What does CEWL do in the context of password cracking preparation?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

What does CEWL do in the context of password cracking preparation?

Explanation:
CEWL is used to build a tailored password-cracking word list by spidering a target website and harvesting words from its pages. It crawls the site, extracts distinct words (often filtering by length and relevance), and outputs them into a dictionary that can be fed into tools like John the Ripper or Hashcat. This approach leverages real words, names, and phrases that may appear in passwords, making the dictionary more effective for the target. Other options describe different activities (enumerating users, collecting logs, or generating random strings) that don’t create a site-derived word list used for credential guessing.

CEWL is used to build a tailored password-cracking word list by spidering a target website and harvesting words from its pages. It crawls the site, extracts distinct words (often filtering by length and relevance), and outputs them into a dictionary that can be fed into tools like John the Ripper or Hashcat. This approach leverages real words, names, and phrases that may appear in passwords, making the dictionary more effective for the target. Other options describe different activities (enumerating users, collecting logs, or generating random strings) that don’t create a site-derived word list used for credential guessing.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy