Skip to content

Instantly share code, notes, and snippets.

@vaibhavpandeyvpz

vaibhavpandeyvpz/admin-uri.php

Last active August 29, 2015 14:04
Show Gist options
  • Save vaibhavpandeyvpz/f295c81c414861c350e5 to your computer and use it in GitHub Desktop.
Save vaibhavpandeyvpz/f295c81c414861c350e5 to your computer and use it in GitHub Desktop.
Download ZIP
Simple & Extensible Script To Find Possible Admin URIs
Raw
admin-uri.php
<?php
/**
* Simple script to find possible admin URLs for a given domain
* Replace [ .* ] with array( .* ) if running PHP < 5.4 (if found)
* By Vaibhav Pandey <[email protected]>
*/
define('REGEX_DOMAIN', '/^(([a-zA-Z]{1})|([a-zA-Z]{1}[a-zA-Z]{1})|([a-zA-Z]{1}[0-9]{1})|([0-9]{1}[a-zA-Z]{1})|([a-zA-Z0-9][a-zA-Z0-9-_]{1,61}[a-zA-Z0-9]))\.([a-zA-Z]{2,6}|[a-zA-Z0-9-]{2,30}\.[a-zA-Z]{2,3})$/');
function __code($uri) {
$headers = @get_headers($uri);
if ($headers == FALSE)
return FALSE;
/*
* $headers = [
* [0] => HTTP/1.1 200 OK
* [1] => Date: Sat, 29 May 2004 12:28:13 GMT
* [2] => Server: Apache/1.3.27 (Unix) (Red-Hat/Linux)
* [3] => Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
* [4] => ETag: "3f80f-1b6-3e1cb03b"
* [5] => Accept-Ranges: bytes
* [6] => Content-Length: 438
* [7] => Connection: close
* [8] => Content-Type: text/html
* ]
*/
return intval(substr($headers[0], 9, 3));
}
/*
* Acceptable status-codes
* Including 403 as some* may have enable HTTP-auth which confirms, there's is something protected
*/
$codes = array(
200,
403
);
$extensions = array(
'aspx',
'jsp',
'php'
);
$pages = array(
'index',
'login',
'signin'
);
$protocols = array(
'http' => 'Insecure',
'https' => 'Secure'
);
$suffixes = array(
'admin',
'administration',
'administrator',
'wp-admin',
'wp-login'
);
$error = 'Please specify a URL to check';
$found = array();
$domain = '';
while (true) {
if (!isset($_POST['domain']) || !isset($_POST['protocol']))
break;
$domain = trim($_POST['domain']);
$protocol = trim($_POST['protocol']);
if (!preg_match(REGEX_DOMAIN, $domain)) {
$error = 'Enter a valid domain name';
break;
}
if (!in_array($protocol, array_keys($protocols))) {
$error = 'Protocol is not supported';
break;
}
foreach ($suffixes as $suffix) {
$a = ($protocol . '://' . $domain . '/' . $suffix);
if (in_array(__code($a), $codes))
array_push($found, $a);
foreach ($extensions as $extension) {
$b = ($a . '.' . $extension);
if (in_array(__code($b), $codes))
array_push($found, $b);
}
foreach ($pages as $page) {
$c = ($a . '/' . $page);
if (in_array(__code($c), $codes))
array_push($found, $c);
foreach ($extensions as $extension) {
$d = ($c . '.' . $extension);
if (in_array(__code($d), $codes))
array_push($found, $d);
}
}
}
$count = count($found);
if ($count < 1)
$message = 'Unable to find any possible URIs';
else {
$message = "Found ${count} possible URIs:</br>";
foreach ($found as $uri)
$message .= "<br/><a href=\"${uri}\" target=\"_blank\">${uri}</a>";
}
break;
}
?>
<!DOCTYPE html>
<html lang="en">
<body>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<select name="protocol">
<?php foreach ($protocols as $protocol => $title): ?>
<option value="<?php echo $protocol; ?>"><?php echo $title; ?></option>
<?php endforeach; ?>
</select>
<input type="text" name="domain" placeholder="www.example.com" value="<?php echo $domain; ?>" />
<button type="submit">Fetch</button>
</form>
<p><?php echo $message; ?></p>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment