CeWL — Custom Wordlist Generator from Websites

What is CeWL?

CeWL (Custom Word List generator) is a Ruby-based tool that spiders a target website to a specified depth and returns a list of unique words found across its pages. The key insight behind CeWL is that people often use words related to their organization — product names, slogans, department names, employee handles — as passwords. A wordlist generated directly from a target's own website is far more effective in password spray and brute-force attacks than generic lists like rockyou.txt.

⚠ Legal Notice

Only use on systems you own or have explicit written permission to test. Unauthorized use violates Pakistan's PECA 2016 and international cybercrime laws.

Installation

# Update packages
sudo apt update

# Install CeWL (pre-installed on Kali)
sudo apt install cewl -y

# Verify
cewl --help

Basic Usage

# Spider a site and output unique words (default depth: 2)
cewl https://target.com

# Set crawl depth
cewl -d 3 https://target.com

# Set minimum word length (default: 3)
cewl -m 6 https://target.com

# Save wordlist to a file
cewl -w wordlist.txt https://target.com

# Include email addresses found on the site
cewl -e -w wordlist.txt https://target.com

# Count word frequency and show it
cewl -c https://target.com

# Combine depth, min length, emails, and output
cewl -d 3 -m 8 -e -w custom_wordlist.txt https://target.com

# Authenticate before spidering (basic auth)
cewl --auth_type basic --auth_user admin --auth_pass password https://target.com/admin

Common Flags

-d — Spider depth (how many links deep to follow)
-m — Minimum word length to include
-w — Write output to a file instead of stdout
-e — Include email addresses in the wordlist
-c — Show word count/frequency alongside each word
--lowercase — Convert all words to lowercase
--with-numbers — Include words containing numbers
--ua — Set a custom User-Agent string

Common Use Cases

Generating targeted wordlists for password spraying attacks
CTF (Capture The Flag) competitions involving login portals
Authorized internal security audits of web applications
Bug bounty reconnaissance to build target-specific dictionaries

Tips & Best Practices

After generating your list, pipe it through john or hashcat rules to create mutations — appending numbers, capitalizing first letters, and adding special characters. This dramatically increases coverage without bloating the wordlist size. Combine CeWL output with hydra or medusa for credential brute-forcing against SSH, FTP, or web login forms.

Practice on legal targets like TryHackMe, HackTheBox, or hackzia.site labs before using in live engagements.