Kaonashi: Wordlist, rules and masks for hashcat

Kaonashi Project: RootedCON 2019

This repository contains several directories:

• Sorted Masks for hashcat
• Advanced Rules for hashcat
• Links to download the Kaonishi’s Wordlists
• Slides used in our talk I know your p4$$w0rd (and if I don’t, I will guess it… at RootedCON (2019)

Why

When a user has to choose a password, he tends to build it in the same way, using the same personal information and using the same complexity ideas.

In this study we processed several billions of real passwords in order to make a large-scale analysis of these common behaviors, drawing conclusions that allow us to create specific procedures and tools to improve current Password Cracking techniques.

How

We used different methods, like behavioral and statistical analysis, neural networks and other advanced techniques, to obtain patterns and relevant information that allow us to crack hashes whose resistance is usually quite high.

Kaonashi Wordlist

These wordlist has been extracted from real password leaksa and sorted by the number of occurrences. By having these wordlists sorted this way, users can extract TOP n lines/passwords and create custom wordlists based on their needs.

For our study, we created the original wordlist and two additional ones:

• Kaonashi (2.35 GB)
• Kaonashi14M (47.7 MB)
• KaonashiWPA100M (323.9 MB)

You can also find .torrent files inside wordlists/ directory

Disclaimer

• These code and wordlists are for LAWFUL, ETHICAL AND EDUCATIONAL PURPOSES ONLY.
• The files contained in this repository are released “as is” without warranty, support, or guarantee of effectiveness.
• We are open to hearing about any issues found within these files and will be actively maintaining this repository for the foreseeable future. If you find anything noteworthy, let us know and we’ll see what we can do about it.

The authors did not steal, Phish, deceive or hack in any way to get hold of these passwords. All lines in these files were obtained through freely available means.

The intent for this project is to provide information on insecure passwords in order to increase overall password security. The lists will show you what passwords are the most common, what patterns are the most common, and what you should avoid when creating your own passwords.

Download

git clone https://github.com/kaonashi-passwords/Kaonashi.git

Copyright (C) 2019

• Jaime Sánchez @segofensiva)
• Pablo Caro (@pcaro90)