How to find website admin panel using cpscan

Most of the websites have their own custom control panel/admin panel other than the server cpanel. They are simply programmed in php, html and java like languages. These admin panel can control the website completely other than the server settings. Once you have access to this then you can upload new images, edit pages and posts etc.

Admin panel requires a login that is stored in its local database. You can simply hack the database with tools like sqlmap (How to hack a database with sql injection sqlmap) or you can bruteforce it to gain access. The most annoying part in web penetration testing is finding these control panels. You can manually type in urls and search it which is very time consuming.

Here i have written a simple piece of code in python- CPSCAN. This can perform that annoying task easily. This python script bruteforce all the possible directories of a server and detects control panel by http response codes. This can detect almost 85% of websites.  There is a file named dir you can edit the file to add or remove directory if necessary .

 

Demo video

Download cpscan

Download from GitHub. click here .

 

or directly clone by the command

 

# git clone https://github.com/susmithHCK/cpscan.git

 

Download it and open terminal in the directory and type the following command

 

# python cpscan.py -t targetsite.com -v

 option -v is for verbose mode. This can check every directory one by one and display the http codes, if it found one it will prompt user to continue scan or quit with the result. this wont take much time and its easy to use.Any doubts or questions? post it on the comment section below. If you like this blog give me a like on facebook and add me on google plus. Subscribe my youtube channel for video tutorials.

susmith HCK

susmith HCK

I’m a computer enthusiast basically and i love to write blogs on tech issues and cyber security. I started penetration testing at the age of 16 and i would like to explore security vulnerabilities and latest tech news and wanna share with you. If you like all these stuffs add me on Facebook and Google plus.

You may also like...

2 Responses

  1. pure says:

    thanks for sharing
    correct typo on your git command :
    git clone without “-”
    wrong command was
    # git-clone https://github.com/susmithHCK/cpscan.git
    correct one is :
    # git clone https…………..

    thanks

Leave a Reply

Your email address will not be published. Required fields are marked *