedelta(days=1) + with open(storepath, "a") as f: + for item in unique(res): + item = filterforfun(item, head=pyoptions.head, tail=pyoptions.tail, + lenght_is_filter=pyoptions.args_pick, + minlen=pyoptions.minlen, maxlen=pyoptions.maxlen, + encode_is_filter=True, encode=pyoptions.encode, + ) + if item: + f.write(item + pyoptions.CRLF) + finishprinter(finishcounter(storepath), storepath) diff --git a/plugins/idcard.py b/plugins/idcard.py index 994b15b..0ab00b2 100644 --- a/plugins/idcard.py +++ b/plugins/idcard.py @@ -39,25 +39,30 @@ def idcard_magic(posflag): for _ in rand.split(" "): for _p in post18: value1718 += _ + _p + " " - + # for loop more faster with open(storepath, "a") as f: - if posflag == pystrs.plug_range[1]: - for v1112 in value1112.split(" "): + if posflag == pystrs.plug_range[0]: + for v1516 in value1516.split(" "): + for v1718 in value1718.split(" "): + if v1718 != "": + f.write(pyoptions.operator.get(pyoptions.encode) + (pyoptions.head + "".join(v1516 + v1718) + pyoptions.tail) + pyoptions.CRLF) + elif posflag == pystrs.plug_range[1]: for v1314 in value1314.split(" "): for v1516 in value1516.split(" "): for v1718 in value1718.split(" "): if v1718 != "": f.write(pyoptions.operator.get - (pyoptions.encode)(pyoptions.head + "".join(v1112 + v1314 + v1516 + v1718) + + (pyoptions.encode)(pyoptions.head + "".join(v1314 + v1516 + v1718) + pyoptions.tail) + pyoptions.CRLF) - - elif posflag == pystrs.plug_range[0]: + elif posflag == pystrs.plug_range[2]: + for v1112 in value1112.split(" "): for v1314 in value1314.split(" "): for v1516 in value1516.split(" "): for v1718 in value1718.split(" "): if v1718 != "": f.write(pyoptions.operator.get - (pyoptions.encode)(pyoptions.head + "".join(v1314 + v1516 + v1718) + + (pyoptions.encode)(pyoptions.head + "".join(v1112 + v1314 + v1516 + v1718) + pyoptions.tail) + pyoptions.CRLF) finishprinter(finishcounter(storepath), storepath) diff --git a/plugins/passcraper.py b/plugins/passcraper.py index efdc1e6..c04f71a 100644 --- a/plugins/passcraper.py +++ b/plugins/passcraper.py @@ -11,12 +11,13 @@ import os import re - +import ssl from core.EXTEND import get_extend_dic -from lib.data.data import paths, pyoptions -from lib.fun.fun import unique, cool, walk_pure_file from lib.fun.osjudger import py_ver_egt_3 +from lib.data.data import paths, pystrs, pyoptions +from lib.fun.fun import unique, cool, walk_pure_file, mybuildtime, finishcounter, finishprinter +ssl._create_default_https_context = ssl._create_unverified_context # in python3: urllib + urilib2 -> urllib, and # urllib2.urlopen() -> urllib.request.urlopen(), urllib2.Request() -> urllib.request.Request() @@ -25,7 +26,8 @@ from urllib.request import urlopen else: from urllib2 import urlopen -except ImportError: +except ImportError as e: + print(e.message) exit(cool.red('[-] can not import urllib or urllib2 module:') + pyoptions.CRLF) passcratch_white_list = walk_pure_file(paths.scraperwhitelist_path) @@ -61,7 +63,6 @@ def stripHTMLTags(html): def scratchword(siteList): - scrabbler = "scrabbler" resluts = [] # Create an empty list for generation logic. y_arr = [] @@ -94,7 +95,7 @@ def scratchword(siteList): or ((y[0] == '2') and (y[1] == '3')) \ or ((y[0] == '3') and (y[1] == 'F')) or ((y[0] == '3') and (y[1] == 'D')): y = y[2:] - if len(y) <= 8 and True if y.lower() not in passcratch_white_list else False: + if len(y) <= 8 and True if y.lower() not in passcratch_white_list and len(y) >= 5 else False: y_arr.append(y) elif 9 <= len(y) <= 25 and True if y.lower() not in passcratch_white_list else False: y_arr.append(y) @@ -120,7 +121,7 @@ def checkurl(urlike): exit(cool.red("[-] Incorrect url/uri: {0}".format(cool.red(urlike.strip())))) -def scraper_magic(target=paths.scrapersites_path): +def scraper_magic(target=paths.scrapersites_path, only_scratch=False): sites = [] if os.path.isfile(target): with open(target, 'r') as f: @@ -131,4 +132,19 @@ def scraper_magic(target=paths.scrapersites_path): sites.append(checkurl(_)) else: sites.append(checkurl(target)) - get_extend_dic(scratchword(sites), need_passcratch=True) + + rawlist = scratchword(sites) + if only_scratch: + storepath = os.path.join(paths.results_path, "%s_%s%s" % (pystrs.SCFATCH_prefix, mybuildtime(), + pyoptions.filextension)) + with open(storepath, "a") as f: + for line in rawlist: + f.write(str(line) + pyoptions.CRLF) + finishprinter(finishcounter(storepath), storepath) + else: + storepath = os.path.join(paths.results_path, "%s_%s%s" % (pystrs.SCFATCH_prefix, mybuildtime(), + pyoptions.filextension)) + with open(storepath, "a") as f: + for line in rawlist: + f.write(str(line) + pyoptions.CRLF) + get_extend_dic(rawlist, need_extendscratch=True) diff --git a/pydictor.py b/pydictor.py index 472266f..dc71247 100644 --- a/pydictor.py +++ b/pydictor.py @@ -34,7 +34,8 @@ def init(): pyoptions.extend_leet = True pyoptions.passcraper_leet = True pyoptions.sedb_leet = True - paths.results_path = os.path.abspath(args.output) + paths.results_path = os.path.abspath(args.output) \ + if '\\' in args.output or '/' in args.output else os.path.join(paths.results_path, args.output) pyoptions.head = args.head pyoptions.tail = args.tail diff --git a/rules/BaseTrick.py b/rules/BaseTrick.py index 60bc46e..4ab8a6b 100644 --- a/rules/BaseTrick.py +++ b/rules/BaseTrick.py @@ -120,11 +120,15 @@ def mailshaper(mail): def dateshaper(date): shapes = [] shapes.append(date) + shapes.append(date[4:] + date[:4]) shapes.append(date[2:]) + shapes.append(date[4:] + date[2:4]) + shapes.append(date[:4]) shapes.append(date[4:]) - shapes.append(date.replace('0', '')) - shapes.append(date[2:].replace('0', '')) + shapes.append(date[:4] + date[4:].replace('0', '')) shapes.append(date[4:].replace('0', '')) + shapes.append(date[2:4] + date[4:].replace('0', '')) + shapes.append(date[4:].replace('0', '') + date[2:4]) return shapes diff --git a/wordlist/NiP/AwesomeSystemTestUsername.txt b/wordlist/NiP/AwesomeSystemTestUsername.txt new file mode 100644 index 0000000..8e2c3b7 --- /dev/null +++ b/wordlist/NiP/AwesomeSystemTestUsername.txt @@ -0,0 +1,313 @@ +# """ +# Copyright (c) 2016-2017 LandGrey (https://github.com/LandGrey/pydictor) +# License: GNU GENERAL PUBLIC LICENSE Version 3 +# """ +# Ordinary System username and test username Maybe used to Password +# +ABC +ADM +API +SYS +abc +adm +api +sys +tst +Boss +DEMO +ROOT +User +admi +asdf +boos +demo +hero +root +test +tst1 +tst2 +tst3 +xxoo +user +ADMIN +Admin +Guest +QWERT +admin +ceshi +debug +demo1 +demo2 +demo3 +demo4 +demo5 +demo6 +demo7 +demo8 +demo9 +guest +power +qwert +test1 +test2 +test3 +test4 +test5 +test6 +test7 +test8 +test9 +user1 +user2 +user3 +users +123abc +_admin +abc123 +admin. +admin1 +admin2 +admin3 +admin_ +admina +admini +ceshi1 +ceshi2 +ceshi3 +daemon +deamon +debug1 +debug2 +debug3 +guanli +guest1 +guest2 +guest3 +manage +member +server +shadow +supadm +sysadm +system +test01 +test02 +test03 +tester +user01 +user02 +user03 +webadm +worker +wsuser +admin01 +admin02 +admin03 +admin80 +admin81 +apiUser +apiuser +daemon1 +daemon2 +daemon3 +debug01 +debug02 +debug03 +guanli1 +guanli2 +guanli3 +guest01 +guest02 +guest03 +manage1 +manager +member1 +member2 +member3 +memuser +monitor +myadmin +staffer +supadm1 +supadm2 +supadm3 +sysadm1 +sysadm2 +sysadm3 +system1 +system2 +system3 +sysuser +testest +webadm1 +webuser +worker1 +worker2 +worker3 +Employee +Engineer +admin001 +admin002 +admin003 +admin111 +admin123 +admin666 +admin888 +adminaaa +adminzzz +consumer +employee +engineer +memadmin +member01 +member02 +member03 +operator +supadm01 +supadm02 +supadm03 +superadm +superman +sysadm01 +sysadm02 +sysadm03 +sysadmin +system01 +system02 +system03 +test1980 +test1981 +test1982 +test1983 +test1984 +test1985 +test1986 +test1987 +test1988 +test1989 +test1990 +test1991 +test1992 +test1993 +test1994 +test1995 +test1996 +test1997 +test1998 +test1999 +test2000 +test2001 +test2002 +test2003 +test2004 +test2005 +test2006 +test2007 +test2008 +test2009 +test2010 +test2011 +test2012 +test2013 +test2014 +test2015 +test2016 +test2017 +test2018 +test2019 +test2020 +testtest +testuser +webadmin +webuser1 +webuser2 +webuser3 +worker01 +worker02 +worker03 +yuangong +SuperUser +admin1980 +admin1981 +admin1982 +admin1983 +admin1984 +admin1985 +admin1986 +admin1987 +admin1988 +admin1989 +admin1990 +admin1991 +admin1992 +admin1993 +admin1994 +admin1995 +admin1996 +admin1997 +admin1998 +admin1999 +admin2000 +admin2001 +admin2002 +admin2003 +admin2004 +admin2005 +admin2006 +admin2007 +admin2008 +admin2009 +admin2010 +admin2011 +admin2012 +admin2013 +admin2014 +admin2015 +admin2016 +admin2017 +admin2018 +admin2019 +admin2020 +admin8080 +admin8081 +admin9090 +employee1 +employee2 +employee3 +engineer1 +engineer2 +engineer3 +operator1 +operator2 +operator3 +siteadmin +superuser +system123 +systemadm +testuser1 +testuser2 +testuser3 +webmaster +guanliyuan +operator01 +operator02 +operator03 +superadmin +systemuser +webmanager +webmaster1 +webmaster2 +webmaster3 +systemadmin +webmanager1 +webmanager2 +webmanager3 +gongchengshi +Administrator +administrator +administrotor +gongchengshi1 +gongchengshi2 +gongchengshi3 +administrators +administratorss diff --git a/wordlist/Web/CommonWebAdminPass.txt b/wordlist/Web/CommonWebAdminPass.txt index e71c3b0..9eef266 100644 --- a/wordlist/Web/CommonWebAdminPass.txt +++ b/wordlist/Web/CommonWebAdminPass.txt @@ -1,220 +1,1021 @@ # """ # Copyright (c) 2016-2017 LandGrey (https://github.com/LandGrey/pydictor) # License: GNU GENERAL PUBLIC LICENSE Version 3 -# Common Web Site Administrators Password list +# Common Web Site Administrators Weak Pass Password list # """ -0 -1 -0000 -1111 -1234 -asdf -root -test -11111 -12345 -ADMIN -Admin -QWERT -admin -qwert -azerty -000000 -111111 -112233 -123000 -123123 -123321 123456 -123abc -123qwe -1q2w3e -520520 -521521 -666666 -QAZ123 -QWERTY -aaa123 -aaaaaa +12345678 +password abc123 -abcabc -admin. -admin1 -admin_ -admini -asd123 -asdasd -asdfgh -guanli -passwd -q1w2e3 -qazwsx -qwe123 -qweasd +iloveyou +123456789 +123123 +master +666666 qwerty +qwertyui +111111 +asdfgh +dragon +987654321 +superman +fuckyou +letmein +fucker shadow -system -sysadm -supadm -manage -webadm -woaini -zxc123 -000000a -111111a -123123a -1234567 -123456a -123456q -1314520 -1314521 -5201314 -5211314 -a000000 -a111111 -a123123 -a123321 -a123456 -admin01 -admin80 -asdf123 -manage1 -manager -mnbvcxz -q123456 -qwerty1 -s123456 -testest -w123456 -wang123 -webadmi -z123456 -zxcvbnm -00000000 +computer +qwertyuiop +trustno1 11111111 -11223344 -12312312 -12345678 -123456aa -123456qq +matrix +aaaaaa +robert +7777777 +joshua +1234567890 +cocacola +12345 +killer +1234567 +phoenix +internet +michelle +654321 +whatever +samantha +jessica +scorpion +mustang +88888888 1234qwer -12QWaszx -12qwaszx -1A2B3C4D +jennifer +112233 +william +secret +monkey +xxxxxx +starwars +football +abc123456 +696969 +yellow +winter +thomas +zxcvbn +bond007 +morgan +121212 +ferrari 1q2w3e4r -1qaz2wsx -1qaz@WSX -1qazxsw2 -5201314a -66666666 -88888888 -QWERASDF -a1b2c3d4 -a5201314 -aa123456 -aaaaaaaa +cheese +flower +baseball +qazwsx +asdf1234 +ginger +rachel +soccer +jordan +123123123 +tigger +peaches +chris +sophie +toyota +a123456 +daniel +apples +rainbow +silver +snoopy +united +amanda +summer +player +diamond +please +qwerty1 +sandra +michael +andrew abcd1234 -adgjmptw -admin!@# -admin001 -admin111 +hello +buster +fuckoff +biteme +zxcvbnm +gateway +admin +angels +oliver admin123 -admin666 +a123456789 +charlie +1234 +131313 +victor admin888 -adminaaa -aini1314 -as123456 +123456789a +159753 +patrick +butthead +magnum +black +ireland +orange +asshole +thunder +nirvana +johnny +maggie +matthew +richard +gandalf +nicholas +diablo +badboy +147258369 +sierra +ashley +voodoo +justin +mercedes +victoria +love +hockey +marvin +qwaszx +qwert +147852369 +angel +brandy +taylor +asdfghjkl +slayer +apollo +hannah +canada +pepper +brian asdfasdf -iloveyou -love1314 -nihao123 -password +jasper +chicken +teresa +swimming +yamaha +00000000 +tucker +hardcore +murphy +jasmine +happy +carolina +sunshine +surfer +11111 +123abc +america +alexis +welcome +joseph +chelsea +jackson +q1w2e3 +abcdef +heather +asdf +123qwe +hotmail +george +princess +1qazxsw2 +andrea q1w2e3r4 -qq123123 -qq123456 -qwer1234 -qwerasdf -rootROOT -rootroot -sysadmin -testTEST -testtest -webadmin -zhang123 -000000000 -111111111 -123123123 -123456789 +prince +1q2w3e +jeremy +crystal +green +purple +kitty +1q2w3e4r5t +google +1qaz2wsx +rebecca +scooter +freedom +steven +mother +casper +melissa +sammy +james +87654321 +rocket +genesis +asdasdasd +freddy +samsung +batman +jordan23 +austin +fender +booger +mariposa +madison +147258 +0123456789 +eminem +patricia +amber +sebastian +kelly +bobby +abcdefg +steelers +warrior +888888 +jimmy +monica +123456a +london +college +falcon +lolita +asdfghjk +trouble +mexico +stupid +donald +hotdog +mariah +zzzzzz +adidas +rangers +shannon +coffee +pamela +1234abcd +babydoll +99999999 +brandon +camaro +guitar +scooby +bandit +tigers +0987654321 +action +magic +david +marlboro +lakers +pandora +swordfish +charles +benjamin +travis +5845201314 123456abc -123qweasd -147258369 -1qa2ws3ed +arsenal +pantera +jonathan +password1 +55555555 +harley +2222 +nathan +123456qq +spider +boston +bonnie +777777 +lucky +butter +samuel +blowme +dallas +adrian +fish +xavier +999999999 +raiders +bitch +monkey1 +testing +tennis +smokey +tiffany +lucky1 +compaq +brenda +metallica 789456123 -987654321 -abc123456 +caroline +edward +000000 +wizard +newyork +junior +cooper +chocolate +roberto +forever +banana +mickey +david1 +johnson +startrek +money +asdasd +cool +1123581321 +snowball +aa123456 +qazwsxedc +dolphins +muffin +123qweasd +741852963 +martin +maverick +bailey +jason +scorpio +anderson +midnight +hacker +helpme +ladybug +asd123456 +blonde +debbie +123321 +qwer1234 +zxcvbnm123 +yankees +veronica +nicole +hunter +wilson +slipknot +peanut +laura +eagles +dakota +123456aa +molly +panther +jesus1 +simple +0 +1 +0000 +1111 +cookie +nothing +mike +987654 +carmen +qwe123 +nikita +aaaaaaaa +angela +walter +france +apple +12121212 +sabrina +greenday +gregory +dexter +7777 +destiny +passion +1991 +33333333 +death +smiles +qq123456 +lovely +jupiter +august +qweqweqwe +blowjob +bulldog +water +123 +11112222 +gustavo +people +123456987 +olivia +jesus +123654 +soccer1 +james1 +11223344 +noway +precious +candy +cowboys +samson +basketball +runner +awesome +1111111111 +alexander +psycho +eric +asd123 +booboo +tiger +georgia +penguin +12345600 +barney +turtle +willie +daisy +sweety +lauren +andre +brazil +kevin +mary +ranger +963852741 +chicago +gabriel +zxc123 +fuckme +q123456 +wwwwwwww +66666666 +suckit +1313 +shithead +maxwell +tester +0000000000 +gloria +bryan +123456123456 +julian +thx1138 +skippy +happy1 +access +sparky +cherry +avatar +enigma +beavis +christian +kelsey +gemini +tristan +fire +phantom +animal +friend +pookie +333333 +jasmin +winnie +monster +einstein +albert +pussy +boomer +beer +idiot +123654789 +predator +tinker +willow +doctor +159357 +12344321 +sydney +kitten +lol +cookies +chiquita +little +11235813 +energy +gibson +cowboy +liverpool +louise +12345678a +sophia +31415926 +california +robbie +lovers +fred +jessie +genius +jaguar +12341234 +scott +insane +myspace1 +katie +joanna +test +vampire +hector +anthony +tomcat +marie +maria +saturn +dennis +success +horses +232323 +topgun +miller +melanie +minnie +beautiful +rain +55555 +22222222 +claire +sandy +parker +strawberry +none +bill +789456 +knight +christmas +kimberly +honda +voyager +a1234567 +cameron +eeyore +mine +jake +emily +123698745 +cynthia +matt +julie +a1b2c3 +softball +a12345678 +iceman +123321123 +butterfly +power +smile +devil +sakura +dance +marina +marine +icecream +winner +captain +honey +a1b2c3d4 +test123 +house +321321321 +2000 +xxxxxxxx +111111111 +bear +8675309 +linkinpark +driver +ricardo +montreal +camille +claudia +rabbit +111222333 +music +qweasdzxc +dave +a12345 +rosebud +baby +123456123 +justin1 +woaini1314 +control +school +blue +dolphin +1212 +denise +firebird +john +harrypotter +froggy +peace +eagle1 +jamesbond +money1 +bigdog +tricia +megan +linda +shit +manuel +duck +iloveme +maddog +random +martha +spiderman +steve +qqqqqqqq +birdie +miranda +legend +courtney +element +family +77777777 +kate +barbara +charlie1 +friends +000000000 +dreams +winston +garcia +shadow1 +marcus +passport +bella +stephanie +fluffy +eclipse +angel1 +hello1 +carter +florida +poohbear +mountain +chester +leslie +password123 +philips +paris +chris1 +diana +dancer +wesley +spanky +monopoly +amanda1 +video +houston +sweet16 +jamaica +panda +araceli +barbie +francis +cathy +iloveu +alison +smiley +mariana +tuesday +gator +kristen +wonder +easter +flip +kelly1 +eagle +999999 +football1 +110110110 +ashley1 +sheila +kevin1 +555555 +5201314 +blowfish +bubba +doudou +sharon +malcolm +6969 +tarzan +redskins +december +spitfire +porsche +cesar +bigman +pierce +inlove +enter +teacher1 +pokemon +qazwsx123 +andrew1 +paradise +abcde +shanghai +martin1 +444444 +viper +loser +bitches +manson +taurus +pisces +miriam +bigdaddy +q123456789 +japan +january +wolf +time +nokia +scooter1 +cuddles +kenneth +cascade +skyline +nirvana1 +alberto +blizzard +michael1 +messenger +richard1 +jenny1 +tequiero +hawaii +thursday +blondie +maryjane +lionking +yankee +margaret +dreamer +grumpy +gerald +bubba1 +123asd +larry1 +222222 +online +darkness +6666 +teddy1 +kenny +master1 +helena +super +girl +mark +beagle +theboss +zzzzzzzz +54321 +aaron +windows +blazer +seven7 +gordon +harvey +missy +pass +clock +beatriz +leonardo +redwings +idontknow +hottie +beaver +cutie +manutd +fernanda +wendy +star +lorena +compton +holly +100200 +number1 +number9 +estrella +elizabeth +alex +orlando +12345a +thebest +sexsex +molly1 +colt45 +corvette +steph +hallo +cassie +dragonfly +merlin +grace +dominic +5555 +security +fireball +lindsey +nichole +gunner +daniela +daniel1 +brooke +753951 +sergio +bullshit +cancer +rammstein +vegeta +kristine +golfer +donkey +qwer +connor +september +vincent +arthur +love123 +lilylily +sheena +ravens +521521521 +wanker +paloma +topcat +alpha +bonita +leonard +password2 +magic1 +radio +getout +stephen +calvin +badger +billy +celtic +smith +jenny +jenni +playboy +deedee +passw0rd +xxx123 +williams +cobra +italia +giants +penelope +sweetpea +chance +flowers +nebraska +french1 +252525 +front242 +quality +malibu +felipe +123qweasdzxc +520520520 +maria1 +amelia +amelie +john316 +princess1 +psalms +123789 +scarface +lover +loveyou +allison +westside +moose +elephant +brother +anne +anna +sniper +111111a +moocow +golden +qwert123 +grandma +francois +bubble +snake +alejandro +alejandra +hahaha +stinky +apple1 +grant +clark +haha +jack +mario +151515 +fuck +hello123 +passwd +lacrosse +pimpin +asdfg +duke +butterfly1 +joker +welcome123 +felix +king +chaos +joe +april +valeria +valerie +admin!@# admin!@#1 admin!QAZ admin#123 admin#abc admin1234 admin1qaz -admin2008 -admin2009 -admin2010 -admin2011 -admin2012 -admin2013 -admin2014 -admin2015 -admin2016 -admin2017 -admin8080 -admin8081 admin@111 admin@123 admin@666 admin@888 -asd123456 -asdasd123 -asdfghjkl -lkjhgfdsa -password1 -qazwsx123 -qazwsxedc -qq1314520 -qq5201314 -qweasdzxc -system123 -webadmin1 -woaini123 -woaini520 -woaini521 -zxc123456 -1111111111 -1234567890 -123456789a -1q2w3e4r5t -a123456789 -adminQWERT -adminadmin -caonima123 -guanliyuan -poiuytrewq -q1w2e3r4t5 -qwerasdzxc -qwert12345 -qwertyuiop -superadmin -woaini1314 -zxcvbnm123 -1qa2ws3ed4rf -1qaz2wsx3edc -1qaz@WSX3edc -admin@123456 -qazwsxedcrfv -Administrator -admin!@#Admin -administrator -administrotor -administrators -administratorss +admin@ABC +admin@QAZ +admin@abc +admin_123 +admin_ABC +admin_abc +pirate +112211 +future +autumn +walker +nancy +perfect +sunflower +remember +zachary +dolores +suzuki +alfred +sarah +daddy +texas +alpha1 +0123456 +remote +stella +frank +moomoo +fashion +enterprise +bullet +polo +212121 +melody +buddy +piglet +member +fishing +speedy +skate +isabel +viper1 +champion +packers +kathleen +robert1 +jackass +sunny1 +roxy +root +woaiwojia +dragonball +ruby +louis +turbo +paranoid +iloveyou1