71 Gathering Wordlist from a Target Website After we have gathered e-mail lists from search engines, it would be really useful for us to gather
a list of words that we would use for brute forcing purposes. CEWL is another excellent tool in
BackTrack, which enables you to gather a list of words from the target website, which can be later
used for brute-forcing the e-mail addresses we found earlier. It can be found in the /pentest/pass-
words/cewl directory.
You can issue the following command in the /pentest/passwords/cewl directory to execute it.
ruby cewl.rb –help
If it gives you an error, then install the following packages to make it work:
$ sudo gem install http_configuration
$ sudo gem install mime-types
$ sudo gem install mini_exiftool
$ sudo gem install rubyzip
$ sudo gem install spider
Scanning for Subdomains Most Webmasters put all their efforts in securing their main domain, often ignoring their subdo-
mains. What if an attacker manages to hack into a subdomain and uses it to compromise the main
domain (See Chapter 7)?
Depending upon the scope of the pentest, you might also need to test subdomains for vul-
nerabilities. A very common way of searching for subdomains is by using a simple Google dork.
Even though you won’t be able to find all the subdomains with this method, you can find some
important ones.
Site: http://msn.com -inurl:www
This query is telling the search engine to return results without www, which are normally sub-
domains. However, it will not be able to find subdomains that have the following pattern:
www.subdomain.msn.com
Since, we have already asked Google to return results without www.
72 ◾
Ethical Hacking and Penetration Testing Guide TheHarvester TheHarvester can also be used for this task, which uses Google to search for subdomains.
[Harvester Manages to extract Subdomains for Mozilla]