Gather a Wordlist from the Target Website using CeWL
The words available on the target website may reveal critical information that can assist in performing further exploitation. CeWL is a ruby app that is used to spider a given target URL to a specified depth, optionally following external links, and returns a list of unique words that can be used for cracking passwords.
Open the Kali Linux and flow the commands
In the terminal window, type cewl -d 2 -m 5 https://www.airbnb.com and press Enter.
![](https://pentesterclub.com/wp-content/uploads/2023/10/image.png)
-d represents the depth to spider the website (here, 2) and -m represents
minimum word length (here, 5).
A unique wordlist from the target website is gathered, as shown in the screenshot.
![](https://pentesterclub.com/wp-content/uploads/2023/10/image-1.png)
Alternatively, this unique wordlist can be written directly to a text file. To do so, type cewl -w wordlist.txt -d 2 -m 5 https://www.airbnb.com and press Enter.
-w – Write the output to the file (here, wordlist.txt)
![](https://pentesterclub.com/wp-content/uploads/2023/10/image-2.png)
By default, the wordlist file gets saved in the root directory. Type pluma wordlist.txt and press Enter to view the extracted wordlist.
![](https://pentesterclub.com/wp-content/uploads/2023/10/image-3.png)
Type cewl –help and press Enter in the parrot terminal to view the list of options that cewl provides.
![](https://pentesterclub.com/wp-content/uploads/2023/10/image-4.png)
This wordlist can be used further to perform brute-force attacks against the previously obtained emails of the target organizationโs employees.
This concludes the demonstration of gathering wordlist from the target website using CeWL.
Leave a Reply