Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/moeinfatehi/Admin-Panel_Finder
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
https://github.com/moeinfatehi/Admin-Panel_Finder
admin-dashboard-finder admin-finder admin-login-finder admin-login-scanner admin-page-finder admin-panel-finder adminpanelfinder application-security burp-extensions burpsuite burpsuite-extender data-leakage find-admin okadminfinder owasp owasp-top-10 owasp-top-ten penetration-testing sensitive-data-exposure sensitive-data-leakage
Last synced: about 1 month ago
JSON representation
A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)
- Host: GitHub
- URL: https://github.com/moeinfatehi/Admin-Panel_Finder
- Owner: moeinfatehi
- License: gpl-3.0
- Created: 2018-09-18T15:53:23.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2022-06-16T13:02:49.000Z (over 2 years ago)
- Last Synced: 2024-08-02T00:22:54.894Z (4 months ago)
- Topics: admin-dashboard-finder, admin-finder, admin-login-finder, admin-login-scanner, admin-page-finder, admin-panel-finder, adminpanelfinder, application-security, burp-extensions, burpsuite, burpsuite-extender, data-leakage, find-admin, okadminfinder, owasp, owasp-top-10, owasp-top-ten, penetration-testing, sensitive-data-exposure, sensitive-data-leakage
- Language: Java
- Homepage:
- Size: 188 KB
- Stars: 120
- Watchers: 6
- Forks: 20
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-burp-extensions - AdminPanelFinder - A burp suite extension that enumerates infrastructure and application Admin Interfaces (OWASP OTG-CONFIG-005) (Vulnerability Specific Extensions / Broken Access Control)
README
# Admin Panel Finder
A burp suite extension that enumerates infrastructure and application Admin Interfaces.
OWASP References:
* Classification: Web Application Security Testing > 02-Configuration and Deployment Management Testing
* OTG v4: OWASP OTG-CONFIG-005
* WSTG: WSTG-CONF-05# Why should I use this extension?
* Multi-thread
* Different and configurable levels of test.
* Includable status codes
* Excludable status codes
* More than 1000 built-in payloads.
* You can load your dictionary.
* Editable root directory
* Automatic detection of used technologies to generate custom payloads.
* Passive listening to find login pages.# Installation
The quickest way is to load the jar file (adminPanelFinder.jar) in the extender tab of the Burpsuite.
Extender -> Extensions -> Add
A new tab will be added to the burp suite.# Quick Start
1. Select a request of a target host from any tab of the burp suite (it must have a response with any status code)
2. In the "Admin Panel Finder -> options" tab, apply your configurations.
3. Go to the "Admin Panel Finder -> Finder -> Finder" tab and click on the "start" button.# Some of the options
These options can be used to customize the detection:
* Level: Level of tests to perform (1-5, default 3)
* Thread: num of threads (1-50, default 10)
* Built-in dictionary: there is a built-in dictionary containing the most used directory and file names to be used for static payload generation.
* Loadable dictionary: you can use your dictionary file for static payload generation.
* HTTP method: HTTP method to be used in requests (HEAD, GET)(default: Head)
* Extension: The extension used in application pages. [Example: php, asp, aspx, jsp, ...]
* Root Dir: The path to the root directory of the web application. (Default: /)
* Includable status codes
* Excludable status codes# Build From Source Code
1. To build the project, you need Gradle installed.
2. Clone the repository`git clone https://github.com/moeinfatehi/Admin-Panel_Finder`
3. Open the main directory of the project (where build.gradle file exists) and run: `gradle makeJar`
4. The Jar file will be generated in "build/libs/Admin-Panel_Finder.jar"# Disclaimer
This program is for educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that I'm not liable for any damages caused by the direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using these programs you accept the fact that any damage (data loss, system crash, system compromise, etc.) caused by the use of this program is not my responsibility.# Hack and have fun!
If you have any further questions, please don't hesitate to contact me via my twitter account.