Glossary
Wordlist
A wordlist is a file of candidate passwords fed to a cracking tool, where each line is tested against a hash — often combined with rules to expand coverage.
A wordlist is a plain text file containing candidate passwords, one per line, that a cracking tool tries against a hash. Instead of blindly brute-forcing every possible combination, a wordlist attack tests realistic guesses first — leaked passwords, common words, names and patterns. The famous rockyou.txt, drawn from a real breach, is the classic starting point.
Wordlists become far more powerful when paired with rules, which mutate each entry: appending digits, swapping letters for symbols, or toggling case. A single word like password then expands into thousands of variants such as Password1 and p@ssw0rd.
Both hashcat and John the Ripper accept wordlists directly. For example commands and a comparison of the two tools, see hashcat vs John the Ripper.