Question 1

How to generate a custom username list for j_smith format using statistically likely usernames?

Accepted Answer

Use the base list j.smith-x100000.txt and pipe it through commands like 'tr "." "_"' to replace dots with underscores, as shown in the README. This maintains statistical order while adapting to specific formats, and you can limit entries with head -n for efficiency.

Question 2

Statistically likely usernames vs. SecLists: which is better for username enumeration?

Accepted Answer

Statistically Likely Usernames focuses on optimized, likelihood-based lists for efficient horizontal attacks, while SecLists offers broader, general-purpose wordlists. For targeted penetration testing with minimal guesses, this project's lists often yield higher success rates due to statistical ordering.

Question 3

How to use the Awesome Mix volumes in tools like Hydra or Medusa?

Accepted Answer

Load awesome-mix-vol1.txt or vol2.txt directly as the username wordlist in your tool. These volumes are interleaved, so even short runs cycle through multiple formats like jsmith and john.smith, providing diverse coverage in a compact list for first-pass attacks.

Question 4

Is the Facebook dataset in statistically likely usernames still relevant for modern attacks?

Accepted Answer

The dataset is from a 2010 Facebook extract, so it might not reflect recent naming trends. However, common username formats remain stable over time, and the statistical approach still works well for many corporate and application environments, though periodic updates would improve relevance.

Question 5

How to create date of birth lists for password reset testing with DOBer?

Accepted Answer

Run the Python or PowerShell DOBer script with parameters like --format for date format (e.g., %d%m%y) and --average for target age. It outputs dates in statistically likely order based on a normal distribution, radiating from the average age to maximize guess efficiency.

Question 6

Can I use these wordlists for ethical hacking training without legal issues?

Accepted Answer

Yes, but only in authorized, controlled environments like penetration testing labs or training simulations. Always obtain proper consent and ensure compliance with data protection laws, as the source datasets may have licensing or privacy implications for real-world use.

Statistically Likely Usernames

What is Statistically Likely Usernames?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions