Cewl — Crawls For Wordlist - Kali Linux Tutorials

Password Attacks KP March 12, 2019 0 Comments

Cewl — Crawls For Wordlist

The cewl is a CLI based ruby app which spider a URL to a specified depth and searches for words that can be used for password attacks. That means it can generate a custom wordlist form the words used in any website. This is open source and the source code is available in Github. Don’t worry we didn’t need to clone it from Git, this tool comes pre-installed with Kali Linux. OPen terminal window and type following command to see the options of cewl:

cewl -h

The screenshot is following :

To crawl a website, we use this following command:

cewl -d 2 http://192.168.36.16/forum/

The screenshot is following:

Here we can see the wordlist is making which we can use in attacks.

KP AKA Koushik Pal is a Security researcher and specialist focused on educating about Linux for cybersecurity and URL‑masking vulnerabilities. Creator of MaskPhish, a well‑known open‑source bash-based URL‑masking tool. Linux enthusiasts Active speaker, trainer, and advocate for secure web practices.