1、Generating a Shell payload using msfvenom

2、web intrusion Test

in fact in the websecurity ,the web pentration test is only ont piece of the puzzle ,in order to achive a success,ful penteration test ,you need to include the Threat Modeling and souce review and much network pentests ,as well .

well i list a checklist to indentifying hidden contents .

first you shoud care the rebot.txt   the file include the web  general infromation ,and the backup files(.back 。。.old)  other intersting files (.xls   .doc  .pdf .txt ) and administrator URL (for example  phpmyadmin\    wp-admin 、login  ) and other application such as WordPress ,through these means we can gather Persional information for example : Email -address Credential  eventhough  another entry system(eg  WordPress  Camera and other terminal equipment)

3、Common web page checklist  and Special pages checklist

special pages  include  login page   、 Registration page 、 Reset/Change password page   Upload page 。

4、Pentest automation Using Python

as a pentest you will realize during pentests is that a lot of commands will just repeat over and over again.

Common Vulnerability Scoring System CVSS的更多相关文章

  1. Common Internet File System

    CIFS (Common Internet File System) is a protocol that gained popularity around the year 2000, as ven ...

  2. Scoring System

    ‍Build a scoring system , give the score by referee , and entering the score in system , then take o ...

  3. How to add alias on Mac(It's common for most system)

    Since these files are hidden you will have to do an ls -a to list them. If you don't have one you ca ...

  4. 安全服务——CVE中CVSS相关指标介绍

    目录 CVSS相关指标 一.CVSS是什么 二.指标内容 1.Base指标 2.Temporal指标 3.Environmental指标 三.Base, Temporal, Environmental ...

  5. 漏洞风险评估:CVSS介绍及计算

    CVSS 通用弱点评价体系(CVSS)是由NIAC开发.FIRST维护的一个开放并且能够被产品厂商免费采用的标准.利用该标准,可以对弱点进行评分,进而帮助我们判断修复不同弱点的优先等级. CVSS : ...

  6. Threat Risk Modeling Learning

    相关学习资料 http://msdn.microsoft.com/en-us/library/aa302419(d=printer).aspx http://msdn.microsoft.com/li ...

  7. CVSS3.0打分学习

    打分计算器: Common Vulnerability Scoring System Version 3.0 Calculator: https://www.first.org/cvss/calcul ...

  8. 道高一丈,且看CWE4.2的新特性

    摘要:CWE在今年2/24发布4.0,首次将硬件安全漏洞纳入了CWE中,6/25发布4.1, 8/20就发布了4.2. 1. 按照惯例,先说故事 我们先说下CWE的幕后老板--MITRE[1]. MI ...

  9. 软件成分分析(SCA)完全指南

    上一篇文章中,我们讨论了 DAST 的概念.重要性及其工作原理.那在开发过程中如何查找开源软件包中的漏洞并学习如何修复?本指南带你一起了解 SCA 工具及其最佳实践. 如今,绝大多数代码驱动的应用程序 ...

随机推荐

  1. PHP artisan migrate 报错显示 could not find driver ,怎么办?

    记录下自己的错误 一. 1.原因是没有pdo扩展导致的, 2.解决办法:打开php.ini,然后去掉以下两行代码之前的分号(:)即可.如下: extension=php_pdo_firebird.dl ...

  2. CentOS7下解决yum install mysql-server 异常:No package mysql-server available.问题

    yum安装mysql-server没有可用包问题解决方法: step 1: wget http://repo.mysql.com/mysql-community-release-el7-5.noarc ...

  3. block,inline,inline-block区别

    block:多個元素豎直排列,每個元素單獨占一行,寬高可以設置,padding.margin可以設置: inline:多個元素占一行,一行放不下了,才轉入下一行,寬高不能設置,水平的padding.m ...

  4. magento2 - Invalid credentials for 'https://repo.magento.com/packages.json', aborting.

    错误如下: 登陆:https://developer.magento.com/找到路径-创建公钥与私钥: Developer Portal -> My Access Keys -> Cre ...

  5. JSON.stringify() 和 JSON.parse()

    stringify()用于从一个对象解析出字符串,如 var obj = {x: 1, y: 2 } console.log(JSON.stringify(obj)) //{"x" ...

  6. maven在windows及linux环境下安装

    maven下载 下载地址:https://maven.apache.org/download.cgi maven在windows下安装 解压到D盘 修改配置文件 进入conf,打开settings.x ...

  7. 一文读懂ES6(附PY3对比)

      Ⅰ.ES6~POP¶ 代码示例:https://github.com/lotapp/BaseCode/tree/master/javascript/1.ES6 在线演示:https://githu ...

  8. npm后台启动nuxt服务之 kill

    后台启动 npm run start & ps aux | grep start 根据项目对应的id执行如下命令 kill xxxx

  9. 解决Navicat远程连接MySQL出现 10060 unknow error

    前言:今天想远程连接一下自己服务器上的MySQL,用的用的软件是Navicat,服务器上的MySQL版本为5.7 第一次连接的时候就出意外了 大概意思是 无法连接MySQL服务,解决步骤如下 第一:首 ...

  10. 《数据库MySQL》

    <数据库MySQL> 一.题目要求 下载附件中的world.sql.zip, 参考http://www.cnblogs.com/rocedu/p/6371315.html#SECDB,导入 ...