WORDLISTS = "10k_most_common": "url": f"SECLISTS_BASE_URL/Common-Credentials/10k-most-common.txt", "description": "10,000 most common passwords", , "500_worst": "url": f"SECLISTS_BASE_URL/500-worst-passwords.txt", "description": "500 worst passwords", , "rockyou_20": "url": f"SECLISTS_BASE_URL/RockYou-20.txt", "description": "Top 20 from RockYou leak", , "xato_10k": "url": f"SECLISTS_BASE_URL/xato-net-10-million-passwords-10000.txt", "description": "Xato 10k most common", , "linkedin": "url": f"SECLISTS_BASE_URL/LinkedIn-common-passwords.txt", "description": "LinkedIn leak common passwords", , Download & Cache Management ---------------------------------------------------------------------- def download_wordlist(name: str, cache_dir: Path) -> Path: """Download wordlist to cache directory, return local path.""" if name not in WORDLISTS: raise ValueError(f"Unknown wordlist: name. Choose from list(WORDLISTS.keys())")
# Output to stdout or file if args.output: # Determine format fmt = args.format if not fmt: ext = args.output.suffix.lower() if ext == ".json": fmt = "json" elif ext == ".csv": fmt = "csv" else: fmt = "txt" export_results(result, args.output, fmt) else: # Print to stdout (limit to 1000 lines to avoid spam) if len(result) > 1000 and not args.sample: print(f"Warning: len(result) passwords. Showing first 100. Use --sample or --output to manage.", file=sys.stderr) result = result[:100] for pwd in result: print(pwd) if == " main ": main() Usage Examples 1. Install dependency pip install requests 2. Basic – Show first 20 of 10k most common python seclists_password.py | head -20 3. Search for passwords containing "admin" python seclists_password.py --search admin 4. Regex pattern: passwords starting with "pass" and at least 6 chars python seclists_password.py --pattern "^pass.*" --min-len 6 5. Only numeric passwords between 4–6 digits python seclists_password.py --only-digits --min-len 4 --max-len 6 6. Sample 10 random passwords python seclists_password.py --sample 10 7. Use the "500 worst passwords" list, export to JSON python seclists_password.py --list 500_worst --output worst.json --format json 8. Statistics & verbose python seclists_password.py --stats --verbose --only-lower --min-len 8 9. Must contain "123" and exclude special chars python seclists_password.py --must-contain "123" --exclude-special Programmatic Usage (in your own Python scripts) from seclists_password import load_passwords, filter_passwords, sample_passwords passwords = load_passwords("10k_most_common") filtered = filter_passwords(passwords, min_len=8, only_alpha=True) random_10 = sample_passwords(filtered, 10)
print(f"[↓] Downloading name from url") cache_dir.mkdir(parents=True, exist_ok=True)
if min_len is not None: result = [p for p in result if len(p) >= min_len] if max_len is not None: result = [p for p in result if len(p) <= max_len] if pattern: regex = re.compile(pattern) result = [p for p in result if regex.search(p)] if only_digits: result = [p for p in result if p.isdigit()] if only_alpha: result = [p for p in result if p.isalpha()] if only_lower: result = [p for p in result if p.islower()] if only_upper: result = [p for p in result if p.isupper()] if exclude_special: result = [p for p in result if p.isalnum()] if must_contain: result = [p for p in result if must_contain in p]