@echo off chcp 65001 >nul setlocal enabledelayedexpansion :: Admin Panel Detector - Windows Batch Script :: Uses curl and PowerShell for scanning (no Python required) :: Works on Windows 7+ with curl available :: Check if curl is available where curl >nul 2>&1 if %errorlevel% neq 0 ( echo [ERROR] curl is not available. Please install curl or use the Python script. exit /b 1 ) :: Set target URL if "%~1"=="" ( echo Usage: admin_scanner.bat ^ echo Example: admin_scanner.bat https://example.com exit /b 1 ) set BASE_URL=%~1 :: Remove trailing slash set BASE_URL=%BASE_URL:~0,-1% echo [+] Starting admin panel scan for: %BASE_URL% echo [+] Scanning paths... :: Create temporary files for results set TEMP_DIR=%TEMP%\admin_scan_%RANDOM% mkdir "%TEMP_DIR%" 2>nul set RESULTS_FILE=%TEMP_DIR%\results.txt set VISITED_FILE=%TEMP_DIR%\visited.txt type nul > "%RESULTS_FILE%" type nul > "%VISITED_FILE%" :: Common admin/login paths set PATHS=admin admin/ admin.asp admin.aspx admin.htm admin.html admin.php admin.jsp ^ admin1/ admin1.asp admin1.aspx admin1.html admin1.php ^ admin2/ admin2.asp admin2.aspx admin2.html admin2.php ^ administrator administrator/ administrator.asp administrator.aspx administrator.html administrator.php ^ administrator/login.asp administrator/login.aspx administrator/login.htm administrator/login.html administrator/login.php ^ adminpanel/ adm/ adm.asp adm.aspx adm.htm adm.html adm.php ^ admincp/ admincp.php admin-login/ admin-login.htm admin-login.html ^ backend/ control/ cpanel/ manage/ manager/ manager/html ^ sysadmin.asp sysadmin.aspx sysadmin.html sysadmin.php sysadmin systemadmin ^ superadmin/ myadmin/ siteadmin/ admins.php ^ webadmin webadmin/ webadmin.asp webadmin.aspx webadmin.htm webadmin.html webadmin.php ^ admin-login.asp admin-login.aspx admin-login.php admin-login/ ^ login login/ login.asp login.aspx login.htm login.html login.jsp login.php login.do ^ login/index login/index.php login/login login/login.cgi login/login.htm login/login.php ^ login/admin login_manage loginmanage userlogin memberlogin managelogin oalogin weblogin ^ admin/admin/ admin/admin.asp admin/admin.aspx admin/admin.html admin/admin.php ^ admin/index.asp admin/index.aspx admin/index.htm admin/index.html admin/index.php ^ admin/home.asp admin/home.aspx admin/home.htm admin/home.html admin/home.php ^ admin/login admin/login/ admin/login.asp admin/login.aspx admin/login.htm admin/login.html admin/login.jsp admin/login.php ^ admin/main.php admin/welcome.php admin/default.php admin/checklogin.php ^ admin/default admin/edit admin/inc admin/manage admin/member admin/user ^ wp-admin wp-admin/ wp-login.php wp-login/ wordpress/wp-admin/ wordpress/wp-login.php ^ joomla/administrator/ ^ drupal/user/login ^ typo3/typo3/ ^ ecshop/admin/ ^ dedecms/dede/ dede/ dede/login.php ^ plus/ plus/admin.php ^ discuz/admin.php forum/admin.php ^ thinkphp/index.php/admin/ ^ tp5/public/index.php/admin/ ^ laravel/public/admin/ ^ yii/backend/web/ yii/web/admin/ ^ xxl-job-admin/login ^ druid/login.html ^ nacos ^ geoserver geoserver/web/ ^ seeyon ^ console console/ console/index.html console/login/ console/login/LoginForm.jsp ^ phpmyadmin phpmyadmin/ pma/ myadmin/ phpminiadmin.php ^ jenkins ^ grafana ^ harbor ^ portainer ^ kubernetes-dashboard ^ minio/console ^ jira ^ confluence ^ WebLogic:console/login/LoginForm.jsp ^ jboss ^ glassfish ^ dubbo-admin ^ nginxwebui ^ fortimanager ^ rabbitmq ^ swagger-ui.html ^ whir_system/module/security/ezEIP_Login.aspx ^ OperaLogin/Welcome.do ^ default/showLogon.do ^ toLogin ^ ioffice/Login.aspx ^ zentao ^ cn/admin/login ^ guanli gl lyb oa office weihu windfinance cnzz ^ account account.asp account.aspx account.htm account.html account.php account/login ^ user user/ user.asp user.aspx user.htm user.html user.php ^ member member/ member.asp member.aspx member.htm member.html member.php ^ panel panel/ panel.asp panel.aspx panel.php ^ dashboard/ portal/ portal/login registration/ root/ home main hub hub/login web web/login ^ api/login api/systeminfo app/login cfg/login cgi-bin/home cgi-bin/login ^ index index.html index.php index.asp index.aspx index.jsp index.action index.do ^ index/login index/user/login index.php/login ^ ui/auth ui/index.html ui/login ui/login.action ui/login/ ^ system/login system/ pages/login gateway ^ vpn/index.html remote/login :: Count total paths set PATH_COUNT=0 for %%P in (%PATHS%) do set /a PATH_COUNT+=1 echo [+] Total paths to scan: %PATH_COUNT% set START_TIME=%TIME% :: Scan each path set FOUND_COUNT=0 for %%P in (%PATHS%) do ( set FULL_URL=%BASE_URL%/%%P :: Check if already visited findstr /c:"!FULL_URL!" "%VISITED_FILE%" >nul 2>&1 if !errorlevel! neq 0 ( echo !FULL_URL! >> "%VISITED_FILE%" :: Fetch URL and check response curl -s -o "%TEMP_DIR%\response.html" -w "%%{http_code}" -m 10 ^ -A "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.2357.130 Safari/537.36" ^ -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" ^ --compressed ^ "!FULL_URL!" 2>nul > "%TEMP_DIR%\status.txt" set /p STATUS_CODE=<"%TEMP_DIR%\status.txt" :: Check if status code is 200 or 401 if "!STATUS_CODE!"=="200" ( call :analyze_response "!FULL_URL!" "%%P" ) else if "!STATUS_CODE!"=="401" ( call :analyze_response "!FULL_URL!" "%%P" ) ) ) set END_TIME=%TIME% :: Display results echo. echo ================================================================================ echo SCAN RESULTS echo ================================================================================ if not exist "%RESULTS_FILE%" ( echo [-] No admin panels or login pages found ) else ( set LINE_NUM=0 for /f "usebackq delims=" %%L in ("%RESULTS_FILE%") do ( set /a LINE_NUM+=1 echo. echo [!LINE_NUM!] Found: %%L ) echo. echo ================================================================================ echo SUMMARY echo ================================================================================ findstr /c:"[High]" "%RESULTS_FILE%" | find /c /v "" > "%TEMP_DIR%\high_count.txt" findstr /c:"[Medium]" "%RESULTS_FILE%" | find /c /v "" > "%TEMP_DIR%\medium_count.txt" set /p HIGH_COUNT=<"%TEMP_DIR%\high_count.txt" set /p MEDIUM_COUNT=<"%TEMP_DIR%\medium_count.txt" echo Total found: %LINE_NUM% echo High confidence: %HIGH_COUNT% echo Medium confidence: %MEDIUM_COUNT% ) :: Cleanup rmdir /s /q "%TEMP_DIR%" 2>nul echo. echo [+] Scan completed exit /b 0 :analyze_response set URL=%~1 set PATH=%~2 :: Read response file set RESPONSE_FILE=%TEMP_DIR%\response.html if not exist "%RESPONSE_FILE%" exit /b :: Check for false positives findstr /c:"页面不存在" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 exit /b findstr /c:"AIHelp Web Portal" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 exit /b :: Extract title using PowerShell set TITLE=Unknown for /f "usebackq delims=" %%T in (`powershell -Command "$html = Get-Content '%RESPONSE_FILE%' -Raw; if ($html -match '(?i)(.*?)') { $matches[1] } else { 'Unknown' }"`) do ( set TITLE=%%T ) :: Check for admin indicators (High confidence) set IS_ADMIN=0 findstr /r /c:".*后台.*" /c:".*登录.*" /c:".*管理.*" /c:".*控制面板.*" /c:".*\bLogin\b.*" /c:".*admin.*" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 set IS_ADMIN=1 findstr /c:"type=\"password\"" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 set IS_ADMIN=1 :: Check for login indicators (Medium confidence) set IS_LOGIN=0 findstr /c:"登录" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 set IS_LOGIN=1 findstr /c:"Login" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 set IS_LOGIN=1 :: Check for CAPTCHA set HAS_CAPTCHA=No findstr /c:"验证码" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 set HAS_CAPTCHA=Yes findstr /c:"captcha" "%RESPONSE_FILE%" >nul 2>&1 if !errorlevel! equ 0 set HAS_CAPTCHA=Yes :: Determine confidence and record result if !IS_ADMIN! equ 1 ( echo [High] !URL! - !TITLE! - CAPTCHA:!HAS_CAPTCHA! >> "%RESULTS_FILE%" set /a FOUND_COUNT+=1 ) else if !IS_LOGIN! equ 1 ( echo [Medium] !URL! - !TITLE! - CAPTCHA:!HAS_CAPTCHA! >> "%RESULTS_FILE%" set /a FOUND_COUNT+=1 ) exit /b