Hello, everyone. This is Dean Pompilio
and this demo we're going to be looking at a tool called Cool
What you can do with this tool is actually
generate word lists. Four
possible usage with a password cracking tool.
So on the tools dot Kelly data work website, you can go ahead and find this
It's built into Callie already. But of course, you can download it and run it from other,
We've got an example here of a sample command.
But instead of looking at this,
why don't we actually look at the help
display from the command line?
So I'll go ahead and run. Cool.
Sorry. I have to specify the
extension. All right, there again,
you can specify the depth for the spider ring. This defaults to two layers.
Also a minimum word length.
This defaults to three.
You may want to choose something a little bit larger in order to make the process run faster.
be a little bit quicker if if you choose larger words and those larger words are more likely to be
uses a password anyway, so it makes sense to to do that,
specified this offsite parameter
When you if you don't use the, uh, the dash dash off site,
then the spider ring will stay within this the girl that you designate.
So, depending on your goals during your pen test audit,
that may be something you want Thio to explore.
If you do allow the off site
command to be used, obviously the spider ring will take much longer
because of the visiting of other other websites and, you know, foreign links. Basically,
we can specify an output file
to save this information that that gets generated.
We can also search for metadata and save that tune output file.
And the metadata may be useful for password clues. There could be some comments or some other
information in the metadata that is useful, but
for the example, we're just going to it.
Explore the regular content for the Web site.
We can also search for email addresses
and then specifying output file for saving those
other options that might be useful. You may want to count
the number of instances of a given word that gets discovered on a website.
Keep in mind, though,
if you specify the count option on the command line. When you look at your output file,
you'll see the word that was discovered and then a comma and then the number of instances,
so that might be useful for certain reasons. But if you're going to to take the output
from a spider ring of a website and use it as a dictionary file, you don't want that comma and the other word or the number of words discovered
that that would confuse the tools like John the Ripper or Loft Crack,
or Cain and Abel, for instance.
There's also some options to use authentication
for user names and passwords. Depending on the kind of environment that you're functioning in, you may need to specify
Also, you can specify a proxy if that's needed,
we will use the verbose option because that gives a nice
output to to follow as the process is running.
So I'm going to use the default depth. I won't have to specify that
I'm going to tell you that I want to use an output file
so I'll use the right option.
You call this out file of that text
I'm not going to use metadata, uh,
for this example, but I am interested in email addresses, so I will specify the email option.
so I'll call that email dot text.
And I'm not going to use the,
count option either because the output from this process
well, just produce a simple list of words. One line on one word per line, simple text file,
perfect kind of format to use as a input to for a dictionary attack
and for the website.
I'm gonna pick a website that I know
content as well as a lot of
So we're gonna go ahead and specify tools dot callie dot or ge
Each of the tools have some content related to that tool and also has the email address of the developer.
So this is a great great website to use as an example.
Hope I forgot to specify verbose.
Let's do that real quick.
Otherwise it just runs and we have to wait for that to finish.
So when it's verbose, we can see all of the content as it's being called.
Occasionally We'll see
information here off site link, not following. So it found some links,
But there's not being followed because we didn't use that offsite option.
It's also findings and email addresses. We can see those scrolling up on the screen related tow wire shark. It looks like
so for a website such as tools that Callie that orc this process
could take 15 20 minutes or more.
It's not. It's not very fast
for sites that have a lot of content.
So I'm gonna go ahead and pause the video, and then we will resume. When it's completed, we'll look at the output.
Okay, the spider in process has completed,
and as we can tell from looking at the output, there's quite a bit of information here
that gets generated during the process. But we're most interested in is the actual
upward files that we generated. So
what I'm gonna first look at is the out filed, not text,
and this is going to show me all of the the words that were at least three characters because I did not modify the minimum size.
And these are all these are all words that are in the content of the website.
Any one of these could be possible clues for a password
to use again. For tools like John the Ripper loft crack can enable and such
for your dictionary attacks,
social engineer may need to
to get into a website
off of their target and be able to impersonate them for
for various reasons.
So if we look through this list,
you can see quite a bit of information.
It's a really long list of words. In fact,
let's do this really quick. Will do a word count dash l
and see how many words were actually found, so 13,325 words
were generated from tools dot callie dot org's.
Now we'll have a look at the email
addresses that were discovered,
so that's about half of them right there.
And then there's the other half,
so looks like we discover 82 e mail addresses.
a really useful tool. It's a simple ruby script,
and, as you can tell, depending on the target website and the parameters that you choose, you can generate.
So some really interesting word lists for your password cracking.
And then, uh, you know. Take that. A cz part of your
pennant penetration. Testing
social engineering audit for your next possible steps.
All right. Hope you enjoyed the demo.
So you are next time.