Cewl is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.
Cewl also has an associated command line app, FAB (Files Already Bagged) which uses the same meta-data extraction techniques to create author/creator lists from already downloaded.
Let’s take a look on the help screen for the Cewl tool:
Now let’s try it on my website https://hack-tips.com:
In some cases of Penetration testing in labs we need to create a wordlist from the results to use it for brute forcing later against a username, we can save the output to a file using the flag “-w”:
To list The Emails within the page we use the flag “-e” but we can use the flag “-n” to hide the rest of the words found and only show the Emails:
Using the flag “—debug” will give us more information on the page and debugging information:
You can use the flag “–proxy” option to enable Proxy URL parameter if the site is running behind a proxy and to generate a wordlist we use the flag “-w”:
cewl https://hack-tips.com –proxy_host 192.168.1.1 –proxy_port 8080 -w wordlist.txt
We can use the flags “—auth_user” “—auth_pass” and “auth_type” to provide the username and password along with the authentication type:
If the authentication credentials are right you will get a code 200 back and see the results.
