目录导航
网站管理面板扫描器,网站后台扫描器,Admin-Scanner,跨平台,可以在linux,windows,android上使用,支持使用代理服务器进行扫描,可以自定义扫描线程延迟时间,有效防止封ip已经网站瘫痪,可以自定义密码字典,使用默认的管理员后台地址进行扫描
项目地址
主要是看重其跨平台,可以在手机上使用.
GitHub: github.com/alienwhatever/Admin-Scanner
该工具旨在通过使用自定义单词列表或默认单词列表轻松找到任何网站的管理面板[说白了就是靠跑字典的工具,默认后台地址才有点用,或者自定义密码字典]
字典列表
admin.php
admin.html
index.php
login.php
login.html
administrator
admin
adminpanel
cpanel
login
wp-login.php
administrator
admins
logins
admin.asp
login.asp
adm/
admin/
admin/account.html
admin/login.html
admin/login.htm
admin/controlpanel.html
admin/controlpanel.htm
admin/adminLogin.html
admin/adminLogin.htm
admin.htm
admin.html
adminitem/
adminitems/
administrator/
administrator/login.%EXT%
administrator.%EXT%
administration/
administration.%EXT%
adminLogin/
adminlogin.%EXT%
admin_area/admin.%EXT%
admin_area/
admin_area/login.%EXT%
manager/
superuser/
superuser.%EXT%
access/
access.%EXT%
sysadm/
sysadm.%EXT%
superman/
supervisor/
panel.%EXT%
control/
control.%EXT%
member/
member.%EXT%
members/
user/
user.%EXT%
cp/
uvpanel/
manage/
manage.%EXT%
management/
management.%EXT%
signin/
signin.%EXT%
log-in/
log-in.%EXT%
log_in/
log_in.%EXT%
sign_in/
sign_in.%EXT%
sign-in/
sign-in.%EXT%
users/
users.%EXT%
accounts/
accounts.%EXT%
bb-admin/login.%EXT%
bb-admin/admin.%EXT%
bb-admin/admin.html
administrator/account.%EXT%
relogin.htm
relogin.html
check.%EXT%
relogin.%EXT%
blog/wp-login.%EXT%
user/admin.%EXT%
users/admin.%EXT%
registration/
processlogin.%EXT%
checklogin.%EXT%
checkuser.%EXT%
checkadmin.%EXT%
isadmin.%EXT%
authenticate.%EXT%
authentication.%EXT%
auth.%EXT%
authuser.%EXT%
authadmin.%EXT%
cp.%EXT%
modelsearch/login.%EXT%
moderator.%EXT%
moderator/
controlpanel/
controlpanel.%EXT%
admincontrol.%EXT%
adminpanel.%EXT%
fileadmin/
fileadmin.%EXT%
sysadmin.%EXT%
admin1.%EXT%
admin1.html
admin1.htm
admin2.%EXT%
admin2.html
yonetim.%EXT%
yonetim.html
yonetici.%EXT%
yonetici.html
phpmyadmin/
myadmin/
ur-admin.%EXT%
ur-admin/
Server.%EXT%
Server/
wp-admin/
administr8.%EXT%
administr8/
webadmin/
webadmin.%EXT%
administratie/
admins/
admins.%EXT%
administrivia/
Database_Administration/
useradmin/
sysadmins/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
power_user/
system_administration/
ss_vms_admin_sm/
bb-admin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
adm.%EXT%
admin_login.%EXT%
panel-administracion/login.%EXT%
pages/admin/admin-login.%EXT%
pages/admin/
acceso.%EXT%
admincp/login.%EXT%
admincp/
adminarea/
admincontrol/
affiliate.%EXT%
adm_auth.%EXT%
memberadmin.%EXT%
administratorlogin.%EXT%
modules/admin/
administrators.%EXT%
siteadmin/
siteadmin.%EXT%
adminsite/
kpanel/
vorod/
vorod.%EXT%
vorud/
vorud.%EXT%
adminpanel/
PSUser/
secure/
webmaster/
webmaster.%EXT%
autologin.%EXT%
userlogin.%EXT%
admin_area.%EXT%
cmsadmin.%EXT%
security/
usr/
root/
secret/
admin/login.%EXT%
admin/adminLogin.%EXT%
moderator.php
moderator.html
moderator/login.%EXT%
moderator/admin.%EXT%
yonetici.%EXT%
0admin/
0manager/
aadmin/
cgi-bin/login%EXT%
login1%EXT%
login_admin/
login_admin%EXT%
login_out/
login_out%EXT%
login_user%EXT%
loginerror/
loginok/
loginsave/
loginsuper/
loginsuper%EXT%
login%EXT%
logout/
logout%EXT%
secrets/
super1/
super1%EXT%
super_index%EXT%
super_login%EXT%
supermanager%EXT%
superman%EXT%
superuser%EXT%
supervise/
supervise/Login%EXT%
super%EXT%Linux/pc安装方法
sudo apt install python3
sudo apt install python3-pip
sudo apt install git
git clone https://github.com/alienwhatever/Admin-Scanner.git cd Admin-ScannerTermux / Android安装方法
pkg update && pkg upgrade
pkg install python3
pkg install git
git clone https://github.com/alienwhatever/Admin-Scanner.git
cd Admin-Scanner
pip3 install -r requirement.txt使用方法
作者: alienwhatever
credit github.com/bdblackhat for list.txt
orginal-source-of-list.txt - https://github.com/bdblackhat/admin-panel-finder/blob/master/link.txt
此工具仅用于教育和测试目的
我对你用这个工具做的事不负责
用法:
-site <网站地址> - 要扫描的网站网址
--proxy <prorocol>-<代理服务器ip:端口> - 使用代理服务器扫描管理面板
--t <秒(s)> - 扫描线程的延迟时间(防止HTTP 508)
--w <path/of/custom/wordlist> - 自定义扫描字典目录地址
例如:
./scan.py -site example.com
./scan.py -site example.com --t 1
./scan.py -site example.com example2.com
./scan.py -site example.com --w /custom/wordlist/list.txt
./scan.py --proxy http-1.2.3.4:8080 -site example.comscan.py源码
#!/usr/bin/python3
from threading import Lock, Thread
from requests import get
from requests.exceptions import ConnectionError as fail
from requests.exceptions import MissingSchema as noschema
from queue import Queue
from time import sleep
from sys import argv
proxy_enable = False
msg = """
author: alienwhatever
credit github.com/bdblackhat for list.txt
orginal-source-of-list.txt - https://github.com/bdblackhat/admin-panel-finder/blob/master/link.txt
This tool is for educational and testing purposes only
I am not responsible for what you do with this tool
"""
msg
# show usage to user
if len(argv) == 1:
print (msg)
print ('Usages:')
print ("""
-site <url of website> - Website to scan
--proxy <prorocol>-<proxyserverip:port> - Scan admin panel using proxy server
--t <second(s)> - Time delay for a thread to scan (To prevent from getting HTTP 508)
--w <path/of/custom/wordlist> - custom wordlist
Example:
./{0} -site example.com
./{0} -site example.com --t 1
./{0} -site example.com example2.com
./{0} -site example.com --w /custom/wordlist/list.txt
./{0} --proxy http-1.2.3.4:8080 -site example.com
""".format(argv[0]))
exit()
else:
delay = 0
file_to_open = 'list.txt'
if '--proxy' in argv[1:]:
proxy_enable = True
proxyprotocol, proxyserver = argv[argv.index('--proxy')+1].split('-')
print ('Using Proxy - True')
if '--t' in argv[1:]:
delay = int(argv[argv.index('--t')+1])
if '-site' not in argv[1:]:
print ('Which site you wanna scan!!!!')
exit()
if '-site' in argv[1:]:
check = argv[argv.index('-site')+2:]
websites_to_scan = argv[argv.index('-site')+1:]
for i in check:
if i[:2] == '--' or i[:1] == '-':
websites_to_scan = argv[argv.index('-site')+1]
if '--w' in argv[1:]:
file_to_open = argv[argv.index('--w')+1]
# used threading things #
# Lock
# Thread
print_lock = Lock()
q = Queue()
# run thread function using Queue and Thread()
def thread(website):
worker = q.get()
try:
if proxy_enable:
r = get('{}{}'.format(website, worker), proxies={proxyprotocol: proxyserver}, allow_redirects=True)
if not proxy_enable:
r = get('{}{}'.format(website, worker))
if r.ok:
print (' [Status-code - {}] Success: '.format(r.status_code), worker)
except fail:
print ('Connection Error')
except noschema:
print ('ERROR ERROR ERROR ERROR ERROR')
print ('ERROR: Where is URL Scheme!!!!!!! example: https://example.com or http://example.com not exmple.com')
exit()
print (msg)
if type(websites_to_scan) is str:
websites_to_scan = [websites_to_scan]
for website in websites_to_scan:
if website[-1] != '/':
website = website + '/'
# put admin panel urls to queue
with open(file_to_open, 'r') as f:
for line in f:
q.put(line.strip().encode().decode('utf-8'))
# create thread and run till Queue is empty
print ('Result for {}:'.format(website))
while not q.empty():
t = Thread(target=thread, args=(website,), daemon=True)
t.start()
sleep(delay)
t.join()
print('\n')
更多密码字典
这里的密码相对来说比较少,可以到我的网盘进行下载更多密码字典
地址: https://w.ddosi.workers.dev/
