Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to use Cewl, a tool for generating Kali Linux dictionaries, and the content of the article is of high quality, so the editor will share it with you for reference. I hope you will have some understanding of the relevant knowledge after reading this article.

We will show you how to use KaliLinux's dictionary generation tool-Cewl. This is a full guide to the use of tools, I hope it can help you!

Cewl introduction

Cewl is an application developed with Ruby, you can specify the URL address and crawl depth for its crawlers, and you can add additional external links, and then Cewl will return a dictionary file for you, which you can use in password cracking tools like John the Ripper. In addition, Cewl provides command-line tools.

Tool source address: [portal]

After the terminal enters "cewl-h", the tool outputs all acceptable option parameters and the corresponding option description:

SYNTAX:cewl [options] Genral Options-h,-help: Show help. -k,-keep: Keep the downloadedfile. -d,-depth: Depth to spider to,default 2.-m,-min_word_length: Minimumword length, default 3.-o,-offsite: Let the spider visitother sites. -w,-write: Write the output tothe file. -u,-ua: User agent to send. -n,-no-words: Don't outputthe wordlist. -with-numbers: Accept words with numbers in aswell as just letters-a,-meta: include meta data. -meta_file file: Output file forMeta data. -e,-email: Include emailaddresses. -email_file: Output file for email addresses. -meta-temp-dir: Thetemporary directory used by exiftool when parsing files, default / tmp. -c,-count: Show the count foreach word found. -v,-verbose: Verbose. -debug: Extra debuginformation Authentication-auth_type: Digest or basic. -auth_user: Authentication username. -auth_pass: Authentication password. Proxy Support-proxy_host: Proxy host. -proxy_port: Proxy port, default 8080. -proxy_username: Username for proxy, if required. -proxy_password: Password for proxy, if required.

Default method

After entering the following command, the crawler crawls according to the specified URL and depth, and then prints out a dictionary that can be used for password cracking:

Cewl http://www.ignitetechnologies.in/

Save dictionary file

In order to facilitate recording, or to provide reference for future research, Cewl can save the printed dictionary as a file. Here you can use the-w parameter to store the password dictionary as a text file:

Cewl http://www.ignitetechnologies.in/-w dict.txt

We can use the following command to see if the password dictionary is stored successfully, and our storage path is / root / dict.txt:

Cat dict.txt

Generate a dictionary of a specific length

If you want to generate a password dictionary of a specified length, you can use the-m option to set it:

Cewl http://www.ignitetechnologies.in/-M9

The above command will generate a password with a length of at least 9 characters. You can see from the following figure that Cewl crawled the target website and printed out a password with a length of at least 9 characters:

Get Email from the website

You can use the-e option to enable the Email parameter, and with the-n option to hide the password dictionary generated by the tool during crawling the site:

Cewl http://www.ignitetechnologies.in/-n-e

At this point, the tool successfully found an Email address on the website:

Calculate the number of repeated words in the website dictionary:

If you want to calculate the number of repetitions of a word in the target site, you can use the-c option to turn on the parameter calculation function:

Cewl http://www.ignitetechnologies.in/-c

As you can see, Cewl can directly count the number of repeated words on the target website:

Increase crawl depth

If you want to increase the crawl depth of the crawler to generate a larger dictionary file, you can use the-d option to specify the crawl depth, which by default is 2:

Cewl http://www.ignitetechnologies.in/-d 3

Extract debugging information

You can use the-- debug option to turn on debug mode so that you can view errors and metadata during site crawling:

Cewl http://www.ignitetechnologies.in/-- debug

Verbose mode

To expand the site crawl results and get a more complete data report, you can use the-v option to enter verbose mode. In this mode, Cewl exports the detailed data of the target website:

Cewl http://www.ignitetechnologies.in/-v

Generate a dictionary containing numbers and characters

If you want to generate a dictionary file containing numbers and characters, you can use the-with-numbers option in the command:

Cewl http://testphp.vulnweb.com/-- with-numbers

Cewl Summary / basic Certification

If the target site requires page login authentication, we need to use the following parameters to bypass the page authentication limit:

-auth_type: Digest or basic.-auth_user: Authentication username.-auth_pass: Authentication password.cewl http://192.168.1.105/dvwa/login.php-auth_type Digest-- auth_user admin--auth_pass password-v

Or

Cewl http://192.168.1.105/dvwa/login.php-auth_type basic-auth_user admin--auth_pass password-v

As you can see from the following figure, the http response code received is 200, and the dictionary is generated successfully:

Agent URL

If the target site has a proxy server set up, Cewl will not be able to use the default command to generate a dictionary. At this point you need to use the-proxy option option to enable the proxy URL feature:

Cewl-- proxy_host 192.168.1.103-- proxy_port 3128-w dict.txt http://192.168.1.103/wordpress/

Summary

This is a full guide to the use of Kali Linux CeWL tools. I hope it can help you all!

On the Kali Linux dictionary generation tool Cewl is how to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.