1. Using Google Dorks:
site: target.com inurl: admin | administrator | adm | login | l0gin | wp-login
intitle: “login” “admin” site: target.com
intitle: “index of / admin” site: target.com
inurl: admin intitle: admin intext: admin
2. Using httpx and a wordlist:
httpx -l hosts.txt -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status-code -follow-redirects -title -content-length
httpx -l hosts.txt-ports 80,443,8009,8080,8081,8090,8180,8443 -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status- code -follow-redirects -title -content-length
3. Using utilities:
GitHub - the-c0d3r/admin-finder: Blazing fast admin panel finder with asyncio and aiohttp
GitHub - RedVirus0/HitURL: Hit valid URL
GitHub - mIcHyAmRaNe/okadminfinder3: [ Admin panel finder / Admin Login Page Finder ] ¢σ∂є∂ ву 👻 (❤-❤) 👻
https://github.com/penucuriCode/findlogin
GitHub - fnk0c/cangibrina: A fast and powerfull dashboard (admin) finder
4. Using search engines:
Shodan:
ssl.cert.subject.cn:"company.com “http.title:” admin "
ssl: “company.com” http.title: “admin”
ssl.cert.subject.cn:"company.com "admin
ssl: “company.com” admin
Fofa:
cert = “company.com” && title = “admin”
cert.subject = “company” && title = “admin”
cert = “company.com” && body = “admin”
cert.subject = “company” && body = “admin”
ZoomEye:
ssl: company.com + title: “admin”
ssl: company.com + admin
Censys (IPv4):
(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.html_title: admin
(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.body: admin…
- John Lennon