Wordlists

The wordlists package provides a centralized directory at /usr/share/wordlists/ containing symbolic links to wordlists used by various Kali Linux tools. This includes wordlists for tools like dirb, dirbuster, metasploit, sqlmap, wfuzz, and others, making it easy to access common dictionaries for security testing.

The package's flagship wordlist is rockyou.txt, a comprehensive password list containing 14,344,392 entries extracted from a real-world data breach. It's provided compressed as rockyou.txt.gz (51MB) and expands to 134MB when decompressed.

Wordlists are essential for brute-force attacks, directory discovery, fuzzing, and password auditing across multiple security assessment scenarios.

Wordlists operates as a package providing the /usr/share/wordlists/ directory structure with symbolic links to wordlists from other Kali tools. Users access these files directly in their security tools (hydra, medusa, dirb, gobuster, etc.). The rockyou.txt file contains real passwords from a 2009 RockYou.com breach, making it highly effective for dictionary attacks. Files are referenced by tools via standard paths without requiring the wordlists binary itself.