Control Web Panel Login Panel - Detect

What is the "Control Web Panel Login Panel - Detect?"

The "Control Web Panel Login Panel - Detect" module is designed to detect the presence of the Control Web Panel login panel. This module targets the CentOS WebPanel, a web hosting control panel for CentOS-based servers. The severity of this module is classified as informative, meaning it provides information about the presence of the login panel but does not indicate any specific vulnerabilities or misconfigurations. The original author of this module is ffffffff0x.

Impact

This module does not directly impact the security of the system. It simply detects the presence of the Control Web Panel login panel, providing information about the software being used.

How does the module work?

The module works by sending HTTP requests to the target server and analyzing the responses for specific patterns. It uses two matching conditions to identify the Control Web Panel login panel:

- Matcher 1: It checks the body of the response for the presence of the following words: "Login | CentOS WebPanel", "CWP |用户", "http://centos-webpanel.com", "CentOS WebPanel". If any of these words are found, the module considers the login panel to be present. - Matcher 2: It checks the header of the response for the presence of the word "cwpsrv". If this word is found, the module considers the login panel to be present.

By combining these matching conditions using the "or" operator, the module determines whether the Control Web Panel login panel is detected.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: example.com

In this example, the module sends a GET request to the root path ("/") of the target server.