Python ile Hedef Web'in Admin Sayfasını Bulma!!!
Mayıs 3, 2018 / by Erdem Yıldız
Merhaba arkadaşlar bugün python ile yazmış olduğum script'te verdiğiniz url üzerinden , hedef web'in admin sayfasını bulmaya çalışıp sizlere gösteren script'in amacını , kodlarını ve video ile kullanımı göstereceğim. Haydi bir giriş yapalım...
Arkadaşlar bu scripteki amacım şuydu.Seçtiğimiz hedef web sayfasının admin login kısmını bulmaya çalışmaktır. Eğer terminal ekranında çıktı olarak bulundu yazısı görüldüğünde script çalışmasını durduruyor.Günümüzde "url./admin..." tarzı kullanım azalmakta fakat tamamen bitmiş değildir.Bununla ilgili bir script yazıp belki bir umut işimize yarar diye düşündüğümden sizinle paylaşmak istedim.
Kötü kod yazdığım için üzgünüm.Daha iyi bir yazılımcı olmak için yazılım geliştirme ve problem çözme yeteneğim üzerinde hala uğraşmaktayım.
# FindAdminPage.py
# -*- coding: utf-8 -*-
import time
import requests
import threading
import sys
lock = threading.Lock()
status =404
class Find():
def __init__(self):
self.wordlist =['admin', 'administrator', 'admin1', 'admin2', 'admin3', 'admin4', 'admin5', 'usuarios', 'usuario', 'moderator', 'webadmin', 'adminarea', 'bb-admin', 'adminLogin', 'admin_area', 'panel-administracion', 'instadmin', 'memberadmin', 'administratorlogin', 'adm', 'admin/account.ph', 'admin/index.ph', 'admin/login.ph', 'admin/admin.ph', 'admin_area/admin.ph', 'admin_area/login.ph', 'siteadmin/login.ph', 'siteadmin/index.ph', 'siteadmin/login.htm', 'admin/account.htm', 'admin/index.htm', 'admin/login.htm', 'admin/admin.htm', 'admin_area/index.ph', 'bb-admin/index.ph', 'bb-admin/login.ph', 'bb-admin/admin.ph', 'admin/home.ph', 'admin_area/login.htm', 'admin_area/index.htm', 'admin/controlpanel.ph', 'admin.ph', 'admincp/index.as', 'admincp/login.as', 'admincp/index.htm', 'adminpanel.htm', 'webadmin.htm', 'webadmin/index.htm', 'webadmin/admin.htm', 'webadmin/login.htm', 'admin/admin_login.htm', 'admin_login.htm', 'panel-administracion/login.htm', 'admin/cp.ph', 'cp.ph', 'administrator/index.ph', 'administrator/login.ph', 'nsw/admin/login.ph', 'webadmin/login.ph', 'admin/admin_login.ph', 'admin_login.ph', 'administrator/account.ph', 'administrator.ph', 'admin_area/admin.htm', 'pages/admin/admin-login.ph', 'admin/admin-login.ph', 'admin-login.ph', 'bb-admin/index.htm', 'bb-admin/login.htm', 'acceso.ph', 'bb-admin/admin.htm', 'admin/home.htm', 'login.ph', 'modelsearch/login.ph', 'moderator.ph', 'moderator/login.ph', 'moderator/admin.ph', 'account.ph', 'pages/admin/admin-login.htm', 'admin/admin-login.htm', 'admin-login.htm', 'controlpanel.ph', 'admincontrol.ph', 'admin/adminLogin.htm', 'adminLogin.htm', 'home.htm', 'rcjakar/admin/login.ph', 'adminarea/index.htm', 'adminarea/admin.htm', 'webadmin.ph', 'webadmin/index.ph', 'webadmin/admin.ph', 'admin/controlpanel.htm', 'admin.htm', 'admin/cp.htm', 'cp.htm', 'adminpanel.ph', 'moderator.htm', 'administrator/index.htm', 'administrator/login.htm', 'user.htm', 'administrator/account.htm', 'administrator.htm', 'login.htm', 'modelsearch/login.htm', 'moderator/login.htm', 'adminarea/login.htm', 'panel-administracion/index.htm', 'panel-administracion/admin.htm', 'modelsearch/index.htm', 'modelsearch/admin.htm', 'admincontrol/login.htm', 'adm/index.htm', 'adm.htm', 'moderator/admin.htm', 'user.ph', 'account.htm', 'controlpanel.htm', 'admincontrol.htm', 'panel-administracion/login.ph', 'wp-login.ph', 'adminLogin.ph', 'admin/adminLogin.ph', 'home.ph', 'adminarea/index.ph', 'adminarea/admin.ph', 'adminarea/login.ph', 'panel-administracion/index.ph', 'panel-administracion/admin.ph', 'modelsearch/index.ph', 'modelsearch/admin.ph', 'admincontrol/login.ph', 'adm/admloginuser.ph', 'admloginuser.ph', 'admin2.ph', 'admin2/login.ph', 'admin2/index.ph', 'usuarios/login.ph', 'adm/index.ph', 'adm.ph', 'affiliate.ph', 'adm_auth.ph', 'memberadmin.ph', 'administratorlogin.ph', 'account.as', 'admin/account.as', 'admin/index.as', 'admin/login.as', 'admin/admin.as', 'admin_area/admin.as', 'admin_area/login.as', 'admin_area/index.as', 'bb-admin/index.as', 'bb-admin/login.as', 'bb-admin/admin.as', 'admin/home.as', 'admin/controlpanel.as', 'admin.as', 'pages/admin/admin-login.as', 'admin/admin-login.as', 'admin-login.as', 'admin/cp.as', 'cp.as', 'administrator/account.as', 'administrator.as', 'acceso.as', 'login.as', 'modelsearch/login.as', 'moderator.as', 'moderator/login.as', 'administrator/login.as', 'moderator/admin.as', 'controlpanel.as', 'user.as', 'admincontrol.as', 'adminpanel.as', 'webadmin.as', 'webadmin/index.as', 'webadmin/admin.as', 'webadmin/login.as', 'admin/admin_login.as', 'admin_login.as', 'panel-administracion/login.as', 'adminLogin.as', 'admin/adminLogin.as', 'home.as', 'adminarea/index.as', 'adminarea/admin.as', 'adminarea/login.as', 'panel-administracion/index.as', 'panel-administracion/admin.as', 'modelsearch/index.as', 'modelsearch/admin.as', 'administrator/index.as', 'admincontrol/login.as', 'adm/admloginuser.as', 'admloginuser.as', 'admin2.as', 'admin2/login.as', 'admin2/index.as', 'adm/index.as', 'adm.as', 'affiliate.as', 'adm_auth.as', 'memberadmin.as', 'administratorlogin.as', 'siteadmin/login.as', 'siteadmin/index.as', 'admin/account.cf', 'admin/index.cf', 'admin/login.cf', 'admin/admin.cf', 'admin_area/admin.cf', 'admin_area/login.cf', 'siteadmin/login.cf', 'siteadmin/index.cf', 'admin_area/index.cf', 'bb-admin/index.cf', 'bb-admin/login.cf', 'bb-admin/admin.cf', 'admin/home.cf', 'admin/controlpanel.cf', 'admin.cf', 'admin/cp.cf', 'cp.cf', 'administrator/index.cf', 'administrator/login.cf', 'nsw/admin/login.cf', 'webadmin/login.cf', 'admin/admin_login.cf', 'admin_login.cf', 'administrator/account.cf', 'administrator.cf', 'pages/admin/admin-login.cf', 'admin/admin-login.cf', 'admin-login.cf', 'login.cf', 'modelsearch/login.cf', 'moderator.cf', 'moderator/login.cf', 'moderator/admin.cf', 'account.cf', 'controlpanel.cf', 'admincontrol.cf', 'acceso.cf', 'rcjakar/admin/login.cf', 'webadmin.cf', 'webadmin/index.cf', 'webadmin/admin.cf', 'adminpanel.cf', 'user.cf', 'panel-administracion/login.cf', 'wp-login.cf', 'adminLogin.cf', 'admin/adminLogin.cf', 'home.cf', 'adminarea/index.cf', 'adminarea/admin.cf', 'adminarea/login.cf', 'panel-administracion/index.cf', 'panel-administracion/admin.cf', 'modelsearch/index.cf', 'modelsearch/admin.cf', 'admincontrol/login.cf', 'adm/admloginuser.cf', 'admloginuser.cf', 'admin2.cf', 'admin2/login.cf', 'admin2/index.cf', 'usuarios/login.cf', 'adm/index.cf', 'adm.cf', 'affiliate.cf', 'adm_auth.cf', 'memberadmin.cf', 'administratorlogin.cf', 'admin/account.j', 'admin/index.j', 'admin/login.j', 'admin/admin.j', 'admin_area/admin.j', 'admin_area/login.j', 'siteadmin/login.j', 'siteadmin/index.j', 'admin_area/index.j', 'bb-admin/index.j', 'bb-admin/login.j', 'bb-admin/admin.j', 'admin/home.j', 'admin/controlpanel.j', 'admin.j', 'admin/cp.j', 'cp.j', 'administrator/index.j', 'administrator/login.j', 'nsw/admin/login.j', 'webadmin/login.j', 'admin/admin_login.j', 'admin_login.j', 'administrator/account.j', 'administrator.j', 'pages/admin/admin-login.j', 'admin/admin-login.j', 'admin-login.j', 'login.j', 'modelsearch/login.j', 'moderator.j', 'moderator/login.j', 'moderator/admin.j', 'account.j', 'controlpanel.j', 'admincontrol.j', 'rcjakar/admin/login.j', 'webadmin.j', 'webadmin/index.j', 'acceso.j', 'webadmin/admin.j', 'adminpanel.j', 'user.j', 'panel-administracion/login.j', 'wp-login.j', 'adminLogin.j', 'admin/adminLogin.j', 'home.j', 'adminarea/index.j', 'adminarea/admin.j', 'adminarea/login.j', 'panel-administracion/index.j', 'panel-administracion/admin.j', 'modelsearch/index.j', 'modelsearch/admin.j', 'admincontrol/login.j', 'adm/admloginuser.j', 'admloginuser.j', 'admin2.j', 'admin2/login.j', 'admin2/index.j', 'usuarios/login.j', 'adm/index.j', 'adm.j', 'affiliate.j', 'adm_auth.j', 'memberadmin.j', 'administratorlogin.j', 'admin/account.cg', 'admin/index.cg', 'admin/login.cg', 'admin/admin.cg', 'admin_area/admin.cg', 'admin_area/login.cg', 'siteadmin/login.cg', 'siteadmin/index.cg', 'admin_area/index.cg', 'bb-admin/index.cg', 'bb-admin/login.cg', 'bb-admin/admin.cg', 'admin/home.cg', 'admin/controlpanel.cg', 'admin.cg', 'admin/cp.cg', 'cp.cg', 'administrator/index.cg', 'administrator/login.cg', 'nsw/admin/login.cg', 'webadmin/login.cg', 'admin/admin_login.cg', 'admin_login.cg', 'administrator/account.cg', 'administrator.cg', 'pages/admin/admin-login.cg', 'admin/admin-login.cg', 'admin-login.cg', 'login.cg', 'modelsearch/login.cg', 'moderator.cg', 'moderator/login.cg', 'moderator/admin.cg', 'account.cg', 'controlpanel.cg', 'admincontrol.cg', 'rcjakar/admin/login.cg', 'webadmin.cg', 'webadmin/index.cg', 'acceso.cg', 'webadmin/admin.cg', 'adminpanel.cg', 'user.cg', 'panel-administracion/login.cg', 'wp-login.cg', 'adminLogin.cg', 'admin/adminLogin.cg', 'home.cg', 'adminarea/index.cg', 'adminarea/admin.cg', 'adminarea/login.cg', 'panel-administracion/index.cg', 'panel-administracion/admin.cg', 'modelsearch/index.cg', 'modelsearch/admin.cg', 'admincontrol/login.cg', 'adm/admloginuser.cg', 'admloginuser.cg', 'admin2.cg', 'admin2/login.cg', 'admin2/index.cg', 'usuarios/login.cg', 'adm/index.cg', 'adm.cg', 'affiliate.cg', 'adm_auth.cg', 'memberadmin.cg', 'administratorlogin.cg', 'admin_panel', 'admin_panel.htm', 'adm_cp','admin.php']
def Domain(self):
self.domain = raw_input("Please enter the domain address :")
#self.domain = "www.iitk.ac.in/hall7"
if self.domain.startswith("www"):
self.domain = "http://"+self.domain
self.TrigHTTP()
elif self.domain.startswith("http"):
self.TrigHTTP()
def TrigHTTP(self):
tmp = [i for i in range(0, len(self.wordlist), 40)]
tmp.append(len(self.wordlist))
for i in range(11):
if i < 11:
#print tmp[i] , tmp[i+1]
try:
self.t = threading.Thread(target=self.HTTPRequest, args=(tmp[i], tmp[i + 1]))
self.t.start()
except:
pass
def HTTPRequest(self,bas,son):
global status
for i in self.wordlist[bas:son]:
if self.domain[-1] == "/":
dom = self.domain+i
else:
dom = self.domain+"/"+i
try:
if status ==200:
lock.acquire()
else:
r = requests.get(dom)
if r.status_code == 200:
lock.acquire()
print "-"*50
print "Admin page was found !!!"
print "[200] ",dom
print "-"*50
status=200
else:
lock.acquire()
print "[404] ",dom
except Exception as err:
print err
except (KeyboardInterrupt,SystemExit):
#cleanup_stop_thread()
sys.exit()
finally:
lock.release()
if __name__=="__main__":
f = Find()
f.Domain()
Yukarıda paylaşmış olduğum kodda bir sıkıntı yada yapılabilecek iyileştirmeler için bana ulaşabilirseniz çok sevinirim.Okuduğunuz için çok teşekkür ederim.Esen kalın :)