Open In App

Cewl Tool – Creating Custom Wordlists Tool in Kali Linux

Last Updated : 28 Jul, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

In this article, we will see how to create a wordlist with the Kali Linux tool Cewl and what options are available in this post.

Cewl is a Ruby program that crawls a URL to a defined depth, optionally following external links, and produces a list of keywords that password crackers such as John the Ripper can use to crack passwords. can. FAB (Files Already Bagged) is a command-line program that generates author/producer lists from already downloaded files using information extraction algorithms similar to CeWL.

Cewl is a custom wordlist generator that comes pre-installed with Kali Linux. By the way, many custom wordlist generating tools, such as Crunch, may be available on the Internet. However, the Crunch tool may not be suitable for ethical hackers. With the help of the cewl tool, we can easily collect words and phrases from the target page. It has the ability to create a list of offensive words. In this tutorial, we will not explain how to install the cewl tool. As said earlier, Kali Linux comes with pre-installed software. Cewl is a robust program that can quickly scrape the webserver of any website.

In the terminal, type “cewl -h” to see a list of all the options it accepts, complete with their descriptions.

cewl --help

Cewl Usage – Default Procedure:

Use the following command to spider the provided URL to a defined depth and print a list of terms that can be used as a dictionary to crack the password.

cewl https://www.geeksforgeeks.org/

Saving Wordlist as a file

We save the print list of the term into a tab for the sake of record-keeping, improved readability, and possible references. We’ll use the -w parameter to save the output to a text file in this case.

Now that we’ve successfully run the instruction, let’s check to see if the output has been saved to a register.wordlists.txt is the output position in this situation.

cewl https://www.geeksforgeeks.org/ -w wordlists.txt
cat wordlists.txt

Creating a Certain-Length Wordlist:

If you choose to create a wordlist with a certain word length, use the “-m” function, which allows you to set a minimum word length limit.

The following command will produce a list of at least 7 words; as seen in the screenshot, it has crawled the given website and printed a list of words of at least 7 characters.

cewl https://www.geeksforgeeks.org/ -m 7

Email Retrieval from a Website:

The “-e” option unlocks the email parameter, while the -n option hides the list of words created while crawling the provided website. It has successfully found 1 email-id from inside the website, as seen in the image below.

cewl https://www.geeksforgeeks.org/ -n -e

Verbose Mode:

You can use the -v option for the verbose mode to extend the website crawling result and to retrieve all of a website’s information. It would dump the details available on the website rather than generate a wordlist.

cewl https://www.geeksforgeeks.org/ -v

Alpha-Numeric words Generation:

You may use the –with-numbers option in conjunction with the command to create an alpha-numeric wordlist. As you can see in the image below, it has created an alpha-numeric wordlist this time.

cewl https://www.geeksforgeeks.org/ --with-numbers

Count how many times a word appears on a webpage:

Use the -c options to enable the count parameter to count the number of terms repeated several times in a website. As you can see in the picture below, it has printed the count for each word that appears several times on the website.

cewl https://www.geeksforgeeks.org/ -c

Increase Spider Depth:

Use the -d option with the depth level number to activate the depth parameter for more quick crawling if you want to raise the spider level to create a larger list of words by counting more new words from the page. This depth level is set to 2 by default.

cewl https://www.geeksforgeeks.org/ -d 3 

Additional debug details:

You can activate debug mode and view issues and raw website information while crawling using the –debug option.

cewl https://www.geeksforgeeks.org/ --debug

Scan to a depth of 2 (-d 2) and a minimum word length of 5 (-m 5), then save the words to a file (-w docswords.txt) using the following parameters:

cewl -d 2 -m 5 -w wordlists1.txt https://www.geeksforgeeks.org/
cat wordlists1.txt


Similar Reads

Create Custom Wordlists Using Crunch in Kali Linux
In order to crack a password, we have to try a lot of passwords to get the right one. When an attacker uses thousands or millions of words or character combinations to crack a password, there is no surety that any of those combinations will work. This collection of different combinations of characters is called a wordlist. And in order to crack a p
3 min read
Bopscrk - Tool To Generate Smart And Powerful Wordlists
Bopscrk is also known as Before Outset Password Cracking is the automated tool that aims to generate smart and powerful word lists for performing Brute-force attacks on the target domains. Bopscrk tool supports interactive mode, in which rather than specifying commands all the time the tool asks some questions and the user needs to answer those que
3 min read
Webkiller v2.0 - Tool Information Gathering tool in Kali Linux
Webkiller is a free and open-source tool available on GitHub. Webkiller is used as an information-gathering tool. Webkiller is used to scan websites for information gathering and finding vulnerabilities in websites and webapps. The whois data collection gives us information about Geoip lookup, Banner grabbing, DNS lookup, port scanning, sub-domain
3 min read
Tool-X - Hacking Tool Installer in Kali Linux
Tool-X is a free and open-source tool written in python that is available on GitHub. Tool-X is used by security researchers and pen-testers in the early stages of reconnaissance and pen-testing. It is an installer framework for Kali Linux that has approximately 300 tools available on its menu. It will provide a command-line user interface that you
2 min read
Kali-Whoami - Stay anonymous on Kali Linux
In today's life, we are surrounded by a lot of cyber security tools and we talk about our online anonymity, but are we really anonymous? A single mistake can reveal our anonymity, so here is a tool that can help us to make anonymity possible and it is called WHOAMI. It is very useful and has a very simple UI. Note: if you are a parrot user then you
3 min read
Creating a Persistent Reverse Shell with Metasploit in Kali Linux
A reverse shell is a type of network connection in which a command shell is executed on a remote machine, and the input and output of the shell are transmitted over the network back to the local machine. This allows a user on the local machine to execute commands on the remote machine and receive the output of those commands. Reverse shells are oft
4 min read
Kali Linux - Password Cracking Tool
Password cracking is a mechanism that is used in most of the parts of hacking. Exploitation uses it to exploit the applications by cracking their administrator or other account passwords, Information Gathering uses it when we have to get the social media or other accounts of the C.E.O. or other employees of the target organization, Wifi Hacking use
5 min read
Sherlock - Hunt Username on Social Media Kali Linux Tool
Sherlock is a free and open-source tool available on GitHub. This tool is free you can download it from Github and can use it for free of cost. Sherlock is used to finding usernames on social media on 300 sites. As you know many users register themselves on social media platforms using their own name. Suppose we need to find someone on any social m
3 min read
Gasmask – Information Gathering Tool in Kali Linux
Gasmask is a free and open-source tool available on Github. Gasmask is an Open Source Intelligence and Information Gathering Tool based on (OSINT). Gasmask is capable of doing everything almost you need for reconnaissance as per your need it can perform reconnaissance easily. Gasmask works as an open-source tool intelligence tool. It integrates wit
7 min read
Knock - Subdomain Scanner Tool in Kali Linux
Knock is a tool written in Python and is designed to enumerate subdomains in a target domain through a wordlist. Installation: First clone the tool from the GitHub repository by using the below command. git clone https://github.com/santiko/KnockPy.git Then Change to your preferred directory. cd KnockPy[caption width="800"]Fig 1: Cloning tool from G
2 min read