Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
1.4 billion password breach compilation wordlist
wordlist created from original 41G stash via:
grep -rohP '(?<=:).*$' | uniq > breachcompilation.txt
Then, compressed with:
7z a breachcompilation.txt.7z breachcompilation.txt
Size:
4.1G compressed
9.0G uncompressed
No personal information included - just a list of passwords.
magnet url:
magnet:?xt=urn:btih:5a9ba318a5478769ddc7393f1e4ac928d9aa4a71&dn=breachcompilation.txt.7z
@scottlinux

This comment has been minimized.

Copy link
Owner Author

commented Dec 19, 2017

Also forgot to note:
1012024699 total lines in the file

@skorotkiewicz

This comment has been minimized.

Copy link

commented Dec 19, 2017

full base

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

@bbonczek

This comment has been minimized.

Copy link

commented Dec 19, 2017

modInfo, is it txt file?

@scottlinux

This comment has been minimized.

Copy link
Owner Author

commented Dec 19, 2017

Welp, looks like this is not sorted, so not a unique list. :(

  1. sort with the number of cores you have available:

LC_ALL=C sort --parallel=8 -u breachcompilation.txt -o breachcompilation.sorted.txt

  1. remove leading spaces:

sed -i -e's/^\s*//' breachcompilation.sorted.txt


Check out this thread for more info:

https://www.reddit.com/r/netsec/comments/7kqpx9/recent_14_billion_password_breach_compilation_as/

@bl00m

This comment has been minimized.

Copy link

commented Dec 20, 2017

There is about 38% of the list that is unique (with sort & uniq I get 384149228 lines).
And a lot are not only password but email:password

@eth3real

This comment has been minimized.

Copy link

commented Dec 20, 2017

There are quite a few lines like this in the list as well:

(null)resettingpassword...retry#1
(null)resettingpassword...retry#2

@folet1992

This comment has been minimized.

Copy link

commented Dec 20, 2017

je n'arrive pas a la télécharger y'aurais pas un autre liens ?

@Logicbloke

This comment has been minimized.

Copy link

commented Dec 20, 2017

@folet1992 il te faut bittorrent ou autre client de torrents puis utilise le magnet sur le post original.

@netscylla

This comment has been minimized.

Copy link

commented Dec 20, 2017

grep -rohP '(?<=:).*$' |sort |uniq -c|sort -nr > breachcompilation_index.txt
cat breachcompilation_index.txt |cut -b 9- > breachcompilation.txt

uncompressed filesize:
6.7G Dec 20 19:35 breachcompilation_index.txt
3.8G Dec 20 23:14 breachcompilation.txt

I have a file with a password count and one without...

@cFire

This comment has been minimized.

Copy link

commented Dec 21, 2017

It seems just over half this file is wasted space. The uniq command only removed duplicates that are directly following each other.

coolfire@lydia6:~# cat breachcompilation.txt | sort -u > breachcompilation_sorted.txt                                                                                                                                  
coolfire@lydia6:~# wc -l *txt
  384153427 breachcompilation_sorted.txt
 1012024699 breachcompilation.txt

3.8G breachcompilation_sorted.txt
9.0G breachcompilation.txt

@whydn

This comment has been minimized.

Copy link

commented Dec 31, 2017

@cFire can you give the sorted text link for download?

@jg4

This comment has been minimized.

Copy link

commented Jan 8, 2018

@cFire can you please share the link to the sorted one please?

@1rabbit

This comment has been minimized.

Copy link

commented Jan 10, 2018

that would be great yes

@acaetano

This comment has been minimized.

Copy link

commented Jan 11, 2018

There is no sorted text link. You have to download the magnet link provided above and run the line cFire provided.

@spacepatcher

This comment has been minimized.

Copy link

commented Feb 1, 2018

Hello there!
Here is my experience of importing Breach Compilation in Postgres:
https://gist.github.com/spacepatcher/8f94289236612a40ed93efc5645c0ccd

@lucidBrot

This comment has been minimized.

Copy link

commented Feb 17, 2018

If anybody wants to quickly look up their own address and is unable to set it up themselves, I've set up a telegram bot for that.
It's running on a weak server, so please don't look up more than a few addresses. And I might remove that functionality any time.. but if you have no better option whatsoever, it's something ;)

Direct Telegram Link
Usage: /q my@email.com

I also feature regex searching the results.

@adon90

This comment has been minimized.

Copy link

commented Feb 27, 2018

Does anyone know where is this new leak? https://www.hackread.com/3000-databases-200-million-unique-accounts-exposed-dark-web/
with email and password as the link @modInfo provided.

@lucidBrot

This comment has been minimized.

Copy link

commented Mar 11, 2018

@adon90 if you happen to find out, please let us know.

But I assume that is a database that was sold in some darkweb marketplace, not a public dump.

@jasper321

This comment has been minimized.

Copy link

commented Apr 13, 2018

is it also possible to use a domain name instead of a full email adres, like *@outlook.com

@BlAd373

This comment has been minimized.

Copy link

commented Jul 15, 2018

can anyone suggest me how to import all the db in sql?

@Ashish0804

This comment has been minimized.

Copy link

commented Jul 31, 2018

Can you explain me why you have used "ohP '(?<=:).*$’ " in grep command? Thanks

@mayankmetha

This comment has been minimized.

Copy link

commented Aug 12, 2018

certain lines have; as delimiter and not :
How to extract the passwords in such a case
Like in file data/n/a/0 line 955

@keethesh

This comment has been minimized.

Copy link

commented Jan 2, 2019

@mayankmetha replace all ; with :

@EK230948230598

This comment has been minimized.

Copy link

commented Jan 6, 2019

How can I specifically see one of the dumps, e.g. only the LinkedIn one or another one ?

@EK230948230598

This comment has been minimized.

Copy link

commented Jan 6, 2019

@Zibri

This comment has been minimized.

Copy link

commented Jan 13, 2019

can someone zip and repost breachcompilation_sorted.txt?

@oxagast

This comment has been minimized.

Copy link

commented Jan 18, 2019

Ran sort/uniq the breachcompilation list and repackaged it. Compressed size runs around a gig.
magnet:?xt=urn:btih:ac0df29b6ae2061a1f547056eee37343646e11de&dn=breaches.7z&tr=http%3A%2F%2Ftracker1.wasabii.com.tw%3A6969%2Fannounce&tr=udp%3A%2F%2Fexplodie.org%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969%2Fannounce&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337%2Fannounce&tr=udp%3A%2F%2Fipv4.tracker.harry.lu%3A80%2Fannounce

@unusualwork

This comment has been minimized.

Copy link

commented Mar 21, 2019

full base

magnet:?xt=urn:btih:7ffbcd8cee06aba2ce6561688cf68ce2addca0a3&dn=BreachCompilation&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.coppersurfer.tk%3A6969&tr=udp%3A%2F%2Fglotorrents.pw%3A6969&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337

is there any way we can edit the query.sh file and make it search like *@gmail.com and get all gmails.. ?

@code-machina

This comment has been minimized.

Copy link

commented Apr 3, 2019

Are there any special characters in password list? Did you delete a partial of password? I just wondered that I can check whether or not my client is vulnerable.

@francisuk1989

This comment has been minimized.

Copy link

commented Jul 15, 2019

For anyone who has DHT disabled and need trackers, I would recommend @ngosang @ https://github.com/ngosang/trackerslist

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.