Cewl is a program written in Ruby by Robin Wood which is packaged with the latest version of Kali Linux.
It basically lets you “spider” a website to collect unique words from it’s content. Why is that useful? Well it’s been proven time and time again that people who look after websites very often use related words (or at least variations of related words) as part of their password.
I’ll give you an example… Lets say Joe Bloggs creates a new WordPress site dedicated to the Ford Mustang. He absolutely loves them, and knows everything there is to know about them. Is it beyond the realms of possibility that the username to his WordPress admin panel might be left as the default “admin” and that the password might be “ShelbyGT500KR”?
If you don’t know what a Shelby GT500KR is, then do a google search for it. It’s an awesome looking car!
Hopefully you agree that it’s highly possible that a password “could” be related in some way to the website content. If not directly with the content, then perhaps with things that the website owner is interested in. Does the website owner have a Facebook page? Twitter feed perhaps? Any Instagram photo’s suggesting what the website owner might be interested in?
Just parking passwords to one side for a moment, the website may provide other potentially useful information. For example it may mention people who work for the organisation. Lets say that Joe Bloggs happens to look after the superdupercorp.com website, and his contact email address is firstname.lastname@example.org – On one of the staff pages, it mentions the CEO being called Bob Smith and the CFO being Lisa Johnson. Could we infer that there might be a couple of associated email addresses such as email@example.com and firstname.lastname@example.org ?
Does Bob Smith have any interests? What does Lisa Johnson like doing?
There is a ton of enumeration that can be done with a personal or corporate website, that can be used as part of a pen test, and this is where cewl can be very useful. Cewl will grab the unique words on any webpage or site you specify, and this will let you very quickly build a “targeted” word list of potential passwords.
There are loads of options for cewl, and they can be accessed using the following command:
root@kali:~# cewl –help
If we take the example I used above:
Lets say I wanted to grab the unique words from the Ford Mustang Wikipedia page, I would use the following command to grab all the unique words on the page, but also all of the unique words from every page I could travel to using URL links on this original Wikipedia page. So for example, on the Mustang Wikipedia page, there is a link on the page (one of many) to another Wikipedia page that offers information on Ford Motor Company – This is known in cewl terms as “scan depth”. So in this case I want to set cewl to a scan depth of 1 (a depth of 0 means stick to just that page).
So you are using the sort function with the -o switch to save your output to the same filename and then piping this to the wc command to count the words in the file, which happen to be 1751. If you wanted to view the words, simply open the text file.
We now have 1751 words to work with as potential passwords!
Hopefully you can see the value of cewl, which in our opinion is a very cool tool indeed 🙂
This leads us to our next part which is to mutate and mangle these words, and for this we will use John!
“There are risks and costs to a program of action—but they are far less than the long range cost of comfortable inaction.”
- John F. Kennedy