Aqui está um localizador simples para encontrar painéis de administração de sites. Ele usa alguns locais básicos que são comuns em muitos sites. Isso pode ser usado para testar e melhorar sua segurança. Nomear seu painel de administração com algo menos óbvio impedirá que as pessoas o encontrem com uma ferramenta básica como esta.
Você pode substituir a lista pela sua própria e usar a fonte de sua livre vontade, pois todas as minhas fontes são públicas e sempre serão.
#Written by Jewel - Use as you wish.
#@M4Y - Twitter || /u/lul - Pastebin
import httplib
print 'Welcome to the administration page finder.'
Website = raw_input("Please enter the website URL.n> ")
Website = Website.replace("http://", "")
FOF = 0
TOT = 0
AMP = 0
UNK = 0
Adminlist = ["admin", "adm", "admincp", "admcp", "cp", "modcp", "moderatorcp", "adminare", "admins", "cpanel", "controlpanel", "admin1.html", "admin2.php", "admin2.html", "yonetim.php", "yonetim.html", "yonetici.php", "yonetici.html", "ccms/", "ccms/login.php", "ccms/index.php", "maintenance/", "webmaster/", "adm/", "configuration/", "configure/", "websvn/", "admin/", "admin/account.php", "admin/account.html", "admin/index.php", "admin/index.html", "admin/login.php", "admin/login.html", "admin/home.php", "admin/controlpanel.html", "admin/controlpanel.php", "admin.php", "admin.html", "admin/cp.php", "admin/cp.html", "cp.php", "cp.html", "administrator/", "administrator/index.html", "administrator/index.php", "administrator/login.html", "administrator/login.php", "administrator/account.html", "administrator/account.php", "administrator.php", "administrator.html", "login.php", "login.html", "modelsearch/login.php", "moderator.php", "moderator.html", "moderator/login.php", "moderator/login.html", "moderator/admin.php", "moderator/admin.html", "moderator/", "account.php", "account.html", "controlpanel/", "controlpanel.php", "controlpanel.html", "admincontrol.php", "admincontrol.html", "adminpanel.php", "adminpanel.html", "admin1.asp", "admin2.asp", "yonetim.asp", "yonetici.asp", "admin/account.asp", "admin/index.asp", "admin/login.asp", "admin/home.asp", "admin/controlpanel.asp", "admin.asp", "admin/cp.asp", "cp.asp", "administrator/index.asp", "administrator/login.asp", "administrator/account.asp", "administrator.asp", "login.asp", "modelsearch/login.asp", "moderator.asp", "moderator/login.asp", "moderator/admin.asp", "account.asp", "controlpanel.asp", "admincontrol.asp", "adminpanel.asp", "fileadmin/", "fileadmin.php", "fileadmin.asp", "fileadmin.html", "administration/", "administration.php", "administration.html", "sysadmin.php", "sysadmin.html", "phpmyadmin/", "myadmin/", "sysadmin.asp", "sysadmin/", "ur-admin.asp", "ur-admin.php", "ur-admin.html", "ur-admin/", "Server.php", "Server.html", "Server.asp", "Server/", "wp-admin/", "administr8.php", "administr8.html", "administr8/", "administr8.asp", "webadmin/", "webadmin.php", "webadmin.asp", "webadmin.html", "administratie/", "admins/", "admins.php", "admins.asp", "admins.html", "administrivia/", "Database_Administration/", "WebAdmin/", "useradmin/", "sysadmins/", "admin1/", "system-administration/", "administrators/", "pgadmin/", "directadmin/", "staradmin/", "ServerAdministrator/", "SysAdmin/", "administer/", "LiveUser_Admin/", "sys-admin/", "typo3/", "panel/", "cpanel/", "cPanel/", "cpanel_file/", "platz_login/", "rcLogin/", "blogindex/", "formslogin/", "autologin/", "support_login/", "meta_login/", "manuallogin/", "simpleLogin/", "loginflat/", "utility_login/", "showlogin/", "memlogin/", "members/", "login-redirect/", "sub-login/", "wp-login/", "login1/", "dir-login/", "login_db/", "xlogin/", "smblogin/", "customer_login/", "UserLogin/", "login-us/", "acct_login/", "admin_area/", "bigadmin/", "project-admins/", "phppgadmin/", "pureadmin/", "sql-admin/", "radmind/", "openvpnadmin/", "wizmysqladmin/", "vadmind/", "ezsqliteadmin/", "hpwebjetadmin/", "newsadmin/", "adminpro/", "Lotus_Domino_Admin/", "bbadmin/", "vmailadmin/", "Indy_admin/", "ccp14admin/", "irc-macadmin/", "banneradmin/", "sshadmin/", "phpldapadmin/", "macadmin/", "administratoraccounts/", "admin4_account/", "admin4_colon/", "radmind-1/", "Super-Admin/", "AdminTools/", "cmsadmin/", "SysAdmin2/", "globes_admin/", "cadmins/", "phpSQLiteAdmin/", "navSiteAdmin/", "server_admin_small/", "logo_sysadmin/", "server/", "database_administration/", "power_user/", "system_administration/", "ss_vms_admin_sm/", "adminarea/", "bb-admin/", "adminLogin/", "panel-administracion/", "instadmin/", "memberadmin/", "administratorlogin/", "admin/admin.php", "admin_area/admin.php", "admin_area/login.php", "siteadmin/login.php", "siteadmin/index.php", "siteadmin/login.html", "admin/admin.html", "admin_area/index.php", "bb-admin/index.php", "bb-admin/login.php", "bb-admin/admin.php", "admin_area/login.html", "admin_area/index.html", "admincp/index.asp", "admincp/login.asp", "admincp/index.html", "webadmin/index.html", "webadmin/admin.html", "webadmin/login.html", "admin/admin_login.html", "admin_login.html", "panel-administracion/login.html", "nsw/admin/login.php", "webadmin/login.php", "admin/admin_login.php", "admin_login.php", "admin_area/admin.html", "pages/admin/admin-login.php", "admin/admin-login.php", "admin-login.php", "bb-admin/index.html", "bb-admin/login.html", "bb-admin/admin.html", "admin/home.html", "pages/admin/admin-login.html", "admin/admin-login.html", "admin-login.html", "admin/adminLogin.html", "adminLogin.html", "home.html", "rcjakar/admin/login.php", "adminarea/index.html", "adminarea/admin.html", "webadmin/index.php", "webadmin/admin.php", "user.html", "modelsearch/login.html", "adminarea/login.html", "panel-administracion/index.html", "panel-administracion/admin.html", "modelsearch/index.html", "modelsearch/admin.html", "admincontrol/login.html", "adm/index.html", "adm.html", "user.php", "panel-administracion/login.php", "wp-login.php", "adminLogin.php", "admin/adminLogin.php", "home.php", "adminarea/index.php", "adminarea/admin.php", "adminarea/login.php", "panel-administracion/index.php", "panel-administracion/admin.php", "modelsearch/index.php", "modelsearch/admin.php", "admincontrol/login.php", "adm/admloginuser.php", "admloginuser.php", "admin2/login.php", "admin2/index.php", "adm/index.php", "adm.php", "affiliate.php", "adm_auth.php", "memberadmin.php", "administratorlogin.php", "admin/admin.asp", "admin_area/admin.asp", "admin_area/login.asp", "admin_area/index.asp", "bb-admin/index.asp", "bb-admin/login.asp", "bb-admin/admin.asp", "pages/admin/admin-login.asp", "admin/admin-login.asp", "admin-login.asp", "user.asp", "webadmin/index.asp", "webadmin/admin.asp", "webadmin/login.asp", "admin/admin_login.asp", "admin_login.asp", "panel-administracion/login.asp", "adminLogin.asp", "admin/adminLogin.asp", "home.asp", "adminarea/index.asp", "adminarea/admin.asp", "adminarea/login.asp", "panel-administracion/index.asp", "panel-administracion/admin.asp", "modelsearch/index.asp", "modelsearch/admin.asp", "admincontrol/login.asp", "adm/admloginuser.asp", "admloginuser.asp", "admin2/login.asp", "admin2/index.asp", "adm/index.asp", "adm.asp", "affiliate.asp", "adm_auth.asp", "memberadmin.asp", "administratorlogin.asp", "siteadmin/login.asp", "siteadmin/index.asp", "ADMIN/", "paneldecontrol/", "login/", "cms/", "admon/", "ADMON/", "administrador/", "ADMIN/login.php", "panelc/", "ADMIN/login.html"]
for Admin in Adminlist:
Connection = httplib.HTTPConnection(Website)
Connection.request("GET", "/" + Admin)
Response = Connection.getresponse()
if Response.status == 200:
print 'Administrators Page Found: {0}n'.format(Admin)
AMP = AMP + 1
elif Response.status == 302:
print 'Possible Administrators Page (302): {0}n'.format(Admin)
TOT = TOT + 1
elif Response.status == 404:
FOF = FOF + 1
else:
print 'Unknown Response: {0}n'.format(Admin)
UNK = UNK + 1
Total = FOF + TOT + AMP + UNK
print '''Total Responses: {0}
Admin Pages: {1}
Possible/302's: {2}
404 Pages: {3}
Unknown Responses: {4}'''.format(Total, AMP, TOT, FOF, UNK)
raw_input("Scan complete. Press and key to continue.")