A password word list (or dictionary file) is a structured collection of strings — words, phrases, common passwords, leaked credentials, patterns, or mutated variations — used to guess a password. Unlike brute-force (trying every possible character combination), word-list attacks exploit human predictability.