Cewl is a custom wordlist generator tool that already exists in Kali Linux. By the way, various custom wordlist generator tools could be available on the Internet, for example, crunch. But crunch tool may not be suitable for ethical hackers. We can easily collect words and phrases from the target website with the help of cewl tool. It could generate an offensive wordlist. In this article, we will not explain to you How to install the cewl tool. As you know, I have mentioned above that pre-installed on Kali Linux. Cewl is a powerful tool that can easily scrape the web server of any website.
Imagine the Scenario. You want to compromise the pentestblog website, suppose you reached the login page of pentesblog. Instantly you will need a trustworthy wordlist to bypass the login page. We don’t have an excellent wordlist. “Don’t worry” We will get help of cewl tool.
According to the image, we will collect words and phrases from the WordPress website using cewl tool. Without wasting time, we move forward. First of all, we copy the URL (Uniform Resource Locator) of the website.
First of all, we will open its man page to understand the working of cewl tool. For example,
–m =min_word_length: Minimum word length
–w = write: Write the output to the file
We would enter a command similar to the following.
cewl http://vtcsec/secret/ -m 5 -w password.txt
The cewl tool began collecting words and phrases from the target website. It depends on you, how is the target, like organization or college. By the way, the CeWl tool has many hidden secrets. If you are reading this blog then, you should check its manual page.
We succeeded to generate a wonderful wordlist with aid of the cewl tool. Type ls command to see your wordlist.
We tried several tools but cewl was the best. Finally, we were able to create a custom wordlist.