Use SecLists Passwords with Hashcat

SecLists includes curated password corpora ready for hashcat.

Basic usage

hashcat -m 1000 NTLM.hash         -a 0 SecLists/Passwords/Common-Credentials/100k-most-used-passwords-NCSC.txt         --status --status-timer=60

Add rules

hashcat -m 1000 NTLM.hash         -a 0 SecLists/Passwords/xato-net-10-million.txt         -r rules/best64.rule

Diagram

  flowchart LR
    A[SecLists wordlist] --> B[Hashcat engine]
    B --> C[Cracked hashes]

Keep password lists on secured storage and follow legal guidelines during engagements.