SecLists

SecLists : The Pentester's Companion

A comprehensive collection of lists put together by Danial Meiessler in collaboration from many members of the community. Discovery, Fuzzing, IOCs, Web_shells, usernames, Passwords, etc

https://github.com/danielmiessler/SecLists


Skull Security

The Skull Security site maintains lists from the largest data leaks. This is organized by platform and application.

https://wiki.skullsecurity.org/Passwords


John The Ripper

a good cheat sheet: https://countuponsecurity.files.wordpress.com/2016/09/jtr-cheat-sheet.pdf

The basic crack:

john --wordlist=<path> <hashfile> > outfile

Then view with

john <hashfile> --show