Collection #1: 1.4 Billion Password Breach

Collection #1 Collection #1 is almost two times larger than the previous largest credential exposure. This is not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts,… Read more »

A Collection of Wordlists

You are only as effective as the wordlist you use, over the years I have collected a fair few of them and will bring them to you all in one place. Common 10k_common.txt 82KB 2012commonpw.txt 1KB All_Common_Router_Passwords.txt 3.3KB commonpasswords.txt 3.3KB Random AllPasswords.txt 58MB dic.txt 8.6MB largelist.txt darkc0de.txt 17MB smalllist.txt 26MB realhuman_phill.txt 683.2KB rockyou.txt 133.4KB Openwall pwgen-nontty.gz 118.7MB pwgen-tty.gz 120.4MB Wordlists-20031009.txt… Read more »

How to Reveal Hidden Passwords in Web Browsers

In many places where you need to input your password to gain access, authorise or confirm a transaction, whenever you type passwords into the input box, the characters automatically change into asterisks or bullets. This is to protect your password from straying eyes. There is a simple trick to find out what is behind the… Read more »

Detect Heartbleed Vulnerability using Perl Script

Check to see if sites you access are still vulnerable to the Heartbleed exploit (CVE-2014-0160) by running the following Perl script: 1. Create a file called check-ssl-heartbleed.pl and paste the following contents:

1a. Paste the following into check-ssl-heartbleed.pl

2. Run script

Or download it here check-ssl-heartbleed.pl

ZyNOS (ROM-0) Exploit

ZyNOS is the proprietary operating system used on network devices made by the ZyXEL Communications Corporation, ZyXEL Communications Corporation first introduced ZyNOS in 1998. A vulnerability exists with ZyNOS based routers (ZyXel, Netgear and TP-Link and maybe others) that can allow an attacker to download the rom-0 file and reverse engineer to retrieve the local admin… Read more »