1、Generating a Shell payload using msfvenom

2、web intrusion Test

in fact in the websecurity ,the web pentration test is only ont piece of the puzzle ,in order to achive a success,ful penteration test ,you need to include the Threat Modeling and souce review and much network pentests ,as well .

well i list a checklist to indentifying hidden contents .

first you shoud care the rebot.txt   the file include the web  general infromation ,and the backup files(.back 。。.old)  other intersting files (.xls   .doc  .pdf .txt ) and administrator URL (for example  phpmyadmin\    wp-admin 、login  ) and other application such as WordPress ，through these means we can gather Persional information for example : Email -address Credential  eventhough  another entry system(eg  WordPress  Camera and other terminal equipment)

3、Common web page checklist  and Special pages checklist

special pages  include  login page   、 Registration page 、 Reset/Change password page   Upload page 。

4、Pentest automation Using Python

as a pentest you will realize during pentests is that a lot of commands will just repeat over and over again.