Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

FreePBX Admin Panel - Detect

By kannthu

Vidoc logoVidoc Module

What is the "FreePBX Admin Panel - Detect?"

The "FreePBX Admin Panel - Detect" module is designed to detect the presence of the FreePBX admin panel. FreePBX is a web-based open-source GUI (Graphical User Interface) that allows users to manage and configure the FreePBX phone system. This module focuses on identifying the admin panel and providing information about its existence.

This module has an informative severity level, which means it provides valuable information but does not indicate any immediate vulnerabilities or misconfigurations.

This module was authored by tess.


The impact of detecting the FreePBX admin panel is primarily informational. It does not indicate any specific vulnerabilities or risks. Instead, it serves as a starting point for further analysis and assessment of the FreePBX system.

How does the module work?

The "FreePBX Admin Panel - Detect" module utilizes HTTP request templates and matching conditions to identify the presence of the FreePBX admin panel. It sends a GET request to the "/admin/config.php#" path and applies several matching conditions to determine if the admin panel is present.

The matching conditions include:

- Checking the body of the response for specific words such as "FreePBX Administration," "Operator Panel," and "User Control Panel." - Verifying that the response header contains the word "text/html." - Ensuring that the HTTP response status is 200 (OK).

If all the matching conditions are met, the module reports the detection of the FreePBX admin panel.

Example HTTP request:

GET /admin/config.php#

Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: FreePBX Administration, Operator Panel, ...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability