Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
1.4 billion password breach compilation wordlist
wordlist created from original 41G stash via:
grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt
Then, compressed with:
7z a breachcompilation.txt.7z breachcompilation.txt
Size:
4.1G compressed
9.0G uncompressed
No personal information included - just a list of passwords.
magnet url:
magnet:?xt=urn:btih:5a9ba318a5478769ddc7393f1e4ac928d9aa4a71&dn=breachcompilation.txt.7z
@scottlinux

This comment has been minimized.

Copy link
Owner Author

@scottlinux scottlinux commented Dec 19, 2017

Also forgot to note:
1012024699 total lines in the file

@skorotkiewicz

This comment has been minimized.

Copy link

@skorotkiewicz skorotkiewicz commented Dec 19, 2017

full base

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

@bbonczek

This comment has been minimized.

Copy link

@bbonczek bbonczek commented Dec 19, 2017

modInfo, is it txt file?

@scottlinux

This comment has been minimized.

Copy link
Owner Author

@scottlinux scottlinux commented Dec 19, 2017

Welp, looks like this is not sorted, so not a unique list. :(

  1. sort with the number of cores you have available:

LC_ALL=C sort --parallel=8 -u breachcompilation.txt -o breachcompilation.sorted.txt

  1. remove leading spaces:

sed -i -e's/^\s*//' breachcompilation.sorted.txt


Check out this thread for more info:

https://www.reddit.com/r/netsec/comments/7kqpx9/recent_14_billion_password_breach_compilation_as/

@bl00m

This comment has been minimized.

Copy link

@bl00m bl00m commented Dec 20, 2017

There is about 38% of the list that is unique (with sort & uniq I get 384149228 lines).
And a lot are not only password but email:password

@eth3real

This comment has been minimized.

Copy link

@eth3real eth3real commented Dec 20, 2017

There are quite a few lines like this in the list as well:

(null)resettingpassword...retry#1
(null)resettingpassword...retry#2

@folet1992

This comment has been minimized.

Copy link

@folet1992 folet1992 commented Dec 20, 2017

je n'arrive pas a la télécharger y'aurais pas un autre liens ?

@Logicbloke

This comment has been minimized.

Copy link

@Logicbloke Logicbloke commented Dec 20, 2017

@folet1992 il te faut bittorrent ou autre client de torrents puis utilise le magnet sur le post original.

@netscylla

This comment has been minimized.

Copy link

@netscylla netscylla commented Dec 20, 2017

grep -rohP '(?<=:).*$' |sort |uniq -c|sort -nr > breachcompilation_index.txt
cat breachcompilation_index.txt |cut -b 9- > breachcompilation.txt

uncompressed filesize:
6.7G Dec 20 19:35 breachcompilation_index.txt
3.8G Dec 20 23:14 breachcompilation.txt

I have a file with a password count and one without...

@cFire

This comment has been minimized.

Copy link

@cFire cFire commented Dec 21, 2017

It seems just over half this file is wasted space. The uniq command only removed duplicates that are directly following each other.

coolfire@lydia6:~# cat breachcompilation.txt | sort -u > breachcompilation_sorted.txt                                                                                                                                  
coolfire@lydia6:~# wc -l *txt
  384153427 breachcompilation_sorted.txt
 1012024699 breachcompilation.txt

3.8G breachcompilation_sorted.txt
9.0G breachcompilation.txt

@whydn

This comment has been minimized.

Copy link

@whydn whydn commented Dec 31, 2017

@cFire can you give the sorted text link for download?

@jg4

This comment has been minimized.

Copy link

@jg4 jg4 commented Jan 8, 2018

@cFire can you please share the link to the sorted one please?

@1rabbit

This comment has been minimized.

Copy link

@1rabbit 1rabbit commented Jan 10, 2018

that would be great yes

@acaetano

This comment has been minimized.

Copy link

@acaetano acaetano commented Jan 11, 2018

There is no sorted text link. You have to download the magnet link provided above and run the line cFire provided.

@spacepatcher

This comment has been minimized.

Copy link

@spacepatcher spacepatcher commented Feb 1, 2018

Hello there!
Here is my experience of importing Breach Compilation in Postgres:
https://gist.github.com/spacepatcher/8f94289236612a40ed93efc5645c0ccd

@lucidBrot

This comment has been minimized.

Copy link

@lucidBrot lucidBrot commented Feb 17, 2018

If anybody wants to quickly look up their own address and is unable to set it up themselves, I've set up a telegram bot for that.
It's running on a weak server, so please don't look up more than a few addresses. And I might remove that functionality any time.. but if you have no better option whatsoever, it's something ;)

Direct Telegram Link
Usage: /q my@email.com

I also feature regex searching the results.

@adon90

This comment has been minimized.

Copy link

@adon90 adon90 commented Feb 27, 2018

Does anyone know where is this new leak? https://www.hackread.com/3000-databases-200-million-unique-accounts-exposed-dark-web/
with email and password as the link @modinfo provided.

@lucidBrot

This comment has been minimized.

Copy link

@lucidBrot lucidBrot commented Mar 11, 2018

@adon90 if you happen to find out, please let us know.

But I assume that is a database that was sold in some darkweb marketplace, not a public dump.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Apr 13, 2018

is it also possible to use a domain name instead of a full email adres, like *@outlook.com

@BlAd373

This comment has been minimized.

Copy link

@BlAd373 BlAd373 commented Jul 15, 2018

can anyone suggest me how to import all the db in sql?

@Ashish0804

This comment has been minimized.

Copy link

@Ashish0804 Ashish0804 commented Jul 31, 2018

Can you explain me why you have used "ohP '(?<=:).*$’ " in grep command? Thanks

@mayankmetha

This comment has been minimized.

Copy link

@mayankmetha mayankmetha commented Aug 12, 2018

certain lines have; as delimiter and not :
How to extract the passwords in such a case
Like in file data/n/a/0 line 955

@keethesh

This comment has been minimized.

Copy link

@keethesh keethesh commented Jan 2, 2019

@mayankmetha replace all ; with :

@EK230948230598

This comment has been minimized.

Copy link

@EK230948230598 EK230948230598 commented Jan 6, 2019

How can I specifically see one of the dumps, e.g. only the LinkedIn one or another one ?

@EK230948230598

This comment has been minimized.

Copy link

@EK230948230598 EK230948230598 commented Jan 6, 2019

@Zibri

This comment has been minimized.

Copy link

@Zibri Zibri commented Jan 13, 2019

can someone zip and repost breachcompilation_sorted.txt?

@oxagast

This comment has been minimized.

Copy link

@oxagast oxagast commented Jan 18, 2019

Ran sort/uniq the breachcompilation list and repackaged it. Compressed size runs around a gig.
magnet:?xt=urn:btih:ac0df29b6ae2061a1f547056eee37343646e11de&dn=breaches.7z&tr=http%3A%2F%2Ftracker1.wasabii.com.tw%3A6969%2Fannounce&tr=udp%3A%2F%2Fexplodie.org%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fipv4.tracker.harry.lu%3A80%2Fannounce

@unusualwork

This comment has been minimized.

Copy link

@unusualwork unusualwork commented Mar 21, 2019

full base

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

is there any way we can edit the query.sh file and make it search like *@gmail.com and get all gmails.. ?

@code-machina

This comment has been minimized.

Copy link

@code-machina code-machina commented Apr 3, 2019

Are there any special characters in password list? Did you delete a partial of password? I just wondered that I can check whether or not my client is vulnerable.

@francisuk1989

This comment has been minimized.

Copy link

@francisuk1989 francisuk1989 commented Jul 15, 2019

For anyone who has DHT disabled and need trackers, I would recommend @ngosang @ https://github.com/ngosang/trackerslist

@trroot

This comment has been minimized.

Copy link

@trroot trroot commented Nov 12, 2019

NOT WORKING!

@benhunter

This comment has been minimized.

Copy link

@benhunter benhunter commented Nov 25, 2019

All the magnets linked in this thread are still working.

@dido4free

This comment has been minimized.

Copy link

@dido4free dido4free commented Jan 19, 2020

leakprobe.net does not available anymore:(
Are there new source similar leakprobe already (mirror maybe)?
spycloud.com is good source too but how to get his data?

@dido4free

This comment has been minimized.

Copy link

@dido4free dido4free commented Jan 19, 2020

If anybody wants to quickly look up their own address and is unable to set it up themselves, I've set up a telegram bot for that.
It's running on a weak server, so please don't look up more than a few addresses. And I might remove that functionality any time.. but if you have no better option whatsoever, it's something ;)

Direct Telegram Link
Usage: /q my@email.com

I also feature regex searching the results.

does not work

@CraigOpie

This comment has been minimized.

Copy link

@CraigOpie CraigOpie commented Feb 5, 2020

Does anyone have a magnets link for the new 2.2B leak?

@azmazr

This comment has been minimized.

Copy link

@azmazr azmazr commented Apr 7, 2020

how to get the wordlist

@0xspade

This comment has been minimized.

Copy link

@0xspade 0xspade commented Apr 20, 2020

I just found this sorted breached passwords and I am trying to extract those passwords only. A lot in this wordlist is in [email]:[password] format maybe someone should delete it correctly.

Link: https://files.vkk.me/storage/breachcompilationuniq.txt.7z

If there is someone already done it or something like its Updated it. It is very much appreciated.

@harshsanwaria

This comment has been minimized.

Copy link

@harshsanwaria harshsanwaria commented Apr 20, 2020

How old is this data and how often this are updated ? Where can i get the updated data?

@0xspade

This comment has been minimized.

Copy link

@0xspade 0xspade commented Apr 20, 2020

That is also my question Since it's already 2020, It should be updated. I'm looking for a breached password wordlist.

@3P51LON

This comment has been minimized.

Copy link

@3P51LON 3P51LON commented Apr 20, 2020

Any non Torrent link for the BreachCompilation file? For using h8mail I need to have a query.sh.

@dansku

This comment has been minimized.

Copy link

@dansku dansku commented May 14, 2020

You can also check it on pwdquery.xyz ;)

@mrx23dot

This comment has been minimized.

Copy link

@mrx23dot mrx23dot commented May 14, 2020

wow that site has a lot more than the 40GB has based on the same email address.

@GreyHat2

This comment has been minimized.

Copy link

@GreyHat2 GreyHat2 commented Sep 9, 2020

does it contains emails too?

@yuraloginoff

This comment has been minimized.

Copy link

@yuraloginoff yuraloginoff commented Sep 27, 2020

does it contains emails too?

it is "email:password" list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.