Create your own wordlist to brute force a website, using Cewl

Introduction

  • Cewl it’s a preinstalled tool in kali Linux, this tool is used to create a wordlist using any URLs like (schools, colleges, business). So this wordlist can further be used for cracking passwords with john the ripper. In this tool, we have many options so we will explain to you some commands which we use mostly.

Environment

  • OS: Kali Linux 2019, 64 Bit
  • Kernel-Version     : 5.2.0-kali2-amd64
Cewl Diagram

Cewl Help Options

  • Use command cewl –h.
  • This command will show all help options in cewl
  • –h command is used for Help Options
Cewl Help

Generating Wordlist

  • Next, we will use this command to generate a wordlist using any website URL
  • cewl https://www.cmrit.ac.in.
Cewl Wordlist
Cewl Wordlist

Save Wordlist in a file

  • Next, use command cewl https://www.cmrit.ac.in -w wordlist.txt
  • This command will save the wordlist which we have generated
    • -w command used to write the output to the file
  • Next, use command cat wordlist.txt. To see the file content
See File Content
See File Content

Generating Wordlist Of Specific Length

  • Next use command cewl https://www.cmrit.ac.in -m 10.
  • This command shows you a minimum 10 number of words from the website
    • -m command is used for minimum word length
Cewl Minimum Number Length
Cewl Minimum Number Length

Retrieving Emails from a Website

  • Next, use command cewl https://www.cmrtc.ac.in -n -e
  • This command shows you the number of emails found on the website. This further can be used for social engineering attacks.
    • -n command used for don’t output the wordlist.
    • -e command used for include Email address
Cewl Website Emails
Cewl Website Emails

Number Of Word Repeated in a website

  • Next, use command cewl https://www.cmrit.ac.in -c
  • This command displays a number of repeated words in the website
    • -c command used to show the count for each word found
Cewl Repeated words
Cewl Repeated words

Depth To Spide

  • Next, use command cewl https://www.cmrit.ac.in -d 2
  • This command will generate a large word list and new words by using deep level limit
    • -d <x> command used depth to spider to default 2
Cewl Depth To spide
Cewl Depth To spide

Debug Information

  • Next use command cewl https://www.cmrit.ac.in –debug.
  • This command will show error and raw details of the website
    • –debug command used for extra debugging information.
Cewl Debug
Cewl Debug

Verbose mode

  • Next, use command cewl https://www.cmrit.ac.in -v.
  • This command shows complete information about the website.
    • -v command used for verbose mode
Cewl Verbose
Cewl Verbose

Alpha Numeric Generator

  • Next, use command cewl https://https://www.cmrit.ac.in –with-numbers.
  • This command will show alphanumeric wordlist
    • –with-numbers command for accept words with numbers in as well as just letters
Cewl Alpha Numeric
Cewl Alpha Numeric