Gather a Wordlist from the Target Website using CeWL

The words available on the target website may reveal critical information that can assist in performing further exploitation. CeWL is a ruby app that is used to spider a given target URL to a specified depth, optionally following external links, and returns a list of unique words that can be used for cracking passwords.

Open the Kali Linux and flow the commands

In the terminal window, type cewl -d 2 -m 5 https://www.airbnb.com and press Enter.

-d represents the depth to spider the website (here, 2) and -m represents

minimum word length (here, 5).

A unique wordlist from the target website is gathered, as shown in the screenshot.

Alternatively, this unique wordlist can be written directly to a text file. To do so, type cewl -w wordlist.txt -d 2 -m 5 https://www.airbnb.com and press Enter.

-w – Write the output to the file (here, wordlist.txt)

By default, the wordlist file gets saved in the root directory. Type pluma wordlist.txt and press Enter to view the extracted wordlist.

Type cewl –help and press Enter in the parrot terminal to view the list of options that cewl provides.

This wordlist can be used further to perform brute-force attacks against the previously obtained emails of the target organization’s employees.

This concludes the demonstration of gathering wordlist from the target website using CeWL.