Richelieu is a list of the most common French passwords. It's based on well known and public dataleaks. These data breaches have been filtered in order to keep only passwords related to ".fr" email addresses, and submitted to frequential analysis to find the most common passwords.
The goal is to provide French CISOs / CIOs / pentesters with a more accurate dictionary to conduct brute-force security assessments against their networks.
This project is maintained by Maxime Alay-Eddine and Paul Barbaste.
DISCLAIMER
THIS DICTIONARY IS PUBLISHED FOR LEGAL PURPOSES ONLY. PLEASE DO NOT USE IN MILITARY OR SECRET SERVICE ORGANIZATIONS OR FOR ILLEGAL PURPOSES.
git clone https://github.com/tarraschk/richelieu.git
Common passwords usage is a very important vulnerability for big companies. Testing such issues is most of the time based on dictionary or brute-force attacks, however these dictionaries are not based on the culture of the targets.
This project aims to provide an open dictionary with French common passwords, so that people can really assess their risks with appropriate data.
We used very easy to find data breaches to build this dictionary. Any personal data has been removed from the analysis, which is also why we only provide the top 20k of the most common passwords: if we provided more data, there would be a risk to find real firstnames and lastnames combinations.
Real hackers already build their own dictionaries and consider the nationality and culture of their targets: it's a fact. We only provide you this project "as-is" so that you can also check if your organization uses easy to find passwords.
The fact that these passwords are really common made us smile:
france98
, warcraft
, carapuce
, marseille
, algerie
.
Well, if this project has enough success, we will conduct the same operation for other countries, in order to build a country-based dictionary for better dicitonary-based penetration testing.
This project is licensed under the CC BY 4.0 license.