Cool Tools Series: CeWL

Categories: ,

Posted on

By

Jason Taylor

Cool Tools Series: CeWL

Lead Penetration Tester Jason Taylor brings CeWL to our Cool Tools Series showing how this Custom Word List generator can improve hashcat results.

Are you performing a password audit for your internal domain or performing an authorized penetration test and need to crack some password hashes? Employees often select predictable passwords containing a root word related to the company or the industry the company operates in. 

CeWL (Custom Word List generator) is a tool that helps automate the creation of a custom word list based on web content by pulling out words associated with the company and industry to help populate a custom word list. 

Using CeWL

CeWL is a Ruby program that is available on GitHub and also comes installed natively on Kali Linux

Installation is as simple as ensuring you have Ruby available and following the instructions on the GitHub repository.

In this example, we’ll assume we have the following password hash for a fictional agriculture company:

Sample password hash

We can try running this through hashcat using the rockyou.txt word list, but this password hash will not be cracked with that word list. We need something more customized. 

Here we see the website for our fictional company, agriculture.local. 

Sample local website for our test

If we point CeWL to this website, it will pull out each word that is used on the website. We can run it by entering this command. Using -w outputs the word list to a file. 

./cewl.rb -w custom-wordlist.txt http://agriculture.local
CeWL command

After the tool runs, we can take a look at what it found:

Custom wordlist CeWL creating using our website

We can run this word list through hashcat using a couple of extra flags to extend the candidate word list using rules. The word list will just be the single words found on the site. It is likely the employees would add a year or special character as well if they used a word from the site as part of their password. 

hashcat -m 1800 -r append_year -r append_special.rule password.hash custom-wordlist.txt
Hashcat command using CeWL wordlist and rules that add years and special characters

Running hashcat with rules to append the current and previous year as well as a special character, we find that the password is cracked in no time:

Hashcat results showing password cracked

Summary

When employees choose a password, it’s often the case that a number of them will use the company name or a phrase based around the company. If there’s a motto or common industry terms, people may also choose those as the base syntax for their passwords. 

CeWL can help you generate a custom word list based around a specific company by pulling words from the company’s website. When combining a custom word list from CeWL with a series of rules to modify the password by adding year or special characters, your chances of cracking a password are greatly increased. 

Please check back for the next post in the Cool Tools series!

Written by

Jason Taylor

Jason has a passion for asking “what-if” questions and for trying to “break” software and test how it responds to unintended uses. Jason has a background in System Administration and Security Engineering in the financial sector. He holds both defensive and offensive certifications including OSCP, PNPT, GCIH, CASP+, and is Splunk Certified. When he’s not spending his time taking new training courses, he loves spending time with his wife and kids and occasionally working on an IoT project to automate some aspect of their greenhouse or chicken coop.

Like what you’ve learned from Raxis?

Contact us to receive an expert-led penetration test, and we’ll also show you step-by-step how to recreate our attack against your own systems.

Penetration Testing

Raxis Attack

Continuous, expert-led PTaaS combined with advanced automation to uncover and address hidden vulnerabilities, ensuring your business stays ahead of evolving cyber threats while maintaining regulatory compliance.

Learn More

Raxis Protect

Continuous vulnerability scanning, real-time asset management, and expert guidance to proactively identify and address security gaps across your entire digital ecosystem, ensuring 24/7 protection against evolving cyber threats.

Learn More

Raxis Strike

Tailored, expert-led penetration testing that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn More

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn More

Article Tags

Categories

,

More From Raxis

  • AD Series: Using Evil-WinRM to Get NTDS Manually

    AD Series: Using Evil-WinRM to Get NTDS Manually
    By Andrew Trexler • March 11, 2025
    Read More
  • Password Series: 8 Practical First Steps to Crack Difficult Passwords

    Password Series: 8 Practical First Steps to Crack Difficult Passwords
    By Ryan Chaplin • February 25, 2025
    Read More
  • Cool Tools Series: Vim

    Cool Tools Series: Vim
    By Andrew Trexler • January 14, 2025
    Read More