Kali includes a number of tools that can be used to help generate custom wordlists. These wordlists could then be used in online or offline brute force attacks.
Cewl
Cewl is a tool used to generate wordlists by scraping websites. It’s commonly used to create customized wordlists from the content of a website, which can then be used in password cracking attempts.
Command Line Options
| Option | Description | Example |
|---|---|---|
| -d [depth] | Set the depth to crawl (default is 2). | cewl -d 3 https://bordergate.co.uk (Crawl to a depth of 3 levels) |
| -m [min_length] | Set the minimum word length (default is 3). | cewl -m 5 https://bordergate.co.uk (Words longer than 5 characters) |
| -w [output_file] | Write the wordlist to a file. | cewl -w wordlist.txt https://bordergate.co.uk (Save to wordlist.txt) |
-c | Count the frequency of words in the list. | cewl -c https://bordergate.co.uk (List words with frequency counts) |
-n | Disable the addition of numbers to the wordlist. | cewl -n https://bordergate.co.uk (No numbers in wordlist) |
-e | Extract email addresses from the website. | cewl -e https://bordergate.co.uk (Find and list email addresses) |
| -a [user-agent] | Specify a custom user-agent string for the request. | cewl -a “Mozilla/5.0” https://bordergate.co.uk |
| –no-words | Don’t output the wordlist; used with --meta or --emails. | cewl –no-words –meta https://bordergate.co.uk |
| –meta | Extract meta descriptions and keywords from the website. | cewl –meta https://bordergate.co.uk (Extract metadata) |
| –offsite | Follow links to external sites (offsite links). | cewl –offsite https://bordergate.co.uk |
| –lowercase | Convert all words to lowercase. | cewl –lowercase https://bordergate.co.uk |
| –verbose | Provide detailed output. | cewl –verbose https://bordergate.co.uk |
Usage
┌──(kali㉿kali)-[~]
└─$ cewl -d 1 -m 5 -w wordlist.txt https://www.bordergate.co.uk
CeWL 6.1 (Max Length) Robin Wood (robin@digi.ninja) (https://digi.ninja/)
┌──(kali㉿kali)-[~]
└─$ head wordlist.txt
image
bordergate
Infrastructure
local
using
Windows
featured
https
System
BorderGate
Crunch
Crunch is a tool for creating custom word lists. It’s installed by default in Kali Linux. Crunch is particularly powerful because it lets users define not only the characters but also the length and complexity of the words generated, making it highly customizable for brute-force attacks or dictionary-based cracking attempts.
Command Line Options
| Option | Description | Example |
|---|---|---|
| -o <file> | Specify the output file for the wordlist. | -o mywordlist.txt |
| -c <number> | Number of characters per line (useful for specific length). | -c 12 |
| -t <pattern> | Use a pattern to generate the wordlist. | -t @@@1 (e.g., abc1, def1) |
| -a <charset> | Define a custom character set. | -a lsd (includes lowercase, special chars, digits) |
| -b <number> | Set the number of bytes (for binary files). | -b 16 |
| -e <charset> | Exclude specific characters from the charset. | -e 0 (exclude zeros) |
| -i | Incremental mode (useful for generating sequences). | -i |
| -l <length> | Generate wordlists of specific length. | -l 8 |
| -n <length> | Generate wordlists up to a specific length. | -n 12 |
| -m <number> | Minimum number of characters in the wordlist. | -m 8 |
| -p <number> | Maximum number of permutations. | -p 10000 |
| -u | Use unique words (avoids duplicates). | -u |
Usage Examples
| Description | Command |
|---|---|
| Generate a wordlist with one lowercase letter followed by 5 digits | crunch 6 6 -t @%%%%% -o wordlist |
| Generate a wordlist between 6 and 8 characters. | crunch 6 8 -o wordlist.txt |
| Generate a wordlist with lowercase letters, digits, and special characters. | crunch 4 6 -a lsd -o wordlist.txt |
| Generate all permutations of a word followed by two numbers. | crunch 12 12 -t bordergate%% |
| Generate all permutations of a word followed by a special character. | crunch 11 11 -t bordergate^ |
| Generate wordlist of specific length (e.g., 12 characters). | crunch 12 12 -o fixed_length_wordlist.txt |
| Generate a wordlist with a custom character set (e.g., abc123). | crunch 4 6 -a abc123 -o custom_charset_wordlist.txt |
Cupp
Cupp is a tool for creating custom word lists based on known information. In interactive mode, it asks a series of questions about the target user that might help in guessing their password.
┌──(kali㉿kali)-[~]
└─$ cupp -i
___________
cupp.py! # Common
\ # User
\ ,__, # Passwords
\ (oo)____ # Profiler
(__) )\
||--|| * [ Muris Kurgas | j0rgan@remote-exploit.org ]
[ Mebus | https://github.com/Mebus/]
[+] Insert the information about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;)
> First Name: Fred
> Surname: Flintstone
> Nickname: Twinkletoes
> Birthdate (DDMMYYYY): 30091960
> Partners) name: Wilma
> Partners) nickname:
> Partners) birthdate (DDMMYYYY): 30091960
> Child's name: Pebbles
> Child's nickname:
> Child's birthdate (DDMMYYYY): 22021980
> Pet's name: Dino
> Company name: Slate Rock and Gravel Company
> Do you want to add some key words about the victim? Y/[N]: Y
> Please enter the words, separated by comma. [i.e. hacker,juice,black], spaces will be removed: Brontosaurus
> Do you want to add special chars at the end of words? Y/[N]: Y
> Do you want to add some random numbers at the end of words? Y/[N]:Y
> Leet mode? (i.e. leet = 1337) Y/[N]: N
[+] Now making a dictionary...
[+] Sorting list and removing duplicates...
[+] Saving dictionary to fred.txt, counting 8896 words.
[+] Now load your pistolero with fred.txt and shoot! Good luck!
┌──(kali㉿kali)-[~]
└─$ tail fred.txt
wilma_93060
wilma_960
wilma_9600
wilma_96009
wilma_96030
wilma_96060
wilma_9609
wilma_96090
wilma_9960
wilma_99600