CeWL – Custom Word List Generator Tool for Password Cracking

Outsmart Malicious Hackers


It seems to be trendy lately to make tools which can create custom or more specific word lists for password cracking, just last week we posted about the web application The Associative Word List Generator (AWLG), which crawls the whole web to look for associated words with a given topic.

This application is more towards creating custom word lists from a specific domain by crawling it for unique words. Basically you give the application a spidering target website and it will collect unique words. The application is written in Ruby and is called CeWL, the Custom Word List generator. The app can spider a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

IF you combine the info output by CeWL and AWLG with the standard wordlists for password cracking – you should have a fairly comprehensive set.


By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Installation

CeWL needs the rubygems package to be installed along with the following gems:

  • http_configuration
  • mime-types
  • mini_exiftool
  • rubyzip
  • spider

You can download CeWL here:

cewl_2.0.tar.bz2

Or read more here.

Learn about Hacking News



Posted in: Hacking News, Hacking Tools, Password Cracking

,

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


4 Responses to CeWL – Custom Word List Generator Tool for Password Cracking

  1. dblackshell January 23, 2009 at 1:04 pm #

    with such an extensive resource of wordlists there should be no excuse on not cracking a hash, eh…

  2. Ubair February 12, 2009 at 2:18 pm #

    Please tell me how to use your softwears.
    I download them but now they are not runing, tell me how to use them so that i can insert them and your link to my site

  3. navin February 13, 2009 at 2:46 pm #

    U g0774 134r|\| 70 5p34k 1337 70 b3 4b13 70 u53 7|-|353 50f7w4r35!!!…… |\|00b!!!! :)

  4. Ploo March 9, 2009 at 7:37 pm #

    Cool