#!/bin/bash # Admin Panel Detector - Linux/Mac Shell Script # Uses curl for scanning (no Python required) # Works on Linux/Mac with curl available set -e # Check if curl is available if ! command -v curl &> /dev/null; then echo "[ERROR] curl is not installed. Please install curl or use the Python script." exit 1 fi # Check target URL if [ -z "$1" ]; then echo "Usage: admin_scanner.sh " echo "Example: admin_scanner.sh https://example.com" exit 1 fi BASE_URL="$1" # Remove trailing slash BASE_URL="${BASE_URL%/}" echo "[+] Starting admin panel scan for: $BASE_URL" echo "[+] Scanning paths..." # Create temporary directory TEMP_DIR=$(mktemp -d) RESULTS_FILE="$TEMP_DIR/results.txt" VISITED_FILE="$TEMP_DIR/visited.txt" RESPONSE_FILE="$TEMP_DIR/response.html" STATUS_FILE="$TEMP_DIR/status.txt" touch "$RESULTS_FILE" touch "$VISITED_FILE" # Common admin/login paths PATHS=( # Standard admin paths "admin" "admin/" "admin.asp" "admin.aspx" "admin.htm" "admin.html" "admin.php" "admin.jsp" "admin1/" "admin1.asp" "admin1.aspx" "admin1.html" "admin1.php" "admin2/" "admin2.asp" "admin2.aspx" "admin2.html" "admin2.php" "administrator" "administrator/" "administrator.asp" "administrator.aspx" "administrator.html" "administrator.php" "administrator/login.asp" "administrator/login.aspx" "administrator/login.htm" "administrator/login.html" "administrator/login.php" "adminpanel/" "adm/" "adm.asp" "adm.aspx" "adm.htm" "adm.html" "adm.php" "admincp/" "admincp.php" "admin-login/" "admin-login.htm" "admin-login.html" "backend/" "control/" "cpanel/" "manage/" "manager/" "manager/html" "sysadmin.asp" "sysadmin.aspx" "sysadmin.html" "sysadmin.php" "sysadmin" "systemadmin" "superadmin/" "myadmin/" "siteadmin/" "admins.php" "webadmin" "webadmin/" "webadmin.asp" "webadmin.aspx" "webadmin.htm" "webadmin.html" "webadmin.php" "admin-login.asp" "admin-login.aspx" "admin-login.php" "admin-login/" # Login paths "login" "login/" "login.asp" "login.aspx" "login.htm" "login.html" "login.jsp" "login.php" "login.do" "login/index" "login/index.php" "login/login" "login/login.cgi" "login/login.htm" "login/login.php" "login/admin" "login_manage" "loginmanage" "userlogin" "memberlogin" "managelogin" "oalogin" "weblogin" # Admin sub-paths "admin/admin/" "admin/admin.asp" "admin/admin.aspx" "admin/admin.html" "admin/admin.php" "admin/index.asp" "admin/index.aspx" "admin/index.htm" "admin/index.html" "admin/index.php" "admin/home.asp" "admin/home.aspx" "admin/home.htm" "admin/home.html" "admin/home.php" "admin/login" "admin/login/" "admin/login.asp" "admin/login.aspx" "admin/login.htm" "admin/login.html" "admin/login.jsp" "admin/login.php" "admin/main.php" "admin/welcome.php" "admin/default.php" "admin/checklogin.php" "admin/default" "admin/edit" "admin/inc" "admin/manage" "admin/member" "admin/user" "admin.php?m=Admin&c=Index&a=login" # CMS/Framework-specific paths "wp-admin" "wp-admin/" "wp-login.php" "wp-login/" "wordpress/wp-admin/" "wordpress/wp-login.php" "joomla/administrator/" "drupal/user/login" "typo3/typo3/" "ecshop/admin/" "dedecms/dede/" "dede/" "dede/login.php" "plus/" "plus/admin.php" "discuz/admin.php" "forum/admin.php" "thinkphp/index.php/admin/" "tp5/public/index.php/admin/" "laravel/public/admin/" "yii/backend/web/" "yii/web/admin/" # Known product/admin interfaces "xxl-job-admin/login" "druid/login.html" "nacos" "geoserver" "geoserver/web/" "seeyon" "console" "console/" "console/index.html" "console/login/" "console/login/LoginForm.jsp" "phpmyadmin" "phpmyadmin/" "pma/" "myadmin/" "phpminiadmin.php" "jenkins" "grafana" "harbor" "portainer" "kubernetes-dashboard" "minio/console" "jira" "confluence" "console/login/LoginForm.jsp" "jboss" "glassfish" "dubbo-admin" "nginxwebui" "fortimanager" "rabbitmq" "swagger-ui.html" # Chinese OA/Enterprise Systems "whir_system/module/security/ezEIP_Login.aspx" "OperaLogin/Welcome.do" "default/showLogon.do" "toLogin" "ioffice/Login.aspx" "zentao" "cn/admin/login" "guanli" "gl" "lyb" "oa" "office" "weihu" "windfinance" "cnzz" # Generic/Other paths "account" "account.asp" "account.aspx" "account.htm" "account.html" "account.php" "account/login" "user" "user/" "user.asp" "user.aspx" "user.htm" "user.html" "user.php" "member" "member/" "member.asp" "member.aspx" "member.htm" "member.html" "member.php" "panel" "panel/" "panel.asp" "panel.aspx" "panel.php" "dashboard/" "portal/" "portal/login" "registration/" "root/" "home" "main" "hub" "hub/login" "web" "web/login" "api/login" "api/systeminfo" "app/login" "cfg/login" "cgi-bin/home" "cgi-bin/login" "index" "index.html" "index.php" "index.asp" "index.aspx" "index.jsp" "index.action" "index.do" "index/login" "index/user/login" "index.php/login" "ui/auth" "ui/index.html" "ui/login" "ui/login.action" "ui/login/" "system/login" "system/" "pages/login" "gateway" "vpn/index.html" "remote/login" ) PATH_COUNT=${#PATHS[@]} echo "[+] Total paths to scan: $PATH_COUNT" START_TIME=$(date +%s) # Function to analyze response analyze_response() { local url="$1" local path="$2" # Check for false positives if grep -q "页面不存在" "$RESPONSE_FILE" 2>/dev/null; then return fi if grep -q "AIHelp Web Portal" "$RESPONSE_FILE" 2>/dev/null; then return fi # Extract title local title="Unknown" title=$(grep -oiP '\K[^<]+' "$RESPONSE_FILE" 2>/dev/null | head -1 || echo "Unknown") if [ -z "$title" ]; then title="Unknown" fi # Check for admin indicators (High confidence) local is_admin=0 # Check title patterns if grep -qiP '<title>.*后台.*' "$RESPONSE_FILE" 2>/dev/null || grep -qiP '.*登录.*' "$RESPONSE_FILE" 2>/dev/null || grep -qiP '.*管理.*' "$RESPONSE_FILE" 2>/dev/null || grep -qiP '.*控制面板.*' "$RESPONSE_FILE" 2>/dev/null || grep -qiP '.*\bLogin\b.*' "$RESPONSE_FILE" 2>/dev/null || grep -qiP '.*admin.*' "$RESPONSE_FILE" 2>/dev/null; then is_admin=1 fi # Check for password field if grep -q 'type="password"' "$RESPONSE_FILE" 2>/dev/null; then is_admin=1 fi # Check for login indicators (Medium confidence) local is_login=0 if grep -q "登录" "$RESPONSE_FILE" 2>/dev/null || grep -q "Login" "$RESPONSE_FILE" 2>/dev/null || grep -qiP 'Sign\s+in' "$RESPONSE_FILE" 2>/dev/null; then is_login=1 fi # Check for CAPTCHA local has_captcha="No" if grep -q "验证码" "$RESPONSE_FILE" 2>/dev/null || grep -qi "captcha" "$RESPONSE_FILE" 2>/dev/null; then has_captcha="Yes" fi # Record result if [ $is_admin -eq 1 ]; then echo "[High] $url - $title - CAPTCHA:$has_captcha" >> "$RESULTS_FILE" elif [ $is_login -eq 1 ]; then echo "[Medium] $url - $title - CAPTCHA:$has_captcha" >> "$RESULTS_FILE" fi } # Scan each path for path in "${PATHS[@]}"; do full_url="${BASE_URL}/${path}" # Check if already visited if grep -qF "$full_url" "$VISITED_FILE" 2>/dev/null; then continue fi echo "$full_url" >> "$VISITED_FILE" # Fetch URL status_code=$(curl -s -o "$RESPONSE_FILE" -w "%{http_code}" -m 10 \ -A "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.2357.130 Safari/537.36" \ -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" \ --compressed \ "$full_url" 2>/dev/null || echo "000") # Check if status code is 200 or 401 if [ "$status_code" = "200" ] || [ "$status_code" = "401" ]; then analyze_response "$full_url" "$path" fi done END_TIME=$(date +%s) ELAPSED=$((END_TIME - START_TIME)) # Display results echo "" echo "================================================================================" echo "SCAN RESULTS" echo "================================================================================" if [ ! -s "$RESULTS_FILE" ]; then echo "[-] No admin panels or login pages found" else line_num=0 while IFS= read -r line; do line_num=$((line_num + 1)) echo "" echo "[$line_num] Found: $line" done < "$RESULTS_FILE" echo "" echo "================================================================================" echo "SUMMARY" echo "================================================================================" total=$(wc -l < "$RESULTS_FILE") high=$(grep -c "\[High\]" "$RESULTS_FILE" || echo 0) medium=$(grep -c "\[Medium\]" "$RESULTS_FILE" || echo 0) echo "Total found: $total" echo "High confidence: $high" echo "Medium confidence: $medium" fi # Cleanup rm -rf "$TEMP_DIR" echo "" echo "[+] Scan completed in ${ELAPSED} seconds" exit 0