WORDLISTS = "10k_most_common": "url": f"SECLISTS_BASE_URL/Common-Credentials/10k-most-common.txt", "description": "10,000 most common passwords", , "500_worst": "url": f"SECLISTS_BASE_URL/500-worst-passwords.txt", "description": "500 worst passwords", , "rockyou_20": "url": f"SECLISTS_BASE_URL/RockYou-20.txt", "description": "Top 20 from RockYou leak", , "xato_10k": "url": f"SECLISTS_BASE_URL/xato-net-10-million-passwords-10000.txt", "description": "Xato 10k most common", , "linkedin": "url": f"SECLISTS_BASE_URL/LinkedIn-common-passwords.txt", "description": "LinkedIn leak common passwords", , Download & Cache Management ---------------------------------------------------------------------- def download_wordlist(name: str, cache_dir: Path) -> Path: """Download wordlist to cache directory, return local path.""" if name not in WORDLISTS: raise ValueError(f"Unknown wordlist: name. Choose from list(WORDLISTS.keys())")
def search_passwords(passwords: List[str], query: str, case_sensitive: bool = False) -> List[str]: """Simple substring search.""" if not case_sensitive: query = query.lower() return [p for p in passwords if query in p.lower()] return [p for p in passwords if query in p] Export ---------------------------------------------------------------------- def export_results(passwords: List[str], output_file: Path, fmt: str = "txt"): """Export to txt, json, or csv.""" output_file.parent.mkdir(parents=True, exist_ok=True) if fmt == "txt": output_file.write_text("\n".join(passwords), encoding="utf-8") elif fmt == "json": json.dump(passwords, output_file.open("w", encoding="utf-8"), indent=2) elif fmt == "csv": import csv with open(output_file, "w", newline="", encoding="utf-8") as f: writer = csv.writer(f) writer.writerow(["password"]) writer.writerows([[p] for p in passwords]) else: raise ValueError(f"Unsupported format: fmt") print(f"[✓] Exported len(passwords) passwords to output_file") ---------------------------------------------------------------------- CLI ---------------------------------------------------------------------- def main(): parser = argparse.ArgumentParser( description="SecLists Password Tool – fetch, filter, search, and sample common passwords." ) parser.add_argument( "--list", "-l", choices=list(WORDLISTS.keys()), default=DEFAULT_WORDLIST, help=f"Wordlist to use (default: DEFAULT_WORDLIST)" ) parser.add_argument( "--search", "-s", help="Substring search (case-insensitive by default)" ) parser.add_argument( "--case-sensitive", action="store_true", help="Make --search case-sensitive" ) parser.add_argument( "--pattern", "-p", help="Regex pattern to match" ) parser.add_argument( "--min-len", type=int, help="Minimum password length" ) parser.add_argument( "--max-len", type=int, help="Maximum password length" ) parser.add_argument( "--only-digits", action="store_true", help="Only numeric passwords" ) parser.add_argument( "--only-alpha", action="store_true", help="Only alphabetic passwords" ) parser.add_argument( "--only-lower", action="store_true", help="Only lowercase letters" ) parser.add_argument( "--only-upper", action="store_true", help="Only uppercase letters" ) parser.add_argument( "--exclude-special", action="store_true", help="Exclude any non-alphanumeric characters" ) parser.add_argument( "--must-contain", help="Must contain this substring" ) parser.add_argument( "--sample", "-n", type=int, help="Randomly sample N passwords (after filters)" ) parser.add_argument( "--output", "-o", type=Path, help="Export results to file (txt, json, csv based on extension or --format)" ) parser.add_argument( "--format", choices=["txt", "json", "csv"], help="Export format (default from file extension or txt)" ) parser.add_argument( "--no-cache-dir", action="store_true", help="Do not use default cache (specify custom via --cache-dir)" ) parser.add_argument( "--cache-dir", type=Path, help="Custom cache directory" ) parser.add_argument( "--stats", action="store_true", help="Show statistics of selected passwords" ) parser.add_argument( "--verbose", action="store_true", help="Show additional info" ) seclists password
filtered = filter_passwords( filtered, min_len=args.min_len, max_len=args.max_len, pattern=args.pattern, only_digits=args.only_digits, only_alpha=args.only_alpha, only_lower=args.only_lower, only_upper=args.only_upper, exclude_special=args.exclude_special, must_contain=args.must_contain, ) 000 most common passwords"