Create a targeted wordlist – to use with password audits
There are lots of ways to create a wordlist, you can just generate them, find pre-built ones online, etc. In this case I want to create a wordlist that contains components specific to the organization I am auditing.
cupp is good if you know details about individuals
- cupp -i
cewl is good to scrape a website for words
- cewl https://customer-site.com -v -w cewl-wordlist-customer-site.txt
- there are other options, like following links more than 2 deep (-d option) or target words larger than 8 characters with the (-m 8 option) or if you feel crazy, the -o option will spider to other sites