Breaking

Saturday, February 09, 2019

EP 11-HOW TO MAKE CUSTOM WORDLIST IN KALI LINUX| HOW TO MAKE WORDLIST US...


HOW TO MAKE CUSTOM WORDLIST IN KALI LINUX| HOW TO MAKE WORDLIST USING WINDOWS || CEWL

🕵DISCLAIMER:Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and Kali Tutorials will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.

👇SUBSCRIBE


👋Hey Guys in this video i am delivering an intro about what you will find this course and what is ethical hacking?


CeWL - Custom Word List generator
Based on a discussion on PaulDotCom episode 129 about creating custom word lists by spidering a targets website and collecting unique words I decided to write CeWL, the Custom Word List generator. CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

The Practical Usage of CeWL

CeWL is a very useful utility that is written in Ruby. It allows you to create custom wordlists, which are used for cracking passwords, based on a specified URL. The utility will “crawl” the specified site, as well as any links on the site to the depth you specify, and return a list of words from that site. You can filter the returned wordlist to include only words of a certain length of your choosing. It comes installed with Kali Linux by default.
Humans are creatures of habit, and tend to use real words as a basis for their passwords. Often, they tend to use words based on what they like, or words that are associated with hobbies, or their occupation. Mining this information when targeting a specific individual is typically pretty simple, since everyone tends to publicly
Now that we know what CeWL is, and what it’s used for, let’s see how it works. CeWL is able to take several parameters, all of which are listed with the command:

cewl -h

In its basic form, CeWL is a very powerful tool that can be used with a fairly small set of parameters. Of use to us in this example will be to set a minimum word size (5 letters is a good place to start), an output file that will contain all of our words, the depth of links that we want CeWL to crawl (if not specified this default to 2 links deep), and a URL to crawl.

A couple of parameters to really think about here are the word size and the depth of links that we’re going to crawl. Personally, I like to start with a word size of 5 at a minimum. Typically, passwords are required to be 7 or 8 letters in length, so a user is fairly unlikely to pick a 3 or 4 letter word as a root word to their password. 5 characters is a good place to start, and to make the list smaller, you could start with 6 or 7 letters if you thought that’d be best. Experimentation is king here and everyone has their own technique.

The second big decision to make with CeWL is how many links deep we want to crawl. Say, for example, if you leave this at the default of two links. Specifying two links deep essentially tells CeWL “Crawl the page I specify… all of the links on that page… and then all of the links on each of those pages, and then stop.

Another parameter that you may include is the -o flag. This takes no value, and if set, simply tells CeWL that it’s ok to follow off-site links. If this isn’t specified, CeWL will keep its searches on-site only with the URL you specify. So, if for example you specify a Wikipedia.org URL to CeWL, CeWL won’t follow the many off-site reference links at the bottom of the page.

For this example, let’s assume that we’re targeting an individual. We’ve obtained the password hash to their user account, WPA2 key, etc. and we know by browsing their open social media profiles that they are infatuated with the series Game of Thrones. We might use a command like this to generate a CeWL wordlis
I hope you guys learn from this course and share it with everyone.

DON'T FORGET TO SUBSCRIBE TO MY CHANNEL.

MY INSTAGRAM ID:
https://www.instagram.com/faizann_ali/

facebook page;
https://www.facebook.com/pg/hackvines.faizan

LIKE👍
COMMENT🗣
SHARE👬👫
SUBSCRIBE✌🤘

No comments:

Post a Comment