top of page

Password Wordlist Creation using ceWL and Crunch

For doing password attacks, wordlist plays a very important role. Wordlist is a file that contains hundreds to billions of potential passwords. It sizes from KBs to GBs. This wordlist can be inputted to crack the password. There are some sites from which wordlist can be downloaded as:


packetstormsecurity.com/crackers/wordlists or openwall.com/wordlist


Also there is a built in wordlist stored in kali Linux in usr/share/wordlists directory. There is a file named rockyou.txt.gz. After unzipping, this file sizes around 140 MB. Also in usr/share/john directory, there is a wordlist named password.lst. This is actually a sample wordlist comes with John the Ripper.


But you can’t rely on wordlist. Though a wordlist has millions of passwords, but there is a chance that it doesn’t contain that ‘one’ intended password. Hence, it is advised to create your own wordlist of potential passwords as per scenario need using social engineering.




Deliverable 1:


Lab Set up

Attacker’s System: Kali Linux

Tool: ceWL


In Kali Linux --> Terminal


To create a wordlist based on contents of the site using ceWL.

~# cewl –w [wordlist_name.txt] –d 1 –m 5 [website_name]


Here, cewl --> tool to create a wordlist

-w --> write to (i.e. a new file to be created as a wordlist)

-d --> depth (i.e. how many links of the site should be followed)

1 --> count for links of the site should be followed (this can be changed as needed)

-m --> minimum word length

5 --> size for minimum word length (this can be changed as needed)


The above command will create a wordlist of potential passwords with minimum word length of 5 letters using a single link (web page) of the website.




Deliverable 2:


Lab Set up

Attacker’s System: Kali Linux

Tool: Crunch


In Kali Linux --> Terminal


To create a wordlist based on a criteria i.e. character set using Crunch.

~# crunch 5 6 AB –o [filename.txt]


Here, crunch --> tool to create a wordlist

5 --> size for minimum word length (this can be changed as needed)

6 --> size for maximum word length (this can be changed as needed)

AB --> character set string

-o --> output (i.e. storing results into wordlist file)

[filename.txt] --> new file to be created


The above command will create a wordlist that may not have meaningful words. These words will have a size of 5 to 6 letters. Some of them can be as follows:

AAAAAA

AAAAAB

.

.

.

and so on...


bottom of page