Cewl

This is the first blog post in my series where I will go through all built-in Kali Linux tools. I will write information about how the tools work and give you examples on when to use them. This will be an excellent way for me to learn the tools in depth and hopefully it can come in handy for some of you.
I won’t get much enjoyment if I write about them in one by one from top to bottom since that will be boring. The first tool I will write about is from section 05- Password Attacks and the tool I have chosen to start with is CeWL.

Background and the functionality:
CeWL is a tool that was created by Robin Wood and it is used for creating custom word lists based on the text from a target website. It can come in handy to use this tool if you are doing a pen test and you haven’t been successful with your usual word lists and want to create one that is more customized for the target company.

cewl
CeWL from Kali Linux

CeWL are built in Ruby and the main idea is that the program spiders the specified URL according to the configuration and returns a list of words that was found on that site. These custom word lists can later be used when trying to crack passwords with the other available tools. In a later post I will show you how that is being done.

How to get started with CeWL:
So how do you use CeWL then? It’s pretty easy and straight forward and you can get out the most information from the manual which you get by running “man cewl”. I will go through some of the most common options that you can configure and these are:

  • -w
  • -d
  • -m
  • –with-numbers
  • -c
  • -e

-w
Define where the word list should be saved. example: customwordlist.txt
-d
Define the depth the scan should spider. Default value is 2 and that means that it will go to all links that are presented on the defined URL and collect words from them as well.
-m
Define the minimum length of a word. No words with less characters than this will be saved.

So let’s try it and see how it works in practice. For this example I will just use a website that I know include many words and which site are better than Wikipedia? I’ve set the parameters to depth = 1 and characters = 10.

An example on how to use CeWL to generate a custom word list based on a URL.

It can take some time if you want to spider through many sites but if you use a configuration like mine it will be very quick and in this example I got out 1895 useful words.

wordcount
An example on how you can count the number of files in the file.

–with-numbers
Accept words where numbers are included as well. Like for example the word below. “Riteshkumar1256”.

In the figure you can see the first ten entries in the list that was created.

-c – counts number of entries
If you add the -c parameter the tool will also count how many times each word was found on the site. You can use that for many purposes and one example is that you easy can find out which words the company likes to mention and that might be something users uses in their passwords.

An example on how you can use the -c parameter for CeWL.

-e – includes email addresses
You can also save all email addresses that can be found on the website to a file. Perfect for recon and helps you find mailboxes at the target company. If you also include –email file you can specify where you want to save the emails addresses.

An example on how you can use the -e parameter for CeWL.

That was everything for this time. Please contact me if you feel like I missed something or if you want to share any special tips and tricks for using CeWL?

Thanks
/Rickard

Copyright © 2019