Dark3rStrik3
Information Vulnerability Scanner
LEVEL 2
800 XP
So I decided that I wanted to look up the actual amount of accounts you can expect in one of these lists
because I find it hard to believe that someone is going to get ahold of 417k unique accounts and passwords.
So what I did was I downloaded a combo list, a very fresh one if that matters.
And then I started writing some code to help me figure out the est. number of accounts that you can expect.
I started by looking for duplicated and I was expecting somewhere around 20% but the number I found was chocking.
Out of 417,996 accounts 343,526 were duplicates leaving us with 74440 unique names and passwords.
This means that 82.18% we're duplicates and 17,82% were unique ones.
But it doesnt stop there, roughly 12% (ballparking from what I saw) were fake / random generated emails such as username@
which I suspect is made to fill up the list and make it look bigger.
Which leaves us with 65,507 or 15.67% unique emails that might have a chance of hitting.
I had some spare time on my hands so I took the time to do this.
I'm not releaseing which list it was because I literally just did this to try to
calculate the chances of hitting.
Quick tip: Clean the lists before trying to hit.
I think I'm going to check through 10 - 20 lists to see how many of them contain the same username:password
and I'll probably post the results aswell.
Edited by binarybunny, 16 December 2017 - 01:52 PM.
because I find it hard to believe that someone is going to get ahold of 417k unique accounts and passwords.
So what I did was I downloaded a combo list, a very fresh one if that matters.
And then I started writing some code to help me figure out the est. number of accounts that you can expect.
I started by looking for duplicated and I was expecting somewhere around 20% but the number I found was chocking.
Out of 417,996 accounts 343,526 were duplicates leaving us with 74440 unique names and passwords.
This means that 82.18% we're duplicates and 17,82% were unique ones.
But it doesnt stop there, roughly 12% (ballparking from what I saw) were fake / random generated emails such as username@
which I suspect is made to fill up the list and make it look bigger.
Which leaves us with 65,507 or 15.67% unique emails that might have a chance of hitting.
I had some spare time on my hands so I took the time to do this.
I'm not releaseing which list it was because I literally just did this to try to
calculate the chances of hitting.
Quick tip: Clean the lists before trying to hit.
I think I'm going to check through 10 - 20 lists to see how many of them contain the same username:password
and I'll probably post the results aswell.
Edited by binarybunny, 16 December 2017 - 01:52 PM.
