Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
1.4 billion password breach compilation wordlist
wordlist created from original 41G stash via:
grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt
Then, compressed with:
7z a breachcompilation.txt.7z breachcompilation.txt
Size:
4.1G compressed
9.0G uncompressed
No personal information included - just a list of passwords.
magnet url:
magnet:?xt=urn:btih:5a9ba318a5478769ddc7393f1e4ac928d9aa4a71&dn=breachcompilation.txt.7z
@scottlinux

This comment has been minimized.

Copy link
Owner Author

scottlinux commented Dec 19, 2017

Also forgot to note:
1012024699 total lines in the file

@skorotkiewicz

This comment has been minimized.

Copy link

skorotkiewicz commented Dec 19, 2017

full base

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

@bbonczek

This comment has been minimized.

Copy link

bbonczek commented Dec 19, 2017

modInfo, is it txt file?

@scottlinux

This comment has been minimized.

Copy link
Owner Author

scottlinux commented Dec 19, 2017

Welp, looks like this is not sorted, so not a unique list. :(

  1. sort with the number of cores you have available:

LC_ALL=C sort --parallel=8 -u breachcompilation.txt -o breachcompilation.sorted.txt

  1. remove leading spaces:

sed -i -e's/^\s*//' breachcompilation.sorted.txt


Check out this thread for more info:

https://www.reddit.com/r/netsec/comments/7kqpx9/recent_14_billion_password_breach_compilation_as/

@bl00m

This comment has been minimized.

Copy link

bl00m commented Dec 20, 2017

There is about 38% of the list that is unique (with sort & uniq I get 384149228 lines).
And a lot are not only password but email:password

@eth3real

This comment has been minimized.

Copy link

eth3real commented Dec 20, 2017

There are quite a few lines like this in the list as well:

(null)resettingpassword...retry#1
(null)resettingpassword...retry#2

@folet1992

This comment has been minimized.

Copy link

folet1992 commented Dec 20, 2017

je n'arrive pas a la télécharger y'aurais pas un autre liens ?

@Logicbloke

This comment has been minimized.

Copy link

Logicbloke commented Dec 20, 2017

@folet1992 il te faut bittorrent ou autre client de torrents puis utilise le magnet sur le post original.

@netscylla

This comment has been minimized.

Copy link

netscylla commented Dec 20, 2017

grep -rohP '(?<=:).*$' |sort |uniq -c|sort -nr > breachcompilation_index.txt
cat breachcompilation_index.txt |cut -b 9- > breachcompilation.txt

uncompressed filesize:
6.7G Dec 20 19:35 breachcompilation_index.txt
3.8G Dec 20 23:14 breachcompilation.txt

I have a file with a password count and one without...

@cFire

This comment has been minimized.

Copy link

cFire commented Dec 21, 2017

It seems just over half this file is wasted space. The uniq command only removed duplicates that are directly following each other.

coolfire@lydia6:~# cat breachcompilation.txt | sort -u > breachcompilation_sorted.txt                                                                                                                                  
coolfire@lydia6:~# wc -l *txt
  384153427 breachcompilation_sorted.txt
 1012024699 breachcompilation.txt

3.8G breachcompilation_sorted.txt
9.0G breachcompilation.txt

@whydn

This comment has been minimized.

Copy link

whydn commented Dec 31, 2017

@cFire can you give the sorted text link for download?

@jg4

This comment has been minimized.

Copy link

jg4 commented Jan 8, 2018

@cFire can you please share the link to the sorted one please?

@1rabbit

This comment has been minimized.

Copy link

1rabbit commented Jan 10, 2018

that would be great yes

@acaetano

This comment has been minimized.

Copy link

acaetano commented Jan 11, 2018

There is no sorted text link. You have to download the magnet link provided above and run the line cFire provided.

@spacepatcher

This comment has been minimized.

Copy link

spacepatcher commented Feb 1, 2018

Hello there!
Here is my experience of importing Breach Compilation in Postgres:
https://gist.github.com/spacepatcher/8f94289236612a40ed93efc5645c0ccd

@lucidBrot

This comment has been minimized.

Copy link

lucidBrot commented Feb 17, 2018

If anybody wants to quickly look up their own address and is unable to set it up themselves, I've set up a telegram bot for that.
It's running on a weak server, so please don't look up more than a few addresses. And I might remove that functionality any time.. but if you have no better option whatsoever, it's something ;)

Direct Telegram Link
Usage: /q my@email.com

I also feature regex searching the results.

@adon90

This comment has been minimized.

Copy link

adon90 commented Feb 27, 2018

Does anyone know where is this new leak? https://www.hackread.com/3000-databases-200-million-unique-accounts-exposed-dark-web/
with email and password as the link @modinfo provided.

@lucidBrot

This comment has been minimized.

Copy link

lucidBrot commented Mar 11, 2018

@adon90 if you happen to find out, please let us know.

But I assume that is a database that was sold in some darkweb marketplace, not a public dump.

@jasper321

This comment has been minimized.

Copy link

jasper321 commented Apr 13, 2018

is it also possible to use a domain name instead of a full email adres, like *@outlook.com

@BlAd373

This comment has been minimized.

Copy link

BlAd373 commented Jul 15, 2018

can anyone suggest me how to import all the db in sql?

@Ashish0804

This comment has been minimized.

Copy link

Ashish0804 commented Jul 31, 2018

Can you explain me why you have used "ohP '(?<=:).*$’ " in grep command? Thanks

@mayankmetha

This comment has been minimized.

Copy link

mayankmetha commented Aug 12, 2018

certain lines have; as delimiter and not :
How to extract the passwords in such a case
Like in file data/n/a/0 line 955

@keethesh

This comment has been minimized.

Copy link

keethesh commented Jan 2, 2019

@mayankmetha replace all ; with :

@EK230948230598

This comment has been minimized.

Copy link

EK230948230598 commented Jan 6, 2019

How can I specifically see one of the dumps, e.g. only the LinkedIn one or another one ?

@EK230948230598

This comment has been minimized.

Copy link

EK230948230598 commented Jan 6, 2019

@Zibri

This comment has been minimized.

Copy link

Zibri commented Jan 13, 2019

can someone zip and repost breachcompilation_sorted.txt?

@oxagast

This comment has been minimized.

Copy link

oxagast commented Jan 18, 2019

Ran sort/uniq the breachcompilation list and repackaged it. Compressed size runs around a gig.
magnet:?xt=urn:btih:ac0df29b6ae2061a1f547056eee37343646e11de&dn=breaches.7z&tr=http%3A%2F%2Ftracker1.wasabii.com.tw%3A6969%2Fannounce&tr=udp%3A%2F%2Fexplodie.org%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fipv4.tracker.harry.lu%3A80%2Fannounce

@unusualwork

This comment has been minimized.

Copy link

unusualwork commented Mar 21, 2019

full base

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

is there any way we can edit the query.sh file and make it search like *@gmail.com and get all gmails.. ?

@code-machina

This comment has been minimized.

Copy link

code-machina commented Apr 3, 2019

Are there any special characters in password list? Did you delete a partial of password? I just wondered that I can check whether or not my client is vulnerable.

@francisuk1989

This comment has been minimized.

Copy link

francisuk1989 commented Jul 15, 2019

For anyone who has DHT disabled and need trackers, I would recommend @ngosang @ https://github.com/ngosang/trackerslist

@trroot

This comment has been minimized.

Copy link

trroot commented Nov 12, 2019

NOT WORKING!

@benhunter

This comment has been minimized.

Copy link

benhunter commented Nov 25, 2019

All the magnets linked in this thread are still working.

@dido4free

This comment has been minimized.

Copy link

dido4free commented Jan 19, 2020

leakprobe.net does not available anymore:(
Are there new source similar leakprobe already (mirror maybe)?
spycloud.com is good source too but how to get his data?

@dido4free

This comment has been minimized.

Copy link

dido4free commented Jan 19, 2020

If anybody wants to quickly look up their own address and is unable to set it up themselves, I've set up a telegram bot for that.
It's running on a weak server, so please don't look up more than a few addresses. And I might remove that functionality any time.. but if you have no better option whatsoever, it's something ;)

Direct Telegram Link
Usage: /q my@email.com

I also feature regex searching the results.

does not work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.