Password Extraction from Website Content

Disclaimer

This guide is solely for educational purposes only. Any acts of hacking taught here is for Ethical Hacking. Any hacking actions done without permission of owner is considered an illegal act by the law. Hence, do practice on your own network structure and your own devices.

Brute forcing password can take up such a long time, especially if you try brute forcing aimlessly and randomly. However, there is a tool that can help you get a list of potential passwords of websites.

CeWL

CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper, Hydra, WPScan, etc.

Using CeWL is very simple:

  • -d = means depth, the higher the depth means that CeWL would go deeper into the website to find words.
  • -m = means length, it means the minimum word length that should be considered
  • -w= means write, it will store the word list into a .txt file by the name which you inputted next to it. If file does not exist, then it will create a new .txt file.
  • Lastly, the URL you want to get the keywords from. This URL is of course most probably be the website that you are trying to find the password to or it can be the website of known user/admin or the subdomain of the website

Leave a Reply

Your email address will not be published. Required fields are marked *