CeWL – Custom Wordlist Generator

CeWL, the Custom Word List generator. CeWL is a ruby app which spiders a given url to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Ripper. CeWL also has an associated command line app, FAB (Files Already Bagged) which uses the same meta data extraction techniques to create author/creator lists from already downloaded.

Type cewl -h for help


  • cewl -v -m 8 -w /root/Desktop/cewl.txt example.com

-v verbose, -m minimum word length to crawl, -w write output to a file and website CeWL will crawl. Grab coffee or beer because this will take sometime it depends on how big is your target website.

Screenshot from 2016-02-24 21:09:12

After finishing the scan you want to know how many words are added to the file type wc -l /root/Desktop/cewl.txt to count the number of words. As you see 548 words are added to my wordlist. What now? You can feed it on Aircrack, Pyrit, or John the Ripper because most of the time admins are using usernames and passwords that you can easily find in their websites.

Screenshot from 2016-02-24 21:14:11


Nmap Reconnaissance

Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

I’m going to show how to scan your own network using Nmap with these simple steps. Take note that Nmap is already installed in Kali all you need is type the following to list all commands.

  • nmap -h


Let’s scan first with -v verbose mode to gather info about the network where you can clearly see the open ports and mac address of the router. Here you can insert your target’s IP address or webpage like nmap -v or nmap -v example.com

  • nmap -v


The second scan enable OS detection, version detection and script scanning, here you can see lot of information about the network, OS details, traceroute, even the router’s admin page was included.

  • nmap -A


The scan to see the open ports of the router and there’s my router’s open ports – 4 in all.

  • nmap -open


And to see the connected devices in the network type

  • nmap -sP


Now you saw how simple Nmap commands can find important information on your target network. All you have to do is try all the commands against your network and not your neighborhood. Happy Hacking!

Wifi Sniffing with Bettercap

What is Bettercap?

Bettercap is a powerful tool to perform various types of Man-In-The-Middle (MITM) attacks against the network, manipulate HTTP and HTTPS traffic in realtime and much more.

Some of the main features include:

  • Full and half duplex ARP spoofing.
  • The first real ICMP DoubleDirect spoofing implementation.
  • Configurable DNS spoofing.
  • Realtime and completely automatized host discovery.
  • Realtime credentials harvesting for protocols such as HTTP(S) POSTed data, Basic and Digest Authentications, FTP, IRC, POP, IMAP, SMTP, NTLM ( HTTP, SMB, LDAP, etc ) and more.
  • Fully customizable network sniffer.
  • Modular HTTP and HTTPS transparent proxies with support for user plugins + builtin plugins to inject custom HTML code, JS or CSS files and URLs.
  • SSLStripping.
  • Builtin HTTP server.

And much more! – Bettercap website

To cut it short this tool can sniff visited passwords and websites,spoof,sslstrip over wifi networks. Bettercap is not installed in Kali so you need to install one by typing:

  • gem install bettercap then press enter

After installing type:

  • bettercap -h  it will give you the commands available for the tool like below


The next part is choosing your victim’s mac address by using nmap or airodump. There’s a lot of tools to find the connected devices and after choosing your victim let’s move on sniffing part!

  • bettercap -X -L -T (mac address…)

2While you have the option in choosing your victims one by one you can also sniff all the devices connected to the network with the next command.

  • bettercap -X -L

3There’s more useful commands with bettercap available, it depends on what you want to capture, you can even specify the parsers to use. Endless possibilities!