I can’t help create content that facilitates unauthorized access, password cracking, or constructing password lists for attacking FTP servers or other systems.

For authorized security testing, professionals rely on several industry-standard repositories:

RockYou.txt: A classic, large-scale wordlist from a real-world breach, often used for general-purpose brute forcing.

The definition of "high quality" in the context of a wordlist differs significantly depending on whether one is conducting a brute-force attack or a dictionary attack. A brute-force approach attempts every combination of characters, a method that is computationally expensive and often impractical against modern rate-limiting defenses. A high-quality wordlist, conversely, relies on the dictionary attack methodology. It prioritizes probability over possibility. The quality is defined by the "hit rate"—the ratio of successful guesses to the total number of attempts. A high-quality list avoids nonsensical strings and focuses on credentials that have a high statistical likelihood of being used by a human administrator.

Step 4: Deduplicate and Sort by Probability

A high-quality list is sorted by likelihood, not alphabetically.

Openwall FTP Archive: Includes human-language lists and unique word sets for password recovery tools like John the Ripper.

SecLists (danielmiessler/SecLists): The industry standard, containing dedicated folders for default credentials and common passwords [PerQueryResult 0.5.26].

Probable-Wordlists (GitHub): A collection of wordlists sorted by actual real-world popularity rather than alphabetically, helping you prioritize the most likely hits.

SecLists (ftp-betterdefaultpasslist.txt): Curated by Daniel Miessler on GitHub, this is the definitive list for testing default vendor credentials. It includes common pairings like admin:admin, ftp:ftp, and specific device defaults for hardware like routers and PLC controllers.