Gather a Wordlist from the Target Website using CeWL
The words available on the target website may reveal critical information that can assist in performing further exploitation. CeWL is a ruby app that is used to spider a given target URL to a specified depth, optionally following external links, and returns a list of unique words that can be used for cracking passwords.
we were tested www.certifiedhacker.com .
In the terminal window, type cewl -d 2 -m 5 www.certifiedhacker.com and press Enter.
-d represents the depth to spider the website (here, 2) and -m represents minimum word length (here, 5).
A unique wordlist from the target website is gathered, as shown in the screenshot.
The minimum word length is 5, and the depth to spider the target website is 2.
Alternatively, this unique wordlist can be written directly to a text file. To do so, type cewl -w wordlist.txt -d 2 -m 5 www.certifiedhacker.com and press Enter.
-w — Write the output to the file (here, wordlist.txt)
By default, the wordlist file gets saved in the root directory. Type pluma wordlist.txt and press Enter to view the extracted wordlist.
- The file containing a unique wordlist extracted from the target website opens, as shown in the screenshot.
This wordlist can be used further to perform brute-force attacks against the previously obtained emails of the target organization’s employees.
This concludes the demonstration of gathering wordlist from the target website using CeWL.
