Password profiling with CeWL
With every penetration test, reconnaissance must include a profiling phase in which we analyze the application, department or process names, and other words used by the target organization. This will help us to determine the combinations that are more likely to be used when the need to set a user name or password comes to the personnel.
In this recipe, we will use CeWL to retrieve a list of words used by an application and save it for when we try to brute-force the login page.
How to do it...
- As the first step, we will look at CeWL's help to have a better idea of what it can do. In the terminal, type:
cewl --help
- We will ...
Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
