i wordlist generator with CeWL – All things in moderation

wordlist generator with CeWL

Introduction

CeWL is a ruby app custom wordlist generator. It basically spiders the target site to a certain depth and then returns a list of words. This wordlist can later be used as a dictionary to bruteforce web application logins, for example an administrative portal. CeWL also supports HTTP Basic Authentication and provide options
to proxy the traffic.

Author: Robin Wood

Homepage https://digi.ninja/projects/cewl.php

[email protected]:~# cewl -h
CeWL 5.3 (Heading Upwards) Robin Wood ([email protected]) (https://digi.ninja/)
Usage: cewl [OPTION] ... URL
    --help, -h: show help
    --keep, -k: keep the downloaded file
    --depth x, -d x: depth to spider to, default 2
    --min_word_length, -m: minimum word length, default 3
    --offsite, -o: let the spider visit other sites
    --write, -w file: write the output to the file
    --ua, -u user-agent: user agent to send
    --no-words, -n: don't output the wordlist
    --meta, -a: include meta data
    --meta_file file: output file for meta data
    --email, -e: include email addresses
    --email_file file: output file for email addresses
    --meta-temp-dir directory: the temporary directory used by exiftool when parsing files, default /tmp
    --count, -c: show the count for each word found

    Authentication
        --auth_type: digest or basic
        --auth_user: authentication username
        --auth_pass: authentication password

    Proxy Support
        --proxy_host: proxy host
        --proxy_port: proxy port, default 8080
        --proxy_username: username for proxy, if required
        --proxy_password: password for proxy, if required

    Headers
        --header, -H: in format name:value - can pass multiple

    --verbose, -v: verbose

    URL: The site to spider.

Usage Example

Usage: cewl [OPTION] -w [Save output to the file] URL

Example:

cewl --depth 5 --min_word_length 5 -w words.txt http://hydrasky.com -v 

Following is the wordlist returned based on the scraped data from my website.

This wordlist can later be used as a dictionary to bruteforce web application logins, for example an administrative pages.

Leave a Reply