If you think you can hide your Admin Panel, think again... Find it with AdminPBuster.
AdminPBuster is written by Chris "SaintDruG" Abou-Chabke from Black Hat Ethical Hacking and is designed specifically for Red Teams, Offensive Security Experts, and Bug Bounty Hunters looking to discover hidden or obscured admin panels efficiently.
AdminPBuster is a Red Teaming Recon tool to find hidden admin panels on web applications using brute-forcing.
Instead of bundling a static wordlist and bloating the tool, it fetches an updated admin panel wordlist directly from our GitHub repository.
- This keeps the tool lightweight and easy to maintain.
- Whenever we update the hosted wordlist, the tool automatically benefits, without needing to update the script itself.
Key technical goodies:
- Multithreaded scanning using curl
- Proper HTTPS and
www.handling to fix SSL issues - Real redirect following (
-Lcurl flag) bypasses WAFs and Cloudflare protections and log only the valid 200 Responses - No proxychains/Tor dependency (due to their unreliability for professional offensive operations)
- Optional randomized User-Agent headers (
-ua) to simulate real traffic
AdminPBuster focuses on speed, reliability, and accuracy while staying very simple to operate going through 10,000+ wordlists.
-
Fetch Updated Wordlist
Downloads the latestmagic_admin_paths.txtfrom GitHub automatically. -
Prepare Target Domain
Addswww.if missing, forces HTTPS, solving common SSL and cert mismatch problems. -
Build and Launch Curl Requests
Constructs lightweight curl calls to quickly test admin paths with correct flags. -
Multithreaded Scanning
Scans many paths at once using multiple threads to improve speed. -
Color-Coded Result Parsing
Displays results with colors based on HTTP response codes for easy reading:- 200 (OK) in green
- 301/302 (Redirects) in cyan
- 403 (Forbidden) in yellow
- 404 (Not Found) in red
- Other codes in magenta
-
Log Successful Admin Panels
Admin panels found (200 OK) are automatically saved inside a folder underresults/{target_domain}/found_panels.txt.
- Lightweight and portable (single Python3 script)
- Automatic admin paths updates from GitHub
- Bypasses Cloudflare and WordPress redirects properly
- Realistic User-Agent randomization with
-ua - Multithreaded scanning (default 5 threads, customizable)
- SSL/TLS handling built-in (always uses HTTPS + www)
- Color-coded live scan results
- Only real 200 OK pages saved
- Fancy banners, motivational quotes, rainbow CLI styling, because we love colors!
- Over 10,000+ Wordlists Specifically Aimed for Admin Panel Search
This tool has been tested on Kali Linux
-
Clone the repository:
git clone https://github.com/blackhatethicalhacking/AdminPBuster.git cd AdminPanelFetcher -
Make the installer executable:
chmod +x installer.sh
-
Run the installer:
./installer.sh
- Updates APT repositories
- Installs system packages:
curltoiletlolcat
- Installs required Python3 libraries:
requeststermcolorurllib3
- Makes
AdminPBuster.pyexecutable automatically
After installation, simply run:
./AdminPBuster.py -t example.com -th 10Optionally with randomized User-Agent:
./AdminPBuster.py -t example.com -th 10 -uaThis tool is provided for educational and research purpose only. The author of this project are no way responsible for any misuse of this tool. We use it to test under NDA agreements with clients and their consents for pentesting purposes and we never encourage to misuse or take responsibility for any damage caused !
Introducing our Merch Store, designed for the Offensive Security community. Explore a curated collection of apparel and drinkware, perfect for both professionals and enthusiasts. Our selection includes premium t-shirts, hoodies, and mugs, each featuring bold hacking-themed slogans and graphics that embody the spirit of red teaming and offensive security. Hack with style and showcase your dedication to hacker culture with gear that’s as dynamic and resilient as you are. 😊
