CN104866769A - Vulnerability analyzing method and system based on fingerprint acquisition of business system host - Google Patents
Vulnerability analyzing method and system based on fingerprint acquisition of business system host Download PDFInfo
- Publication number
- CN104866769A CN104866769A CN201510293091.7A CN201510293091A CN104866769A CN 104866769 A CN104866769 A CN 104866769A CN 201510293091 A CN201510293091 A CN 201510293091A CN 104866769 A CN104866769 A CN 104866769A
- Authority
- CN
- China
- Prior art keywords
- main frame
- leak
- operation system
- system main
- vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The present invention discloses a vulnerability analyzing method and a vulnerability analyzing system based on the fingerprint acquisition of a business system host. The vulnerability analyzing method comprises the steps of: A, acquiring the fingerprint information of the business system host by an open source tool, wherein the fingerprint information is used for recognizing the business system host; and B, carrying out regular contrast by a preset regular expression and the acquired corresponding fingerprint information, if successfully carrying out contrast, making the judgment that the business system host has vulnerability. Through the vulnerability analyzing method disclosed by the present invention, rapid searching can be carried out in a large-area host group, and a certain business system host suspected to have vulnerability can be found out through analysis, so that a security manager can be aware of the distributing situation of a certain vulnerability inside an enterprise in a short time, and a great quantity of processing time is bought for vulnerability patch work.
Description
Technical field
The present invention relates to Hole Detection field, particularly relate to a kind of leak analysis method and system based on operation system main frame fingerprint collecting.
Background technology
Along with the development of network, development technique is maked rapid progress, and various serviced component is as emerged rapidly in large numbersBamboo shoots after a spring rain, and the various core systems of enterprises select different operating system, Development Framework and middleware to build according to respective traffic performance.When certain operating system, Development Framework or middleware produce high-risk leak, for the operation system that enterprises uses this technology, impact is huge.
For this problem, the solution of prior art writes separately a recognizer for concrete leak, and the corresponding leak inspect statement of every secondary write, carries out network interaction with goal systems.But this method detection efficiency is lower, and spended time is long, is unfavorable for quick detection.
Therefore, prior art has yet to be improved and developed.
Summary of the invention
In view of above-mentioned the deficiencies in the prior art, the object of the present invention is to provide a kind of leak analysis method and system based on operation system main frame fingerprint collecting, be intended to solve the inefficient problem of existing leak detection method.
Technical scheme of the present invention is as follows:
Based on a leak analysis method for operation system main frame fingerprint collecting, wherein, comprise step:
A, finger print information by Open-Source Tools capturing service system host, described finger print information is used for identification services system host;
B, by the regular expression that presets to collect corresponding finger print information and carry out canonical contrast, as contrasted successfully, then judge that this operation system main frame exists leak.
The described leak analysis method based on operation system main frame fingerprint collecting, wherein, described finger print information comprises the operating system of operation system main frame, the type of middleware, the version of middleware, the service of developing and port.
The described leak analysis method based on operation system main frame fingerprint collecting, wherein, comprises before described steps A:
Regular expression is set up in advance according to different leak types and leak danger classes.
The described leak analysis method based on operation system main frame fingerprint collecting, wherein, described Open-Source Tools is nmap, dnseumn or whatweb.
Based on a vulnerability analysis system for operation system main frame fingerprint collecting, wherein, comprising:
Acquisition module, for the finger print information by Open-Source Tools capturing service system host, described finger print information is used for identification services system host;
Analysis module, for the regular expression by presetting to collect corresponding finger print information and carry out canonical contrast, as contrasted successfully, then judge that this operation system main frame exists leak.
The described vulnerability analysis system based on operation system main frame fingerprint collecting, wherein, described finger print information comprises the operating system of operation system main frame, the type of middleware, the version of middleware, the service of developing and port.
The described vulnerability analysis system based on operation system main frame fingerprint collecting, wherein, also comprises:
Presetting module, for setting up regular expression according to different leak types and leak danger classes in advance.
The described vulnerability analysis system based on operation system main frame fingerprint collecting, wherein, described Open-Source Tools is nmap, dnseumn or whatweb.
Beneficial effect: quick-searching can be carried out in large area main frame group by leak analysis method of the present invention, analyze the operation system main frame that certain may exist leak, thus allow safety officer understand the distribution situation of certain leak in enterprises at short notice, for a large amount of processing times is striven in leak repairing work.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of a kind of leak analysis method preferred embodiment based on operation system main frame fingerprint collecting of the present invention.
Fig. 2 is the structured flowchart of a kind of vulnerability analysis system preferred embodiment based on operation system main frame fingerprint collecting of the present invention.
Embodiment
The invention provides a kind of leak analysis method and system based on operation system main frame fingerprint collecting, for making object of the present invention, technical scheme and effect clearly, clearly, the present invention is described in more detail below.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
Refer to Fig. 1, Fig. 1 is the process flow diagram of a kind of leak analysis method preferred embodiment based on operation system main frame fingerprint collecting of the present invention, and it comprises step:
S101, finger print information by Open-Source Tools capturing service system host, described finger print information is used for identification services system host;
S102, by the regular expression that presets to collect corresponding finger print information and carry out canonical contrast, as contrasted successfully, then judge that this operation system main frame exists leak.
Further, described finger print information comprises the operating system of operation system main frame, the type of middleware, the version of middleware, the service of developing and port.Said finger print information essence refers to, operation system information in internet computer, and right and wrong are unique, the information of computer for identifying likely repeated.
Further, comprise before described step S101:
Regular expression is set up in advance according to different leak types and leak danger classes.
Regular expression, also known as normal representation method, conventional expressing method, regular expression its use single character string to describe, mate a series of character string meeting certain syntactic rule.In a lot of text editor, regular expression is usually used to retrieval, replaces those texts meeting certain pattern.
The present invention is that initiatively the disposable operation system main frame finger print information for assembly (having the system of potential problems or region) contrasts, so relative traditional solution, substantially increase work efficiency, thus leave safety manager's abundant processing time for.
Further, described Open-Source Tools is nmap, dnseumn or whatweb.Wherein nmap is a network link scanning software, is used for scanning the open network link of online computer.Determine which service operation is at those links, and infer which operating system computer run (this is also known as fingerprinting).It is network manager must one of software, and to ensure public security in order to critic network system.WhatWeb is a website fingerprint identification facility, mainly for problem be: " this website use what technology? " WhatWeb can tell that the program of use is built in your website, comprises which kind of CMS system, what blog system, Javascript storehouse, web server, embedded devices etc.WhatWeb has more than 900 plug-in units, and can identify version number, email address, account, web framework, sql error etc.
Based on said method, the present invention also provides a kind of vulnerability analysis system preferred embodiment based on operation system main frame fingerprint collecting, and as shown in Figure 2, it comprises:
Acquisition module 100, for the finger print information by Open-Source Tools capturing service system host, described finger print information is used for identification services system host;
Analysis module 200, for the regular expression by presetting to collect corresponding finger print information and carry out canonical contrast, as contrasted successfully, then judge that this operation system main frame exists leak.
Further, described finger print information comprises the operating system of operation system main frame, the type of middleware, the version of middleware, the service of developing and port.
Further, described system also comprises:
Presetting module, for setting up regular expression according to different leak types and leak danger classes in advance.
Further, described Open-Source Tools is nmap, dnseumn or whatweb.
Ins and outs about above-mentioned module are existing in method above to be described in detail, therefore repeats no more.
Quick-searching can be carried out in large area main frame group in sum by leak analysis method of the present invention, analyze the operation system main frame that certain may exist leak, thus allow safety officer understand the distribution situation of certain leak in enterprises at short notice, for a large amount of processing times is striven in leak repairing work.
Should be understood that, application of the present invention is not limited to above-mentioned citing, for those of ordinary skills, can be improved according to the above description or convert, and all these improve and convert the protection domain that all should belong to claims of the present invention.
Claims (8)
1., based on a leak analysis method for operation system main frame fingerprint collecting, it is characterized in that, comprise step:
A, finger print information by Open-Source Tools capturing service system host, described finger print information is used for identification services system host;
B, by the regular expression that presets to collect corresponding finger print information and carry out canonical contrast, as contrasted successfully, then judge that this operation system main frame exists leak.
2. the leak analysis method based on operation system main frame fingerprint collecting according to claim 1, it is characterized in that, described finger print information comprises the operating system of operation system main frame, the type of middleware, the version of middleware, the service of developing and port.
3. the leak analysis method based on operation system main frame fingerprint collecting according to claim 1, is characterized in that, comprise before described steps A:
Regular expression is set up in advance according to different leak types and leak danger classes.
4. the leak analysis method based on operation system main frame fingerprint collecting according to claim 1, is characterized in that, described Open-Source Tools is nmap, dnseumn or whatweb.
5. based on a vulnerability analysis system for operation system main frame fingerprint collecting, it is characterized in that, comprising:
Acquisition module, for the finger print information by Open-Source Tools capturing service system host, described finger print information is used for identification services system host;
Analysis module, for the regular expression by presetting to collect corresponding finger print information and carry out canonical contrast, as contrasted successfully, then judge that this operation system main frame exists leak.
6. the vulnerability analysis system based on operation system main frame fingerprint collecting according to claim 5, it is characterized in that, described finger print information comprises the operating system of operation system main frame, the type of middleware, the version of middleware, the service of developing and port.
7. the vulnerability analysis system based on operation system main frame fingerprint collecting according to claim 5, is characterized in that, also comprise:
Presetting module, for setting up regular expression according to different leak types and leak danger classes in advance.
8. the vulnerability analysis system based on operation system main frame fingerprint collecting according to claim 5, is characterized in that, described Open-Source Tools is nmap, dnseumn or whatweb.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510293091.7A CN104866769A (en) | 2015-06-01 | 2015-06-01 | Vulnerability analyzing method and system based on fingerprint acquisition of business system host |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510293091.7A CN104866769A (en) | 2015-06-01 | 2015-06-01 | Vulnerability analyzing method and system based on fingerprint acquisition of business system host |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104866769A true CN104866769A (en) | 2015-08-26 |
Family
ID=53912591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510293091.7A Pending CN104866769A (en) | 2015-06-01 | 2015-06-01 | Vulnerability analyzing method and system based on fingerprint acquisition of business system host |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104866769A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN112001376B (en) * | 2020-10-29 | 2021-02-26 | 深圳开源互联网安全技术有限公司 | Fingerprint identification method, device, equipment and storage medium based on open source component |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242279A (en) * | 2008-03-07 | 2008-08-13 | 北京邮电大学 | Automatic penetration testing system and method for WEB system |
| CN101902470A (en) * | 2010-07-14 | 2010-12-01 | 南京大学 | Form feature-based Web security vulnerability dynamic testing method |
| WO2012142584A1 (en) * | 2011-04-15 | 2012-10-18 | Bluecava, Inc. | Detection of spoofing of remote client system information |
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103685575A (en) * | 2014-01-06 | 2014-03-26 | 洪高颖 | Website security monitoring method based on cloud architecture |
-
2015
- 2015-06-01 CN CN201510293091.7A patent/CN104866769A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242279A (en) * | 2008-03-07 | 2008-08-13 | 北京邮电大学 | Automatic penetration testing system and method for WEB system |
| CN101902470A (en) * | 2010-07-14 | 2010-12-01 | 南京大学 | Form feature-based Web security vulnerability dynamic testing method |
| WO2012142584A1 (en) * | 2011-04-15 | 2012-10-18 | Bluecava, Inc. | Detection of spoofing of remote client system information |
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103685575A (en) * | 2014-01-06 | 2014-03-26 | 洪高颖 | Website security monitoring method based on cloud architecture |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
| CN108183895B (en) * | 2017-12-26 | 2021-03-12 | 广东电网有限责任公司信息中心 | Network asset information acquisition system |
| CN112001376B (en) * | 2020-10-29 | 2021-02-26 | 深圳开源互联网安全技术有限公司 | Fingerprint identification method, device, equipment and storage medium based on open source component |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525595B (en) | Black product account identification method and equipment based on time flow characteristics | |
| CN103699693B (en) | A kind of data quality management method based on metadata and system | |
| US20210035126A1 (en) | Data processing method, system and computer device based on electronic payment behaviors | |
| CN105068925A (en) | Software security flaw discovering system | |
| CN103336766A (en) | Short text garbage identification and modeling method and device | |
| CN109241014B (en) | Data processing method and device and server | |
| CN109934227A (en) | System for recognizing characters from image and method | |
| CN105426759A (en) | URL legality determining method and apparatus | |
| CN103905379A (en) | Method for identifying internet users and device thereof | |
| CN102073912A (en) | Data quality control method, device and system | |
| CN101561806B (en) | Information extraction and audit method of DB2 database operation, device and system thereof | |
| CN105095330A (en) | Method and system for identifying file format based on compressed package content | |
| CN103701769A (en) | Method and system for detecting hazardous network source | |
| CN104751053A (en) | Static behavior analysis method of mobile smart terminal software | |
| CN104732425A (en) | E-commerce platform customer behavior analytical method based on big data | |
| JP2016099857A (en) | Fraudulent program handling system and fraudulent program handling method | |
| CN103902906A (en) | Mobile terminal malicious code detecting method and system based on application icon | |
| CN104866769A (en) | Vulnerability analyzing method and system based on fingerprint acquisition of business system host | |
| CN108920955B (en) | Webpage backdoor detection method, device, equipment and storage medium | |
| CN111581110B (en) | Service data accuracy detection method, device, system and storage medium | |
| CN116107589B (en) | Automatic compiling method, device and equipment of software codes and storage medium | |
| CN102707943A (en) | Implementation method of remote control automation tool | |
| CN107463493A (en) | A kind of test system and method for testing towards host antivirus software product | |
| CN108985059B (en) | Webpage backdoor detection method, device, equipment and storage medium | |
| CN109829713B (en) | Mobile payment mode identification method based on common drive of knowledge and data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150826 |