Objective: The objective of this exercise is to learn how to use the Cewl and Crunch tools in
Kali Linux to generate password lists for use in penetration testing or password cracking.
Lab Setup:
● Kali Linux machine
● Target website or wordlist (optional) [ Take DVWA as reference site]
Step 1: Open a terminal in Kali Linux and update the system by running the command “sudo
apt-get update”
Step 2: Install Cewl by running the command “sudo apt-get install cewl”
Step 3: Use Cewl to scrape a website for words to create a wordlist. The basic syntax of the
command is “cewl [website] -w [output file]”. For example, to scrape the website
“example.com” and save the wordlist to a file named “example_wordlist.txt”, the command
would be “cewl example.com -w example_wordlist.txt”
Step 4: Install Crunch by running the command “sudo apt-get install crunch”
Step 5: Use Crunch to generate a wordlist based on a pattern. The basic syntax of the
command is “crunch [min length] [max length] [charset] -o [output file]”. For example, to
generate a wordlist of 8-12 characters using lowercase letters and numbers, and saving the
wordlist to a file named “crunch_wordlist.txt”, the command would be “crunch 8 12
abcdefghijklmnopqrstuvwxyz0123456789 -o crunch_wordlist.txt”
Step 6: Once the wordlists are generated, you can use them for password cracking or for
other penetration testing purposes.
References:
● https://tools.kali.org/password-attacks/cewl
● https://tools.kali.org/password-attacks/crunch
Note: This exercise is to be used in a controlled and legal environment, and not to be used
for any illegal activities.
