Do note there are also various tools to generate wordlists for brute forcing based on information gathered such as documents and web pages (such as Wyd – password profiling tool) These are useful resources that can add unique words that you might not have if your generic lists.
Also add all the company related words you can and if possible use industry specific word lists (chemical names for a lab, medical terms for a hospital etc).
And always brute force in the native language.
You can find a simple wordlist generator in PERL here.
Although old, one of the most complete wordlist sets is here (easily downloadable by FTP too):
There’s a good set of lists here including many european languages and topic specific lists:
Here we have 50,000 words, common login/passwords and African words (this used to be a great resource):
There’s a good French word list here with and without accents, also has some other languages including names:
One of the most famous lists is still from Openwall (the home of John the Ripper) and now costs money for the full version:
Some good lists here organized by topic:
Packetstorm has some good topic based lists including sciences, religion, music, movies and common lists.
You can also check out some default password lists and if you aren’t sure what tools to use I suggest checking out:
- Medusa 1.4 – Parallel Password Cracker
- THC-Hydra – The Fast and Flexible Network Login Hacking Tool
- Cain & Abel – Password Cracker with Network Sniffing
- JTR (Password Cracking) – John the Ripper 1.7 Released
Enjoy! And as always if you have any good resources or tools to add – do mention them in the comments.