This repository provides a curated collection of real Indonesian passwords aggregated from open-source intelligence (OSINT) and anonymized datasets. It is optimized for tools like Hashcat , John the Ripper , and Hydra , making it highly versatile for various penetration testing scenarios.
You can use tools like crunch to generate a wordlist from scratch. For example, to generate a list of all 8-character combinations using a custom character set, you could use a command like crunch 8 8 -f /usr/share/crunch/charset.lst mixalpha-numeric -o wordlist.txt .
Effective Indonesian wordlists are built around several key categories of common user behaviors: 📅 Date-Based Passwords
Use a tool like cewl (Custom Word List generator) to scrape popular Indonesian websites, local forums (like Kaskus or local subreddits), and regional news outlets. cewl -w indo_web_words.txt -d 2 -m 8 https://kompas.com Use code with caution. -d 2 : Depth of links to follow. wordlist indonesia wpa2
This article is for educational purposes only. The techniques and tools discussed should only be applied to networks you own or have explicit written permission to test. Misuse of wordlists or cracking tools may violate Indonesian laws, including the Electronic Information and Transactions Law (UU ITE) and the Personal Data Protection Law (UU PDP).
Names of major provinces, cities, and regencies (e.g., Jakarta, Bandung, Surabaya, Medan, Bali).
A high-quality wordlist should be efficient, avoiding excessive repetition while covering a broad spectrum of likely password choices. Based on trends, a modern Indonesian wordlist often includes: 1. Common Indonesian Names + Numbers budi + 123 , 1234 , 1990 siti + 123 , 2020 andi , dewi , agus , putra 2. Indonesian Location & City Names jakarta , bandung , surabaya , bali kopi , indonesia , nusantara 3. Common Password Patterns in Indonesia 12345678 (and variations) password admin indonesia jakarta sandi123 wifi1234 terserah 4. Date-Based Passwords ddmmyyyy (e.g., 17081945) yyyymmdd (e.g., 20260101) This repository provides a curated collection of real
Toggling the first letter, every letter, or alternating case.
: Many penetration testers write Python or Bash scripts to combine sources, remove duplicates, filter by length (WPA2 requires minimum 8 characters), and apply mutations (e.g., leetspeak substitutions like “password” → “p@ssw0rd”).
Do not use simple names, cities, or common sequences like 12345678 . For example, to generate a list of all
A well-crafted wordlist is indispensable for security auditing in Indonesia. By understanding the common password patterns used in the region, security professionals can better protect local Wi-Fi networks from dictionary attacks. For the best security practice, always use strong, complex passwords that are not found on any dictionary list.
Standard WPA2-PSK (Pre-Shared Key) security requires a minimum of . While "Rockyou.txt" is the gold standard for global tests, it often fails in local contexts where users rely on "Indonesian-isms." An effective Indonesian wordlist must account for regional dialects, local numbering conventions, and common cultural identifiers. 1. Key Components of an Indonesian Wordlist
You can find specialized, community-driven wordlists on platforms like GitHub , specifically the WiFi Password Wordlist (Indonesia Optimized) which is designed to be compliant with WPA2's 8-character minimum length. How to Use a Wordlist for WPA2 Auditing