CN105516131B - A kind of method, apparatus and electronic equipment scanning loophole - Google Patents

A kind of method, apparatus and electronic equipment scanning loophole Download PDF

Info

Publication number
CN105516131B
CN105516131B CN201510890941.1A CN201510890941A CN105516131B CN 105516131 B CN105516131 B CN 105516131B CN 201510890941 A CN201510890941 A CN 201510890941A CN 105516131 B CN105516131 B CN 105516131B
Authority
CN
China
Prior art keywords
vulnerability scanning
server
message
request message
scanning request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510890941.1A
Other languages
Chinese (zh)
Other versions
CN105516131A (en
Inventor
王鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Baoqu Technology Co Ltd
Original Assignee
Zhuhai Seal Interest Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhuhai Seal Interest Technology Co Ltd filed Critical Zhuhai Seal Interest Technology Co Ltd
Priority to CN201510890941.1A priority Critical patent/CN105516131B/en
Publication of CN105516131A publication Critical patent/CN105516131A/en
Application granted granted Critical
Publication of CN105516131B publication Critical patent/CN105516131B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the present invention discloses a kind of method, apparatus and electronic equipment for scanning loophole.Method includes: each vulnerability scanning request message intercepted and captured client and will be sent to server;From each vulnerability scanning request message of intercepting and capturing, the vulnerability scanning request message using the transmission of pre-set transport protocol is filtered out;Message body in the vulnerability scanning request message filtered out is parsed, the required parameter value in the message body of parsing is edited;It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, is sent according to the pre-set time cycle to server, and receive the vulnerability scanning response message returned from the server, loophole whether there is with the determination server.With the application of the invention, vulnerability scanning efficiency can be improved.

Description

A kind of method, apparatus and electronic equipment scanning loophole
Technical field
The present invention relates to computer network security technologies more particularly to a kind of method, apparatus for scanning loophole and electronics to set It is standby.
Background technique
With the high speed development of computer networking technology, internet has been increasingly becoming indispensable in people's Working Life A part.But internet is bringing people easily simultaneously as the complexity and interconnection of internet application environment The diversity of web application, people are easy to be attacked by networks such as computer virus, wooden horses during using internet Threat is hit, so that biggish material damage is revealed or caused to user information.
In order to promote the safety of internet, it is currently suggested interconnection in client and server and between the two The method that network carries out vulnerability scanning, since client realizes that vulnerability scanning is easily achieved, thus, developer examines vulnerability scanning Code is surveyed to be arranged in client, including independent client vulnerability scanning and remote server vulnerability scanning.Wherein, client Vulnerability scanning is by installing vulnerability scanning software in client, and to client progress vulnerability scanning, and remote server loophole is swept Retouch is sent to server, foundation by including the vulnerability scanning request message of payload (payload) in client construction The vulnerability scanning response message that server returns determines the server with the presence or absence of loophole.
But the method for the scanning loophole is swept when carrying out vulnerability scanning to server since client cannot modify loophole The required parameter in request message is retouched, needs to construct vulnerability scanning request message in different clients, according to server Each vulnerability scanning response message returned determines server loophole if it exists, and whether existing loophole is identical, so that realizing clothes Being engaged in, the time needed for device vulnerability scanning is longer, and vulnerability scanning efficiency is lower;Simultaneously as the pre-set loophole prevention of client Mechanism, so that client, when constructing vulnerability scanning request message, loophole present in server is prevented by loophole in the client Model mechanism reparation, is missed so as to cause the loophole present in server, for example, in client construction vulnerability scanning request report When literary request server issues dynamic verification code, due to loophole prevention mechanism pre-set in client, so that client is only Can apply for a dynamic verification code in scheduled time threshold, as long as and in fact, server there may be receive request The vulnerability scanning request message of dynamic verification code just feeds back the loophole of dynamic verification code, causes the loophole that can not pass through server The vulnerability scanning request message of feedback determines, reduces the accuracy rate of vulnerability scanning, causes vulnerability scanning inefficient.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of method, apparatus and electronic equipment for scanning loophole, improves loophole and sweep Retouch efficiency.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
In a first aspect, the embodiment of the present invention provides a kind of method for scanning loophole, comprising:
Intercept and capture each vulnerability scanning request message that client will be sent to server;
From each vulnerability scanning request message of intercepting and capturing, filters out and swept using the loophole of pre-set transport protocol transmission Retouch request message;
Message body in the vulnerability scanning request message filtered out is parsed, the request in the message body of parsing is edited Parameter value;
It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to the pre-set time cycle It is sent to server, and receives the vulnerability scanning response message returned from the server, whether deposited with the determination server In loophole.
Preferably, described filter out includes: using the vulnerability scanning request message of pre-set transport protocol transmission
The heading for the vulnerability scanning request message intercepted and captured is parsed, if the related words for including in the heading that parsing obtains Section is pre-set transport protocol field, stores the vulnerability scanning request message.
Preferably, after the vulnerability scanning request message filtered out using the transmission of pre-set transport protocol, The method further includes:
To the vulnerability scanning request message filtered out according to application function duplicate removal, the corresponding leakage of each application function is obtained Hole scan request message is stored.
Preferably, the message body in the described pair of vulnerability scanning request message filtered out parses, and edits the report of parsing Required parameter value in style includes:
The vulnerability scanning request message extracted, the heading parsed and message body are parsed, according to the parsing Heading judges mode when making requests-responding between client and server:
If mode when making requests-responding between the client and server is get mode, editor's message body Required parameter value in uniform resource locator;
If mode when making requests-responding between the client and server is post mode, message body is edited Packet in required parameter value.
Preferably, described to receive the vulnerability scanning response message returned from the server, be with the determination server It is no that there are loopholes to include:
The vulnerability scanning response message that server returns is extracted, extracts tagged word after parsing the vulnerability scanning response message Word is matched with the feature words in pre-set vulnerability database, whether there is loophole with the determination server.
Preferably, described to receive the vulnerability scanning response message returned from the server, be with the determination server It is no that there are loopholes to include:
The vulnerability scanning response message that server returns is extracted, standard request corresponding with pre-set application function is rung It answers message to be matched, loophole whether there is with the determination server.
Preferably, the pre-set transport protocol is hypertext transfer protocol.
Second aspect, the embodiment of the present invention provide a kind of device for scanning loophole, comprising: interception module, extraction module, volume Collect module and vulnerability scanning module, wherein
Interception module, each vulnerability scanning request message that server will be sent to for intercepting and capturing client;
Extraction module is assisted for filtering out from each vulnerability scanning request message of intercepting and capturing using pre-set transmission Discuss the vulnerability scanning request message of transmission;
Editor module edits parsing for parsing to the message body in the vulnerability scanning request message filtered out Required parameter value in message body;
Vulnerability scanning module, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent, according to The pre-set time cycle sends to server, and receives the vulnerability scanning response message returned from the server, with true The fixed server whether there is loophole.
Preferably, the extraction module includes: resolution unit, field judging unit and storage unit, wherein
Resolution unit, for parsing the heading for the vulnerability scanning request message intercepted and captured;
Field judging unit, if the relevant field for including in the heading that parsing obtains is pre-set transport protocol Field notifies storage unit;
Storage unit, for storing the vulnerability scanning request message.
Preferably, the extraction module further comprises:
Duplicate removal unit, for receive field judging unit output notice, to the vulnerability scanning request message filtered out by According to application function duplicate removal, the corresponding vulnerability scanning request message of each application function, output to storage unit are obtained.
Preferably, the editor module includes: packet parsing unit, request response mode judging unit, required parameter the The second edit cell of one edit cell and required parameter, wherein
Packet parsing unit, for parsing the vulnerability scanning request message extracted, the heading and message parsed Body;
Request response mode judging unit, for according to the heading of the parsing judge between client and server into Mode when row request-response:
If mode when making requests-responding between the client and server is get mode, required parameter is notified First edit cell;If mode when making requests-responding between the client and server is post mode, notice is asked Seek the second edit cell of parameter;
The first edit cell of required parameter edits the request in the uniform resource locator of message body for receiving notice Parameter value;
The second edit cell of required parameter edits the required parameter value in the packet of message body for receiving notice.
Preferably, the vulnerability scanning module includes: encapsulation unit, transmission unit, feature extraction unit and feature With unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request message to server according to the pre-set time cycle;
Feature extraction unit parses the vulnerability scanning and rings for extracting the vulnerability scanning response message of server return Feature words is extracted after answering message;
Characteristic matching unit, the feature words for that will extract and the feature words progress in pre-set vulnerability database Match, loophole whether there is with the determination server.
Preferably, the vulnerability scanning module includes: encapsulation unit, transmission unit and message matching unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request message to server according to the pre-set time cycle;
Message matching unit applies function with pre-set for extracting the vulnerability scanning response message of server return The corresponding standard request response message of energy is matched, and whether there is loophole with the determination server.
Preferably, the pre-set transport protocol is hypertext transfer protocol.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, and the electronic equipment includes: shell, processor, deposits Reservoir, circuit board and power circuit, wherein circuit board is placed in the space interior that shell surrounds, processor and memory setting On circuit boards;Power circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing and can hold Line program code;Processor is run and executable program code pair by reading the executable program code stored in memory The program answered, the method for executing aforementioned any scanning loophole.
The method, apparatus and electronic equipment of scanning loophole provided in an embodiment of the present invention, by intercepting and capturing vulnerability scanning request Message edits the required parameter value in message body to generate vulnerability scanning request message, and according to the pre-set time cycle It is sent to server, the scanning to server loophole is realized according to response message, without constructing loophole in different clients Scan request message reduces the time needed for realizing server vulnerability scanning, to promote vulnerability scanning efficiency;Further Ground sends the vulnerability scanning request message of encapsulation according to the pre-set time cycle, it is possible to prevente effectively from client to server The situation for holding loophole present in server caused by pre-set loophole prevention mechanism to be missed, improves vulnerability scanning Accuracy rate.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the method flow schematic diagram that the embodiment of the present invention scans loophole;
Fig. 2 is the apparatus structure schematic diagram that the embodiment of the present invention scans loophole;
Fig. 3 is the extraction module structural schematic diagram of the embodiment of the present invention;
Fig. 4 is the editor module structural schematic diagram of the embodiment of the present invention;
Fig. 5 is the vulnerability scanning modular structure schematic diagram of first embodiment of the invention;
Fig. 6 is the vulnerability scanning modular structure schematic diagram of second embodiment of the invention;
Fig. 7 is the structural schematic diagram of electronic equipment one embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its Its embodiment, shall fall within the protection scope of the present invention.
Fig. 1 is the method flow schematic diagram that the embodiment of the present invention scans loophole.Referring to Fig. 1, this method comprises:
Step 11, each vulnerability scanning request message that client will be sent to server is intercepted and captured;
In this step, in existing progress server vulnerability scanning, related technical personnel or maintenance personnel can by according to The secondary application function for calling client inputs payload, client is according to tune in the application function content input area of calling Application function and the payload of input generate vulnerability scanning request message, and submit to server.Wherein, effectively Load is some special input datas of building when carrying out vulnerability scanning.
As an alternative embodiment, vulnerability scanning request message can be service request message, be also possible to construction test Message.
In the embodiment of the present invention, it is contemplated that by client generate and to server submit vulnerability scanning request message, Some of which required parameter is generated according to the attribute information of client, thus, cannot client to required parameter into Edlin, for example, the client identification for including in vulnerability scanning request message, thus, it not can be carried out editor;Further, by In the pre-set loophole prevention mechanism of client, may loophole present in server be repaired in the client, example Such as, client requirements are generated with the situation of identifying code, server is receiving asking comprising identifying code generation for client transmission After the vulnerability scanning request message asked, the identifying code of generation is handed down to client, and after the identifying code for generating the client, It is to need to refuse identifying code life if the identifying code for receiving the client again within the pre-set time generates request At request, but due to the loophole prevention mechanism of client setting, the life of one-time authentication code is sent by control button in client After request, which fails within the time of setting, to avoid sending identifying code again to server in client Generate request.In this way, if the identifying code that server receives the client again within the pre-set time generates request, Not set refusal identifying code generates request, so that there are identifying code loopholes for server, but the verifying sent by the client Code generates request, can not detect that server has the identifying code loophole.Thus, the embodiment of the present invention will by intercepting and capturing client It is sent to each vulnerability scanning request message of server, so as to the request ginseng in the vulnerability scanning request message to intercepting and capturing Number is edited, with to avoid above-mentioned technological deficiency.
In the embodiment of the present invention, as an alternative embodiment, it can be and write in advance for intercepting and capturing vulnerability scanning request report The script of text, and the script write is injected into client.It is well-known technique about script edit, detailed description is omitted here.
Step 12, it from each vulnerability scanning request message of intercepting and capturing, filters out and is transmitted using pre-set transport protocol Vulnerability scanning request message;
In this step, as an alternative embodiment, pre-set transport protocol be hypertext transfer protocol (HTTP, Hypertext Transfer Protocol), certainly, in practical application, pre-set transport protocol is also possible to other biographies Defeated agreement, for example, File Transfer Protocol (FTP, File Transfer Protocol), real-time transport protocol (RTP, Real- time Transport Protocol)。
In the embodiment of the present invention, as an alternative embodiment, the leakage using the transmission of pre-set transport protocol is filtered out Hole scan request message includes:
The heading for the vulnerability scanning request message intercepted and captured is parsed, if the related words for including in the heading that parsing obtains Section is pre-set transport protocol field, stores the vulnerability scanning request message.
In the embodiment of the present invention, for using the vulnerability scanning request message of pre-set transport protocol transmission, not adopting It is handled with existing procedure.
As an alternative embodiment, in the vulnerability scanning request filtered out using the transmission of pre-set transport protocol After message, this method be can further include:
To the vulnerability scanning request message filtered out according to application function duplicate removal, the corresponding leakage of each application function is obtained Hole scan request message is stored.
In this step, for the vulnerability scanning request message for the same application function that multiple client is sent, due to subsequent In the association requests parameter in vulnerability scanning request message can be edited, thus, for for same application function More parts of vulnerability scanning request messages retain a vulnerability scanning request message therein at random.
Step 13, the message body in the vulnerability scanning request message filtered out is parsed, edits the message body of parsing In required parameter value;
In this step, as an alternative embodiment, the message body in the vulnerability scanning request message filtered out is solved Analysis, the required parameter value edited in the message body of parsing include:
The vulnerability scanning request message extracted, the heading parsed and message body are parsed, according to the parsing Heading judges mode when making requests-responding between client and server:
If mode when making requests-responding between the client and server is get mode, editor's message body Required parameter value in uniform resource locator;
If mode when making requests-responding between the client and server is post mode, message body is edited Packet in required parameter value.
In this step, client is for sending vulnerability scanning request message, and server is for receiving vulnerability scanning request report Text.Mode when making requests-responding between client and server includes: get mode and post mode, wherein the side get Formula is used for from specified resource (for example, server) request data, and post mode is used to submit to specified resource to be processed Data.
In the embodiment of the present invention, as an alternative embodiment, message body includes: uniform resource locator (URL, Uniform Resource Locator) and packet, for get mode, required parameter and the corresponding required parameter value of required parameter include In uniform resource locator;For post mode, required parameter and the corresponding required parameter value of required parameter are included in packet In.
In get mode as an example, for example, if a vulnerability scanning request message is http after the parsing of message body: // 1.1.1.1? id=123&method=getuserinfo, the request message indicate that obtaining designated user identifies (id 123) User information, required parameter include: id and method, wherein the corresponding required parameter value of required parameter id is 123, request The corresponding required parameter value of parameter method is getuserinfo.
As an alternative embodiment, in the embodiment of the present invention, required parameter value is edited, for example, passing through script Mode, the value for successively replacing id=xxx automatically come detection service end and reveal loophole with the presence or absence of privacy of user, for example, if will Required parameter value is modified as id=124, it is subsequent be packaged after, server can also return to other users information, show server Allow a user that can then illustrate that server-side there are loophole, shows that attacker can pass through with the information of the multiple users of request A large amount of id is constructed, for example, using script by id from 1-9999999 whole poll one time, so as to obtain institute from server There is user information, causes the leakage of user information.
In the embodiment of the present invention, by modifying required parameter value, it can also avoid the need for sending by different clients It is cumbersome that the repetition of vulnerability scanning request message is generated caused by vulnerability scanning request message, expends the situation of larger man power and material.
For another example the vulnerability scanning request message for obtaining short message verification code for one, if after analytic message body are as follows: Http: // 1.1.1.1? mobile=13311111111&method=chkcode was sent every 5 seconds automatically by being arranged, if Repetitive requests n times, server all normally return to short message verification code, then illustrating server, there is no limit acquisition times, so that attack Person can be arbitrarily secondary to a number repetitive requests, achievees the effect that short message is bombed.
Step 14, it will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to pre-set Time cycle sends to server, and receives the vulnerability scanning response message returned from the server, with the determination service Device whether there is loophole.
In this step, for example, as previously mentioned, if by required parameter value id from 1-9999999 whole poll one time, respectively It is encapsulated as corresponding to vulnerability scanning request message to be sent, the vulnerability scanning that a poll generates can be sent according to every five seconds and is requested Message;And the vulnerability scanning request message for obtaining short message verification code, required parameter value can not be edited, according to every Repetition in 5 seconds is sent once, to send in conjunction with the pre-set time cycle, can detecte out more loopholes in server.
In the embodiment of the present invention, as an alternative embodiment, if it is service request message, server return is business Response message, if it is construction test packet, server return is response message.The leakage that can be returned by extracting server Response message is scanned in hole, its feature words is extracted after parsing, is matched with the feature words in pre-set vulnerability database, with Determine the server with the presence or absence of loophole;Alternatively, the vulnerability scanning response message that server returns is extracted, and it is pre-set The corresponding standard request response message of application function is matched, and whether there is loophole with the determination server.About foundation It is well-known technique that the result that server returns, which determines that the server whether there is loophole, detailed description is omitted here.
From the foregoing, it can be seen that the method for scanning loophole of the embodiment of the present invention, will be sent to server by intercepting and capturing client Each vulnerability scanning request message;From each vulnerability scanning request message of intercepting and capturing, filters out and assisted using pre-set transmission Discuss the vulnerability scanning request message of transmission;Message body in the vulnerability scanning request message filtered out is parsed, editor's solution Required parameter value in the message body of analysis;It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to Whether the pre-set time cycle sends to server, to deposit according to received vulnerability scanning response message Analysis server In loophole.In this way, editing the required parameter value in message body by intercepting and capturing vulnerability scanning request message and being leaked to realize to server The scanning in hole reduces without constructing vulnerability scanning request message in different clients and realizes server vulnerability scanning institute The time needed, to promote vulnerability scanning efficiency;Meanwhile the leakage of encapsulation is sent to server according to the pre-set time cycle Hole scan request message, it is possible to prevente effectively from being leaked present in server caused by the pre-set loophole prevention mechanism of client The situation that hole is missed improves the accuracy rate of vulnerability scanning.
Fig. 2 is the apparatus structure schematic diagram that the embodiment of the present invention scans loophole.Referring to fig. 2, which includes: interception module 21, extraction module 22, editor module 23 and vulnerability scanning module 24, wherein
Interception module 21, each vulnerability scanning request message that server will be sent to for intercepting and capturing client;
In the embodiment of the present invention, as an alternative embodiment, it can write in advance for intercepting and capturing vulnerability scanning request message Script, and the script write is injected into client, the vulnerability scanning request message to issue to client blocks It cuts.
Extraction module 22, for from each vulnerability scanning request message of intercepting and capturing, filtering out using pre-set transmission The vulnerability scanning request message of agreement transmission;
In the embodiment of the present invention, as an alternative embodiment, the pre-set transport protocol is Hyper text transfer association View.
In the embodiment of the present invention, for using the vulnerability scanning request message of pre-set transport protocol transmission, not adopting It is handled with existing procedure.
Editor module 23, for being parsed to the message body in the vulnerability scanning request message filtered out, editor's parsing Message body in required parameter value;
Mode when in the embodiment of the present invention, making requests-responding between client and server include: get mode with And post mode, for get mode, required parameter and the corresponding required parameter value of required parameter are positioned included in unified resource Fu Zhong;For post mode, required parameter and the corresponding required parameter value of required parameter are included in packet.
Vulnerability scanning module 24 is pressed for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent It is sent according to the pre-set time cycle to server, and receives the vulnerability scanning response message returned from the server, with Determine the server with the presence or absence of loophole.
In the embodiment of the present invention, as an alternative embodiment, Fig. 3 is the extraction module structural representation of the embodiment of the present invention Figure.Referring to Fig. 3, which includes: resolution unit 31, field judging unit 32 and storage unit 33, wherein
Resolution unit 31, for parsing the heading for the vulnerability scanning request message intercepted and captured;
Field judging unit 32, if the relevant field for including in the heading that parsing obtains is pre-set transmission association Field is discussed, notifies storage unit 33;
Storage unit 33, for storing the vulnerability scanning request message.
In the embodiment of the present invention, as another alternative embodiment, extraction module further include:
Duplicate removal unit 34, for receiving the notice of the output of field judging unit 32, to the vulnerability scanning request report filtered out Text obtains the corresponding vulnerability scanning request message of each application function, output to storage unit 33 according to application function duplicate removal.
Fig. 4 is the editor module structural schematic diagram of the embodiment of the present invention.Referring to fig. 4, which includes: packet parsing Unit 41, request response mode judging unit 42, the second edit cell of the first edit cell of required parameter 43 and required parameter 44, wherein
Packet parsing unit 41, for parsing the vulnerability scanning request message extracted, the heading and report parsed Style;
Response mode judging unit 42 is requested, for judging between client and server according to the heading of the parsing Mode when making requests-responding:
If mode when making requests-responding between the client and server is get mode, required parameter is notified First edit cell 43;If mode when making requests-responding between the client and server is post mode, notice The second edit cell of required parameter 44;
The first edit cell of required parameter 43 edits asking in the uniform resource locator of message body for receiving notice Seek parameter value;
The second edit cell of required parameter 44 edits the required parameter value in the packet of message body for receiving notice.
Fig. 5 is the vulnerability scanning modular structure schematic diagram of first embodiment of the invention.Referring to Fig. 5, the vulnerability scanning module It include: encapsulation unit 51, transmission unit 52, feature extraction unit 53 and characteristic matching unit 54, wherein
Encapsulation unit 51, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit 52, for sending the vulnerability scanning request report to server according to the pre-set time cycle Text;
Feature extraction unit 53 parses the vulnerability scanning for extracting the vulnerability scanning response message of server return Feature words is extracted after response message;
Characteristic matching unit 54, the feature words in feature words and pre-set vulnerability database for that will extract carry out Matching whether there is loophole with the determination server.
Fig. 6 is the vulnerability scanning modular structure schematic diagram of second embodiment of the invention.Referring to Fig. 6, the vulnerability scanning module It include: encapsulation unit 51, transmission unit 52 and message matching unit 63, wherein
Encapsulation unit 51, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit 52, for sending the vulnerability scanning request report to server according to the pre-set time cycle Text;
Message matching unit 63, for extracting the vulnerability scanning response message of server return, with pre-set application The corresponding standard request response message of function is matched, and whether there is loophole with the determination server.
The embodiment of the present invention also provides a kind of electronic equipment, and the electronic equipment includes dress described in aforementioned any embodiment It sets.
Fig. 7 is the structural schematic diagram of electronic equipment one embodiment of the present invention, may be implemented to implement shown in Fig. 1-6 of the present invention The process of example, as shown in fig. 7, above-mentioned electronic equipment may include: shell 71, processor 72, memory 73, circuit board 74 and electricity Source circuit 75, wherein circuit board 74 is placed in the space interior that shell 71 surrounds, and processor 72 and memory 73 are arranged in circuit On plate 74;Power circuit 75, for each circuit or the device power supply for above-mentioned electronic equipment;Memory 73 is for storing and can hold Line program code;Processor 72 is run and executable program generation by reading the executable program code stored in memory 73 The corresponding program of code, for executing the method for scanning loophole described in aforementioned any embodiment.
Processor 72 to the specific implementation procedures of above-mentioned steps and processor 72 by operation executable program code come The step of further executing may refer to the description of Fig. 1-6 illustrated embodiment of the present invention, and details are not described herein.
The electronic equipment exists in a variety of forms, including but not limited to:
(1) mobile communication equipment: the characteristics of this kind of equipment is that have mobile communication function, and to provide speech, data Communication is main target.This Terminal Type includes: smart phone (such as iPhone), multimedia handset, functional mobile phone and low Hold mobile phone etc..
(2) super mobile personal computer equipment: this kind of equipment belongs to the scope of personal computer, there is calculating and processing function Can, generally also have mobile Internet access characteristic.This Terminal Type includes: PDA, MID and UMPC equipment etc., such as iPad.
(3) portable entertainment device: this kind of equipment can show and play multimedia content.Such equipment include: audio, Video player (such as iPod), handheld device, e-book and intelligent toy and portable car-mounted navigation equipment.
(4) server: providing the equipment of the service of calculating, and the composition of server includes that processor, hard disk, memory, system are total Line etc., server is similar with general computer architecture, but due to needing to provide highly reliable service, in processing energy Power, stability, reliability, safety, scalability, manageability etc. are more demanding.
(5) other electronic equipments with data interaction function.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (RandomAccess Memory, RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.

Claims (13)

1. a kind of method for scanning loophole, which is characterized in that this method comprises:
Intercept and capture each vulnerability scanning request message that client will be sent to server;
From each vulnerability scanning request message of intercepting and capturing, filters out and asked using the vulnerability scanning of pre-set transport protocol transmission Seek message;
Message body in the vulnerability scanning request message filtered out is parsed, the required parameter in the message body of parsing is edited Value;
It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to the pre-set time cycle to clothes Business device is sent, and receives the vulnerability scanning response message returned from the server, with the determination server with the presence or absence of leakage Hole;
Wherein, the message body in the described pair of vulnerability scanning request message filtered out parses, and edits in the message body of parsing Required parameter value include:
Parse the vulnerability scanning request message extracted, the heading parsed and message body, the message according to the parsing Head judges mode when making requests-responding between client and server:
If mode when making requests-responding between the client and server is get mode, the unification of message body is edited Required parameter value in Resource Locator;
If mode when making requests-responding between the client and server is post mode, the packet of message body is edited In required parameter value.
2. the method according to claim 1, wherein described filter out is transmitted using pre-set transport protocol Vulnerability scanning request message include:
The heading for the vulnerability scanning request message intercepted and captured is parsed, if the relevant field for including in the heading that parsing obtains is Pre-set transport protocol field stores the vulnerability scanning request message.
3. according to the method described in claim 2, it is characterized in that, being passed in described filter out using pre-set transport protocol After defeated vulnerability scanning request message, the method further includes:
To the vulnerability scanning request message filtered out according to application function duplicate removal, obtains the corresponding loophole of each application function and sweep Request message is retouched to be stored.
4. the method according to claim 1, wherein the vulnerability scanning returned from the server that receives is rung Message is answered, includes: with the presence or absence of loophole with the determination server
The vulnerability scanning response message that server returns is extracted, extracts feature words after parsing the vulnerability scanning response message, It is matched with the feature words in pre-set vulnerability database, loophole whether there is with the determination server.
5. the method according to claim 1, wherein the vulnerability scanning returned from the server that receives is rung Message is answered, includes: with the presence or absence of loophole with the determination server
Extract the vulnerability scanning response message that server returns, standard request response report corresponding with pre-set application function Text is matched, and whether there is loophole with the determination server.
6. method according to any one of claims 1 to 5, which is characterized in that the pre-set transport protocol is super Text transfer protocol.
7. it is a kind of scan loophole device, which is characterized in that the device include: interception module, extraction module, editor module and Vulnerability scanning module, wherein
Interception module, each vulnerability scanning request message that server will be sent to for intercepting and capturing client;
Extraction module is passed for filtering out from each vulnerability scanning request message of intercepting and capturing using pre-set transport protocol Defeated vulnerability scanning request message;
Editor module edits the message of parsing for parsing to the message body in the vulnerability scanning request message filtered out Required parameter value in body;
Vulnerability scanning module, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent, according to preparatory The time cycle of setting sends to server, and receives the vulnerability scanning response message returned from the server, to determine Server is stated with the presence or absence of loophole;
The editor module include: packet parsing unit, request response mode judging unit, the first edit cell of required parameter with And the second edit cell of required parameter, wherein
Packet parsing unit, for parsing the vulnerability scanning request message extracted, the heading parsed and message body;
Response mode judging unit is requested, for judging to be asked between client and server according to the heading of the parsing Mode when asking-responding:
If mode when making requests-responding between the client and server is get mode, required parameter first is notified Edit cell;If mode when making requests-responding between the client and server is post mode, notice request ginseng Several second edit cells;
The first edit cell of required parameter edits the required parameter in the uniform resource locator of message body for receiving notice Value;
The second edit cell of required parameter edits the required parameter value in the packet of message body for receiving notice.
8. device according to claim 7, which is characterized in that the extraction module includes: resolution unit, field judgement list Member and storage unit, wherein
Resolution unit, for parsing the heading for the vulnerability scanning request message intercepted and captured;
Field judging unit, if the relevant field for including in the heading that parsing obtains is pre-set transport protocol word Section notifies storage unit;
Storage unit, for storing the vulnerability scanning request message.
9. device according to claim 8, which is characterized in that the extraction module further comprises:
Duplicate removal unit, for receiving the notice of field judging unit output, to the vulnerability scanning request message filtered out according to answering With function duplicate removal, the corresponding vulnerability scanning request message of each application function, output to storage unit are obtained.
10. device according to claim 7, which is characterized in that the vulnerability scanning module includes: encapsulation unit, sends Unit, feature extraction unit and characteristic matching unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request report to be sent to server according to the pre-set time cycle Text;
Feature extraction unit parses the vulnerability scanning response report for extracting the vulnerability scanning response message of server return Feature words is extracted after text;
Characteristic matching unit, for the feature words of extraction to be matched with the feature words in pre-set vulnerability database, It whether there is loophole with the determination server.
11. device according to claim 7, which is characterized in that the vulnerability scanning module includes: encapsulation unit, sends Unit and message matching unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request report to be sent to server according to the pre-set time cycle Text;
Message matching unit, for extracting the vulnerability scanning response message of server return, with pre-set application function pair The standard request response message answered is matched, and whether there is loophole with the determination server.
12. according to the described in any item devices of claim 7 to 11, which is characterized in that the pre-set transport protocol is Hypertext transfer protocol.
13. a kind of electronic equipment, which is characterized in that the electronic equipment includes: shell, processor, memory, circuit board and electricity Source circuit, wherein circuit board is placed in the space interior that shell surrounds, and processor and memory setting are on circuit boards;Power supply Circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing executable program code;Processing Device runs program corresponding with executable program code by reading the executable program code stored in memory, for holding The method of loophole is scanned described in the aforementioned any claim 1-6 of row.
CN201510890941.1A 2015-12-04 2015-12-04 A kind of method, apparatus and electronic equipment scanning loophole Active CN105516131B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510890941.1A CN105516131B (en) 2015-12-04 2015-12-04 A kind of method, apparatus and electronic equipment scanning loophole

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510890941.1A CN105516131B (en) 2015-12-04 2015-12-04 A kind of method, apparatus and electronic equipment scanning loophole

Publications (2)

Publication Number Publication Date
CN105516131A CN105516131A (en) 2016-04-20
CN105516131B true CN105516131B (en) 2019-03-26

Family

ID=55723768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510890941.1A Active CN105516131B (en) 2015-12-04 2015-12-04 A kind of method, apparatus and electronic equipment scanning loophole

Country Status (1)

Country Link
CN (1) CN105516131B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106953860A (en) * 2017-03-20 2017-07-14 腾讯科技(深圳)有限公司 A kind of data scanning method and scanning server
CN108809890B (en) * 2017-04-26 2021-05-25 腾讯科技(深圳)有限公司 Vulnerability detection method, test server and client
CN107145784B (en) * 2017-05-04 2023-04-04 腾讯科技(深圳)有限公司 Vulnerability scanning method and device and computer readable medium
CN108881114B (en) * 2017-05-10 2020-12-29 上海交通大学 RTP protocol encapsulation method for STL/SFN transmission
CN107040553A (en) * 2017-06-16 2017-08-11 腾讯科技(深圳)有限公司 Leak analysis method, device, terminal and storage medium
CN107276852B (en) * 2017-06-27 2020-02-21 福建省天奕网络科技有限公司 Data security detection method and terminal
CN107360189A (en) * 2017-08-23 2017-11-17 杭州安恒信息技术有限公司 Break through the vulnerability scanning method and device of Web protection
CN109428878B (en) * 2017-09-01 2021-11-23 阿里巴巴集团控股有限公司 Vulnerability detection method, detection device and detection system
CN108400978B (en) * 2018-02-07 2021-08-06 深圳壹账通智能科技有限公司 Vulnerability detection method and device, computer equipment and storage medium
CN110881043B (en) * 2019-11-29 2022-07-01 杭州迪普科技股份有限公司 Method and device for detecting web server vulnerability
CN110971599A (en) * 2019-11-29 2020-04-07 杭州迪普科技股份有限公司 Vulnerability scanning method and device
CN111371745B (en) * 2020-02-21 2022-06-28 北京百度网讯科技有限公司 Method and apparatus for determining SSRF vulnerability
CN112632554A (en) * 2020-11-05 2021-04-09 杭州孝道科技有限公司 Vulnerability verification method based on runtime modification payload technology
CN112685301A (en) * 2020-12-28 2021-04-20 浙江国利网安科技有限公司 Fuzzy test method and device
CN114915442A (en) * 2022-02-21 2022-08-16 奇安信科技集团股份有限公司 Advanced persistent threat attack detection method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103384242A (en) * 2013-03-15 2013-11-06 中标软件有限公司 Intrusion detection method and system based on Nginx proxy server
CN104200166A (en) * 2014-08-05 2014-12-10 杭州安恒信息技术有限公司 Script-based website vulnerability scanning method and system
CN104243475A (en) * 2014-09-18 2014-12-24 东软集团股份有限公司 Method and system for dynamic mixing based on WEB reverse proxy
CN104506522A (en) * 2014-12-19 2015-04-08 北京神州绿盟信息安全科技股份有限公司 Method and device for scanning vulnerability
CN104735092A (en) * 2015-04-22 2015-06-24 北京瑞星信息技术有限公司 Method and device for detecting web vulnerability

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102082659B (en) * 2009-12-01 2014-07-23 厦门市美亚柏科信息股份有限公司 Vulnerability scanning system oriented to safety assessment and processing method thereof
CN103020529B (en) * 2012-10-31 2015-12-09 中国航天科工集团第二研究院七○六所 A kind of software vulnerability analytical approach based on model of place
CN102932370B (en) * 2012-11-20 2015-11-25 华为技术有限公司 A kind of security sweep method, equipment and system
CN103902912B (en) * 2012-12-26 2017-09-19 深圳市腾讯计算机系统有限公司 The detection method and device of webpage leak
CN103065095A (en) * 2013-01-29 2013-04-24 四川大学 WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology
CN105516114B (en) * 2015-12-01 2018-12-14 珠海市君天电子科技有限公司 Method and device for scanning vulnerability based on webpage hash value and electronic equipment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103384242A (en) * 2013-03-15 2013-11-06 中标软件有限公司 Intrusion detection method and system based on Nginx proxy server
CN104200166A (en) * 2014-08-05 2014-12-10 杭州安恒信息技术有限公司 Script-based website vulnerability scanning method and system
CN104243475A (en) * 2014-09-18 2014-12-24 东软集团股份有限公司 Method and system for dynamic mixing based on WEB reverse proxy
CN104506522A (en) * 2014-12-19 2015-04-08 北京神州绿盟信息安全科技股份有限公司 Method and device for scanning vulnerability
CN104735092A (en) * 2015-04-22 2015-06-24 北京瑞星信息技术有限公司 Method and device for detecting web vulnerability

Also Published As

Publication number Publication date
CN105516131A (en) 2016-04-20

Similar Documents

Publication Publication Date Title
CN105516131B (en) A kind of method, apparatus and electronic equipment scanning loophole
CN109428878B (en) Vulnerability detection method, detection device and detection system
CN109450649A (en) Gateway verification method and device based on application program interface and electronic equipment
CN101605074A (en) The method and system of communication behavioural characteristic monitoring wooden horse Network Based
CN107743130B (en) Fingerprint matching method, device and system
CN103647695A (en) Client application program user registration method, mobile terminal and server
CN102208978A (en) Input verification system and method
CN103313429A (en) Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot
CN108174360A (en) A kind of note transmission method and device, short-message verification method and device
CN103581909A (en) Suspected mobile phone malicious software positioning method and device
CN105245489A (en) Verification method and verification device
CN103905194A (en) Identity traceability authentication method and system
CN110099129A (en) A kind of data transmission method and equipment
CN103561063B (en) A kind of method of Register top box and terminal
CN106358157A (en) Networking method and device for intelligent equipment
CN111953668B (en) Network security information processing method and device
CN108874612A (en) A kind of method of acquisition of information, relevant device and system
CN106331042A (en) Single sign-on method and device for heterogeneous user system
CN106162640A (en) A kind of portal authentication method and system
CN104333538B (en) A kind of network equipment access method
Shi et al. The penetration testing framework for large-scale network based on network fingerprint
CN104239798A (en) Mobile office system, antivirus method thereof and movable end and server end in system
CN111262746A (en) Equipment opening deployment system and method
CN104506249A (en) Method and device for realizing network configuration on wireless device, and wireless device
CN110120220A (en) A kind of working method and system of cloud speaker

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20181217

Address after: 519031 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province

Applicant after: Zhuhai Leopard Technology Co.,Ltd.

Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong.

Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd.

Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant