You might never heard of CeWL wordlist generator before, Today we’re going to generate wordlist based on any website keywords used in URL parameter. It crawls website source code and generate custom wordlist through those interesting words or options which we’ll give, CeWL is per-installed in Kali Linux.

You can find it here:

Applications > Password Attacks > Password Profiling & Wordlists > CeWL

or You can simple run directly through you’re terminal which most of you guys going to do.

How to use CeWL: Custom Wordlist Generator?

This tool targets a person which creates content on his website or page relevant to his personal life or passwords thus it is not safe to use that kind of words, which may be like a pet name or anything else.

We can use CeWL to create custom wordlists for password cracking targets other than employees at a particular company. For instance, if we know the individual who is our target is a soccer fan, we use CeWL to crawl a soccer site to grab soccer related words. That is, we can use CeWL to create specific password lists based upon just about any subject area by simply crawling a website to grab potential keywords.

To use this tool you can type the following command.

Let’s break that down.

  • -w wordlist.txt: the -w means write to the file name that follows.
  • -d 5: the depth (in this case, 5) that CeWL will crawl to website.
  • -m 5: the minimum word length; in this case it will grab words of 5 characters minimum.
  • www.pentest-standard.org: the website we are crawling.

This will generate a wordlist like,

Sometimes this tool can be useful for CTF’s challenges because most of the times machine developers leave passwords hints in some pages which we have to manually check but using CeWL we can easily generate word-list with all contained keywords 🙂