In this tutorial I will show you the basics on creating a custom wordlist based upon a company’s own website using CeWL.
The idea behind using a target specific wordlist as apposed bruit-force or mega long wordlists is TIME. Time is the one thing most people don’t have and the longer you spend attacking a target the longer they have to detect you and stop you. So the idea is to gather as much information about the target and construct an appropriate and well-designed wordlist that is specific to the user whose password you are trying to crack.
It’s simply human nature, and something i call users path of least resistance. Users will gravitate like water to the easiest passwords that has meaning for them. Words that we use in our everyday experience will first pop into our heads when we are considering passwords. That’s why so many people use their kids/partners name, birth dates, street address, anniversaries, etc. Users aren’t very creative and use words and numbers that first come to mind, 01,02,1984,2017…
We can use this lack of creativity to develop a specific wordlist for a specific company or industry. That’s what CeWL will do for us. It’s designed to grab words from the company’s website to create a wordlist specific to the company in order to crack passwords of the users at that business.
With out further ado, lets get creating.
CeWL
Fire up your Kali laptop or VM and run the command:
cewl –help
The main points from the help file are the depth (-d) and the min_word_length (-m) switches. The -d switch determines how deep (the default is 2) into the website (sub-pages) CeWL will crawl grabbing words. And the -m switch determines the minimum length of words it will grab. Since most firms have a minimum password length, there’s no need to grab short words. In this case, I will be setting the minimum to 6 letters.
Now, to build a custom wordlist, we set CeWL to scraping words from my own website as a test. We can do this by typing:
cewl -w customwordlist.txt -d 2 -m 6 gwww.wicher.co.uk
What does: -w do?
-w customwordlist.txt: the -w means write to the file name that follows.
What does: -d do?
-d 2: the depth that CeWL will crawl to website. eg, how many sub pages will it do down.
What does: -m do?
-m 6: the minimum word length; in this case it will grab words of 6 characters or more.
Now, depending on your options this may take some time. But once done you will have a new text file with all the words scraped off your target site.
A follow on post will be made at a later date on using a wordlist on a target service.