{"id":13826614,"url":"https://github.com/nyxgeek/dumpsniffer","last_synced_at":"2025-07-09T01:31:03.708Z","repository":{"id":139160921,"uuid":"104599650","full_name":"nyxgeek/dumpsniffer","owner":"nyxgeek","description":"tools for analyzing strings from password lists","archived":false,"fork":false,"pushed_at":"2022-08-15T03:31:12.000Z","size":16266,"stargazers_count":57,"open_issues_count":0,"forks_count":5,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-08-05T09:15:31.706Z","etag":null,"topics":["derbycon","password-analysis","password-cracking","password-dump","passwords","regex"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nyxgeek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-09-23T21:17:17.000Z","updated_at":"2024-06-25T06:51:43.000Z","dependencies_parsed_at":"2024-01-07T22:49:46.277Z","dependency_job_id":"11e94af0-6baa-4d14-95e0-63936efa30e0","html_url":"https://github.com/nyxgeek/dumpsniffer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyxgeek%2Fdumpsniffer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyxgeek%2Fdumpsniffer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyxgeek%2Fdumpsniffer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nyxgeek%2Fdumpsniffer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nyxgeek","download_url":"https://codeload.github.com/nyxgeek/dumpsniffer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225476383,"owners_count":17480215,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["derbycon","password-analysis","password-cracking","password-dump","passwords","regex"],"created_at":"2024-08-04T09:01:41.216Z","updated_at":"2024-11-20T05:30:59.214Z","avatar_url":"https://github.com/nyxgeek.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"7bf0f5839fb2827fdc1b93ae6ac7f53d\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"32739127f0c38d61b14448c66a797098\"\u003e\u003c/a\u003e嗅探\u0026\u0026Sniff"],"readme":"# dumpsniffer\ntools for analyzing strings from password lists\n\n\n\n![image of dog sniffing](https://i.imgur.com/4TubOtW.png?1)\n\n### quickstart / setup\n\n```\ngit clone https://github.com/nyxgeek/dumpsniffer.git\n\ncd dumpsniffer;chmod +x *.sh \n\n./getcleanwordlist.sh\n```\nthis will download cracked passwords from Troy Hunt's public dump, via hashes.org  (The wordlist source file can be changed in  ./dumpsniff.conf)\n\nonce a wordlist is in place:\n```\n./popcon.sh baseball basketball football\n```\nor \n```\n./viewresults.sh hacktheplanet\n```\n\n---\n\n### overview\n\n- this project is meant to look at one password dump (or any text file) at a time. \n- If you want to start again, just rename the ./db folder to something else.\n- There is a dumpsniff.conf file that contains the path to the password dump to be searched.\n\n\nThe search results are stored in their raw form under the following directory structures:\n```\n./db/\n./db/a/\n./db/a/aardvark.out.txt\n./db/a/awesome.out.txt\n./db/b/bitcoin.out.txt\n./db/c/computer.out.txt\n...\n\n```\n\nUsing the filesystem to hold data was chosen over a traditional db because this allows the easy viewing and editing of the results. This allows you to manually parse and remove false-positive results using tools like 'grep'.\n\n---\n### derbycon 7.0 talk info\n\nThe DerbyCon 7.0 (2017) slide deck can be found here:\u003cBR\u003e https://github.com/nyxgeek/dumpsniffer/raw/master/DerbyCon_Files/DerbyCon7.0_100MillionSecrets.pdf\n\nThe video can be found here:\u003cBR\u003e http://www.irongeek.com/i.php?page=videos/derbycon7/s31-statistics-on-100-million-secrets-a-look-at-recent-password-dumps-nyxgeek\n\n(youtube here: https://www.youtube.com/watch?v=DHpbEl27sdQ )\n\n\nResources listed in slide deck can be found here:\u003cBR\u003e https://github.com/nyxgeek/dumpsniffer/blob/master/DerbyCon_Files/resources.md\n\n---\n\n\n### where to find passwords in plaintext:\n\nhttps://hashes.org/public.php\n\nCheck out the 'found' column.\n\nYou can automagically download and clean the Troy Hunt dump using the included script 'getcleanwordlist.sh'\n\n```\n./getcleanwordlist.sh\n```\n\n***Please consider donating to hashes.org***\n\nI'm not affiliated with them in any way, don't know them, but they're an awesome resource.  You can find the donation link at the bottom of this page:\n\nhttps://hashes.org/index.php\n\n---\n\n### file list \u0026 usage\n\n\n\n\n#### popcon.sh\n\nPopularity Contest: compare popularity of keywords or phrases\n\nnote: if a word is already in the db, it won't be searched again\n\n```\nusage:\n./popcon.sh hacking hacker hacked\n\nSearch complete:\n19993, hacker\n2805, hacked\n1799, hacking\n\n```\n\n\n#### viewresults.sh\n\nshow top 50 most-popular variations on a keyword\n\nnote: if word has not been searched for yet, will prompt to search\n\n```\nusage:\n./viewresults.sh hacking\n\n1066 hacking\n  61 hackingme\n  16 hackings\n  12 hackingyou\n  12 hackingisfun\n  10 hackingmaster\n  10 hackingm\n   8 hackinghaters\n   8 hackingaccount\n   7 hackingis\n     ...\n\n```\n\n#### createregex.sh\n\n```\nusage:\n./createregex.sh file.txt \u003e file.regex\n\nRead line \"testing\":\n\n[tT+7][eE3][sS$5][tT+7][iI1!|][nN][gG69]\n```\n\ngive this script a file with one word/phrase per line and it will convert output it as leetspeak regex\n\n\nThis can then be used with grep in the following manner:\n\n```\ngrep -E -f file.regex file_to_search.txt\n```\n\n\n#### getcleanwordlist.sh\n\n```\nusage:\n./getcleanwordlist.sh\n```\n\nThat's it. It downloads and cleans the wordlist a little (trims lines longer than 24 char and removes non-ASCII).\n\n\n#### DerbyCon_Files folder\n\n##### DerbyCon_7.0_100_Million_Secrets.pdf\n\nPDF of slide deck\n\n#### cleverbrute_create.sh\n\nscript to turn a wordlist into two wordlists to be used in CLEVERBRUTE attack method\n\n```\nusage:\n./cleverbrute_create.sh wordlist.txt\n\nMaking HEAD file...\tfile written to /current/path/HEAD.out  -  Total lines: 21\nMaking TAIL file...\tfile written to /current/path/TAIL.out  -  Total lines: 24\n\nExample (first 5 lines):\n\nHEAD.out\t\t\t  TAIL.out\n--------\t\t\t  --------\n1234\t\t\t\t    !!!!\n12345\t\t\t\t    !!!!n\n123456\t\t\t\t    !!!!ni\nSpri\t\t\t\t    !710\nSprin\t\t\t\t    !7102\n```\n\n##### resources.md\n\nThis is a list of the URLs/resources listed in the slide deck\n\n\n---\n\n### thanks!\nthanks for all the feedback! also special thanks to whoever it was at DerbyCon that recommended the dog icon after my talk.\n\n@nyxgeek\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnyxgeek%2Fdumpsniffer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnyxgeek%2Fdumpsniffer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnyxgeek%2Fdumpsniffer/lists"}