moeinfatehi/Admin-Panel_Finder moeinfatehi/Admin-Panel_Finder

  • Stars
    star
    120
  • Rank 294,879 (Top 6 %)
  • Language
    Java
  • License
    GNU General Publi...
  • Created about 6 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
moeinfatehi/Admin-Panel_Finder
github

moeinfatehi

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

Admin Panel Finder

A burp suite extension that enumerates infrastructure and application Admin Interfaces.

OWASP References:

  • Classification: Web Application Security Testing > 02-Configuration and Deployment Management Testing
  • OTG v4: OWASP OTG-CONFIG-005
  • WSTG: WSTG-CONF-05

Why should I use this extension?

  • Multi-thread
  • Different and configurable levels of test.
  • Includable status codes
  • Excludable status codes
  • More than 1000 built-in payloads.
  • You can load your dictionary.
  • Editable root directory
  • Automatic detection of used technologies to generate custom payloads.
  • Passive listening to find login pages.

Installation

The quickest way is to load the jar file (adminPanelFinder.jar) in the extender tab of the Burpsuite.
Extender -> Extensions -> Add
A new tab will be added to the burp suite.

Quick Start

  1. Select a request of a target host from any tab of the burp suite (it must have a response with any status code)
  2. In the "Admin Panel Finder -> options" tab, apply your configurations.
  3. Go to the "Admin Panel Finder -> Finder -> Finder" tab and click on the "start" button.

Some of the options

These options can be used to customize the detection:

  • Level: Level of tests to perform (1-5, default 3)
  • Thread: num of threads (1-50, default 10)
  • Built-in dictionary: there is a built-in dictionary containing the most used directory and file names to be used for static payload generation.
  • Loadable dictionary: you can use your dictionary file for static payload generation.
  • HTTP method: HTTP method to be used in requests (HEAD, GET)(default: Head)
  • Extension: The extension used in application pages. [Example: php, asp, aspx, jsp, ...]
  • Root Dir: The path to the root directory of the web application. (Default: /)
  • Includable status codes
  • Excludable status codes

Build From Source Code

  1. To build the project, you need Gradle installed.
  2. Clone the repository
    git clone https://github.com/moeinfatehi/Admin-Panel_Finder
  3. Open the main directory of the project (where build.gradle file exists) and run: gradle makeJar
  4. The Jar file will be generated in "build/libs/Admin-Panel_Finder.jar"

Disclaimer

This program is for educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that I'm not liable for any damages caused by the direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (data loss, system crash, system compromise, etc.) caused by the use of this program is not my responsibility.

Hack and have fun!

If you have any further questions, please don't hesitate to contact me via my twitter account.

More Repositories

1

Backup-Finder

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)
Java
151
star
2

xss_vulnerability_challenges

this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.
PHP
114
star
3

file_upload_vulnerability_scenarios

This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).
PHP
38
star
4

lfi-to-rce-scenario

This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).
PHP
11
star
5

moeinfatehi

Awardโ€‘Winning Application Security Specialist, Blockchain Security Researcher
4
star
6

CVSS_Calculator

CVSS Calculator - a burp suite extension for calculating CVSS v2 and v3.1 scores of vulnerabilities.
Java
4
star
7

Awesome-Smart-Contract-Security

Your go-to resource for all things Smart Contract Security. Featuring guidelines, best practices, and in-depth articles. Sections include: Vulnerabilities (SWC, OWASP Top 10), Learning Resources (Papers, Blogs, Courses), Tools & Libraries, and Architecture (Smart Contract Platforms, Languages). Stay secure with the latest updates!
4
star
8

LinuxForCyberSecurityCourse

Comprehensive course materials for 'Linux for Cyber Security', covering everything from basic Linux fundamentals to advanced security practices. Includes lectures, assignments, scripts, and additional resources aimed at equipping students with the skills needed to use Linux effectively in cybersecurity roles.
3
star
9

PassiveDigger

Optimize your web vulnerability assessments with PassiveDigger, a comprehensive Burp Suite extension that specializes in passive traffic analysis. Detect potential vulnerabilities, get actionable insights, and supercharge your security audits.
Java
2
star
10

captcha_logical_bypass_scenarios

This repository is a dockerized PHP application containing some captcha logical bypass challenges (scenarios).
PHP
2
star
11

price

Live Price Chart for Crypto, Forex and stocks by tradingview
HTML
1
star
12

rfi_vulnerability_scenarios

Collection of RFI Vulnerability scenarios (challenges) each containing a new bypass technique.
PHP
1
star