DEV Community

Hafiz Muhammad Attaullah
Hafiz Muhammad Attaullah

Posted on

To find company admin panels

#cybersecurity #security #webdev #tutorial

⚙️Some ways to find company admin panels 💻

  1. Using Google Dorks:

site: target.com inurl: admin | administrator | adm | login | l0gin | wp-login

intitle: "login" "admin" site: target.com

intitle: "index of / admin" site: target.com

inurl: admin intitle: admin intext: admin

  1. Using httpx and a wordlist:

httpx -l hosts.txt -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status-code -follow-redirects -title -content-length

httpx -l hosts.txt-ports 80,443,8009,8080,8081,8090,8180,8443 -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status- code -follow-redirects -title -content-length

  1. Using utilities:

https://github dot com/the-c0d3r/admin-finder
https://github dot com/RedVirus0/Admin-Finder
https://github dot com/mIcHyAmRaNe/okadminfinder3
https://github dot com/penucuriCode/findlogin
https://github dot com/fnk0c/cangibrina

  1. Using search engines:

Sh0dan:

ssl.cert.subject.cn:"company.com "http.title:" admin "

ssl: "company.com" http.title: "admin"

ssl.cert.subject.cn:"company.com "admin

ssl: "company.com" admin

Fofa:

cert = "company.com" && title = "admin"

cert.subject = "company" && title = "admin"

cert = "company.com" && body = "admin"

cert.subject = "company" && body = "admin"

ZoomEye:

ssl: company.com + title: "admin"

ssl: company.com + admin

Censys (IPv4):

(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.html_title: admin

(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.body: admin

www.github.com/attaullahshafiq10

Top comments (2)

Collapse
 
botezatu profile image
Olga • Edited

These methods and tools are commonly employed in sales data enrichment, cybersecurity and web development contexts to assess and improve the security posture of web applications and systems.

However, it's essential to emphasize the importance of using such techniques ethically and responsibly. Unauthorized access to systems, including attempting to access admin panels without proper authorization, can be illegal and unethical. It's crucial to conduct security testing only with explicit permission from the owner of the system being tested, preferably as part of a formal security assessment or penetration testing engagement.

Collapse
 
michaels9523684 profile image
michaels

please sir i am interested and like to learn this but this is not clear to me. i dont understand this.

Read next

ahmadrahimizadeh profile image

eBPF: Unleashing Kernel Magic for Modern Infrastructure

Ahmad -

waelhabbal profile image

Mastering CSS unicode-bidi Property

waelhabbal -

iamdevmarcos profile image

Content Delivery Network Explained 🌎⚡️

Marcos Mendes -

jquinten profile image

Vitest In-Source Testing for SFC in Vue?

Joran Quinten -