Table Of Contents :
How to find admin panel of a website ?
Although there are many methods to find admin panel of a website but I am going to mention some most relevent types of tips & tricks.
Using Google Dorks
Google is the best way to find admin panel of a website because it holds data of millions of websites and although it is the most popular search engine.
site: target.com inurl: admin | administrator | adm | login | l0gin | wp-login
intitle: "login" "admin" site: target.com
intitle: "index of / admin" site: target.com
inurl: admin intitle: admin intext: admin
Using httpx and a wordlist
httpx -l hosts.txt -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status-code -follow-redirects -title -content-length
httpx -l hosts.txt-ports 80,443,8009,8080,8081,8090,8180,8443 -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status- code -follow-redirects -title -content-length
Using utilities:
There are many automated tools which can be used to automate to find admin panel of a website. This tools can be easily found on github.
https://github.com/the-c0d3r/admin-finder https://github.com/RedVirus0/Admin-Finder https://github.com/mIcHyAmRaNe/okadminfinder3 https://github.com/penucuriCode/findlogin https://github.com/fnk0c/cangibrina
Using search engines
As we all know that google is the best search engine but there are some limitations of google that it cannot index servers or iot devices. So, for this comes into play of search engine like shodan, fofa, censys and etc.
Using Shodan
ssl.cert.subject.cn:"company.com "http.title:" admin "
ssl: "company.com" http.title: "admin"
ssl.cert.subject.cn:"company.com" admin
ssl: "company.com" admin
Using fofa
cert = "company.com" && title = "admin"
cert.subject = "company" && title = "admin"
cert = "company.com" && body = "admin"
cert.subject = "company" && body = "admin"
Using zoomeye
ssl: company.com + title: "admin"
ssl: company.com + admin
Censys (IPv4):
(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.html_title: admin
(services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.body: admin