As part of any penetration test, you will at some point want to try common passwords to brute-force an account or access. As a general rule, we've always recommended the 500 worst passwords list as a starting point. Unfortunately, we wanted to test more than just a few bad passwords (and yes we mean 500 is a few). We wanted to really see if we could gain access with a larger set. As a result we were individually using passwords from various sources. So to make life easier for us and you, we are sharing a password list that consists of over 62K passwords assembled from sources such as Hak5, Cain, 500 worst, conficker, elitehacker, facebook, faithwriters, honeynet, hotmail, and twitter banned.
Download: 62K Common Passwords
We have also created an SVN repository of all the password files that we could locate. If you want to download them, you can grab them from http://svn.isdpodcast.com/wordlists. In additions are added as they are located or disclosed. Individual downloads are as follows: