CeWL: Tool for generating custom wordlist for Password Cracking

CeWL is an awesome Ruby-based tool used by Pentesters to generate a custom wordlist to bombard the target. CeWL is short for a Custom Word List generator. Usage of the tool is simple and it provides a comprehensive word list to test the target. Further, you can use a wordlist with password cracker tools such as John the Ripper, ffuf, wfuzz, Burpsuite (Intruder), etc.

This tool is preinstalled on Kali Linux operating system, which is most popular among cybersecurity professionals. Although, you can install this tool very easily by following the steps mentioned in this blog.

Quick Usage

Here, cewl goes up to a depth of 2 links (-d option) and takes a minimum word length of 5 (-m option). Further, you save that wordlist by using the -w option.

cewl -d 2 -m 5 -w <wordlist-file> <target-url>

Download and Installation

You can clone the repository and make it executable by using the u+x option with chmod utility.

chmod u+x ./cewl.rb

Then, run it with the below command:


Top Examples of CeWL

(1) Quick Run

If you are in hurry, just give URL as input.

cewl <target-url>

(2) Set the limit on the word length of each word

Here, -m option set the minimum word length. If you have not given any input related to word length, default value is 3.

cewl <target-url> -m 7

(3) Save the custom wordlist

By using the -w option, cewl write the output to the file.

cewl -w <wordlist-file> <target-url>

(4) Provide output in verbose mode

If you are more curious about what's happening while running the cewl, use -v option to display everything on the terminal window.

cewl -v <target-url> 

(5) Extract email list from that target

Here, -n option ignores the wordlist and collects only email addresses while displaying the output wordlist.

cewl -n -e <target-url> 

(6) Activate debug mode

This option activates the debug mode and provides extra information.

cewl --debug <target-url> 

(7) Increase depth

This option enhances the size of the wordlist by increasing the depth of collecting words (spider feature). If you have not provided any depth, the default is 2.

cewl -d 4 <target-url> 

(8) Provide a count of words that appear on a webpage

-c option provides a count of each word in a custom wordlist.

cewl -c <target-url> 

(9) Display Help

If you want to explore more features of this awesome tool, just go for the help option.

cewl -h

(10) Display the wordlist in lowercase only

Display custom wordlist in lowercase only by using the --lowercase option.

cewl --lowercase <target-url>

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues What is Cyber Warfare?