CeWL v5.1 – Password Cracking Custom Word List Generator

The New Acunetix V12 Engine


CeWL is a Custom Word List generator which spiders a given site to create a word list of all words it finds on that site. It can also grab email addresses and usernames found in the HTML and in some document types including Office and PDF.

Useful for targeted penetration testing which involves brute force password cracking.

We first wrote about CeWL way back in 2009 not long after it first came out – it’s been updated plenty since then and is now at version 5.1.

CeWL v5.1 - Password Cracking Custom Word List Generator

There are also a bunch of other similar tools out there (some older some newer):

Crunch – Password Cracking Wordlist Generator
The Associative Word List Generator (AWLG) – Create Related Wordlists
Wyd – Automated Password Profiling Tool
CUPP – Common User Passwords Profiler – Automated Password Profiling Tool
RSMangler – Keyword Based Wordlist Generator For Bruteforcing

If you combine the wordlists from the above tools with the commonly found standard password cracking wordlists, you should have a pretty comprehensive, targeted set of lists for bruteforcing with something like John the Ripper, thc-hydra or hashcat.

Usage

You can download CeWL v5.1 here:

cewl_5.1.tar.bz2

Or read more here.

Posted in: Hacking Tools, Password Cracking


Latest Posts:


How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.
Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.
HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.


Comments are closed.