Table Of Contents :
How to find admin panel of a website ?
Although there are many methods to find admin panel of a website but I am going to mention some most relevent types of tips & tricks.
Using Google Dorks
Google is the best way to find admin panel of a website because it holds data of millions of websites and although it is the most popular search engine.
site: target.com inurl: admin | administrator | adm | login | l0gin | wp-login intitle: "login" "admin" site: target.com intitle: "index of / admin" site: target.com inurl: admin intitle: admin intext: admin
Using httpx and a wordlist
httpx -l hosts.txt -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status-code -follow-redirects -title -content-length httpx -l hosts.txt-ports 80,443,8009,8080,8081,8090,8180,8443 -paths /root/admin-login.txt -threads 100 -random-agent -x GET, POST -tech-detect -status- code -follow-redirects -title -content-length
There are many automated tools which can be used to automate to find admin panel of a website. This tools can be easily found on github.
https://github.com/the-c0d3r/admin-finder https://github.com/RedVirus0/Admin-Finder https://github.com/mIcHyAmRaNe/okadminfinder3 https://github.com/penucuriCode/findlogin https://github.com/fnk0c/cangibrina
Using search engines
As we all know that google is the best search engine but there are some limitations of google that it cannot index servers or iot devices. So, for this comes into play of search engine like shodan, fofa, censys and etc.
ssl.cert.subject.cn:"company.com "http.title:" admin " ssl: "company.com" http.title: "admin" ssl.cert.subject.cn:"company.com" admin ssl: "company.com" admin
cert = "company.com" && title = "admin" cert.subject = "company" && title = "admin" cert = "company.com" && body = "admin" cert.subject = "company" && body = "admin"
ssl: company.com + title: "admin" ssl: company.com + admin Censys (IPv4): (services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.html_title: admin (services.tls.certificates.leaf_data.issuer.common_name: company.com) AND services.http.response.body: admin