Password Guessing

CEWL

• CEWL is a toll used for crawling a website to find words that might be used in a password
• The -d flag is used to determine the depth of the spider. Higher depths will traverse directories and find more words.
• The -w flag is used to output to a file.
• The list will most likely needed further editing to remove words that are unlikely to be passwords.
• Example usage cewl -d 1 http://10.0.5.21/bios/frodo -w frodo.txtx

rsmangler

• rsmangler is used to mutate words in such a manner that they might be used.
• --file is used to input a file.
• --output is used to output a file.
• Use flags to select the types of mutations that should be used a list can be found here
• Use length to reduce list size with -x for max and -m for min
• Example usage rsmangler --file frodo.small.txt -x 12 -m 9 -l -s -e -i -p -u -a --output frodo.mangled.txt

medusa

• Medusa is used to brute force/ guess passwords.
• -h selects hosts, -u selects user, -p select password. Using the capital version of these flags will use a list instead of the static input.
• -M to select method such as ssh of http. -m to enter parameters for the method such as "DIR:admin/" for a specific path for http. -n is used to select the port.
• t is used to speed up the proccess by checking more passwords using multiple threads. -f is need to stop the output after a successful password.
• example web usage medusa -h 10.0.5.21 -u samwise -P samwise.mangled.txt -M http -m "DIR:admin/" -n 80
• example ssh usage medusa -h 10.0.5.21 -u samwise.gamgee -P samwise.mangled.txt -m ssh -t 5 -f
• SSH is slower so using multiple threads is recommended otherwise list will take very long even if they are short.