23 January 2009 | 41,929 views

CeWL – Custom Word List Generator Tool for Password Cracking

Check For Vulnerabilities with Acunetix

It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.

This application is more towards creating custom word lists from a specific domain by crawling it for unique words. Basically you give the application a spidering target website and it will collect unique words. The application is written in Ruby and is called CeWL, the Custom Word List generator. The app can spider a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

IF you combine the info output by CeWL and AWLG with the standard wordlists for password cracking – you should have a fairly comprehensive set.

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Installation

CeWL needs the rubygems package to be installed along with the following gems:

  • http_configuration
  • mime-types
  • mini_exiftool
  • rubyzip
  • spider

You can download CeWL here:

cewl_2.0.tar.bz2

Or read more here.



Recent in General Hacking:
- Dradis v2.9 – Information Sharing For Security Assessments
- MagicTree v1.3 Available For Download – Pentesting Productivity
- Kvasir – Penetration Testing Data Management Tool

Related Posts:
- Crunch – Password Cracking Wordlist Generator
- RSMangler – Keyword Based Wordlist Generator For Bruteforcing
- The Associative Word List Generator (AWLG) – Create Related Wordlists for Password Cracking

Most Read in General Hacking:
- 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) - 1,133,467 views
- Hack Tools/Exploits - 576,843 views
- Password Cracking with Rainbowcrack and Rainbow Tables - 411,704 views

Low-cost VPS Hosting

4 Responses to “CeWL – Custom Word List Generator Tool for Password Cracking”

  1. dblackshell 23 January 2009 at 1:04 pm Permalink

    with such an extensive resource of wordlists there should be no excuse on not cracking a hash, eh…

  2. Ubair 12 February 2009 at 2:18 pm Permalink

    Please tell me how to use your softwears.
    I download them but now they are not runing, tell me how to use them so that i can insert them and your link to my site

  3. navin 13 February 2009 at 2:46 pm Permalink

    U g0774 134r|\| 70 5p34k 1337 70 b3 4b13 70 u53 7|-|353 50f7w4r35!!!…… |\|00b!!!! :)

  4. Ploo 9 March 2009 at 7:37 pm Permalink

    Cool