Summary of the invention
A kind of website security detection method of offer and system are provided, to solve product that prior art exists in-convenience in use, the problem of function singleness, wherein: a kind of website security detection method, including:
Client obtains site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;
The scheduler module of server end obtains safety detection task from memory module, and the safety detection task of acquisition is sent to the idle scan module that server end is online;
Described idle scan module receives the safety detection task that scheduler module sends, and parses website to be scanned, starts scanning, and progress and the result of scanning are fed back to described scheduler module;
The scan progress received and result are updated to the memory module of server end by described scheduler module.
A kind of website security detection system, including: client and server end, described server end enters one
Step includes: memory module, scheduler module, scan module, wherein,
Memory module, for storing the data including safety detection task, safety detection result;
Client, is connected with server end by cloud, for obtaining site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;
Scheduler module, is connected with memory module, for being handed down to online idle scan module after obtaining safety detection task from memory module, and scan progress and the result of scan module is updated to memory module;And,
Scan module, is connected with scheduler module, for receiving the safety detection task that scheduler module sends, and starts scanning, and progress and the result of scanning are fed back to scheduler module.
Preferably, client is provide the web portal security detection Website page of function or executable application programs, and has webmaster and manage the function of multiple child user.Compared with prior art, according to technical scheme, by arranging the memory module of client and server end, scheduler module and scan module, make user pass through client and submit web portal security Detection task to, by scan module, the website submitted to is scanned, personal user can be made to enjoy web portal security detection service freely, easily, high-end user and group user is made not only to use web portal security detection service easily, more rich web portal security detection service can also be enjoyed, effectively ensured net safety.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention.
The present invention main idea is that, it is provided that a kind of website security detection method, and client obtains site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end;The scheduler module of server end obtains safety detection task from the memory module of server end, and the safety detection task of acquisition is sent to the idle scan module that server end is online;The scan module of described free time receives the safety detection task that scheduler module sends, and parses website to be scanned, starts scanning, and progress and the result of scanning are fed back to scheduler module;The scan progress received and result are updated to the memory module of server end by described scheduler module, in order to user's inquiry and download.
For the method realizing the present invention, the embodiment of the present invention one provides a kind of website security detection system, as it is shown in figure 1, this system includes: client 11 and server end 10, wherein, server end 10 farther includes: memory module 12, scheduler module 13, scan module 14.Memory module 12 in the present invention, scheduler module 13, scan module 14 can be integrated on a physical equipment, as having on the computer of storage medium at one, arrange dispatch command code and scan instruction code;Can also being made up of one or more physical equipment respectively, such as memory module, by a computer with storage medium or network hard disc forms, scheduler module 13 is by dispatcher or is provided with the computer that other computers form, scan module is provided with scan instruction code by one or more of dispatch command code and forms.The present embodiment is consisted of example by one or more physical equipment be respectively described in detail with memory module 12, scheduler module 13, scan module 14.
Wherein, client 11 is connected 10 connections by cloud with server end, for being obtained the site information to be detected of user's input by user interface, and this site information to be detected generated safety detection task store the memory module to server end according to triggering of user, register including: user, log in, user's checking, manager's checking, child user management, transmission safety detection task and Browsing Safety while Using testing result etc..The user using web portal security detection service first has to by client registers, and the content of registration includes: user identity and website to be scanned, and wherein, user identity includes again the information such as user name, mailbox and password.User can also register child user.After user's registration, the relevant information of user in the memory module being saved in server end, will log in standby user next time.After registration, need to log in before using web portal security detection service, carry out subscriber authentication and administrator right checking.Described client is additionally operable to obtain the site information to be detected of this user input by the user of authentication multiple child users registered in advance or/and according to passing through the web portal security testing result triggering this user of inquiry multiple child users registered in advance of user verified.The user interface of client can be the form of Website page, it is also possible to be the form of Application Program Interface.When being embodied as, it is possible to the user interface in client arranges scanning and triggers device and querying triggering device, as button or scan task link, when user's button click or respective links, start scanning or inquiry.When client with the form of web page in current, there is good platform compatible, and user need not install any extra software in the machine.When client with the form of application software in current, user needs to install this client software in the machine, but the resource that this client software takies is little, and can freely install and use, compared with vulnerability scanning software being installed with prior art, save the memory space of the machine, and need not pay.Application software can run on any platform, including windows, ios platform and Android platform, has good platform equally compatible.
Memory module 12, is used for storing the data such as subscriber identity information, safety detection task and safety detection result.Wherein subscriber identity information includes user name, password, mailbox, list of websites etc.;Safety detection task comprises the summary information of each scan request of user, such as list of websites;Safety detection result comprises scanning success or failure information and the detailed website vulnerability list etc. scanned.When scanning unsuccessfully, scanning result can also include failure cause etc..Memory module 12 can be computer or the network hard disc etc. with storage function, and this is not construed as limiting by the present invention.
Scheduler module 13, it is connected with memory module 12 and scan module 14, for being handed down to the online idle scan module 14 having built up connection after obtaining safety detection task from memory module 12, and the scanning result of the scan module 14 of described free time is updated to memory module 12.Scheduler module 13 can be one or more computer.
Scan module 14, presets scan procedure and configuration file and vulnerability database, for receiving the safety detection task that scheduler module 13 sends, and starts scan procedure and is scanned, and scanning result feeds back to scheduler module 13.Scan module 14 needs to register in scheduler module 13 in advance, and constantly sends connection packet to scheduler module 13, to maintain its presence in scheduler module 13.Scan module 14 also needs in real time the scanning mode of current task and scanning result be fed back to scheduler module 13.Described scanning result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
As shown in Figure 2, the server end of a kind of another embodiment of website security detection system disclosed by the invention can also include FTP (FileTransferProtocol FTP) module 15, described scan module 14 is additionally operable to be sent in FTP module 15 scanning result and scanning form, it is simple to user accesses download.Wherein, scanning form includes the detailed leak list scanned, and scanning result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
As shown in Figure 3, the server end of the another embodiment of a kind of website security detection system disclosed by the invention can also include SMTP (SimpleMailTransferProtocol Simple Mail Transfer protocol) module 16, described SMTP module 16 is connected with memory module 12 and FTP module 15 respectively, for by mailbox registered in advance for scanning result transmission to user.SMTP module 16 obtains the scanning result of completed safety detection task to be sent and the mailbox that this safety detection task requests user is registered in advance from memory module 12, and sends the scanning result summary info of safety detection task to the mailbox obtained.SMTP module 16 can only send, according to the request of configuration or user, the Email Accounts that the scanning result summary info of safety detection task is specified to user, it is also possible to the form of Email attachment, the safety detection form obtained on FTP module 15 is sent to client.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with accompanying drawing and a kind of website security detection system, one website security detection method of the present invention is described in further detail.
As shown in Figure 4, an embodiment of a kind of website security detection method of the present invention, comprise the steps.
Step 31, client obtain site information to be detected by user interface, and this site information to be detected generation safety detection task is stored the memory module to server end.
Client has user interface, and the user interface form of client can be a Website page, it is also possible to being Application Program Interface, user is interacted by the memory module of client and server.The function that the user interface of client provides includes user's registration, before using web portal security detection service, user requires over user interface and registers, the content of registration includes: user identity and website to be scanned, wherein, user identity includes again the information such as user name, mailbox and password.After user's registration, the relevant information of user in the memory module being saved in server end, will log in standby user next time.
The function that the user interface of client provides also includes user authority management, including subscriber authentication, manager's authentication, registration of website certification etc..Use mailbox and password login website security detection system user after, first adding website to be scanned, then checking webmaster's authority, after good authentication webmaster's authority, can be scanned or check scanning result.Use this system verification webmaster's authority can adopt code (or picture, word) checking, file verification, customer service checking in any one, this is not construed as limiting by the present invention.Described code verification is particularly as follows: add appointment codes (or picture, word) in any position of website homepage;Described file verification is particularly as follows: download checking file and send it to the root of site file to be scanned;Described customer service checking is particularly as follows: contact contact staff carries out on line or certification under line.
The function that the user interface of client provides also includes submitting safety detection request and inquiry scan result to.After user is by domain name and administrator right checking, user can pass through client and submit safety detection task to, at least includes website to be scanned and ID in safety detection task.Described website to be scanned can come from the website having verified that administrator right of this user in the memory module of server end.User interface provides edit websites function, as added website, deleting invalid website.Website after editor preserves in a storage module.When being embodied as, scanning can be set at user interface and trigger device, as button or scan task link, when user's button click or respective links, triggering according to user, client retrieves this user-dependent domain-name information in a storage module, and generates safety detection task, it is submitted to the memory module of server end, memory module this safety detection task is saved in scan task list.User is after verifying by domain name and administrator right, it is also possible to start inquiry scan result function or the scanning result directly asked at the output window inquiry scan being arranged on user interface by being arranged on the querying triggering device of user interface.
The function that the user interface of client provides also includes group user management.By client carry out group user management arrange after, as user registers multiple child user, and open child user management function, Family administration person user adds the scan interface of child user, make administrator after Authority Verification passes through, safety detection request and the request of inquiry scan result of the multiple child users being managed can be submitted simultaneously to, facilitate group user to carry out web portal security detection.
Step 32, server end scheduler module obtain safety detection task from memory module, and the safety detection task of acquisition is sent to online idle scan module.
Scheduler module timer access memory module, obtains safety detection task from memory module.After getting safety detection task, judging in online scan module whether available free scan module, if there is no the scan module of free time, then remaining waiting for, until detecting that online scan module is idle, and safety detection task is issued the scan module of this free time;If scheduler module judges available free scan module, then according to the scheduling mechanism set, safety detection task is sent to the scan module of a certain free time.The scheduling mechanism of scheduler module can be following any one, including: by maximum number of tasks, by CPU and memory usage, by the mechanism such as closest with target machine, so that the operational efficiency of scan module is the highest.After safety detection task is sent to scan module by scheduler module, the response of scan module to be received, if task sends successfully, then terminate this scheduling;If task sends unsuccessfully, it is necessary to reselect the scan module of a free time, and be sent to safety detection task, until safety detection task sends successfully.
The scanning that scheduler module is scheduling does not need to register in scheduler module in advance.
Step 33, scan module receive the safety detection task that scheduler module sends, and parse website to be scanned, start scanning, and progress and the result of scanning are fed back to scheduler module.
Scan module needed to connect and be registered in scheduler module before the scheduling accepting scheduler module, and needed timing to transmit packets to scheduler module.Described connection packet includes: connection packet and state data packets.Described connection packet comprises essential information (such as server name, numbering, IP address) and the bind command word of scan module, in order to scheduler module can obtain the connection of scan module in time;Described status data comprises the essential information of scan module and the state of Current Scan task, such as scan progress, scanning result etc., in order to scheduler module can be known the existing state of single scan task in time and update scan progress and scanning result to memory module.
The safety detection task that scan module receives comprises website to be scanned.After scan module receives the safety detection task that scheduler module sends, parse website to be scanned, and start independent scan process, load the configuration informations such as the local configuration file of scan module and vulnerability database simultaneously, then access and resolve the website obtained, if this website can access, then carry out next step scanning;If this website cannot access, then report the scanning result packet that this website can not access to scheduler module, and terminate this scan procedure.
The described scanning carrying out next step is specially startup reptile engine and automatically extracts Website page, starts Hole Detection engine simultaneously and carries out the safety detection of Website page, as leak is tested.The operational factor of reptile engine and Hole Detection engine can obtain from configuration file;The vulnerability database of Hole Detection engine is individually deposited, and constantly updates.In scanning process, scan module in real time by the running status of reptile engine and Hole Detection engine (as stopped, properly functioning), safety detection progress, scanning discovery website vulnerability etc. report scheduler module.After the end of scan, scan module reports end of scan packet to scheduler module, and terminates scan procedure.
The scan progress received and result are updated to memory module by step 34, scheduler module.
The progress of the scanning that scheduler module real-time reception scan module sends and result, and in time progress and the result of scanning are updated to memory module, it is simple to user's real-time query.The result of described scanning includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.After scheduler module receives end of scan packet, the website vulnerability of the scanning discovery reported by this scan module and website logo packing store to memory module, in order to user's query web safety detection result.
Preferably, as shown in Figure 5, after the end of scan, this method also includes step 35, scan module is by scanning result and scans report upload to FTP (FileTransferProtocol FTP) module, not only act as the effect of data backup, be more convenient for user's inquiry, download.Current Scan scanning result includes at least one of: hang horse testing result, false fraud detection result, shield detection result, sidenote testing result, tampering detection result and Hole Detection result.
As shown in Figure 6, another embodiment of website security detection method of the present invention, after the end of scan, also includes step 36:SMTP module by mailbox registered in advance for scanning result transmission to user.From memory module, read the mailbox of the scanning result to be sent user registration corresponding with this scanning result, and send scan result to described mailbox, it is possible to use web portal security testing result is understood at family in time.After scan procedure terminates, SMTP module timing can read the mailbox that the up-to-date scanning result safety detection task requests user corresponding with this scanning result is registered in advance from memory module, and the summary info of scanning result is sent to the mailbox asking user registered in advance of safety detection task corresponding to this scanning result.SMTP module can also according to setting in advance or user need download scanning form with the form of adnexa individually or to user registered in advance mailbox sent along with scanning result summary info from FTP module.
By the website security detection method of the present invention, make general Websites user need not spend buy, need not install huge software just can enjoy easily web portal security detection service, effectively ensured web portal security.Traditional scanning product can only single web site scan and single leak form browse, cannot unify to check the leak of all websites, the method using the present invention, the scan interface that high-end user adds child user by Family administration person user uses this system, can be concentrated by administrator and check the website vulnerability of all child users under this manager, it is simple to carry out concentrating leak to check.
Website described herein can be website domain name, it is also possible to being IP address, this is not construed as limiting by the present invention.
Each embodiment in this specification is generally adopted the mode gone forward one by one and describes, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually referring to.
The application can described in the general context of computer executable instructions, for instance program module or unit.Usually, program module or unit can include performing particular task or realizing the routine of particular abstract data type, program, object, assembly, data structure etc..In general, program module or unit can by software, hardware or both be implemented in combination in.The application can also be put into practice in a distributed computing environment, in these distributed computing environment, the remote processing devices connected by communication network perform task.In a distributed computing environment, program module or unit may be located in the local and remote computer-readable storage medium including storage device.
Finally, it can further be stated that, in this article, the relational terms of such as first and second or the like is used merely to separate an entity or operation with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " includes ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that include the process of a series of key element, method, commodity or equipment not only include those key elements, but also include other key elements being not expressly set out, or also include the key element intrinsic for this process, method, commodity or equipment.When there is no more restriction, statement " including ... " key element limited, it is not excluded that there is also other identical element in including the process of described key element, method, commodity or equipment.
Principle and the embodiment of the application are set forth by specific case used herein, and the explanation of above example is only intended to help and understands the present processes and main thought thereof;Simultaneously for one of ordinary skill in the art, according to the thought of the application, all will change in specific embodiments and applications, in sum, this specification content should not be construed as the restriction to the application.