sif/modules/info/phpmyadmin-panel.yaml

# phpMyAdmin Database Panel Detection Module

id: phpmyadmin-panel
info:
  name: phpMyAdmin Database Panel
  author: sif
  severity: info
  description: Detects exposed phpMyAdmin database management login panels
  tags: [phpmyadmin, database, mysql, panel, login, detection, info]

type: http

http:
  method: GET
  paths:
    - "{{BaseURL}}/phpmyadmin/"
    - "{{BaseURL}}/phpMyAdmin/"
    - "{{BaseURL}}/pma/"
    - "{{BaseURL}}/PMA/"
    - "{{BaseURL}}/mysql/"
    - "{{BaseURL}}/dbadmin/"
    - "{{BaseURL}}/phpmyadmin/index.php"

  threads: 5

  matchers:
    - type: status
      status:
        - 200

    - type: word
      part: all
      condition: or
      words:
        - 'name="pma_username"'
        - 'name="pma_password"'
        - "pmahomme"
        - 'content="phpMyAdmin"'
        - "phpMyAdmin="

  extractors:
    - type: regex
      name: phpmyadmin_version
      part: all
      regex:
        - 'PMA_VERSION["'']?\s*[:=]\s*["'']([0-9]+\.[0-9]+(?:\.[0-9]+)?)'
        - 'phpMyAdmin[^0-9<]{0,30}([0-9]+\.[0-9]+(?:\.[0-9]+)?)'
      group: 1