DesiredWolf
Penetration Lab Creator
LEVEL 1
300 XP
Hey Folks, in this tutorial we are going to talk about an another wordlist generator tool called “Cewl“. “Cewl is an open source tool that coded in ruby language. Custom Word List generator. CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. Most of the time it is used to break the password of website login as it crawls the website link, find valuable words from it and we use them to crack login. Lest see how’s it work.
Let’s take a look
!!Installation
If you are using any other operating system instead of kali linux then you have to configure it in your system. But do not worry
!! we have given all the commands below using which you can install and configure this tool very easily. But make sure both python and python3 tools must be pre-configured. You can download ruby from here .git clone https://github.com/digininja/CeWL.git
cd CeWL/
pkg install ruby
ruby cewl.rb --help1234git clone
https://github.com/digininja/CeWL.gitcd CeWL/pkg install rubyruby cewl.rb--help
But if you are using kali linux operating system then you do not need install this tool because it comes pre-installed, so just boot your tool.
cewl --help1cewl--help
Basic Method
When we execute the following command then first it spiders the given URL to a specified depth and print all the valuable words, which can be used to perform the bruteforce attack.
Usage
!! cewl < websitename >cewl https://secnhack.in1cewl https://secnhack.in
Minimum Length
If you want generate a wordlist of specific characters length then you can add “-m” option in your command.
cewl https://secnhack.in -m 61cewl https://secnhack.in -m 6
Save Output
Sometimes we need to save a record to share or show evidence to someone else and by using the “-w” option we can save the entire output in any file format. After downloading is done, you can check the output by using the cat command.
cewl https://secnhack.in -m 9 -w secnhack.txt
cewl secnhack.txt12cewl https://secnhack.in -m 9 -w secnhack.txtcewl secnhack.txt
Verbose Mode
Using the verbose mode you can see additional details during the performance of crawling, Like how it works and prints the word on the terminal.
cewl https://secnhack.in -v1cewl https://secnhack.in -v
Obtains Email from a Website
In the following command we have added two more arguments in which “-e” is use to retrieve email and “n” is use to without any words. After executing the command you will get the email address available on that website.
cewl https://secnhack.in -e -n1cewl https://secnhack.in -e -n
Create Alpha-Numeric Wordlist
If you also want to get numeric characters in your output then you can use the following command.
cewl https://secnhack.in --with-numbers1cewl https://secnhack.in --with-numbers
Digest/Basic Authentication
If you want to create a wordlist based on a particular website but the web application is protected with authentication, you can use the following command to bypass the authentication page.
cewl http://192.168.1.10/DVWA/login.php --auth_type basic --auth_user admin --auth_pass password1cewl http://192.168.1.10/DVWA/login.php --auth_type basic --auth_user admin --auth_pass password
Custom User-Agend
To become anonymous you can change the user-agend by using the following command because crawling on the website without permission is a crime.
cewl https://secnhack.in -u window1cewl https://secnhack.in -u window
Create Lower-case Wordlist
You can use the following command if you want to create a word list of only lowercase letters.
cewl https://secnhack.in --lowercase1cewl https://secnhack.in --lowercase
Credit : https://www.kali.org/
About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.