本文深入探讨了使用msfvenom生成Shell payload的方法,强调了在Web安全中进行渗透测试的重要性,不仅包括威胁建模和源代码审查,还涉及了大量的网络渗透测试。文章列举了识别隐藏内容的检查清单,如robots.txt文件、备份文件、兴趣文件和管理员URL,以及常见网页和特殊页面的检查清单。此外,还介绍了如何利用Python实现渗透测试自动化。
1、Generating a Shell payload using msfvenom
2、web intrusion Test
in fact in the websecurity ,the web pentration test is only ont piece of the puzzle ,in order to achive a success,ful penteration test ,you need to include the Threat Modeling and souce review and much network pentests ,as well .
well i list a checklist to indentifying hidden contents .
first you shoud care the rebot.txt the file include the web general infromation ,and the backup files(.back 。。.old) other intersting files (.xls .doc .pdf .txt ) and administrator URL (for example phpmyadmin\ wp-admin 、login ) and other application such as WordPress ,through these means we can gather Persional information for example : Email -address Credential eventhough another entry system(eg WordPress Camera and other terminal equipment)
3、Common web page checklist and Special pages checklist
special pages include login page 、 Registration page 、 Reset/Change password page Upload page 。
4、Pentest automation Using Python
as a pentest you will realize during pentests is that a lot of commands will just repeat over and over again.
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
