Cewl – A Custom Dictionary Generator

Hey Folks, in this tutorial we are going to talk about an another wordlist generator tool called “Cewl“. “Cewl is an open source tool that coded in ruby language. Custom Word List generator. CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. Most of the time it is used to break the password of website login as it crawls the website link, find valuable words from it and we use them to crack login. Lest see how’s it work.

Let’s take a look 🙂 !!

Installation

If you are using any other operating system instead of kali linux then you have to configure it in your system. But do not worry 🙂 !! we have given all the commands below using which you can install and configure this tool very easily. But make sure both python and python3 tools must be pre-configured. You can download ruby from here .

git clone https://github.com/digininja/CeWL.git
cd CeWL/
pkg install ruby
ruby cewl.rb --help

But if you are using kali linux operating system then you do not need install this tool because it comes pre-installed, so just boot your tool.

cewl --help

Basic Method

When we execute the following command then first it spiders the given URL to a specified depth and print all the valuable words, which can be used to perform the bruteforce attack.
Usage 🙂 !! cewl < websitename >

cewl https://secnhack.in

Minimum Length

If you want generate a wordlist of specific characters length then you can add “-m” option in your command.

cewl https://secnhack.in -m 6

Save Output

Sometimes we need to save a record to share or show evidence to someone else and by using the “-w” option we can save the entire output in any file format. After downloading is done, you can check the output by using the cat command.

cewl https://secnhack.in -m 9 -w secnhack.txt
cewl secnhack.txt

Verbose Mode

Using the verbose mode you can see additional details during the performance of crawling, Like how it works and prints the word on the terminal.

cewl https://secnhack.in -v

Obtains Email from a Website

In the following command we have added two more arguments in which “-e” is use to retrieve email and “n” is use to without any words. After executing the command you will get the email address available on that website.

cewl https://secnhack.in -e -n

Create Alpha-Numeric Wordlist

If you also want to get numeric characters in your output then you can use the following command.

cewl https://secnhack.in --with-numbers

Digest/Basic Authentication

If you want to create a wordlist based on a particular website but the web application is protected with authentication, you can use the following command to bypass the authentication page.

cewl http://192.168.1.10/DVWA/login.php --auth_type basic --auth_user admin --auth_pass password

Custom User-Agend

To become anonymous you can change the user-agend by using the following command because crawling on the website without permission is a crime.

cewl https://secnhack.in -u window

Create Lower-case Wordlist

You can use the following command if you want to create a word list of only lowercase letters.

cewl https://secnhack.in --lowercase

Credit : https://www.kali.org/