Generate Target Based WordList for Metasploitable 2 server

A wordlist is essentially a list of passwords that are collected in plain text. It's a text file that has a list of possible passwords that can be used to help someone crack passwords when necessary.

Usually, a wordlist helps for Brute forcing and Password Cracking Attacks. In ParrotSec and Kali Linux have their own inbuilt wordlists stored under /usr/share/wordlists/.

┌──(mrdev㉿mrdev)-[~]

└─$ cd /usr/share/wordlists/

┌──(mrdev㉿mrdev)-[/usr/share/wordlists]

└─$ ls

dirb       dnsmap.txt     fern-wifi   nmap.lst   rockyou.txt.gz  wfuzz

dirbuster  fasttrack.txt  metasploit  README.md  sqlmap.txt 

What if you want to use a customized wordlist for your work. There are too many amounts of tools that are available.

How to Generate a Wordlist for Password Cracking

This guide provides step-by-step instructions on how to generate wordlists for password cracking. Wordlists are essential tools for security professionals and ethical hackers to test and strengthen password security.

Goal: Generate a wordlist for an upcoming appearance on Brute forcing and Password cracking.

Generate a WordList using CeWL

Using CeWL you can build your own customized WordList. CeWL is a ruby app that spiders a given URL, up to a specified depth, and returns a list of words that can then be used for password crackers such as John the Ripper, hydra, Johnny, and many more.

CeWL comes pre-installed with Kali and ParrotSec OS so verify it using the help command and also find out some valuable information before creating a WordList.

┌─[mrdev@mr-dev]─[~]

└──╼ $cewl -h

CeWL 5.4.8 (Inclusion) Robin Wood ([email protected]) (https://digi.ninja/)

Usage: cewl [OPTIONS] ... <url>

    OPTIONS:

-h, --help: Show help.

-k, --keep: Keep the downloaded file.

-d <x>,--depth <x>: Depth to spider to, default 2.

-m, --min_word_length: Minimum word length, default 3.

-o, --offsite: Let the spider visit other sites.

--exclude: A file containing a list of paths to exclude

--allowed: A regex pattern that path must match to be followed

-w, --write: Write the output to the file.

-u, --ua <agent>: User agent to send.

-n, --no-words: Don't output the wordlist.

--lowercase: Lowercase all parsed words

--with-numbers: Accept words with numbers in as well as just letters

--convert-umlauts: Convert common ISO-8859-1 (Latin-1) umlauts (ä-ae, ö-oe, ü-ue, ß-ss)

-a, --meta: include meta data.

--meta_file file: Output file for meta data.

-e, --email: Include email addresses.

--email_file <file>: Output file for email addresses.

--meta-temp-dir <dir>: The temporary directory used by exiftool when parsing files, default /tmp.

-c, --count: Show the count for each word found.

-v, --verbose: Verbose.

--debug: Extra debug information.

Authentication

--auth_type: Digest or basic.

--auth_user: Authentication username.

--auth_pass: Authentication password.

Proxy Support

--proxy_host: Proxy host.

--proxy_port: Proxy port, default 8080.

--proxy_username: Username for proxy, if required.

--proxy_password: Password for proxy, if required.

Headers

--header, -H: In format name:value - can pass multiple.

    <url>: The site to spider.

┌─[mrdev@mr-dev]─[~]

└──╼ $

Using CeWL

Running of CeWL tool is quite easy just insert the below command on your terminal:

┌─[mrdev@mr-dev]─[~]

└──╼ $cewl 192.168.56.3 -w wordlist.lst

CeWL 5.4.8 (Inclusion) Robin Wood ([email protected]) (https://digi.ninja/)

┌─[mrdev@mr-dev]─[~]

└──╼ $

Once the process is completed you can find them from the current directory i.e. home/username:

┌─[mrdev@mr-dev]─[~]

└──╼ $ls

 Desktop     Downloads   Videos     wordlist.lst

 Documents   Pictures   Templates  'VirtualBox VMs'

┌─[mrdev@mr-dev]─[~]

└──╼ $