2022-Penetration Testing-Kali Linux Dictionary Generation Tool Cewl Usage Guide

Table of contents

Introduction to Cewl

Cewl command parameters

Use of Cewl

default method

 Store the resulting dictionary in a file

 Count the number of times a word appears in a website

Increase crawling depth

Extract debug information

 Verbose mode

 Generate a dictionary containing numbers and characters

 Cewl Digest/Basic Certification

proxy URL

Introduction to Cewl

Cewl is an application developed in Ruby. You can specify the URL address and crawling depth for its crawler, and you can add additional external links. Next, Cewl will return you a dictionary file, which can then be used for password cracking. .

Cewl command parameters

cewl [选项] ... URL

--help，-h：显示帮助

--keep，-k：保留下载的文件

--depth x，-d x：深度到蜘蛛，默认2

--min_word_length，-m：最小字长，默认为3

--offsite，-o：让蜘蛛访问其他网站

--write，-w file：将输出写入文件

--ua，-u user-agent：用户代理发送

--no-words，-n：不输出单词表

--meta， -a 包含元数据

--meta_file file：元数据的输出文件

--email，-e包括电子邮件地址

--email_file file：电子邮件地址的输出文件

--meta-temp-dir directory：exiftool在解析文件时使用的临时目录，默认为/ tmp

--count，-c：显示找到的每个单词的计数

Use of Cewl

default method

cewl http://www.baidu.com/ 

 As shown in the figure, the generated dictionary is displayed in the terminal

 Store the resulting dictionary in a file

cewl http://www.baidu.com/ -w baidu.txt

 A dictionary specifying the generated length

​cewl http://www.baidu.com/ -m 6

The above command has a minimum length of 6 words

 Count the number of times a word appears in a website

cewl http://www.baidu.com/ -c

Increase crawling depth

cewl http://www.baidu.com/ -d 3

Increase the crawling depth of the crawler to generate larger dictionary files, by default the crawling depth is 2

Extract debug information

cewl http://www.baidu.com/ --debug

 Verbose mode

cewl http://www.baidu.com/ -v

In this mode, Cewl will export the detailed data of the target website:

 Generate a dictionary containing numbers and characters

cewl http://www.baidu.com/ --with-numbers

 Cewl Digest/Basic Certification

If the target website requires page login authentication, we need to use the following parameters to bypass the page authentication restrictions:

–auth_type:                      Digest or basic.
–auth_user:                     Authentication username.
–auth_pass:                     Authentication password.

cewl http://192.168.1.105/dvwa/login.php --auth_type Digest --auth_user admin--auth_pass password -v

proxy URL

If the target website has a proxy server set, Cewl will not be able to use the default command to generate the dictionary. At this point you need to use the --proxy option to enable proxy URL functionality:

cewl --proxy_host 192.168.1.103 --proxy_port 3128 -w dict.txt http://192.168.1.103/wordpress/