> For the complete documentation index, see [llms.txt](https://gitbook.kaizoku.eu/offensive-security/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gitbook.kaizoku.eu/offensive-security/password-attacks/build-wordlist.md).

# Build Wordlist

## Scrap a website

The *cewl* command scrapes a website and return all the words contains in the pages of the application.

```bash
cewl <website> -w <output file>
```

It is also possible to filter the words returned by indicating a minimum number of letters:

```bash
cewl <website> -m 6 -w <output file>
```

## Create more complex passwords

From a simple wordlist made by hand or from tools like *cewl*, it is possible to create even more complex wordlists.&#x20;

To do so, invoke *john* as shown below:

```bash
john --wordlist=<initial wordlist> --rules --stdout > <complex wordlist>
```

Specify *--rules=All* to use all available rules and get more possibilities.

## Generate passwords following specific patterns

*Crunch*, included with Kali Linux, is a powerful wordlist generator that can create a wordlist containing every possible password that matches the defined pattern.

<table><thead><tr><th width="175.49999999999997">PLACEHOLDER</th><th>CHARACTER TRANSLATION</th></tr></thead><tbody><tr><td>@</td><td>Lower case alpha characters</td></tr><tr><td>,</td><td>Upper case alpha characters</td></tr><tr><td>%</td><td>Numeric characters</td></tr><tr><td>^</td><td>Special characters including space</td></tr></tbody></table>

For example, specify a minimum and maximum word length of eight characters (8 8) and describe the rule pattern with -t ,@@^^%%%:

```bash
crunch 8 8 -t ,@@^^%%%
```
