A burp suite extension that enumerates infrastructure and utility Admin Interfaces.
OWASP References:
- Classification: Net Software Safety Testing > 02-Configuration and Deployment Administration Testing
- OTG v4: OWASP OTG-CONFIG-005
- WSTG: WSTG-CONF-05
- Multi-thread
- Completely different and configurable ranges of check.
- Includable standing codes
- Excludable standing codes
- Greater than 1000 built-in payloads.
- You’ll be able to load your dictionary.
- Editable root listing
- Automated detection of used applied sciences to generate customized payloads.
- Passive listening to seek out login pages.
The quickest means is to load the jar file (adminPanelFinder.jar) within the extender tab of the Burpsuite.
Extender -> Extensions -> Add
A brand new tab will likely be added to the burp suite.
- Choose a request of a goal host from any tab of the burp suite (it should have a response with any standing code)
- Within the “Admin Panel Finder -> choices” tab, apply your configurations.
- Go to the “Admin Panel Finder -> Finder -> Finder” tab and click on on the “begin” button.
These choices can be utilized to customise the detection:
- Degree: Degree of exams to carry out (1-5, default 3)
- Thread: num of threads (1-50, default 10)
- Constructed-in dictionary: there’s a built-in dictionary containing probably the most used listing and file names for use for static payload era.
- Loadable dictionary: you should use your dictionary file for static payload era.
- HTTP methodology: HTTP methodology for use in requests (HEAD, GET)(default: Head)
- Extension: The extension utilized in utility pages. [Example: php, asp, aspx, jsp, …]
- Root Dir: The trail to the basis listing of the net utility. (Default: /)
- Includable standing codes
- Excludable standing codes
This program is for instructional goal ONLY. Don’t use it with out permission. The standard disclaimer applies, particularly the truth that I am not answerable for any damages brought on by the direct or oblique use of the data or performance supplied by these applications. The writer or any Web supplier bears NO accountability for content material or misuse of those applications or any derivatives thereof. By utilizing these applications you settle for the truth that any injury (information loss, system crash, system compromise, and so forth.) brought about by means of this program just isn’t my accountability.
When you have any additional questions, please do not hesitate to contact me through my twitter account.