id: magento-admin-panel info: name: Exposed Magento Admin Panel author: TechbrunchFR,ritikchaddha severity: info description: | As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access. reference: - https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html metadata: verified: true shodan-query: http.component:"Magento" tags: magento,panel requests: - method: GET path: - '{{BaseURL}}/admin' host-redirects: true max-redirects: 2 matchers-condition: and matchers: - type: word part: body words: - "Magento" - "Admin Panel" condition: and