A script to find admin login pages and EAR vulnerabilities.
git clone https://github.com/crypt0rr/Breacher.git
breacher.py [-h] [-u TARGET] [--path PREFIX] [--type TYPE] [--fast]
optional arguments:
-h, --help show this help message and exit
-u TARGET target url
--path PREFIX custom path prefix
--type TYPE set the type i.e. html, asp, php
--fast uses multithreading
$ python3 breacher.py -u https://example.com/
______ ______ _______ _______ _______ _ _ _______ ______
|_____] |_____/ |______ |_____| | |_____| |______ |_____/
|_____] | \_ |______ | | |_____ | | |______ | \_
Made with <3 By D3V
I am not responsible for your shit and if you get some error while
running Breacher, there are good chances that target isn't responding.
--------------------------------------------------------------------------
[+] Robots.txt found. Check for any interesting entry
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php
Sitemap: https://example.com/wp-sitemap.xml
--------------------------------------------------------------------------
[...]
[-] http://example.com/websvn/
[-] http://example.com/wizmysqladmin/
[+] Admin panel found: http://example.com/wp-admin/
[-] http://example.com/wp-login/
[-] http://example.com/wplogin/
[+] Admin panel found: http://example.com/wp-login.php
[...]