Learn how To Install CeWL On Kali Linux step by step. CeWL is a preinstalled tool in kali and in this guide, you are going to get familiar with CeWL and tutorial how to install this on Kali Linux. Before all, choose and buy your own Linux VPS package to use this guide better.
Table of Contents
What is CeWL?
A Kali tool, with this ruby app you are allowed to spider a webpage for words and build a dictionary of words used. CeWL can spider a given URL (schools, colleges, business) to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper (an Open Source password security auditing and password recovery tool available for many operating systems). Files Already Bagged (FAB) is the associated command-line of CeWL which uses the same metadata extraction techniques to create author/creator lists from already downloaded. CeWL is useful in security tests and forensics investigations and it is pronounced “cool”.
How to Configure CeWL On Kali Linux
For each penetration phase of the detection phase, a password profile must be created. Creating a password profile with the Cewl tool helps us to combine possible words used in the usernames and passwords of the organization’s personnel. You will learn how to generate a list of words using the CeWL tool and used by the application and create a password profile, and save these words so that we can use them to brute force login to the application later, if necessary. When you generate a list, it means that you have created dictionaries based on the expressions found on the website provided in the parameter. And it lets users define the depth of search on the site, the minimum number of characters from which the password should be composed. Also, the application can collect e-mail addresses found on the website as it is a crawler/spider tool.
Tutorial Install CeWL On Kali Linux
It will be installed by running the below command:
apt-get install cewl
To see the options and several parameters of cewl, open the terminal window, and type the following command:
Also, you can use the command below to crawl a website:
cewl -d 2 http://192.168.35.15/forums/
Note: Then, you can see the wordlist is making which you can use in attacks.
How To Create A Custome Wordlist With CeWL
The main work of CeWL is to develop a specific wordlist for a specific company or industry. This tool has been designed to grab words from the company’s website to create a wordlist specific to the company in order to crack the passwords of the users at that business.
Fire up Kali and open a terminal and type the “cewl” command
kali > cewl --help
To build a customer wordlist, you need to set CeWL to scraping words. You can use Sans.org (the website we are crawling) and run the command below:
kali > cewl -w customwordlist.txt -d 5 -m 7
Note 1: Due to the minimum length of firms passwords, there’s no need to grab short words and you can set the minimum to 7 letters.
-m : min_word_length
-w customwordlist.ext: write to the file name that follows
Note 2: These words are a reflection of the industry that the SANS Institute is; information security.
Then, you will view a file as below:
Learn Install CeWL On Kali Linux
Here is an example of using this tool as a hack program.
cewl -w log -m 3 -d 1 http://ADDRESS/
-m 3: the minimum length of the word to be added to the dictionary.
-d 1: depth of search penetration.
How To Clean Up Wordlists
It is clear that CeWL is a powerful tool in generating wordlist. But what should be done when you have multiple wordlists (favorite bands, movies, shows, etc) for each target? you can easily concatenate several text files into a single text file is as simple as one command:
cat file1.txt file2.txt file3.txt file4.txt > merged.txt
Start cleaning the merged list up( recommended in alphabetical order) when you succeeded to merge all your wordlist together and remove all duplicates from the list.
sort wordlist.txt | uniq -u > cleaned_wordlist.txt
In this article, you learned How To Install CeWL On Kali Linux. Try to have the experiment of this powerful tool to generate a custom wordlist and enjoy the powerful targeted attack vector. Combinator and Crunch are the two tools you can use for the same target. In case you are interested to learn more, find our article on How to Install wpscan on Kali Linux.