Have you ever wondered about an efficient and robust way to generate wordlists which might come handy for Password Cracking or launching some Dictionary Attack. In this article, I will show you, How to use CeWL tool in Kali Linux for Wordlist Generation?
The CeWL tool in Kali Linux is used to generate custom wordlist by spidering the target website and collecting the unique words, the tool spiders the target URL to the specified depth, and also follows external links from target website if such an argument is passed, and returns the list of words which can be used in password cracking.
The tool comes pre-installed with most pentesting-distros(e.g.Kali Linux, Parrot OS etc.) or you can download or clone it from Github the link to download is https://github.com/digininja/CeWL.git
Cracking the password by using the wordlist is a very long process so its necessary to have a wordlist which will actually help you to achieve it, here the CeWL is unbeatable because it spiders the targeted website and finds the unique words which further can be used to generate the specific target based wordlist to make the password cracking process easy.
Let’s begin with the tutorial:
Open the terminal in Kali Linux and enter the following command to get the help menu
cewl - -help or cewl -h the command will give you the complete help menu of the cewl tool.
Now let’s begin with the usage of CeWL:
1. You can use cewl without specifying any arguments just give the target website and cewl will work with its default settings for e.g the depth of scan will be 2 don’t worry as now if you don’t get what is depth everything is explained below.
This command will show you the unique words found on the targeted website but the result will be shown on the terminal itself and the words are also not saved.
2. Now lets go with some arguments and see what else all we can do as discussed above the words are not saved so lets save them, the argument ‘-w’ is used to save the words in the file which can be used afterwards any time the argument creates and saves the file containing all the word in the current directory.
cewl -w filename.txt http://www.animeshshaw.com
After saving the file of words if you want to see how many words does in contains simply you can give this command
wc -l filename.txt
3. Moving further if you want to see which word is repeated for how many times you can use the argument ‘-c’ this will result in the words along with the count its repeated for.
cewl -c http://www.animeshshaw.com
You can use it with the file also which will save the file with count and words as discussed above.
Many of you might be thinking what is the use of seeing the number word is repeated for but think if the word also includes password or words related to it then it must have been entered for so many times in the website that’s why this argument is provided and used for.
4. Depth as already mentioned the depth is 2 by default that means the tool spiders the website for 2 pages depth and this can be changed by using the argument ‘-d’ but remember increasing the depth means scaning the website for more pages so increasing the number can increase the time taken to generate result respectively and also it depends on how vast the website is.
cewl -d 3 http://www.animeshshaw.com
You can give number by your requirement for how deep you want to spider website.
5. In many of the websites present out there contains links of the other websites termed as hyperlinks which can be also related to the target website so if you want to spider the hyperlinks present in the website then you can use argument ‘o’ which let the tool visit other websites.
cewl -o -k http://www.animeshshaw.com
The above command let the tool visit other sites present at target website and argument ‘-k’ is given for if any useful files come across the tool while spidering then it will not download it unless you provide the argument of keeping the file and that is achieved by giving ‘-k’ argument in command.
6. All useful and mandatory arguments are discussed above the remaining will be discussed here in all:
‘-m’:-if u want the words with the minimum length you can use ‘-m’ with the number of length of the word you need.
‘-e’:-this argument tells the tool to include the emails found while spidering in the result.
‘-a’:-this argument tells the tool to include meta-data found while spidering in the result. which can be further extracted and some useful data might get acquired.
cewl -m 6 -e -a http://www.animeshshaw.com
Lets see the fully argumented and practical command used for this tool the following command below shows the one of the complete format of command given for this tool in practical use that is by giving arguments combined.
cewl -c -w wordlist.txt -e http://www.animeshshaw.com
The following command saves the words file with count number and emails included.
The complete and important guide of CeWL tool in Kali Linux is discussed above by the end you are having all mandatory information of the tool. There are many other options like you can scrape emails, use proxy, authenticate a resource with HTTP Basic or Digest Authentication but we want to try them by yourself. Keep experimenting with the tool and that’s the best way you can learn to use any tool.
If you liked my article, kindly share it in your network and leave us a comment. It really helps us out and inspires us. Follow us on Social Media and donate to malc0de if you can.