find panels from grabbed websites the attacker may do a lot of vulnerabilty tests on the admin area
(self)
| 1169 | # find admin panels |
| 1170 | |
| 1171 | def findPanels(self): |
| 1172 | """ |
| 1173 | find panels from grabbed websites |
| 1174 | the attacker may do a lot of vulnerabilty |
| 1175 | tests on the admin area |
| 1176 | """ |
| 1177 | print "[~] Finding admin panels" |
| 1178 | adminList = ['admin/', 'site/admin', 'admin.php/', 'up/admin/', 'central/admin/', 'whm/admin/', 'whmcs/admin/', 'support/admin/', 'upload/admin/', 'video/admin/', 'shop/admin/', 'shoping/admin/', 'wp-admin/', 'wp/wp-admin/', 'blog/wp-admin/', 'admincp/', 'admincp.php/', 'vb/admincp/', 'forum/admincp/', 'up/admincp/', 'administrator/', |
| 1179 | 'administrator.php/', 'joomla/administrator/', 'jm/administrator/', 'site/administrator/', 'install/', 'vb/install/', 'dimcp/', 'clientes/', 'admin_cp/', 'login/', 'login.php', 'site/login', 'site/login.php', 'up/login/', 'up/login.php', 'cp.php', 'up/cp', 'cp', 'master', 'adm', 'member', 'control', 'webmaster', 'myadmin', 'admin_cp', 'admin_site'] |
| 1180 | clearScr() |
| 1181 | for site in self.sites: |
| 1182 | for admin in adminList: |
| 1183 | try: |
| 1184 | if urllib.urlopen(site + admin).getcode() == 200: |
| 1185 | print " [*] Found admin panel -> ", site + admin |
| 1186 | except IOError: |
| 1187 | pass |
| 1188 | ############################ |
| 1189 | # find ZIP files |
| 1190 |