• Email info@cyberry.co.uk
  • How cool is cewl?!

  • Cewl is a program written in Ruby by Robin Wood which is packaged with the latest version of Kali Linux.

    It basically lets you “spider” a website to collect unique words from it’s content. Why is that useful? Well it’s been proven time and time again that people who look after websites very often use related words (or at least variations of related words) as part of their password.

    I’ll give you an example… Lets say Joe Bloggs creates a new WordPress site dedicated to the Ford Mustang. He absolutely loves them, and knows everything there is to know about them. Is it beyond the realms of possibility that the username to his WordPress admin panel might be left as the default “admin” and that the password might be “ShelbyGT500KR”?

    If you don’t know what a Shelby GT500KR is, then do a google search for it. It’s an awesome looking car!

    Hopefully you agree that it’s highly possible that a password “could” be related in some way to the website content. If not directly with the content, then perhaps with things that the website owner is interested in. Does the website owner have a Facebook page? Twitter feed perhaps? Any Instagram photo’s suggesting what the website owner might be interested in?

    Just parking passwords to one side for a moment, the website may provide other potentially useful information. For example it may mention people who work for the organisation. Lets say that Joe Bloggs happens to look after the superdupercorp.com website, and his contact email address is joe.bloggs@superdupercorp.com – On one of the staff pages, it mentions the CEO being called Bob Smith and the CFO being Lisa Johnson. Could we infer that there might be a couple of associated email addresses such as bob.smith@superdupercorp.com and lisa.johnson@superdupercorp.com ?

    Does Bob Smith have any interests? What does Lisa Johnson like doing?

    There is a ton of enumeration that can be done with a personal or corporate website, that can be used as part of a pen test, and this is where cewl can be very useful. Cewl will grab the unique words on any webpage or site you specify, and this will let you very quickly build a “targeted” word list of potential passwords.

    There are loads of options for cewl, and they can be accessed using the following command:

    root@kali:~# cewl –help

    If we take the example I used above:

    Lets say I wanted to grab the unique words from the Ford Mustang Wikipedia page, I would use the following command to grab all the unique words on the page, but also all of the unique words from every page I could travel to using URL links on this original Wikipedia page. So for example, on the Mustang Wikipedia page, there is a link on the page (one of many) to another Wikipedia page that offers information on Ford Motor Company – This is known in cewl terms as “scan depth”. So in this case I want to set cewl to a scan depth of 1 (a depth of 0 means stick to just that page).

    This would be a typical command I could use:

    root@kali:~# cewl -d 0 -m 6 -w mustangwords.txt https://en.wikipedia.org/wiki/Ford_Mustang

    Let me break this down a bit…

    cewl this is telling the machine use cewl

    -d 0 I am telling cewl to use a scan depth of 0. This basically means to stick to this page only.

    -m 6 I am instructing cool to only scrape words that have a minimum of 6 letters

    -w Save my output to a word list file called mustangwords.txt

    https://en.wikipedia.org/wiki/Ford_Mustang This is the webpage I want you to spider

    The complete list of switch options can be found in the help page, and it’s worth familiarizing yourself with them.

    After a short while, you will be returned back to a prompt, and you should be able to view the contents of the mustangwords.txt file

    Whilst it’s not entirely necessary, you might also want to sort the words in your file alphabetically, as well as tell you exactly home many words it scraped.

    A simple way of doing this is to use the following command:

    root@kali:~# sort -o mustangwords.txt mustangwords.txt | wc -w < mustangwords.txt

    So you are using the sort function with the -o switch to save your output to the same filename and then piping this to the wc command to count the words in the file, which happen to be 1751. If you wanted to view the words, simply open the text file.

    We now have 1751 words to work with as potential passwords!

    Hopefully you can see the value of cewl, which in our opinion is a very cool tool indeed 🙂

    This leads us to our next part which is to mutate and mangle these words, and for this we will use John!