Specific implementation mode
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Completely it is communicated to those skilled in the art.
Fig. 1 shows the flow chart of the recognition methods of web station system information according to an embodiment of the invention, such as Fig. 1 institutes
Show, method includes the following steps:
Step S110 carries out website vulnerability scanning to targeted website.
The loophole of website is varied, such as:SQL injection loophole, cross site scripting loophole, weak passwurd loophole, http header
Loophole, struts2 remote commands execution loophole etc. are tracked, for the scan method and scanning rule of different web sites loophole type
Also different.
Vulnerability scanning rule is generally divided into general vulnerability scanning rule and special vulnerability scanning rule, general vulnerability scanning rule
All types of websites can be then directed to and carry out vulnerability scanning, and special vulnerability scanning rule is only suitable for for the loophole to match
Type carries out vulnerability scanning.Include generally at least partly scanning of the page under website to the scanning of website.
Step S120, obtain targeted website in the relevant website vulnerability scanning result of web station system information.
Web station system information includes Web Content Management System information and/or website frame information.
Web Content Management System (CMS) includes Discuz, PHPCMS, TurboCMS etc. common tool of building a station.
Website frame includes the web application frameworks of website, such as struts, struts2 frame, thinkphp frames etc..
Specifically, the information of Web Content Management System, such as copyright information to be identified, obtains in targeted website and corresponds to net
It stands the special vulnerability scanning result of Content Management System;To identify website frame information, then obtains and correspond to net in targeted website
It stands the special vulnerability scanning result of frame.
Step S130, according to the website system for identifying targeted website with the relevant website vulnerability scanning result of web station system information
System information.
For example, for Web Content Management System information, if having got Discuz injection loopholes in step S120, know
Other Web Content Management System is Discuz;For website frame information, if the special loophole obtained in step S120 is
Struts2 orders execute loophole, and identification website frame is struts2 frames.
According to the method that the above embodiment of the present invention provides, website vulnerability scanning is carried out to targeted website;Obtain target network
In standing with the relevant website vulnerability scanning result of web station system information;It is scanned according to the relevant website vulnerability of web station system information
As a result the web station system information of targeted website is identified.According to the program, can accurately learn in the websites such as the CMS copyrights of system
The information and web page frame information of appearance system, without changed or delete by user page identification information or directory web site,
The influence of file can recognize that the web station system information of existing method None- identified.
Fig. 2 shows the flow charts of the recognition methods of web station system information according to an embodiment of the invention, such as Fig. 2 institutes
Show, method includes the following steps:
Step S210 carries out targeted website using the special vulnerability scanning rule of corresponding Web Content Management System special
Vulnerability scanning.
Website vulnerability includes general loophole and special loophole.Special loophole is to be only applicable to a kind of web content management system
The loophole of system;General loophole is the loophole suitable for all types system, therefore cannot be used for identification web station system information.
Specifically, general loophole may include SQL injection, XSS loopholes, sensitive information leakage etc., these loopholes exist
In each Web site management system.
Special loophole may include:The special injection loophole of corresponding specific website Content Management System, specific command execute
Loophole and special XSS loopholes, for example, Discuz_qq interconnection plug-in unit XSS loopholes, the convenience-for-people phone plug SQL injections of Discuz
Loophole etc..
Usually, the vulnerability scanning of website is carried out by vulnerability database.The content preserved in vulnerability database includes:Loophole title,
For example, SQL injection loophole;Loophole endangers, such as website is hacked;Loophole solution, for example, it is desired to number input by user
According to stringent filtering of progress etc.;Scanning rule whether there is for scanning loophole.
In the embodiment of the present invention, targeted website is scanned using special vulnerability database and scanning rule, according to scanning
The type of the special loophole gone out obtains the information of Web Content Management System.
Specifically, use the special vulnerability database of different web sites Content Management System to targeted website successively according to certain sequence
It is scanned, is sequentially determined according to the utilization rate of common Content Management System.For example, using Discuz vulnerability databases to net first
It stands and the affiliated page is scanned.Specifically, each link for including to website according to scanning rule in Discuz vulnerability databases
Carry out vulnerability scanning.When obtaining scanning result, can select to stop scanning;If the end of scan do not obtain yet as a result, if make again
It is scanned with other special vulnerability databases.
Alternatively, website and the affiliated page are scanned using multiple special vulnerability databases simultaneously, after obtaining scanning result, knot
Beam scanning process.
Step S220 records the special loophole for one or more Web Content Management Systems that special vulnerability scanning obtains.
Step S230, according to the special vulnerability scanning result identification web content management system of corresponding Web Content Management System
System information.
Specifically, it is held if the special loophole of Web Content Management System is Discuz injection loopholes and/or Discuz orders
Row loophole and/or the special XSS loopholes of Discuz then identify that Web Content Management System is Discuz systems;
If the special loophole of Web Content Management System, which is PHPCMS injection loopholes and/or PHPCMS orders, executes loophole
And/or the special XSS loopholes of PHPCMS, then identify that Web Content Management System is PHPCMS systems.
System and other special loophole type are managed for other contents such as TurboCMS, such as sensitive information loophole, if
Count defect loophole etc., can identical mode identify Content Management System, no longer repeat one by one herein.
According to the method that the above embodiment of the present invention provides, using the special vulnerability scanning of corresponding Web Content Management System
Rule carries out special vulnerability scanning to targeted website, and Web Content Management System information is identified according to scanning result.For big portion
The website divided and common Content Management System, can rapidly identify the contents management informations such as copyright information, without by people
To change the influence of site information.
Fig. 3 shows the flow chart of the recognition methods of web station system information according to an embodiment of the invention, such as Fig. 3 institutes
Show, method includes the following steps:
Step S310 carries out comprehensive vulnerability scanning to whole loopholes of targeted website.
Vulnerability scanning is carried out to website using general vulnerability database and universal scan rule.
Step S320 searches the special leakage of corresponding Web Content Management System in the scanning result of comprehensive vulnerability scanning
Hole.
Whole scanning results is obtained after the end of scan, and corresponding Web Content Management System is searched in scanning result
Special loophole.
Step S330, according to the special vulnerability scanning result identification web content management system of corresponding Web Content Management System
System information.
The step is similar with step S230 in a upper embodiment, is not repeated to describe herein.
It is searched in scanning result using general vulnerability scanning rule according to the method that the above embodiment of the present invention provides
The special loophole of corresponding Web Content Management System.Compared with a upper embodiment, less web site contents pipe is applied for some
Reason system has higher recognition efficiency.
Fig. 4 shows the flow chart of the recognition methods of web station system information according to an embodiment of the invention, such as Fig. 4 institutes
Show, method includes the following steps:
Step S410 carries out special loophole to targeted website using the special vulnerability scanning rule of corresponding website frame and sweeps
It retouches.
In the embodiment of the present invention, targeted website is swept using the special vulnerability database and scanning rule of various website frames
It retouches, according to the type for the special loophole that scanning obtains, obtains the information of website frame.
Specifically, the special vulnerability database of different web sites frame can be used to carry out targeted website successively according to certain sequence
Scanning.Usually, include at least partly scanning of the page under website to the scanning of website.For example, being leaked first using struts2
Cave depot is scanned website and the affiliated page.Specifically, include to website according to scanning rule in struts2 vulnerability databases
Each link carries out vulnerability scanning.When obtaining scanning result, can select to stop scanning;If the end of scan does not obtain knot yet
Fruit then reuses other special vulnerability databases, for example, the special vulnerability database of thinkphp frames is scanned.
Alternatively, website and the affiliated page are scanned using multiple special vulnerability databases simultaneously, when obtaining scanning result,
Terminate scanning process.
Website frame includes:Struts, struts2 frame, thinkphp frames.The special loophole of website frame includes:
The specific command of website frame executes loophole, for example, the order of struts2 executes loophole.
Step S420 records the special loophole for one or more website frames that special vulnerability scanning obtains.
Step S430 identifies website frame information according to the special vulnerability scanning result of corresponding website frame.
For example, in the scanning result of step S420 records, there are struts2 orders to execute loophole, then identifies that website frame is
Struts2 frames.
For other web page frames such as thinkphp and the special loophole of other web page frames, such as design defect, all
It can identify, no longer repeat one by one herein in an identical manner.
Fig. 5 shows the flow chart of the recognition methods of web station system information in accordance with another embodiment of the present invention, such as Fig. 5
Shown, method includes the following steps:
Step S510 carries out comprehensive vulnerability scanning to whole loopholes of targeted website.
Step S520 searches the special loophole of corresponding website frame in the scanning result of comprehensive vulnerability scanning.
Step S530 identifies website frame information according to the special vulnerability scanning result of corresponding website frame.
According to the method that the above embodiment of the present invention provides, website is identified according to the special vulnerability scanning result of website frame
Frame information.For most website, can quickly and accurately identify the contents management informations such as copyright information, without by
The influence of artificial modification site information.
Fig. 6 shows the structure diagram of the identification device of web station system information according to an embodiment of the invention, such as Fig. 6
Shown, device includes:
Scan module 610 is suitable for carrying out website vulnerability scanning to targeted website.
Leak analysis module 620 is suitable for obtaining in targeted website and being tied with the relevant website vulnerability scanning of web station system information
Fruit.
Wherein, web station system information includes Web Content Management System information and/or website frame information.
Leak analysis module 620 is particularly adapted to:Obtain the special loophole that Web Content Management System is corresponded in targeted website
The special vulnerability scanning result of website frame is corresponded in scanning result and/or acquisition targeted website.
Identification module 630 is suitable for identifying targeted website according to the relevant website vulnerability scanning result of web station system information
Web station system information.
Identification module 630 is particularly adapted to:Net is identified according to the special vulnerability scanning result of corresponding Web Content Management System
Content Management System information of standing and/or website frame information is identified according to the special vulnerability scanning result of corresponding website frame.
Fig. 7 shows the structure diagram of the identification device of web station system information in accordance with another embodiment of the present invention, such as
Shown in Fig. 7, device includes:
Scan module 710 is suitable for carrying out website vulnerability scanning to targeted website.
Scan module 710 further comprises:Dedicated scan unit 7101 is suitable for using corresponding Web Content Management System
Special vulnerability scanning rule carries out special vulnerability scanning to targeted website, obtains special vulnerability scanning result;And/or suitable for adopting
Special vulnerability scanning is carried out to targeted website with the special vulnerability scanning rule of corresponding website frame;And
Universal scan unit 7102 is suitable for carrying out comprehensive loophole to whole loopholes of targeted website using universal scan rule
Scanning.
Wherein, Web Content Management System (CMS) includes Discuz, PHPCMS, TurboCMS etc. common tool of building a station.
The special loophole of Web Content Management System includes:The special injection loophole of Web Content Management System, special life
It enables and executes loophole, special XSS loopholes etc..
Website frame is the web application frameworks of website, such as struts, struts2 frame, thinkphp frames etc., net
Stand frame dedicated scan loophole include order execute loophole.
Leak analysis module 720 is suitable for obtaining in targeted website and being tied with the relevant website vulnerability scanning of web station system information
Fruit.
Leak analysis module 720 further comprises:Recording unit 7201 is obtained suitable for record dedicated scan unit 7101
The special loophole of one or more Web Content Management Systems;And/or one or more that record dedicated scan unit 7101 obtains
The special loophole of item website frame;
Searching unit 7202 is suitable for searching corresponding web content management system in the scanning result of universal scan unit 7102
The special loophole of system;And/or the special loophole of corresponding website frame is searched in the scanning result of universal scan unit 7102.
Identification module 730 is suitable for identifying targeted website according to the relevant website vulnerability scanning result of web station system information
Web station system information.
Identification module 730 is particularly adapted to:Net is identified according to the special vulnerability scanning result of corresponding Web Content Management System
Content Management System information of standing and/or website frame information is identified according to the special vulnerability scanning result of corresponding website frame.
Identification module 730 is further adapted for:If the special loophole of Web Content Management System be Discuz injection loopholes and/
Or Discuz orders execute loophole and/or the special XSS loopholes of Discuz, then identify that Web Content Management System is Discuz systems
System;If the special loophole of Web Content Management System be PHPCMS injection loopholes and/or PHPCMS orders execution loophole and/or
The special XSS loopholes of PHPCMS then identify that Web Content Management System is PHPCMS systems.
Identification module 730 is further adapted for:If special loophole, which is struts2 orders, executes loophole, website frame is identified
For struts2 frames.
According to the device that the above embodiment of the present invention provides, scan module carries out website vulnerability scanning to targeted website;Leakage
Hole analysis module obtain in targeted website with the relevant vulnerability scanning result of website frame information;Identification module according to website frame
The website frame information of frame information relevant website vulnerability scanning result identification targeted website.It, can be accurately according to the program
It learns website frame information, without being influenced by user's modification information, can recognize that the net of existing method None- identified
It stands frame information.
The embodiment of the present invention also discloses:
B11, the device according to claim B10, wherein the scan module is particularly adapted to:Using corresponding website
The special vulnerability scanning rule of Content Management System carries out special vulnerability scanning to the targeted website;And/or
Special vulnerability scanning is carried out to the targeted website using the special vulnerability scanning rule of corresponding website frame;
The leak analysis module is particularly adapted to:Record one or more web site contents that special vulnerability scanning obtains
The special loophole of management system;And/or record the special loophole for one or more website frames that special vulnerability scanning obtains.
B12, the device according to claim B10, wherein the scan module is particularly adapted to:Using universal scan
Rule carries out comprehensive vulnerability scanning to whole loopholes of the targeted website;
The leak analysis module is particularly adapted to:It is searched in the scanning result of comprehensive vulnerability scanning in corresponding website
The special loophole of content management system;And/or the special of corresponding website frame is searched in the scanning result of comprehensive vulnerability scanning
Use loophole.
B13, the device according to claim B11 or B12, wherein the special leakage of the Web Content Management System
Hole includes:The special injection loophole of Web Content Management System, specific command execute loophole, one in special XSS loopholes or
It is multinomial;
Website frame includes struts2 frames.
B14, the device according to claim B13, wherein the Web Content Management System includes Discuz systems
And/or PHPCMS systems;
The identification module is further adapted for:If the special loophole of the Web Content Management System is Discuz injection leakages
Hole and/or Discuz orders execute loophole and/or the special XSS loopholes of Discuz, then identify that the Web Content Management System is
Discuz systems;
If the special loophole of the Web Content Management System, which is PHPCMS injection loopholes and/or PHPCMS orders, executes leakage
Hole and/or the special XSS loopholes of PHPCMS then identify that the Web Content Management System is PHPCMS systems;
The website frame includes struts2 frames;
The identification module is further adapted for:If the special loophole is struts2 orders execution loophole, described in identification
Website frame is struts2 frames.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect,
Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself
All as a separate embodiment of the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment
Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit requires, abstract and attached drawing) disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation
It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments
In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention
Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed
One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors
Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) realize the identification device of web station system information according to the ... of the embodiment of the present invention
In some or all components some or all functions.The present invention is also implemented as described herein for executing
Some or all equipment or program of device (for example, computer program and computer program product) of method.In this way
Realization the present invention program can may be stored on the computer-readable medium, or can with one or more signal shape
Formula.Such signal can be downloaded from internet website and be obtained, and either be provided on carrier signal or with any other shape
Formula provides.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not
Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real
It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch
To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame
Claim.