Open In App

Admin-Scanner – Find Admin Panel Of Any Website By Using Custom Wordlist

Last Updated : 12 Jan, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

Admin or Administrators is the role with the highest privilege or highest level of access to your website or domain. Administrators can add content on all pages and access all items in the specified Admin Toolbar or page, which means that admins can control-wide settings like the design of tour websites or the database configuration. Admins can add and delete other admin users and approve or reject other users’ edits on the domain.

Note: Make Sure You have Python Installed on your System, as Admin-Scanner is a python-based tool. Click to Install: Python Installation Steps on Linux

What is Admin-Scanner Tool?

Admin-Scanner is an automated python language script that can detect the admin pages on the target domain. If you are an attacker and trying to penetrate the domain, these admin pages can help you. If you find any misconfigured admin page, you can easily be the domain administrator and make changes as per your choice. Admin-Scanner tool provides you with inbuilt wordlists, which are brute-forced on the target domain to detect admin pages.

Features of Admin-Scanner Tool

  1. Admin-Scanner is open-source and free to use.
  2. Admin-Scanner is Python language-based tool.
  3. Admin-Scanner is an automated tool for finding admin pages.
  4. Admin-Scanner provides the feature to customize and use wordlists.
  5. Admin-Scanner provides the feature to set the value of the thread for efficient usage.
  6. Admin-Scanner is easy to use.

Flags or Tags Available

  1. -site <url of website> – Specifying URL of Target Domain
  2. –proxy <protocol>-<proxyserverip:port> – Scanning for Admin Panel using Proxy Server
  3. –t <second(s)> – Time delay for a thread to scan (To prevent from getting HTTP 508)
  4. –w <path/of/custom/wordlist> – Providing Custom Wordlists.

Installation of Admin-Scanner Tool in Kali Linux OS

Step 1: Check whether Python Environment is Established or not, use the following command.

python

Step 2: Fire up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called Admin-Scanner using the following command. In this directory, we will complete the installation of the Admin-Scanner tool.

mkdir Admin-Scanner

Step 4: Now switch to the Admin-Scanner directory using the following command.

cd Admin-Scanner

Step 5: Now you have to install the tool. You have to clone the tool from Github.

git clone https://github.com/alienwhatever/Admin-Scanner.git

Step 6: The tool has been downloaded successfully in the Admin-Scanner directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the Admin-Scanner tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd Admin-Scanner

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Now we are done with our installation, Use the below command to view the help (gives a better understanding of tool) index of the tool.

python3 scan.py

Working with Admin-Scanner Tool

Example 1: Simple Scan (Single Domain)

python3 scan.py -site https://geeksforgeeks.org

1. In this example, we are detecting admin panels or admin web pages on a single target domain which is geeksforgeeks.org.

2. In the below Screenshot, we are trying to access one of the admin panel of geeksforgeeks.org/superuser, but we are getting the message of Access Denied, it means that only Administrator has access to this panel

 

Example 2: Using Time Delay for Thread Scan

python3 scan.py -site https://geeksforgeeks.org --t 1

1. In this example, we are specifying the Time delay for a thread to scan using the –t tag.

Example 3: Multiple Target Domain

python3 scan.py -site https://geeksforgeeks.org https://google.com

1. In this example, we are searching for Admin Panels on multiple target domains. In the below Screenshot our targets are geeksforgeeks.org and google.com. So First we will get the admin panels of geeksforgeeks.org.

2. In the below Screenshot, we are getting the admin panelist for our next target domain i.e google.com

Example 4: Using Custom Wordlists

python3 scan.py -site https://geeksforgeeks.org --w custom_wordlist

1. In this example, we will be using our own custom wordlist for admin panel scanning. So in the below screenshot, we have the text file named custom_wordlist.txt which we will be using for the scanning with the help of the –w tag.

2. In the below screenshot, we can see that Admin Pages are detected by brute-forcing custom_wordlist.txt which we have specified using the –w tag.


Like Article
Suggest improvement
Previous
Detecting and Checking Rootkits with Chkrootkit and rkhunter Tool in Kali Linux
Next
How to Find Out File Types in Linux
Share your thoughts in the comments

Similar Reads

Haklistgen - Turns Any Junk Text Into A Usable Wordlist For Brute-Forcing
OWASP D4N155 - Intelligent And Dynamic Wordlist Using OSINT
OKadminFinder - Linux tool to Find Admin Panel of site
GONET-Scanner - Golang Network Scanner With Arp Discovery And Own Parser
X Attacker Tool - Website Vulnerability Scanner and Auto Exploiter
Breacher - Tool To Find Admin Login Pages And EAR Vulnerabilities
See-SURF - Python Based Scanner To Find Potential SSRF Parameters
How to Code Your Own Port Scanner Using BASH Script and netcat Tool in Linux?
Making a Port-Scanner in Kali Linux Terminal Using Python
Vscan - Vulnerability Scanner Tool Using Nmap And NSE Scripts in Kali Linux

G
gauravgandal
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox