How to use CeWL tool for wordlist generation

Generating word list from target website using CeWL

Custom wordlist generator CeWL is a command line tool available in Linux OS for generating a wordlist from the given domain by spidering it in depth.

It is a ruby app that spiders a given URL, up to the specified depth, and returns a list of words that can be used for password crackers such as John the Ripper. Optionally, CeWL can follow external links.

CeWL can create a list of email addresses found in mailto links. these email addresses can be used as usernames in brute-force actions and attacks.

It will be preinstalled in your Linux system, but if it doesn’t then do these steps:-

open terminal
switch to a superuser account
give this command [apt-get install cewl]
Now the Cewl tool is installed in your system.

Now let’s assume our target is www.wikipedia.com, and we need to generate a wordlist according to this domain.

1. Switch to the superuser account

2. now type the wordlist generator command

cewl -d 2 -m 5 -w wordlist.txt https://www.cipherssecurity.com:443/

Note:- here -d refers to the depth to spider the website (here, 2 is default), and -m refers to the minimum word length (here, 5) and (3 is default).

3. after executing the command, a unique wordlist of a minimum of 5 characters will be generated from the target website.

4. check the below screenshot

5. the wordlist will be saved in the present working directory. you can access the wordlist by using any tools like cat, nano, pluma, etc.

6. the wordlist we generated from Ciphers security website is shown in the below screenshot.

7. if stuck at anywhere while using this spidering tool, you can take help by giving the help command

cewl --help

8. you can also use the tool manual for getting related brief information about the tool

man cewl

9. the generated wordlist from this tool can be further used for doing any type of brute force attack on the particular site domain

If you have any queries regarding the above content, or you want to update anything in the content, then contact us with your queries. You can directly post your question in the group.