id: magento-admin-panel info: name: Exposed Magento Admin Panel author: TechbrunchFR severity: info description: As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access. reference: https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html tags: magento,panel requests: - method: GET path: - '{{BaseURL}}/admin' matchers-condition: and matchers: - type: status status: - 302 - type: word words: - "/admin/index/index/key/" part: header