SOCIALS 

SUBSCRIBE 

 Keeping you informed | Latest News 

© 2018 Dr. Chaos 

doctorchaos.com and drchaos.com is a blog dedicated to Cyber Counter Intelligence and Cybersecurity technologies. The posts will be a discussion of concepts and technologies that make up emerging threats and techniques related to Cyber Defense. Sometimes we get a little off-topic. Articles are gathered or written by cyber security professionals, leading OEMs, and enthusiasts from all over the world to bring an in-depth, real-world, look at Cyber Security. About this blog doctorchaos.com and drchaos.com and any affiliate website does not represent or endorse the accuracy or reliability of any information’s, content or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website, nor the quality of any products, information’s or any other material displayed, purchased, or obtained by you as a result of an advertisement or any other information’s or offer in or in connection with the services herein. Everything on this blog is based on personal opinion and should be interoperated as such. Contact Info If you would like to contact this blog, you may do so by emailing ALAKHANI(AT)YMAIL(DOT)COM  

CYBER & INFOSEC

"blogger, InfoSec specialist, super hero ... and all round good guy" 

DISCUSSIONS, CONCEPTS & TECHNOLOGIES FOR THE WORLD OF

JOIN THE DISCUSSION

Creating custom dictionary files using CeWL

Most people incorporate commonly used words as their passwords. Studies show when people select random passwords, there is very little randomization to the words. Furthermore, as more large sites have their user’s passwords leaked, attackers are figuring out common password obfuscation techniques people use and writing their exploits around those techniques. Think you are being clever about replacing a “0” (zero) with the letter O, or replacing the number “3” with the letter “E” – well attackers know this and are now incorporating that into their password cracking programs.

The website How Secure is Your password (https://howsecureismypassword.net/) estimates how long a computer would take to brute force your password. However, when you add in parallel processors, multi-tasking, and advances in processing power, you can assume this number will exponentially decrease.  Using these techniques and knowledge attackers have gained from recent password attacks we know password attacks can now be reduced from years to just days.

One common technique being used by attackers is to create custom dictionary files that target organizations or individuals from specific websites such as an organizations website, blog, Linkedin profiles, Twitter, or Facebook.

CeWL is a tool that is built into Kali Linux and other Linux based distributions. It can also be installed on most systems that do not have it. CeWL, mean the Custom Word List generator. CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.

To use CeWL, open up a command prompt in Kali Linux (your favorite Linux distribution). The reason we prefer Kali Linux is because CeWL works right out of the box.


To use CeWL you simply type in the command, the target url and what you want the output file to be.

cewl www.drchaos.com -w drchaospasswords.txt



This will generate a word list from our target URL (use a URL you have permission to scrape). By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behavior can be changed by passing arguments.


Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains that you do not have permission to scrape.

By default CeWL will scrape all words of 3 characters or more and output the results to the screen. This length can be increased and the words can be written to a file rather than screen so the app can be automated. CeWL by default will not go further than two links down in a domain. This depth can also be changed if needed. We can do this by using the –d option to set the depth.

We may also want to set the minimum word count. For example we may want to target words with 8 or more characters. We can do this by using the –m switch.


In the following example we will limit our site search to a depth of 1 and limit our word count to 8 or more character words. We issue the following command:



You can now use this wordlist in popular programs such as john the ripper and other security tools to audit the password strength of your organization.