digininja/CeWL digininja/CeWL

  • Stars
    star
    1,727
  • Rank 25,920 (Top 0.6 %)
  • Language
    Ruby
  • Created about 8 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
digininja/CeWL
github

digininja

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CeWL is a Custom Word List Generator

CeWL - Custom Word List generator

Copyright(c) 2022, Robin Wood [email protected]

Based on a discussion on PaulDotCom (episode 129) about creating custom word lists spidering a targets website and collecting unique words I decided to write CeWL, the Custom Word List generator. CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behaviour can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

For anyone running CeWL with Ruby 2.7, you might get some warnings in the style:

.../ruby-2.7.0/gems/mime-types-3.2.2/lib/mime/types/logger.rb:30: warning: `_1' is reserved for numbered parameter; consider another name

This is due to a new feature introduced in 2.7 which conflices with one line of code in the logger script from the mime-types gem. There is an update for it in the gem's repo so hopefully that will be released soon. Till then, as far as I can tell, the warning does not affect CeWL in any way. If, for asthetics, you want to hide the warning, you can run the script as follows:

ruby -W0 ./cewl.rb

Homepage: https://digi.ninja/projects/cewl.php

GitHub: https://github.com/digininja/CeWL

Pronunciation

Seeing as I was asked, CeWL is pronounced "cool".

Installation

CeWL needs the following gems to be installed:

  • mime
  • mime-types
  • mini_exiftool
  • nokogiri
  • rubyzip
  • spider

The easiest way to install these gems is with Bundler:

gem install bundler
bundle install

Alternatively, you can install them manually with:

gem install xxx

The gem mini_exiftool gem also requires the exiftool application to be installed.

Assuming you cloned the GitHub repo, the script should by executable by default, but if not, you can make it executable with:

chmod u+x ./cewl.rb

The project page on my site gives some tips on solving common problems people have encountered while running CeWL - https://digi.ninja/projects/cewl.php

Usage

./cewl.rb

CeWL 5.5.2 (Grouping) Robin Wood ([email protected]) (https://digi.ninja/)
Usage: cewl [OPTIONS] ... <url>

    OPTIONS:
	-h, --help: Show help.
	-k, --keep: Keep the downloaded file.
	-d <x>,--depth <x>: Depth to spider to, default 2.
	-m, --min_word_length: Minimum word length, default 3.
	-o, --offsite: Let the spider visit other sites.
	-w, --write: Write the output to the file.
	-u, --ua <agent>: User agent to send.
	-n, --no-words: Don't output the wordlist.
	-a, --meta: include meta data.
	--meta_file file: Output file for meta data.
	-e, --email: Include email addresses.
	--email_file <file>: Output file for email addresses.
	--meta-temp-dir <dir>: The temporary directory used by exiftool when parsing files, default /tmp.
	-c, --count: Show the count for each word found.
	-v, --verbose: Verbose.
	--debug: Extra debug information.

	Authentication
	--auth_type: Digest or basic.
	--auth_user: Authentication username.
	--auth_pass: Authentication password.

	Proxy Support
	--proxy_host: Proxy host.
	--proxy_port: Proxy port, default 8080.
	--proxy_username: Username for proxy, if required.
	--proxy_password: Password for proxy, if required.

	Headers
	--header, -H: In format name:value - can pass multiple.

    <url>: The site to spider.

Running CeWL in a Docker container

To quickly use CeWL on your machine with Docker, you have to build it :

  1. Build the container : 
    docker build -t cewl .
  2. Container usage without interacting with local files : 
    docker run -it --rm cewl [OPTIONS] ... <url>
  3. Container usage with local files as input or output : 
    # you have to mount the current directory when calling the container 
docker run -it --rm -v "${PWD}:/host" cewl [OPTIONS] ... <url>

I am going to stress here, I am not going to be offering any support for this. The work was done by @loris-intergalactique who has offered to field any questions on it and give support. I don't use or know Docker, so please, don't ask me for help.

Licence

This project released under the Creative Commons Attribution-Share Alike 2.0 UK: England & Wales

http://creativecommons.org/licenses/by-sa/2.0/uk/

Alternatively, you can use GPL-3+ instead the of the original license.

http://opensource.org/licenses/GPL-3.0

More Repositories

1

DVWA

Damn Vulnerable Web Application (DVWA)
PHP
9,224
star
2

pipal

Pipal, THE password analyser
Ruby
607
star
3

RSMangler

RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.
Ruby
187
star
4

nosqlilab

A lab for playing with NoSQL Injection
PHP
125
star
5

GitHunter

A tool for searching a Git repository for interesting content
Go
90
star
6

authlab

A lab to play with authentication and authorisation problems
HTML
87
star
7

vuLnDAP

A vulnerable LDAP based web app written in Golang
Go
74
star
8

CloudStorageFinder

A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces
Ruby
59
star
9

leakyrepo

A repo which contains lots of things which it shouldn't
42
star
10

scanner_user_agents

A list of user agents belonging to common web scanners.
37
star
11

sitediff

Fingerprint a web app using local files as the fingerprint sources
Ruby
37
star
12

twofi

Twitter Words of Interest - Generate word lists from twitter searches
Ruby
31
star
13

svg_xss

Defending against XSS in SVG files
PHP
30
star
14

RSYaba

RSYaba Modular Brute Force Attacker
Ruby
19
star
15

pat_to_pass

Pat to Pass - Convert observed key presses to potential password lists
Ruby
13
star
16

powershell_port_scanner

A port scanner written in PowerShell
PowerShell
12
star
17

deleet

Take a word list and convert 1337 spellings back to normal
Ruby
11
star
18

bearer_injection

A script to run with mitmproxy to inject a bearer token into every request.
Python
10
star
19

gin_tutorial

Learning to build web apps in Gin. Don't expect anything new or ground breaking, I'm just following tutorials.
Go
9
star
20

go_practice

My practice Go files
Go
7
star
21

ots-cert-demo

Proof of concept code to go with my OTS Certificate blog post
Go
6
star
22

cracked_flask

A very simple lab for cracking Flask session cookies
Python
6
star
23

cachepoisoner

A lab to play with web cache poisoning
PHP
6
star
24

typo_squatter

Suggest common typos to a given domain name which could be in use by typo squatters
Ruby
5
star
25

DumbContracts

Learning and playing with Ethereum Smart Contracts
Solidity
4
star
26

digininja

All about me!
2
star
27

sockettome

A lab for security testing web sockets
PHP
2
star
28

dvwa.github.io

Source code for the DVWA homepage.
CSS
1
star
29

kb2severity

Lookup the MS severity for a given KB
Go
1
star
30

october_apache_test

A test for October CMS to see if Apache is setup correctly
PHP
1
star