Situatie
Objective: Use the cewl tool to generate a custom wordlist from a website for use in password attacks when pentesting.
If you’re looking to crack a password, you’ll need a solid wordlist to start with. But not just any wordlist—one that fits the target you’re trying to crack. Kali Linux has a tool called cewl that can help you make a custom wordlist by crawling a website.
Why should you use cewl?
You can use it to gather words from the site, like blog post titles, common terms, and metadata. This custom wordlist would be way more effective than using a generic list.
Solutie
Use Cewl to grab words from a website
1)To get started, you’ll use cewl to crawl a website and pull words from it. For instance, if you want to crawl a website like “https://example.com“, you’d run:
cewl https://example.com -w pass_list.txt
- -w pass_list.txt tells cewl to save all the words it grabs into a file named pass_list.txt
- If you want it to dig a bit deeper and crawl links on the page, you can increase the depth like so:
cewl -d 3 https://example.com -w pass_list.txt
This crawls up to three levels deep and pulls words from all the pages it visits.
2.Check out your new wordlist
Once cewl is done, you can see the results by typing:
cat pass_list.txt
You’ll get a list of words that might look something like this:
3.Use the wordlist for cracking
With your wordlist ready, you can now use it in password-cracking tools like hydra or john to attempt to break a password.
Leave A Comment?