RockYou Roulette
Type a password. Instantly check if it's in the top 10,000 leaked passwords from the rockyou.txt breach — entirely in your browser. Your password never leaves your device.
Speed up your recruitment workflow
URLCV automates CV parsing, candidate scoring, and shortlist generation — so you can place more candidates, faster.
Is your password in rockyou.txt?
Type a password. We'll check it against the top 10,000 passwords from the infamous rockyou breach — the wordlist every attacker runs first.
Runs locally. Nothing is sent anywhere. Clears when you close the tab.
Password Anatomy
Why "" counts
Attackers don't just run the wordlist — they run mutations of it. Tools like hashcat and john apply rules like l33t-speak, trailing digits, year suffixes, capitalised first letter — all of it, at millions of guesses per second.
Get your result? Share it without revealing the password.
RockYou Roulette
Type a password. We'll check it against the top 10,000 passwords from the infamous rockyou.txt breach — the same wordlist every pentester runs first.
How it works
- The wordlist is bundled into your browser as JavaScript
- When you type, the check runs locally — your password never leaves your device
- No network request. No telemetry. No server. No logs.
- Also checks common mutations: lowercase, leet → plain, trailing digits stripped
- Shows rank, entropy, length, character variety, and a brutally honest roast
What is rockyou.txt?
In 2009, the social app RockYou was breached and 32 million passwords were leaked in plaintext. The resulting rockyou.txt wordlist is now the de-facto password list that pentesters, red teamers, and attackers use as the first thing they try.
If your password is in the top 10,000 of that list, every attacker on earth has it.
Privacy
This tool is 100% client-side. Inspect the network tab: no requests are made when you type your password. The wordlist is bundled as a static JavaScript file that loads once with the page.