CeWL: Tool for generating custom wordlist for Password Cracking
CeWL is an awesome Ruby-based tool used by Pentesters to generate a custom wordlist to bombard the target. CeWL is short for a Custom Word List generator. Usage of the tool is simple and it provides a comprehensive word list to test the target. Further, you can use a wordlist with password cracker tools such as John the Ripper, ffuf, wfuzz, Burpsuite (Intruder), etc.
This tool is preinstalled on Kali Linux operating system, which is most popular among cyber security professionals. Although, you can install this tool very easily by following the steps mentioned in this blog.
Here, cewl go up to a depth of 2 links (-d option) and take a minimum word length of 5 (-m option). Further, you save that wordlist by using the -w option.
cewl -d 2 -m 5 -w <wordlist-file> <target-url>
Download and Installation
You can clone the repository and make it executable by using the u+x option with chmod utility.
chmod u+x ./cewl.rb
Then, run it with below command:
Top Examples of CeWL
(1) Quick Run
If you are in hurry, just give URL as input.
(2) Set the limit on the word length of each word
Here, -m option set the minimum word length. If you have not given any input related to word length, default value is 3.
cewl <target-url> -m 7
(3) Save the custom wordlist
By using the -w option, cewl write the output to the file.
cewl -w <wordlist-file> <target-url>
(4) Provide output in verbose mode
If you are more curious what's happening while running the cewl, use -v option to display everything on the terminal window.
cewl -v <target-url>
(5) Extract email list from that target
Here, -n option ignores the wordlist and collects only email addresses while displaying output wordlist.
cewl -n -e <target-url>
(6) Activate debug mode
This option activate the debig mode and provides extra information.
(7) Increase depth
This option enhances the size of the wordlist by increasing the depth of collecting words (spider feature). If you have not provided any depth, default is 2.
cewl -d 4 <target-url>
(8) Provide a count of words that appear on a webpage
-c option provides a count of each word in a custom wordlist.
cewl -c <target-url>
(9) Display Help
If you want to explore more features of this awesome tool, just go for the help option.
(10) Display wordlist in lowercase only
Display custom wordlist in lowercase only by using the
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.