░▒▓ brutas ▓▒░ Wordlists and passwords handcrafted with ♥
The brutas-passwords-2-small.txt list seems to be most effective for general purpose and reasonably fast password bruteforcing, while brutas-passwords-1-x-small.txt is designed for a quick win in large networks.
However, I recommend experimenting on your own and rebuilding these sets depending on the target. You may want to incorporate your native language keywords, too. For example, file or a domain name combined with brutas-passwords-numbers.txt turns out to be pretty effective on encrypted archives and wireless networks. As with everything, a little social engineering comes handy to understand the local approach to the "password policy".
brutas-passwords-1-x-small.txt- a low profile list useful for attacking administrator and service accountsbrutas-passwords-2-small.txt- general purpose, could crack admin or regular user accounts, a mix of most popular passwords with some pseudo-complex combinationsbrutas-passwords-3-medium.txt- probably the biggest one still reasonable for online bruteforcingbrutas-passwords-4-large.txt- apart from smallers lists contains common English words and variations of leetspeak coded usernamesbrutas-passwords-5-x-large.txt- all rules applied, includes less common English wordsbrutas-passwords-classics.txt- typical admin passwords based on roles (test, admin), words (password, secret) or "funny" ones (like still belovedletmeinortrustno1)brutas-passwords-closekeys.txt- close key combinations or easy phrases (e.g.abcd) combined with capitalization, numbers, repetitions etc.brutas-passwords-top.txt- currently 2k list composed of most popular user passwords found in leaks, doesn't contain close keys or any more sophisticated combinations than adding a number or twobrutas-passwords-unique.txt- passwords which are complex enough to be used as independent passwords and are rarely mixed with any extra characters, usually related to pop-culture or sports (e.g.apollo13,9inchnails,ronaldo7)brutas-passwords-numbers.txt- a small list of numbers used in passwords (e.g. dates, math constants)brutas-passwords-tomcat.txt- as the name suggests
brutas-extensions.txt- extensions especially useful when combined withbrutas-http-paths.txtbrutas-http-params.txt- simplistic and realistic approach to HTTP parametersbrutas-http-paths.txt- no path traversal or pseudo exploits to keep low profile, no subs (use recursion instead) - paths onlybrutas-usernames.txt- most common usernamesbrutas-usernames-small.txt- a short list of usernamesbrutas-usernames-tomcat.txt- as the name suggests
brutas-subdomains-1-small.txt- a fairly reasonable list for host discovery composed of common conventions, self-hosted software etc.brutas-subdomains-2-large.txt- extended list with some extra pre-/postfixes likehost-srv,f.hostorhost10
keywords/brutas-en-common.txt- set of most frequent English words used in passwords internationally (also from literature, pop culture etc)keywords/brutas-en-less.txt- less frequent English words used in passwords by native speakerskeywords/brutas-*- other languages, keywords not present in English lists, based mostly on leakskeywords/brutas-subdomains.txt- keywords and rules used to generate lists for subdomainskeywords/brutas-subdomains-extra.txt- additional prefixes for subdomain discoverykeywords/brutas-wifi.txt- bits and pieces useful in generating passwords for wireless networks
The build process is automated and handled by the script located in ./bin/rebuild.sh. Check it out to understand what are the blocks and how I set the priorities (or in other words what is most probable in my opinion).