DEV Community

Hafiz Muhammad Attaullah
Hafiz Muhammad Attaullah

Posted on

2

To find company admin panels

#cybersecurity #security #webdev #tutorial

⚙️Some ways to find company admin panels 💻

  1. Using Google Dorks:

site: target.com inurl: admin | administrator | adm | login | l0gin | wp-login

intitle: "login" "admin" site: target.com

intitle: "index of / admin" site: target.com

inurl: admin intitle: admin intext: admin

  1. Using httpx and a wordlist:

httpx -l hosts.txt -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status-code -follow-redirects -title -content-length

httpx -l hosts.txt-ports 80,443,8009,8080,8081,8090,8180,8443 -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status- code -follow-redirects -title -content-length

  1. Using utilities:

https://github dot com/the-c0d3r/admin-finder
https://github dot com/RedVirus0/Admin-Finder
https://github dot com/mIcHyAmRaNe/okadminfinder3
https://github dot com/penucuriCode/findlogin
https://github dot com/fnk0c/cangibrina

  1. Using search engines:

Sh0dan:

ssl.cert.subject.cn:"company.com "http.title:" admin "

ssl: "company.com" http.title: "admin"

ssl.cert.subject.cn:"company.com "admin

ssl: "company.com" admin

Fofa:

cert = "company.com" && title = "admin"

cert.subject = "company" && title = "admin"

cert = "company.com" && body = "admin"

cert.subject = "company" && body = "admin"

ZoomEye:

ssl: company.com + title: "admin"

ssl: company.com + admin

Censys (IPv4):

(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.html_title: admin

(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.body: admin

www.github.com/attaullahshafiq10

profile
Sentry
 Promoted

Sentry blog image

How I fixed 20 seconds of lag for every user in just 20 minutes.

Our AI agent was running 10-20 seconds slower than it should, impacting both our own developers and our early adopters. See how I used Sentry Profiling to fix it in record time.

Read more

Top comments (2)

Collapse
 
botezatu profile image
Olga • Edited

These methods and tools are commonly employed in sales data enrichment, cybersecurity and web development contexts to assess and improve the security posture of web applications and systems.

However, it's essential to emphasize the importance of using such techniques ethically and responsibly. Unauthorized access to systems, including attempting to access admin panels without proper authorization, can be illegal and unethical. It's crucial to conduct security testing only with explicit permission from the owner of the system being tested, preferably as part of a formal security assessment or penetration testing engagement.

Collapse
 
michaels9523684 profile image
michaels

please sir i am interested and like to learn this but this is not clear to me. i dont understand this.

profile
Pieces.app
 Promoted

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

Read next

tharindumadubashna profile image

Mastering Laravel Blade: @stack, @push, and @endpush

H.M Tharindu Madubashana -

zenoplex profile image

🎄 Instant Local Translation with Chrome 🌐

Gen -

ravenesc profile image

A Media Server on Steroids - Walkthrough

Raven Spencer -

jhk_info profile image

Next JS vs React Performance: A Comprehensive Comparison

JHK infotech -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay