NCSC 100k Most Used Passwords
The UK National Cyber Security Centre's list of the 100,000 most-breached passwords (from Have I Been Pwned). Excellent broad coverage of real-world weak passwords.
- Size
- 99,840 lines (816 KB)
- Category
- Passwords
- Source
- danielmiessler/SecLists
- License
- MIT
- Recommended tools
- hashcatjohnhydra
Preview
First 15 entries. Download or copy the full list (99,840 lines (816 KB)) using the buttons above.
123456 123456789 qwerty password 111111 12345678 abc123 1234567 password1 12345 1234567890 123123 000000 iloveyou 1234
The UK National Cyber Security Centre's list of the 100,000 most-breached passwords (from Have I Been Pwned). Excellent broad coverage of real-world weak passwords.
This list is geared toward password cracking and credential attacks. It contains roughly 99,840 lines (816 KB) and pairs well with tools such as hashcat, john, hydra. Pick the smallest list that fits your engagement: shorter lists are faster and quieter for online attacks, while larger lists give broader coverage for offline work where speed is less of a constraint.
You can copy the sample preview straight from this page, copy the entire list to
your clipboard, or download the raw .txt file. The full list is served directly
from its upstream source on GitHub.
Sourced from danielmiessler/SecLists and distributed under MIT. Only use wordlists against systems you are explicitly authorized to test.