How to use the command cewl (with examples)
- Linux
- December 25, 2023
CEWL is a URL spidering tool used to create cracking wordlists from web content. It can extract words from a given URL and generate customized wordlists based on specific requirements.
Use case 1: Create a wordlist file from the given URL up to 2 links depth
Code:
cewl --depth 2 --write path/to/wordlist.txt url
Motivation: This use case is useful when you want to generate a wordlist containing words found in a web page, as well as words found in the pages linked from that web page. By specifying a depth of 2, the spidering tool will follow links on the initial URL and its linked pages.
Explanation:
--depth 2
: Sets the depth to 2, indicating that the spider should follow links up to 2 levels deep.--write path/to/wordlist.txt
: Specifies the file to write the wordlist to. You need to provide the file path.url
: The URL from which the spidering should start.
Example output: The command will crawl the given URL and its linked pages up to a depth of 2 and create a wordlist containing the words found. The wordlist will be written to the specified file path.
Use case 2: Output an alphanumeric wordlist from the given URL with words of minimum 5 characters
Code:
cewl --with-numbers --min_word_length 5 url
Motivation: Sometimes, you may require a wordlist that includes alphanumeric characters and has a minimum word length. This use case allows you to generate such a wordlist using the cewl command.
Explanation:
--with-numbers
: Includes numbers in the generated wordlist.--min_word_length 5
: Sets the minimum word length to 5 characters.url
: The URL from which the spidering should start.
Example output: The command will crawl the given URL and create an alphanumeric wordlist containing words of minimum 5 characters.
Use case 3: Output a wordlist from the given URL in debug mode including email addresses
Code:
cewl --debug --email url
Motivation: Debug mode is used to get more detailed information about the tool’s execution. This use case is particularly useful when you want to extract email addresses from a web page and include them in the generated wordlist.
Explanation:
--debug
: Enables debug mode, providing detailed information during the execution of the command.--email
: Instructs the tool to extract email addresses from the web page.url
: The URL from which the spidering should start.
Example output: The command will crawl the given URL, extract email addresses found on the web page, and include them in the generated wordlist. Additionally, debug information will be displayed during execution.
Use case 4: Output a wordlist from the given URL using HTTP Basic or Digest authentication
Code:
cewl --auth_type basic|digest --auth_user username --auth_pass password url
Motivation: Some web pages require authentication before allowing access to the content. You can use this use case to create a wordlist by authenticating with either HTTP Basic or Digest authentication.
Explanation:
--auth_type basic|digest
: Specifies the type of authentication to be used. Choose either “basic” or “digest”.--auth_user username
: Provides the username for authentication.--auth_pass password
: Provides the password for authentication.url
: The URL from which the spidering should start.
Example output: The command will crawl the given URL after authenticating with the provided credentials. It will then generate a wordlist based on the content found on the web page.
Use case 5: Output a wordlist from the given URL through a proxy
Code:
cewl --proxy_host host --proxy_port port url
Motivation: If you need to access a web page through a proxy server, you can utilize this use case to create a wordlist by providing the proxy host and port.
Explanation:
--proxy_host host
: Specifies the proxy server’s host.--proxy_port port
: Specifies the proxy server’s port.url
: The URL from which the spidering should start.
Example output: The command will access the given URL by routing the requests through the provided proxy server. It will then extract words from the web page and generate a wordlist based on the content found.
Conclusion:
The cewl command is a powerful tool that allows you to generate cracking wordlists from web content. By utilizing its various options and arguments, you can customize the wordlist generation process according to your specific requirements.