Generate Target Based WordList for Metasploitable 2 server

A wordlist is essentially a list of passwords that are collected in plain text. It's a text file that has a list of possible passwords that can be used to help someone crack passwords when necessary.

Usually, a wordlist help full for Brute forcing and Password Cracking Attacks. In ParrotSec and Kali Linux have their own inbuild wordlists stored under /usr/share/wordlists/.

└─$ cd /usr/share/wordlists/

└─$ ls
dirb       dnsmap.txt     fern-wifi   nmap.lst   rockyou.txt.gz  wfuzz
dirbuster  fasttrack.txt  metasploit  sqlmap.txt 

What if you want to use a customized wordlist for your work. There are too many amounts of tools that are available.

How to Generate a Wordlist for Password Cracking

This guide provides step-by-step instructions on how to generate wordlists for password cracking. Wordlists are essential tools for security professionals and ethical hackers to test and strengthen password security.

Goal: Generate a wordlist for an upcoming appearance on Brute forcing and Password cracking.

Generate a WordList using CeWL

Using CeWL you can build your own customized WordList. CeWL is a ruby app that spiders a given URL, up to a specified depth, and returns a list of words that can then be used for password crackers such as John the RipperhydraJohnny, and many more.

CeWL comes pre-installed with Kali and ParrotSec OS so verify it using the help command and also find out some valuable information before creating a WordList.

└──╼ $cewl -h
CeWL 5.4.8 (Inclusion) Robin Wood ( (
Usage: cewl [OPTIONS] ... <url>

-h, --help: Show help.
-k, --keep: Keep the downloaded file.
-d <x>,--depth <x>: Depth to spider to, default 2.
-m, --min_word_length: Minimum word length, default 3.
-o, --offsite: Let the spider visit other sites.
--exclude: A file containing a list of paths to exclude
--allowed: A regex pattern that path must match to be followed
-w, --write: Write the output to the file.
-u, --ua <agent>: User agent to send.
-n, --no-words: Don't output the wordlist.
--lowercase: Lowercase all parsed words
--with-numbers: Accept words with numbers in as well as just letters
--convert-umlauts: Convert common ISO-8859-1 (Latin-1) umlauts (ä-ae, ö-oe, ü-ue, ß-ss)
-a, --meta: include meta data.
--meta_file file: Output file for meta data.
-e, --email: Include email addresses.
--email_file <file>: Output file for email addresses.
--meta-temp-dir <dir>: The temporary directory used by exiftool when parsing files, default /tmp.
-c, --count: Show the count for each word found.
-v, --verbose: Verbose.
--debug: Extra debug information.

--auth_type: Digest or basic.
--auth_user: Authentication username.
--auth_pass: Authentication password.

Proxy Support
--proxy_host: Proxy host.
--proxy_port: Proxy port, default 8080.
--proxy_username: Username for proxy, if required.
--proxy_password: Password for proxy, if required.

--header, -H: In format name:value - can pass multiple.

    <url>: The site to spider.

└──╼ $

Using CeWL

Running of CeWL tool is quite easy just insert the below command on your terminal:

└──╼ $cewl -w wordlist.lst
CeWL 5.4.8 (Inclusion) Robin Wood ( (
└──╼ $

Once the process is completed you can find them from the current directory i.e. home/username:

└──╼ $ls
 Desktop     Downloads   Videos     wordlist.lst
 Documents   Pictures   Templates  'VirtualBox VMs'
└──╼ $

Next: Gain Access using vsftpd 2.3.4

Prev: Try Brute-forcing the Metasploitable 2 server

Post a Comment

If you have any doubts or any queries you can specify here.

Previous Post Next Post