Passwords/Leaked Databases: Fortinet list is combined usernames and passwords

danielmiessler / SecLists

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

MIT License

57.27k stars 23.79k forks source link

The fortinet-2021.txt file is a combo of usernames and passwords:

root@kali:/tmp# head /com/tools/seclists/Passwords/Leaked-Databases/fortinet-2021.txt 
egiovetti:G10v3tt1.@carlos.abril:0812508513Caahimi:AHcc2019
FFrancisco:FFrh6800
acaquielo:ACdrh2020
alivingui:ALtc335
AVicente:AVtt021
ddelgado:DDtt046

After splitting usernames from passwords and de-duping, the list of ~450,000 "passwords" becomes a list of ~100,000 usernames and passwords:

root@kali:/tmp# cut -d":" -f 1 /com/tools/seclists/Passwords/Leaked-Databases/fortinet-2021.txt  | head -3
egiovetti
FFrancisco
acaquielo

root@kali:/tmp# cut -d":" -f 2- /com/tools/seclists/Passwords/Leaked-Databases/fortinet-2021.txt  | head -3
G10v3tt1.@carlos.abril:0812508513Caahimi:AHcc2019
FFrh6800
ACdrh2020

root@kali:/tmp# cut -d":" -f 2- /com/tools/seclists/Passwords/Leaked-Databases/fortinet-2021.txt  | sort | uniq | wc
  96478  101451 1794456
root@kali:/tmp# cut -d":" -f 1 /com/tools/seclists/Passwords/Leaked-Databases/fortinet-2021.txt  | sort | uniq | wc
  87986   90053  940096

Would it be possible to split this list, moving the usernames into the "Usernames" folder. Currently, the file is useless as a password file.

While preparing the new files for a pull request I noticed that the Fortinet leak .txt file isn't a clean list of username:passwords combos. fortinet-2021.txt contains:

A mimikatz dump: Search for mimikatz and SRV_TRAX_LAZ\admin
Active Directory LDAP dumps: Search for cn=
IP addresses: Search for 10.1.0.0/20
Usernames in an unknown format that seems to be related to IP addresses: Search for lines that match the regex ^.*[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
Encrypted username:password combos: Search for LUU9P1g5y758fJ1M:{N|3D9g:|zYQB$yH?DIfAvTnk_MrUz3Ge:![zF)~n;t:4Tw^X2-
Poorly formatted username:password combinations: In some instances, there's single lines with several combos in the same line and no clear distinction as to where each combo begins and ends.

It'll require a substantial amount of work to get useful data out of the Fortinet leak. I'm currently working on a PR for this.

danielmiessler / SecLists

Passwords/Leaked Databases: Fortinet list is combined usernames and passwords #856