Get the FREE Ultimate OpenClaw Setup Guide →

SecLists Passwords (Curated)

Scanned
npx machina-cli add skill Eyadkelleh/awesome-claude-skills-security/passwords --openclaw
Files (1)
SKILL.md
2.5 KB

SecLists Passwords (Curated)

Description

Top password lists for authorized security testing: common passwords, darkweb leaks, worst passwords. Curated essentials (<10MB).

Source: SecLists/Passwords Repository: https://github.com/danielmiessler/SecLists License: MIT

When to Use This Skill

Use this skill when you need:

  • Password spraying (authorized)
  • Credential testing
  • Password policy validation
  • Brute force testing (authorized)
  • Authentication testing

⚠️ IMPORTANT: Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.

Key Files in This Skill

  • 500-worst-passwords.txt - 500 worst passwords
  • 10k-most-common.txt - 10K common passwords
  • 100k-most-used-passwords-NCSC.txt - 100K passwords
  • darkweb2017_top-10000.txt - 10K from breaches
  • probable-v2_top-12000.txt - 12K probable passwords

Usage Example

# Access files from this skill
import os

# Example: Load patterns/payloads
skill_path = "references/Passwords"

# List all available files
for root, dirs, files in os.walk(skill_path):
    for file in files:
        if file.endswith('.txt'):
            filepath = os.path.join(root, file)
            print(f"Found: {filepath}")
            
            # Read file content
            with open(filepath, 'r', errors='ignore') as f:
                content = f.read().splitlines()
                print(f"  Lines: {len(content)}")

Security & Ethics

Authorized Use Cases ✅

  • Authorized penetration testing with written permission
  • Bug bounty programs (within scope)
  • CTF competitions
  • Security research in controlled environments
  • Testing your own systems
  • Educational demonstrations

Prohibited Use Cases ❌

  • Unauthorized access attempts
  • Testing without permission
  • Malicious activities
  • Privacy violations
  • Any illegal activities

Complete SecLists Collection

This is a curated subset of SecLists. For the complete collection:

Generated by Skill Seeker | SecLists Passwords Collection License: MIT - Use responsibly with proper authorization

Source

git clone https://github.com/Eyadkelleh/awesome-claude-skills-security/blob/main/seclists-categories passwords/passwords/SKILL.mdView on GitHub

Overview

This skill provides a focused, <10MB subset of SecLists passwords for authorized security testing. It includes common passwords, worst passwords, and breach-era lists, enabling efficient credential testing and policy validation without the full dataset.

How This Skill Works

The skill exposes a curated set of password lists (e.g., 500-worst-passwords.txt, 10k-most-common.txt, 100k-most-used-passwords-NCSC.txt, darkweb2017_top-10000.txt, probable-v2_top-12000.txt) that you load into your testing tooling. Researchers can script loading and iterating over lines to perform password spraying, brute force, or credential testing within an approved scope, while monitoring impact and maintaining ethics.

When to Use It

  • Password spraying (authorized)
  • Credential testing
  • Password policy validation
  • Brute force testing (authorized)
  • Authentication testing

Quick Start

  1. Step 1: Locate the curated lists directory (references/Passwords) within the skill scope.
  2. Step 2: Pick a file (e.g., 10k-most-common.txt) and load its lines into your testing tool or script.
  3. Step 3: Run tests within authorized scope, apply rate limits, and analyze results with proper reporting.

Best Practices

  • Obtain explicit authorization and clearly defined scope before testing.
  • Start with the 10k-most-common and 500-worst-passwords lists to minimize risk before using larger datasets.
  • Test only on non-production or consented environments; monitor impact and rollback if needed.
  • Respect rate limits, throttle requests, and stagger IPs to avoid service disruption or triggering defenses.
  • Document findings, securely handle any credentials encountered, and report within the agreed framework.

Example Use Cases

  • A security team uses 10k-most-common.txt and 500-worst-passwords.txt to validate password policy in a staging environment.
  • During a bug bounty engagement, testers run authorized password spraying against a defined asset set to confirm account lockout policies.
  • A CTF challenge leverages darkweb2017_top-10000.txt to craft realistic test scenarios within rules.
  • A credential stuffing test targets a client's web portal in a controlled, permissioned engagement to assess defenses.
  • Researchers compare probable-v2_top-12000.txt against internal user hashes to gauge leakage risk in a controlled study.

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers