* * Admin location finder for single site. * optionally dump scan result to text file. * * still very early release, just for testing and coding purpose :) * *------------------------------------------------------------------------+ * This program is free software; you can redistribute it and/or modify | * it under the terms of the GNU General Public License version 2 as | * published by the Free Software Foundation. | * | * This program is distributed in the hope that it will be useful, | * but WITHOUT ANY WARRANTY; without even the implied warranty of | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | * GNU General Public License for more details. | * | * This script are often used solely for informative, educational | * purposes only. Author cannot be held responsible for any | * damage and (or) (ab)use of this script. | * Please submit changes of the script so other people can use | * them as well. This script is free to use, don't abuse. | *------------------------------------------------------------------------+ */ set_time_limit(0); $greetz = ' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- PHP Admin Location Lookup by ditatompel < ditatompel [at] gmail [dot] com > Please send bug report to help improving this script. Greetings for all members of devilzc0de.org, all Indonesian c0ders, and all GNU Generation ;-) Thanks to : 5ynL0rd who always inspire me, I glue you all my regards. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- '; print $greetz; if ( $argc < 2) { print_r(' ----------------------------------------------------------------------------- Usage : php '.$argv[0].' [target] [output] target : domain / url output : file name for Every [+] Wo0t! output will be saved to (optional) Example 1 : php '.$argv[0].' myhost.com Example 2 : php '.$argv[0].' myhost.com scan_result.txt ----------------------------------------------------------------------------- '); exit; } function doValidLink($link) { $validLink = preg_match("|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i", $link) ? $link : "http://" . $link; return $validLink . '/'; } function write($text) { global $fh; fwrite($fh, $text); } $url = doValidLink($argv[1]); $output = $argv[2]; // usual admin login place. Add yours if you want ;p $adminLookup = array( "admin1.php", "admin1.html", "admin2.php", "admin2.html", "administrator/", "administrator/index.html", "administrator/index.php", "administrator/login.html", "administrator/login.php", "administrator/account.html", "administrator/account.php", "administrator.php", "administrator.html", "admin/", "admin/account.php", "admin/account.html", "admin/index.php", "admin/index.html", "admin/login.php", "admin/login.html", "admin/home.php", "admin/controlpanel.html", "admin/controlpanel.php", "admin.php", "admin.html", "admin/cp.php", "admin/cp.html", "adm/", "account.php", "account.html", "admincontrol.php", "admincontrol.html", "adminpanel.php", "adminpanel.html", "admin1.asp", "admin2.asp", "admin/account.asp", "admin/index.asp", "admin/login.asp", "admin/home.asp", "admin/controlpanel.asp", "admin.asp", "admin/cp.asp", "administr8.php", "administr8.html", "administr8/", "administr8.asp", "yonetim.php", "yonetim.html", "yonetici.php", "yonetici.html", "maintenance/", "webmaster/", "configuration/", "configure/", "cp.php", "cp.html", "controlpanel/", "controlpanel.php", "controlpanel.html", "ccms/", "ccms/login.php", "ccms/index.php", "login.php", "login.html", "modelsearch/login.php", "moderator.php", "moderator.html", "moderator/login.php", "moderator/login.html", "moderator/admin.php", "moderator/admin.html", "moderator/", "yonetim.asp", "yonetici.asp", "cp.asp", "administrator/index.asp", "administrator/login.asp", "administrator/account.asp", "administrator.asp", "login.asp", "modelsearch/login.asp", "moderator.asp", "moderator/login.asp", "moderator/admin.asp", "account.asp", "controlpanel.asp", "admincontrol.asp", "adminpanel.asp", "fileadmin/", "fileadmin.php", "fileadmin.asp", "fileadmin.html", "administration/", "administration.php", "administration.html", "sysadmin.php", "sysadmin.html", "phpmyadmin/", "myadmin/", "sysadmin.asp", "sysadmin/", "ur-admin.asp", "ur-admin.php", "ur-admin.html", "ur-admin/", "Server.php", "Server.html", "Server.asp", "Server/", "webadmin/", "webadmin.php", "webadmin.asp", "webadmin.html", "administratie/", "admins/", "admins.php", "admins.asp", "admins.html", "administrivia/", "Database_Administration/", "WebAdmin/", "useradmin/", "sysadmins/", "admin1/", "system-administration/", "administrators/", "pgadmin/", "directadmin/", "staradmin/", "ServerAdministrator/", "SysAdmin/", "administer/", "LiveUser_Admin/", "sys-admin/", "typo3/", "panel/", "cpanel/", "cPanel/", "cpanel_file/", "platz_login/", "rcLogin/", "blogindex/", "formslogin/", "autologin/", "support_login/", "meta_login/", "manuallogin/", "simpleLogin/", "loginflat/", "utility_login/", "showlogin/", "memlogin/", "members/", "login-redirect/", "sub-login/", "wp-login/", "wp-admin/", "blog/wp-admin/", "blog/wp-login/", "forum/admin/", "login1/", "dir-login/", "login_db/", "xlogin/", "smblogin/", "customer_login/", "UserLogin/", "login-us/", "acct_login/", "admin_area/", "bigadmin/", "project-admins/", "phppgadmin/", "pureadmin/", "sql-admin/", "radmind/", "openvpnadmin/", "wizmysqladmin/", "vadmind/", "ezsqliteadmin/", "hpwebjetadmin/", "newsadmin/", "adminpro/", "Lotus_Domino_Admin/", "bbadmin/", "vmailadmin/", "Indy_admin/", "ccp14admin/", "irc-macadmin/", "banneradmin/", "sshadmin/", "phpldapadmin/", "macadmin/", "administratoraccounts/", "admin4_account/", "admin4_colon/", "radmind-1/", "Super-Admin/", "AdminTools/", "cmsadmin/", "SysAdmin2/", "globes_admin/", "cadmins/", "phpSQLiteAdmin/", "navSiteAdmin/", "server_admin_small/", "logo_sysadmin/", "server/", "database_administration/", "power_user/", "system_administration/", "ss_vms_admin_sm/", "websvn/" ); echo "\r\nChecking " . $url . "\r\n"; // get server headers $check = get_headers($url, 1); if ( empty($check)) { print_r(' No repsond from server. make sure your target url are correct! Exiting... ----------------------------------------------------------------------------- '); exit; } $serverInfo = $check['Server']; // handle for redirect status. // replace target path with server redirect location. if (preg_match('/301/', $check[0]) || preg_match('/302/', $check[0]) ) { $url = $check['Location']; $serverInfo = $check['Server'][0]; } $additionalInfo = NULL; if ( !empty($output) ) { $fh = fopen($output, 'w'); $additionalInfo = $fh ? 'Every [+] Wo0t! output will be saved on ' . $output : '[!] Cannot write scan result to ' . $output; } $info = ' ----------------------------------------------------------------------------- Target : ' . $url . ' Status : ' . $check[0] . ' Server : ' . $serverInfo . ' Start Scan : ' . date("Y-m-d H:i:s") . ' ' . $additionalInfo . ' ----------------------------------------------------------------------------- '; print_r($info); if ( $fh ) { write($greetz); write($info); } foreach ($adminLookup as $admin){ $headers = get_headers($url . $admin, 1); if ( preg_match('/200/', $headers[0]) ) { $result = "[+] Wo0t! " . $url . $admin . " Found!\r\n"; echo $result; if ( $fh ) { write($result); } } elseif (preg_match('/301/', $headers[0]) || preg_match('/302/', $headers[0]) ) { $result = "[+] Wo0t! " . $url . $admin . " Found! redirect to -> " . $headers['Location'] . "\r\n"; echo $result; if ( $fh ) { write($result); } } else { echo "[-] " . $url . $admin . " NOT Found!\r\n"; } } if ( !empty($output) ) { write("-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Finish -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n"); fclose($fh); } echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Finish -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\r\n"; ?>