Many times when running a scan of any URL to find its vulnerabilities. Pentesters or security researchers tries to find admin page. Landing on any admin page of any website is a critical vulnerability for any website. Because attackers could run session hijacking attacks or use brute force methods to steal login credentials of admin page. Many times developers forget to patch admin panel. According to ethical hacking researcher international institute of cyber security recently there has been many vulnerabilities came up which redirects end users to admin panels. We will show a method to find admin page of any website.

For testing we will use Kali Linux 2018.4 amd64 . Open terminal type git clone https://github.com/mIcHyAmRaNe/okadminfinder3.git

. Open terminal type git clone https://github.com/mIcHyAmRaNe/okadminfinder3.git Type cd okadminfinder3/

Run ls

Then type chmod u+x requirements.txt

Type ls -ltr

[email protected]:/home/iicybersecurity/Downloads# git clone https://github.com/mIcHyAmRaNe/okadminfinder3.git Cloning into 'okadminfinder3'… remote: Enumerating objects: 264, done. remote: Total 264 (delta 0), reused 0 (delta 0), pack-reused 264 Receiving objects: 100% (264/264), 231.98 KiB | 293.00 KiB/s, done. Resolving deltas: 100% (139/139), done. [email protected]:/home/iicybersecurity/Downloads# cd okadminfinder3/ [email protected]:/home/iicybersecurity/Downloads/okadminfinder3# ls Classes LICENSE LinkFile okadminfinder.py README.md requirements.txt [email protected]:/home/iicybersecurity/Downloads/okadminfinder3# chmod u+x requirements.txt [email protected]:/home/iicybersecurity/Downloads/okadminfinder3# ls -ltr total 48 -rwxr--r-- 1 root root 77 Jan 2 01:54 requirements.txt -rw-r--r-- 1 root root 3598 Jan 2 01:54 README.md -rwxr-xr-x 1 root root 18022 Jan 2 01:54 okadminfinder.py drwxr-xr-x 2 root root 4096 Jan 2 01:54 LinkFile -rw-r--r-- 1 root root 11347 Jan 2 01:54 LICENSE drwxr-xr-x 3 root root 4096 Jan 2 01:54 Classes

Type pip3 install -r requirements.txt

[email protected]:/home/iicybersecurity/Downloads/okadminfinder3# pip3 install -r requirements.txt Collecting colorama==0.4.1 (from -r requirements.txt (line 1)) Downloading https://files.pythonhosted.org/packages/4f/a6/728666f39bfff1719fc94c481890b2106837da9318031f71a8424b662e12/colorama-0.4.1-py2.py3-none-any.whl Collecting requests==2.21.0 (from -r requirements.txt (line 2)) Cache entry deserialization failed, entry ignored Downloading https://files.pythonhosted.org/packages/7d/e3/20f3d364d6c8e5d2353c72a67778eb189176f08e873c9900e10c0287b84b/requests-2.21.0-py2.py3-none-any.whl (57kB) 100% |████████████████████████████████| 61kB 81kB/s Requirement already satisfied: PySocks==1.6.8 in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (1.6.8) Requirement already satisfied: argparse==1.4.0 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 4)) (1.4.0) Requirement already satisfied: tqdm==4.31.1 in /usr/local/lib/python3.7/dist-packages (from -r requirements.txt (line 5)) (4.31.1) Requirement already satisfied: idna<2.9,>=2.5 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (2.6) Requirement already satisfied: certifi>=2017.4.17 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (2018.8.24) Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (3.0.4) Requirement already satisfied: urllib3<1.25,>=1.21.1 in /usr/lib/python3/dist-packages (from requests==2.21.0->-r requirements.txt (line 2)) (1.22) Installing collected packages: colorama, requests Found existing installation: colorama 0.3.9 Uninstalling colorama-0.3.9: Successfully uninstalled colorama-0.3.9 Found existing installation: requests 2.22.0 Uninstalling requests-2.22.0: Successfully uninstalled requests-2.22.0 Successfully installed colorama-0.4.1 requests-2.21.0

Type ./okadminfinder.py –help

____ __ __ __ _ _______ __ / __ / //_/___ _____/ /___ ___ (_)___ / ____(_)___ ____/ /__ _____ / / / / ,< / __ `/ __ / __ `__ / / __ / /_ / / __ / __ / _ / ___/ / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ / __/ / ____/_/ |___,_/__,_/_/ /_/ /_/_/_/ /_/_/ /_/_/ /_/__,_/___/_/ version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

usage: okadminfinder.py [-h] [-u URL] [-t] [-p PROXY] [-rp] [-r] [-v] [-U] [-i] optional arguments: -h, --help show this help message and exit -u URL, --url URL Target URL (e.g. 'www.example.com' or 'example.com') -t, --tor Use Tor anonymity network -p PROXY, --proxy PROXY Use an HTTP proxy (e.g '127.0.0.1:8080') -rp, --random-proxy Use randomly selected proxy server -r, --random-agent Use randomly selected User-Agent -v, --verbose Display more informations -U, --update Update OKadminFinder -i, --interactive Interactive interface[other arguments not required]

Type ./okadminfinder.py -u testphp.vulnweb.com

Testphp.vulnweb.com is common testing website. Used for running various scans.

is common testing website. Used for running various scans. You can also use proxies or TOR service for hiding your identity.

Type ./okadminfinder.py -u testphp.vulnweb.com OR type ./okadminfinder.py -r -u testphp.vulnweb.com

OR type -r is used for random user agent.

is used for random user agent. -u is used for target URL. Target URL is testphp.vulnweb.com

____ __ __ __ _ _______ __ / __ / //_/___ _____/ /___ ___ (_)___ / ____(_)___ ____/ /__ _____ / / / / ,< / __ `/ __ / __ `__ / / __ / /_ / / __ / __ / _ / ___/ / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ / __/ / ____/_/ |___,_/__,_/_/ /_/ /_/_/_/ /_/_/ /_/_/ /_/__,_/___/_/ version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

Site testphp.vulnweb.com is stable Processing …: 0%| |0/574 [✔] http://testphp.vulnweb.com/admin/ Admin page found! Processing …: 1%|▉ |7/574 [✔] http://testphp.vulnweb.com/login.php Admin page found!

Above shows the admin page of testphp.vulnweb.com

admin page of testphp.vulnweb.com

Above you can refer admin page of the website.

Let’s try on another sites.

Type ./okadminfinder.py -u www.arifhabib.com.pk

-u is used for target URL. Target URL – www.arifhabib.com.pk

____ __ __ __ _ _______ __ / __ / //_/___ _____/ /___ ___ (_)___ / ____(_)___ ____/ /__ _____ / / / / ,< / __ `/ __ / __ `__ / / __ / /_ / / __ / __ / _ / ___/ / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ / __/ / ____/_/ |___,_/__,_/_/ /_/ /_/_/_/ /_/_/ /_/_/ /_/__,_/___/_/ version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

Site www.arifhabib.com.pk is stable Processing …: 2%|█▋ |13/574 [✔] http://www.arifhabib.com.pk/cpanel/ Admin page found! Processing …: 32%|███████████████████████▎ |186/574 [✔] http://www.arifhabib.com.pk/controlpanel/ Admin page found! Processing …: 100%|████████████████████████████████████████████████████████████████████████|574/574 Completed 2 Admin pages found 574 total pages scanned [/] Scanning over; Press Enter to Exit

Opening the webpage in web browser.

admin page of www.arifhabib.com.pk

Knowing admin page of any website puts an potential risk to website owner.

Now we try with TOR anonymity.

Type ./okadminfinder.py –tor -u exide.com.pk/

–tor – It will used TOR service for finding target website admin page.

– It will used TOR service for finding target website admin page. For starting type sudo service tor start

For checking TOR service running status. Type ps -ef | grep tor

-u is used for target URL. Target URL – exide.com.pk/

____ __ __ __ _ _______ __ / __ / //_/___ _____/ /___ ___ (_)___ / ____(_)___ ____/ /__ _____ / / / / ,< / __ `/ __ / __ `__ / / __ / /_ / / __ / __ / _ / ___/ / /_/ / /| / /_/ / /_/ / / / / / / / / / / __/ / / / / / /_/ / __/ / ____/_/ |___,_/__,_/_/ /_/ /_/_/_/ /_/_/ /_/_/ /_/__,_/___/_/ version 2.5.3 created by O.Koleda & rewrited by mIcHy AmRaNe

Site exide.com.pk/ is stable Processing …: 0%| |0/574 [✔] http://exide.com.pk//admin/ Admin page found! Processing …: 2%|█▋ |13/574 [✔] http://exide.com.pk//cpanel/ Admin page found! Processing …: 3%|█▉ |15/574 [✔] http://exide.com.pk//dashboard Admin page found! Processing …: 3%|██▎ |18/574 [✔] http://exide.com.pk//wp-login.php/ Admin page found! Processing …: 5%|███▎ |26/574 [✔] http://exide.com.pk//wp-admin/ Admin page found! Processing …: 8%|██████ |48/574 [✔] http://exide.com.pk//admin/index.php Admin page found!

Opening the exide admin page.

admin page of exide.com.pk

Above shows the admin page using TOR proxies. It might take time while using TOR. But it will find the available admin page.

Check youtube link to see the practical of okadminfinder3

Okadminfinder3 will use pre-build common list of admin logins, which are commonly found on any website admin panel. Below you can checkout listed keywords.

will use pre-build common list of admin logins, which are commonly found on any website admin panel. Below you can checkout listed keywords. You will find the file with name of adminpanellinks.txt

Type cat adminpanellinks.txt