How to Use CeWL for Custom Wordlist Generation in Kali Linux

Install CeWL

CeWL (Custom Word List generator) is a ruby application that is used to generate custom wordlists from a given target website. It is a great tool for penetration testers and security researchers to use in Kali Linux. To install CeWL, open a terminal window and type the following command:

sudo apt-get install cewl

Once the installation is complete, you can start using CeWL. To generate a wordlist, you need to provide a URL to CeWL. You can also specify the depth of the crawl and the minimum word length. To generate a wordlist, type the following command in the terminal window:

cewl -d 3 -m 5 http://example.com

This command will generate a wordlist from the website http://example.com with a depth of 3 and a minimum word length of 5. Once the wordlist is generated, you can use it for various purposes such as password cracking, dictionary attacks, etc. You can also use the wordlist to create custom dictionaries for use in other tools such as John the Ripper.

Generate Wordlist

In this step, we will use CeWL to generate a custom wordlist from a website. CeWL is a ruby gem that can be used to generate a custom wordlist from a website. To install CeWL, open a terminal window and type sudo gem install cewl. Once CeWL is installed, you can generate a wordlist by typing cewl -w wordlist.txt http://example.com. This will generate a wordlist from the website example.com and save it to the file wordlist.txt. You can also specify the depth of the crawl and the minimum word length with the -d and -m flags respectively. For example, cewl -w wordlist.txt -d 3 -m 5 http://example.com will generate a wordlist from the website example.com with a depth of 3 and a minimum word length of 5. Once the wordlist is generated, you can use it for various purposes such as password cracking or dictionary attacks.

Use Wordlist

Once you have generated a custom wordlist using CeWL in Kali Linux, you can use it for various purposes. For example, you can use it to perform dictionary attacks on web applications or to crack passwords. To use the wordlist, you can use a tool such as John the Ripper or Hydra. For example, to use John the Ripper to crack a password, you can use the following command:

john --wordlist=mywordlist.txt hashes.txt

This command will use the wordlist mywordlist.txt to crack the passwords stored in the file hashes.txt. You can also use the wordlist to perform dictionary attacks on web applications. For example, you can use the CeWL tool to generate a custom wordlist and then use it with a tool such as DirBuster to perform a dictionary attack on a web application.

Useful Links