Provides curated password lists from real breaches and common patterns—under 10MB—so you can run credential-stuffing tests without spinning up a massive dataset.
Best for: Security engineers and ops teams validating login defenses before launch.
---
name: security-passwords
description: "Top password lists for authorized security testing: common passwords, darkweb leaks, worst passwords. Curated essentials (<10MB)."
---
# SecLists Passwords (Curated)
## Description
Top password lists for authorized security testing: common passwords, darkweb leaks, worst passwords. Curated essentials (<10MB).
**Source:** [SecLists/Passwords](https://github.com/danielmiessler/SecLists/tree/master/Passwords)
**Repository:** https://github.com/danielmiessler/SecLists
**License:** MIT
## When to Use This Skill
Use this skill when you need:
- Password spraying (authorized)
- Credential testing
- Password policy validation
- Brute force testing (authorized)
- Authentication testing
**⚠️ IMPORTANT:** Only use for authorized security testing, bug bounty programs, CTF competitions, or educational purposes.
## Key Files in This Skill
- `500-worst-passwords.txt - 500 worst passwords`
- `10k-most-common.txt - 10K common passwords`
- `100k-most-used-passwords-NCSC.txt - 100K passwords`
- `darkweb2017_top-10000.txt - 10K from breaches`
- `probable-v2_top-12000.txt - 12K probable passwords`
## Usage Example
```python
# Access files from this skill
import os
# Example: Load patterns/payloads
skill_path = "references/Passwords"
# List all available files
for root, dirs, files in os.walk(skill_path):
for file in files:
if file.endswith('.txt'):
filepath = os.path.join(root, file)
print(f"Found: {filepath}")
# Read file content
with open(filepath, 'r', errors='ignore') as f:
content = f.read().splitlines()
print(f" Lines: {len(content)}")
```
## Security & Ethics
### Authorized Use Cases ✅
- Authorized penetration testing with written permission
- Bug bounty programs (within scope)
- CTF competitions
- Security research in controlled environments
- Testing your own systems
- Educational demonstrations
### Prohibited Use Cases ❌
- Unauthorized access attempts
- Testing without permission
- Malicious activities
- Privacy violations
- Any illegal activities
## Complete SecLists Collection
This is a curated subset of SecLists. For the complete collection:
- **Full repository:** https://github.com/danielmiessler/SecLists
- **Size:** 4.5 GB with 6,000+ files
- **All categories:** Passwords, Usernames, Discovery, Fuzzing, Payloads, Web-Shells, Pattern-Matching, AI, Miscellaneous
---
**Generated by Skill Seeker** | SecLists Passwords Collection
**License:** MIT - Use responsibly with proper authorization
Creator's repository · eyadkelleh/awesome-skills-security