Cewl wordlist generator is different from other wordlist generators as it takes the website URL as a parameter. It does so by crawling the website source code and picking up the interesting words from it. It comes preloaded with Kali Linux.
If it is not present on your Linux machine you can get it from here.
CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper.
For Kali Linux users you can find it in Applications->Password Attacks->Cewl
This tool can be used if you are targeting a person whose personal data is kept online and there is a possibility that he uses a weak password, which may be like his pet name or something else. This tool makes it crystal clear that one should not keep his personal data online, especially the data which is also included in your credentials.
To use this tool you can type the following command.
root@Hackingvision:~# cewl -w anyname.txt url
replace URL with the URL of the website or the webpage you want to generate the wordlist from.
From the command above the script will crawl the webpage look for important keywords and store each one of the interesting keywords in the output file “anyname.txt” this text file will be generated in the location you specified, if not then it will be in the same folder as cewl is.
This tool can be used by ethical hackers to demonstrate that how keeping a weak password can lead to a complete compromise to their privacy.
Earlier this week we mentioned about a wordlist generator dubbed as cupp, which is a python script to generate wordlist by the keywords given by the user and apart from that it asks you some questions about the target. It also allows you to download wordlist from its online repository, read more about cupp.
If you still have some doubts on the usage you can watch our video in which we have explained about how this tool works and gathers the keywords.