The Hackr
wordlist cewl

How to Create Custom Word lists using CeWL

CeWL, otherwise known as custom wordlist generator is written in Ruby. Technically it spiders a given url to a specified depth, optionally external links, and returns a list of words which can be then used as wordlists for other password cracking tools such as John the Ripper or Hashcat or any such.

Most people even today use commonly used words as their passwords.
Studies show that people select random paswords, with little randomization to the words. Furthermore when passowrds of any infamous sites get leaked, hackers easily figure out techniques to crack the hashes in no time.

password cewl hacking
One common technique used by attackers is to create a custom dictionary files that targets the victim from specific social websites such as facebook or twitter profiles. CeWL package is built into Kali and can be installed on any Linux distribution. CeWL can be installed by typing

sudo apt-get install cewl
If the above command doesn’t install CeWL, you might need to update you sources.list in /etc/apt/

Usage

cewl [OPTION] ... URL

    --help, -h: show help
    --keep, -k: keep the downloaded file
    --depth x, -d x: depth to spider to, default 2
    --min_word_length, -m: minimum word length, default 3
    --offsite, -o: let the spider visit other sites
    --write, -w file: write the output to the file
    --ua, -u user-agent: useragent to send
    --no-words, -n: don't output the wordlist
    --meta, -a include meta data
    --meta_file file: output file for meta data
    --email, -e include email addresses
    --email_file file: output file for email addresses
    --count, -c: show the count for each word found

    Authentication
    --auth_type: digest or basic
    --auth_user: authentication username
    --auth_pass: authentication password

    --verbose, -v: verbose
You can access CeWL by typing man cewl or cewl -h in the terminal.

Demo

Step 1 Fire up Kali or any preferred Linux distribution with CeWL installed on it.

kali boot
Step 2 Simply use it straight away by typing

cewl www.thehackr.com -w hackr.txt

cewl wordlist

By default CeWL sticks to two links depths and and scrapes all the words of 3 characters or more and fires up results to the screen or the output file. The defaults can be further changed by passing the arguments.

Our wordlist looks something like

cewl wordlist
The depth can be adjusted by typing the argument -d 4
where 4 is the desired depth which we want our cewl to work on the provided link.
And also the minimum word count can be altered by passing the argument -m 6
here it limits our word with 6 or more characters.
So finally our usage looks like

cewl www.thehackr.com -m 6 -d 4 hackr.txt

cewl wordlist

Step 3 You can now use the thus obtained wordlist to crack hashes in any password cracking program.

Sreehas

The hacking trend these days has definitely turned criminal because of e-commerce ¯\_(ツ)_/¯

up