CeWL (pronounced "cool") is a potent tool in the world of cybersecurity, particularly in penetration testing and ethical hacking. Its primary function is to generate custom word lists by spidering a target website's content. Here's a comprehensive guide on what CeWL is, its capabilities, and how to use it effectively.
-
Target-Specific Wordlists: Generates wordlists from the content of a specific website, ensuring the list is tailored to the site's vocabulary and terminology.
-
Depth of Search: Can spider to a specified depth to extract words not just from the primary page but also from linked pages.
-
Customisable Outputs: Offers various options like setting minimum word length, excluding numbers, and including meta tags.
-
Additional Functionalities: Besides wordlist generation, it includes features like username enumeration and email extraction.
-
Efficiency: Creates shorter but more relevant word lists compared to generic ones.
-
Tool Integration: Being command-line based, it integrates seamlessly into automated workflows.
-
Active Maintenance: Regularly updated to stay relevant with contemporary security needs.
$ cewl -h
CeWL 6.1 (Max Length) Robin Wood (robin@digi.ninja)
Usage: cewl [OPTIONS] ... -h, --help: Show help.-d ,--depth: Set spider depth (default 2).-m, --min_word_length: Set minimum word length (default 3).-w, --write: Write output to a file.-e, --email: Include email addresses.
To generate a wordlist from a website:
cewl http://10.10.79.29 -w output.txtTo go two links deep:
cewl http://10.10.79.29 -d 2 -w output1.txtFor specifying minimum and maximum word lengths:
cewl http://10.10.79.29 -m 5 -x 10 -w output2.txtFor sites with login forms:
# Use the -a flag for form-based authenticationAppending numbers or custom extensions to words:
# Use --with-numbers for appending numbers
# Use --extension for custom extensionsBy default, CeWL doesn't spider external sites. Use --offsite to enable this.
CeWL can be combined with tools like wfuzz for brute-force attacks:
user@berkan$ wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u http://10.10.79.29/login.php -d "username=FUZZ&password=FUZ2Z"-z file,usernames.txt: Load the usernames list.-z file,passwords.txt: Use the password list generated by CeWL.--hs "Please enter the correct credentials": Hide responses with this string.-u: Target URL.-d "username=FUZZ&password=FUZ2Z": POST data format.
CeWL is a unique and powerful tool for cybersecurity professionals, offering a high degree of customization and effectiveness in penetration testing scenarios.