CeWL Guide - Kali Wordlist Generator Tool

If you’re into penetration testing, password auditing, or red team assessments, then CeWL is a tool you absolutely need to master.
CeWL is a powerful custom wordlist generator that crawls websites and extracts keywords. These keywords can then be used in password cracking tools like John the Ripper, Medusa, Hydra, or WFuzz.
In this complete guide, we’ll explore how CeWL works, its most important options, and real command examples you can use during authorized security testing.

Introduction to CeWL 🧠​

CeWL (Custom Word List generator) is a Ruby-based tool that:

• Crawls a target website
• Extracts words from its content
• Generates a custom wordlist
• Supports metadata and email extraction

It comes preinstalled in Kali Linux, which makes it easy to use during penetration testing engagements.
Basic syntax: cewl <url> [options]
To view all available options: cewl -h

---

Why Use CeWL in Penetration Testing? 🎯​

Generic wordlists are useful, but custom wordlists are more effective.
Websites often use:

• Company names
• Employee names
• Product names
• Industry-specific terms

CeWL extracts these words directly from the target website, making password attacks more realistic and targeted.

---

Default Procedure - Generate a Basic Wordlist 🚀​

To generate a simple wordlist from a website:

cewl http://www.vulnweb.com

By default:

• Spider depth = 2
• Minimum word length = 3

This command crawls the site and prints extracted words to the terminal.

---

Store the Wordlist in a File 📁​

To save the output into a file, use the -w option:

cewl http://www.vulnweb.com -w dict.txt

Now all extracted words will be saved inside dict.txt.
This is useful for:

• Password cracking
• Brute-force testing
• Record keeping

---

Generate a Wordlist of Specific Length 🔢​

If you want only longer words (for example 10+ characters), use the -m option:

cewl http://www.vulnweb.com -m 10 -w dict.txt

This creates a wordlist where:

• Each word has at least 10 characters
• Saved in dict.txt

Longer passwords are common in enterprise environments.

---

Retrieve Emails from a Website 📧​

To extract email addresses:

cewl https://digi.ninja/contact.php -e -n

Options used:

• -e → Extract emails
• -n → Don’t output wordlist

This helps in:

• OSINT gathering
• Username enumeration
• Social engineering assessments

---

Count Repeated Words 🔁​

To count how many times a word appears:

cewl http://www.vulnweb.com -c

This shows frequency of each word.
Useful for:

• Identifying important keywords
• Prioritizing password attempts

---

Increase Spider Depth 🕷️​

Default depth is 2.
To increase crawling depth:

cewl http://www.vulnweb.com -d 3

Higher depth means:

• More pages crawled
• Larger wordlist
• More comprehensive data

Be careful - deeper crawling increases scan time.

---

Verbose Mode 📢​

To see detailed crawling output:

cewl http://www.vulnweb.com -v

Verbose mode shows:

• URLs visited
• Crawling progress
• Additional information

Great for troubleshooting.

---

Generate Alphanumeric Wordlist 🔠🔢​

By default, CeWL extracts only alphabetic words.
To include numbers:

cewl http://testphp.vulnweb.com/artists.php --with-numbers

This is useful because many passwords contain numbers.

---

CeWL with Authentication 🔑​

Some websites require login.
CeWL supports Basic and Digest authentication.
Example:

cewl http://testphp.vulnweb.com/login.php --auth_type Digest --auth_user test --auth_pass test -v

Options used:

• --auth_type → Digest or Basic
• --auth_user → Username
• --auth_pass → Password

This allows crawling authenticated areas.

---

Convert All Words to Lowercase 🔡​

If you need all words in lowercase:

cewl http://example.com --lowercase

This ensures compatibility with certain cracking tools.

---

Proxy Support 🌐​

If you're using a proxy server (like Burp Suite), configure proxy options:

cewl http://192.168.1.141 --proxy_host 192.168.1.141 --proxy_port 3128

Options:

• --proxy_host → Proxy IP
• --proxy_port → Proxy port

This is helpful when:

• Testing through intercepting proxy
• Routing traffic via VPN
• Using corporate lab environments

---

General Important Options Summary 📌​

Some commonly used flags:

• -d <x> → Spider depth
• -m <x> → Minimum word length
• -w file → Write output to file
• -e → Extract emails
• -c → Word count
• -v → Verbose mode
• --with-numbers → Include alphanumeric words

---

When Should You Use CeWL? 🧠​

CeWL is useful during:

• Red team assessments
• Password auditing
• Active Directory testing
• Web application reconnaissance
• OSINT investigations

Custom wordlists increase success rate dramatically compared to generic dictionaries.

---

Important Ethical Reminder ⚠️​

Only use CeWL on:

• Systems you own
• Authorized penetration tests
• Legal lab environments

Unauthorized crawling may violate laws or policies.
Always test responsibly.

---

Final Thoughts 🚀​

CeWL is a powerful and underrated Kali Linux tool for custom wordlist generation. If you're serious about penetration testing or ethical hacking, mastering CeWL will improve your reconnaissance and password auditing techniques.
Custom wordlists = smarter attacks.
Practice in lab environments and integrate CeWL into your testing workflow 🔐💻