CN105516131B - A kind of method, apparatus and electronic equipment scanning loophole - Google Patents
A kind of method, apparatus and electronic equipment scanning loophole Download PDFInfo
- Publication number
- CN105516131B CN105516131B CN201510890941.1A CN201510890941A CN105516131B CN 105516131 B CN105516131 B CN 105516131B CN 201510890941 A CN201510890941 A CN 201510890941A CN 105516131 B CN105516131 B CN 105516131B
- Authority
- CN
- China
- Prior art keywords
- vulnerability scanning
- server
- message
- request message
- scanning request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the present invention discloses a kind of method, apparatus and electronic equipment for scanning loophole.Method includes: each vulnerability scanning request message intercepted and captured client and will be sent to server;From each vulnerability scanning request message of intercepting and capturing, the vulnerability scanning request message using the transmission of pre-set transport protocol is filtered out;Message body in the vulnerability scanning request message filtered out is parsed, the required parameter value in the message body of parsing is edited;It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, is sent according to the pre-set time cycle to server, and receive the vulnerability scanning response message returned from the server, loophole whether there is with the determination server.With the application of the invention, vulnerability scanning efficiency can be improved.
Description
Technical field
The present invention relates to computer network security technologies more particularly to a kind of method, apparatus for scanning loophole and electronics to set
It is standby.
Background technique
With the high speed development of computer networking technology, internet has been increasingly becoming indispensable in people's Working Life
A part.But internet is bringing people easily simultaneously as the complexity and interconnection of internet application environment
The diversity of web application, people are easy to be attacked by networks such as computer virus, wooden horses during using internet
Threat is hit, so that biggish material damage is revealed or caused to user information.
In order to promote the safety of internet, it is currently suggested interconnection in client and server and between the two
The method that network carries out vulnerability scanning, since client realizes that vulnerability scanning is easily achieved, thus, developer examines vulnerability scanning
Code is surveyed to be arranged in client, including independent client vulnerability scanning and remote server vulnerability scanning.Wherein, client
Vulnerability scanning is by installing vulnerability scanning software in client, and to client progress vulnerability scanning, and remote server loophole is swept
Retouch is sent to server, foundation by including the vulnerability scanning request message of payload (payload) in client construction
The vulnerability scanning response message that server returns determines the server with the presence or absence of loophole.
But the method for the scanning loophole is swept when carrying out vulnerability scanning to server since client cannot modify loophole
The required parameter in request message is retouched, needs to construct vulnerability scanning request message in different clients, according to server
Each vulnerability scanning response message returned determines server loophole if it exists, and whether existing loophole is identical, so that realizing clothes
Being engaged in, the time needed for device vulnerability scanning is longer, and vulnerability scanning efficiency is lower;Simultaneously as the pre-set loophole prevention of client
Mechanism, so that client, when constructing vulnerability scanning request message, loophole present in server is prevented by loophole in the client
Model mechanism reparation, is missed so as to cause the loophole present in server, for example, in client construction vulnerability scanning request report
When literary request server issues dynamic verification code, due to loophole prevention mechanism pre-set in client, so that client is only
Can apply for a dynamic verification code in scheduled time threshold, as long as and in fact, server there may be receive request
The vulnerability scanning request message of dynamic verification code just feeds back the loophole of dynamic verification code, causes the loophole that can not pass through server
The vulnerability scanning request message of feedback determines, reduces the accuracy rate of vulnerability scanning, causes vulnerability scanning inefficient.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of method, apparatus and electronic equipment for scanning loophole, improves loophole and sweep
Retouch efficiency.
In order to achieve the above objectives, the embodiment of the present invention adopts the following technical scheme that
In a first aspect, the embodiment of the present invention provides a kind of method for scanning loophole, comprising:
Intercept and capture each vulnerability scanning request message that client will be sent to server;
From each vulnerability scanning request message of intercepting and capturing, filters out and swept using the loophole of pre-set transport protocol transmission
Retouch request message;
Message body in the vulnerability scanning request message filtered out is parsed, the request in the message body of parsing is edited
Parameter value;
It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to the pre-set time cycle
It is sent to server, and receives the vulnerability scanning response message returned from the server, whether deposited with the determination server
In loophole.
Preferably, described filter out includes: using the vulnerability scanning request message of pre-set transport protocol transmission
The heading for the vulnerability scanning request message intercepted and captured is parsed, if the related words for including in the heading that parsing obtains
Section is pre-set transport protocol field, stores the vulnerability scanning request message.
Preferably, after the vulnerability scanning request message filtered out using the transmission of pre-set transport protocol,
The method further includes:
To the vulnerability scanning request message filtered out according to application function duplicate removal, the corresponding leakage of each application function is obtained
Hole scan request message is stored.
Preferably, the message body in the described pair of vulnerability scanning request message filtered out parses, and edits the report of parsing
Required parameter value in style includes:
The vulnerability scanning request message extracted, the heading parsed and message body are parsed, according to the parsing
Heading judges mode when making requests-responding between client and server:
If mode when making requests-responding between the client and server is get mode, editor's message body
Required parameter value in uniform resource locator;
If mode when making requests-responding between the client and server is post mode, message body is edited
Packet in required parameter value.
Preferably, described to receive the vulnerability scanning response message returned from the server, be with the determination server
It is no that there are loopholes to include:
The vulnerability scanning response message that server returns is extracted, extracts tagged word after parsing the vulnerability scanning response message
Word is matched with the feature words in pre-set vulnerability database, whether there is loophole with the determination server.
Preferably, described to receive the vulnerability scanning response message returned from the server, be with the determination server
It is no that there are loopholes to include:
The vulnerability scanning response message that server returns is extracted, standard request corresponding with pre-set application function is rung
It answers message to be matched, loophole whether there is with the determination server.
Preferably, the pre-set transport protocol is hypertext transfer protocol.
Second aspect, the embodiment of the present invention provide a kind of device for scanning loophole, comprising: interception module, extraction module, volume
Collect module and vulnerability scanning module, wherein
Interception module, each vulnerability scanning request message that server will be sent to for intercepting and capturing client;
Extraction module is assisted for filtering out from each vulnerability scanning request message of intercepting and capturing using pre-set transmission
Discuss the vulnerability scanning request message of transmission;
Editor module edits parsing for parsing to the message body in the vulnerability scanning request message filtered out
Required parameter value in message body;
Vulnerability scanning module, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent, according to
The pre-set time cycle sends to server, and receives the vulnerability scanning response message returned from the server, with true
The fixed server whether there is loophole.
Preferably, the extraction module includes: resolution unit, field judging unit and storage unit, wherein
Resolution unit, for parsing the heading for the vulnerability scanning request message intercepted and captured;
Field judging unit, if the relevant field for including in the heading that parsing obtains is pre-set transport protocol
Field notifies storage unit;
Storage unit, for storing the vulnerability scanning request message.
Preferably, the extraction module further comprises:
Duplicate removal unit, for receive field judging unit output notice, to the vulnerability scanning request message filtered out by
According to application function duplicate removal, the corresponding vulnerability scanning request message of each application function, output to storage unit are obtained.
Preferably, the editor module includes: packet parsing unit, request response mode judging unit, required parameter the
The second edit cell of one edit cell and required parameter, wherein
Packet parsing unit, for parsing the vulnerability scanning request message extracted, the heading and message parsed
Body;
Request response mode judging unit, for according to the heading of the parsing judge between client and server into
Mode when row request-response:
If mode when making requests-responding between the client and server is get mode, required parameter is notified
First edit cell;If mode when making requests-responding between the client and server is post mode, notice is asked
Seek the second edit cell of parameter;
The first edit cell of required parameter edits the request in the uniform resource locator of message body for receiving notice
Parameter value;
The second edit cell of required parameter edits the required parameter value in the packet of message body for receiving notice.
Preferably, the vulnerability scanning module includes: encapsulation unit, transmission unit, feature extraction unit and feature
With unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request message to server according to the pre-set time cycle;
Feature extraction unit parses the vulnerability scanning and rings for extracting the vulnerability scanning response message of server return
Feature words is extracted after answering message;
Characteristic matching unit, the feature words for that will extract and the feature words progress in pre-set vulnerability database
Match, loophole whether there is with the determination server.
Preferably, the vulnerability scanning module includes: encapsulation unit, transmission unit and message matching unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request message to server according to the pre-set time cycle;
Message matching unit applies function with pre-set for extracting the vulnerability scanning response message of server return
The corresponding standard request response message of energy is matched, and whether there is loophole with the determination server.
Preferably, the pre-set transport protocol is hypertext transfer protocol.
The third aspect, the embodiment of the present invention provide a kind of electronic equipment, and the electronic equipment includes: shell, processor, deposits
Reservoir, circuit board and power circuit, wherein circuit board is placed in the space interior that shell surrounds, processor and memory setting
On circuit boards;Power circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing and can hold
Line program code;Processor is run and executable program code pair by reading the executable program code stored in memory
The program answered, the method for executing aforementioned any scanning loophole.
The method, apparatus and electronic equipment of scanning loophole provided in an embodiment of the present invention, by intercepting and capturing vulnerability scanning request
Message edits the required parameter value in message body to generate vulnerability scanning request message, and according to the pre-set time cycle
It is sent to server, the scanning to server loophole is realized according to response message, without constructing loophole in different clients
Scan request message reduces the time needed for realizing server vulnerability scanning, to promote vulnerability scanning efficiency;Further
Ground sends the vulnerability scanning request message of encapsulation according to the pre-set time cycle, it is possible to prevente effectively from client to server
The situation for holding loophole present in server caused by pre-set loophole prevention mechanism to be missed, improves vulnerability scanning
Accuracy rate.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the method flow schematic diagram that the embodiment of the present invention scans loophole;
Fig. 2 is the apparatus structure schematic diagram that the embodiment of the present invention scans loophole;
Fig. 3 is the extraction module structural schematic diagram of the embodiment of the present invention;
Fig. 4 is the editor module structural schematic diagram of the embodiment of the present invention;
Fig. 5 is the vulnerability scanning modular structure schematic diagram of first embodiment of the invention;
Fig. 6 is the vulnerability scanning modular structure schematic diagram of second embodiment of the invention;
Fig. 7 is the structural schematic diagram of electronic equipment one embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail with reference to the accompanying drawing.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its
Its embodiment, shall fall within the protection scope of the present invention.
Fig. 1 is the method flow schematic diagram that the embodiment of the present invention scans loophole.Referring to Fig. 1, this method comprises:
Step 11, each vulnerability scanning request message that client will be sent to server is intercepted and captured;
In this step, in existing progress server vulnerability scanning, related technical personnel or maintenance personnel can by according to
The secondary application function for calling client inputs payload, client is according to tune in the application function content input area of calling
Application function and the payload of input generate vulnerability scanning request message, and submit to server.Wherein, effectively
Load is some special input datas of building when carrying out vulnerability scanning.
As an alternative embodiment, vulnerability scanning request message can be service request message, be also possible to construction test
Message.
In the embodiment of the present invention, it is contemplated that by client generate and to server submit vulnerability scanning request message,
Some of which required parameter is generated according to the attribute information of client, thus, cannot client to required parameter into
Edlin, for example, the client identification for including in vulnerability scanning request message, thus, it not can be carried out editor;Further, by
In the pre-set loophole prevention mechanism of client, may loophole present in server be repaired in the client, example
Such as, client requirements are generated with the situation of identifying code, server is receiving asking comprising identifying code generation for client transmission
After the vulnerability scanning request message asked, the identifying code of generation is handed down to client, and after the identifying code for generating the client,
It is to need to refuse identifying code life if the identifying code for receiving the client again within the pre-set time generates request
At request, but due to the loophole prevention mechanism of client setting, the life of one-time authentication code is sent by control button in client
After request, which fails within the time of setting, to avoid sending identifying code again to server in client
Generate request.In this way, if the identifying code that server receives the client again within the pre-set time generates request,
Not set refusal identifying code generates request, so that there are identifying code loopholes for server, but the verifying sent by the client
Code generates request, can not detect that server has the identifying code loophole.Thus, the embodiment of the present invention will by intercepting and capturing client
It is sent to each vulnerability scanning request message of server, so as to the request ginseng in the vulnerability scanning request message to intercepting and capturing
Number is edited, with to avoid above-mentioned technological deficiency.
In the embodiment of the present invention, as an alternative embodiment, it can be and write in advance for intercepting and capturing vulnerability scanning request report
The script of text, and the script write is injected into client.It is well-known technique about script edit, detailed description is omitted here.
Step 12, it from each vulnerability scanning request message of intercepting and capturing, filters out and is transmitted using pre-set transport protocol
Vulnerability scanning request message;
In this step, as an alternative embodiment, pre-set transport protocol be hypertext transfer protocol (HTTP,
Hypertext Transfer Protocol), certainly, in practical application, pre-set transport protocol is also possible to other biographies
Defeated agreement, for example, File Transfer Protocol (FTP, File Transfer Protocol), real-time transport protocol (RTP, Real-
time Transport Protocol)。
In the embodiment of the present invention, as an alternative embodiment, the leakage using the transmission of pre-set transport protocol is filtered out
Hole scan request message includes:
The heading for the vulnerability scanning request message intercepted and captured is parsed, if the related words for including in the heading that parsing obtains
Section is pre-set transport protocol field, stores the vulnerability scanning request message.
In the embodiment of the present invention, for using the vulnerability scanning request message of pre-set transport protocol transmission, not adopting
It is handled with existing procedure.
As an alternative embodiment, in the vulnerability scanning request filtered out using the transmission of pre-set transport protocol
After message, this method be can further include:
To the vulnerability scanning request message filtered out according to application function duplicate removal, the corresponding leakage of each application function is obtained
Hole scan request message is stored.
In this step, for the vulnerability scanning request message for the same application function that multiple client is sent, due to subsequent
In the association requests parameter in vulnerability scanning request message can be edited, thus, for for same application function
More parts of vulnerability scanning request messages retain a vulnerability scanning request message therein at random.
Step 13, the message body in the vulnerability scanning request message filtered out is parsed, edits the message body of parsing
In required parameter value;
In this step, as an alternative embodiment, the message body in the vulnerability scanning request message filtered out is solved
Analysis, the required parameter value edited in the message body of parsing include:
The vulnerability scanning request message extracted, the heading parsed and message body are parsed, according to the parsing
Heading judges mode when making requests-responding between client and server:
If mode when making requests-responding between the client and server is get mode, editor's message body
Required parameter value in uniform resource locator;
If mode when making requests-responding between the client and server is post mode, message body is edited
Packet in required parameter value.
In this step, client is for sending vulnerability scanning request message, and server is for receiving vulnerability scanning request report
Text.Mode when making requests-responding between client and server includes: get mode and post mode, wherein the side get
Formula is used for from specified resource (for example, server) request data, and post mode is used to submit to specified resource to be processed
Data.
In the embodiment of the present invention, as an alternative embodiment, message body includes: uniform resource locator (URL, Uniform
Resource Locator) and packet, for get mode, required parameter and the corresponding required parameter value of required parameter include
In uniform resource locator;For post mode, required parameter and the corresponding required parameter value of required parameter are included in packet
In.
In get mode as an example, for example, if a vulnerability scanning request message is http after the parsing of message body: //
1.1.1.1? id=123&method=getuserinfo, the request message indicate that obtaining designated user identifies (id 123)
User information, required parameter include: id and method, wherein the corresponding required parameter value of required parameter id is 123, request
The corresponding required parameter value of parameter method is getuserinfo.
As an alternative embodiment, in the embodiment of the present invention, required parameter value is edited, for example, passing through script
Mode, the value for successively replacing id=xxx automatically come detection service end and reveal loophole with the presence or absence of privacy of user, for example, if will
Required parameter value is modified as id=124, it is subsequent be packaged after, server can also return to other users information, show server
Allow a user that can then illustrate that server-side there are loophole, shows that attacker can pass through with the information of the multiple users of request
A large amount of id is constructed, for example, using script by id from 1-9999999 whole poll one time, so as to obtain institute from server
There is user information, causes the leakage of user information.
In the embodiment of the present invention, by modifying required parameter value, it can also avoid the need for sending by different clients
It is cumbersome that the repetition of vulnerability scanning request message is generated caused by vulnerability scanning request message, expends the situation of larger man power and material.
For another example the vulnerability scanning request message for obtaining short message verification code for one, if after analytic message body are as follows:
Http: // 1.1.1.1? mobile=13311111111&method=chkcode was sent every 5 seconds automatically by being arranged, if
Repetitive requests n times, server all normally return to short message verification code, then illustrating server, there is no limit acquisition times, so that attack
Person can be arbitrarily secondary to a number repetitive requests, achievees the effect that short message is bombed.
Step 14, it will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to pre-set
Time cycle sends to server, and receives the vulnerability scanning response message returned from the server, with the determination service
Device whether there is loophole.
In this step, for example, as previously mentioned, if by required parameter value id from 1-9999999 whole poll one time, respectively
It is encapsulated as corresponding to vulnerability scanning request message to be sent, the vulnerability scanning that a poll generates can be sent according to every five seconds and is requested
Message;And the vulnerability scanning request message for obtaining short message verification code, required parameter value can not be edited, according to every
Repetition in 5 seconds is sent once, to send in conjunction with the pre-set time cycle, can detecte out more loopholes in server.
In the embodiment of the present invention, as an alternative embodiment, if it is service request message, server return is business
Response message, if it is construction test packet, server return is response message.The leakage that can be returned by extracting server
Response message is scanned in hole, its feature words is extracted after parsing, is matched with the feature words in pre-set vulnerability database, with
Determine the server with the presence or absence of loophole;Alternatively, the vulnerability scanning response message that server returns is extracted, and it is pre-set
The corresponding standard request response message of application function is matched, and whether there is loophole with the determination server.About foundation
It is well-known technique that the result that server returns, which determines that the server whether there is loophole, detailed description is omitted here.
From the foregoing, it can be seen that the method for scanning loophole of the embodiment of the present invention, will be sent to server by intercepting and capturing client
Each vulnerability scanning request message;From each vulnerability scanning request message of intercepting and capturing, filters out and assisted using pre-set transmission
Discuss the vulnerability scanning request message of transmission;Message body in the vulnerability scanning request message filtered out is parsed, editor's solution
Required parameter value in the message body of analysis;It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to
Whether the pre-set time cycle sends to server, to deposit according to received vulnerability scanning response message Analysis server
In loophole.In this way, editing the required parameter value in message body by intercepting and capturing vulnerability scanning request message and being leaked to realize to server
The scanning in hole reduces without constructing vulnerability scanning request message in different clients and realizes server vulnerability scanning institute
The time needed, to promote vulnerability scanning efficiency;Meanwhile the leakage of encapsulation is sent to server according to the pre-set time cycle
Hole scan request message, it is possible to prevente effectively from being leaked present in server caused by the pre-set loophole prevention mechanism of client
The situation that hole is missed improves the accuracy rate of vulnerability scanning.
Fig. 2 is the apparatus structure schematic diagram that the embodiment of the present invention scans loophole.Referring to fig. 2, which includes: interception module
21, extraction module 22, editor module 23 and vulnerability scanning module 24, wherein
Interception module 21, each vulnerability scanning request message that server will be sent to for intercepting and capturing client;
In the embodiment of the present invention, as an alternative embodiment, it can write in advance for intercepting and capturing vulnerability scanning request message
Script, and the script write is injected into client, the vulnerability scanning request message to issue to client blocks
It cuts.
Extraction module 22, for from each vulnerability scanning request message of intercepting and capturing, filtering out using pre-set transmission
The vulnerability scanning request message of agreement transmission;
In the embodiment of the present invention, as an alternative embodiment, the pre-set transport protocol is Hyper text transfer association
View.
In the embodiment of the present invention, for using the vulnerability scanning request message of pre-set transport protocol transmission, not adopting
It is handled with existing procedure.
Editor module 23, for being parsed to the message body in the vulnerability scanning request message filtered out, editor's parsing
Message body in required parameter value;
Mode when in the embodiment of the present invention, making requests-responding between client and server include: get mode with
And post mode, for get mode, required parameter and the corresponding required parameter value of required parameter are positioned included in unified resource
Fu Zhong;For post mode, required parameter and the corresponding required parameter value of required parameter are included in packet.
Vulnerability scanning module 24 is pressed for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent
It is sent according to the pre-set time cycle to server, and receives the vulnerability scanning response message returned from the server, with
Determine the server with the presence or absence of loophole.
In the embodiment of the present invention, as an alternative embodiment, Fig. 3 is the extraction module structural representation of the embodiment of the present invention
Figure.Referring to Fig. 3, which includes: resolution unit 31, field judging unit 32 and storage unit 33, wherein
Resolution unit 31, for parsing the heading for the vulnerability scanning request message intercepted and captured;
Field judging unit 32, if the relevant field for including in the heading that parsing obtains is pre-set transmission association
Field is discussed, notifies storage unit 33;
Storage unit 33, for storing the vulnerability scanning request message.
In the embodiment of the present invention, as another alternative embodiment, extraction module further include:
Duplicate removal unit 34, for receiving the notice of the output of field judging unit 32, to the vulnerability scanning request report filtered out
Text obtains the corresponding vulnerability scanning request message of each application function, output to storage unit 33 according to application function duplicate removal.
Fig. 4 is the editor module structural schematic diagram of the embodiment of the present invention.Referring to fig. 4, which includes: packet parsing
Unit 41, request response mode judging unit 42, the second edit cell of the first edit cell of required parameter 43 and required parameter
44, wherein
Packet parsing unit 41, for parsing the vulnerability scanning request message extracted, the heading and report parsed
Style;
Response mode judging unit 42 is requested, for judging between client and server according to the heading of the parsing
Mode when making requests-responding:
If mode when making requests-responding between the client and server is get mode, required parameter is notified
First edit cell 43;If mode when making requests-responding between the client and server is post mode, notice
The second edit cell of required parameter 44;
The first edit cell of required parameter 43 edits asking in the uniform resource locator of message body for receiving notice
Seek parameter value;
The second edit cell of required parameter 44 edits the required parameter value in the packet of message body for receiving notice.
Fig. 5 is the vulnerability scanning modular structure schematic diagram of first embodiment of the invention.Referring to Fig. 5, the vulnerability scanning module
It include: encapsulation unit 51, transmission unit 52, feature extraction unit 53 and characteristic matching unit 54, wherein
Encapsulation unit 51, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit 52, for sending the vulnerability scanning request report to server according to the pre-set time cycle
Text;
Feature extraction unit 53 parses the vulnerability scanning for extracting the vulnerability scanning response message of server return
Feature words is extracted after response message;
Characteristic matching unit 54, the feature words in feature words and pre-set vulnerability database for that will extract carry out
Matching whether there is loophole with the determination server.
Fig. 6 is the vulnerability scanning modular structure schematic diagram of second embodiment of the invention.Referring to Fig. 6, the vulnerability scanning module
It include: encapsulation unit 51, transmission unit 52 and message matching unit 63, wherein
Encapsulation unit 51, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit 52, for sending the vulnerability scanning request report to server according to the pre-set time cycle
Text;
Message matching unit 63, for extracting the vulnerability scanning response message of server return, with pre-set application
The corresponding standard request response message of function is matched, and whether there is loophole with the determination server.
The embodiment of the present invention also provides a kind of electronic equipment, and the electronic equipment includes dress described in aforementioned any embodiment
It sets.
Fig. 7 is the structural schematic diagram of electronic equipment one embodiment of the present invention, may be implemented to implement shown in Fig. 1-6 of the present invention
The process of example, as shown in fig. 7, above-mentioned electronic equipment may include: shell 71, processor 72, memory 73, circuit board 74 and electricity
Source circuit 75, wherein circuit board 74 is placed in the space interior that shell 71 surrounds, and processor 72 and memory 73 are arranged in circuit
On plate 74;Power circuit 75, for each circuit or the device power supply for above-mentioned electronic equipment;Memory 73 is for storing and can hold
Line program code;Processor 72 is run and executable program generation by reading the executable program code stored in memory 73
The corresponding program of code, for executing the method for scanning loophole described in aforementioned any embodiment.
Processor 72 to the specific implementation procedures of above-mentioned steps and processor 72 by operation executable program code come
The step of further executing may refer to the description of Fig. 1-6 illustrated embodiment of the present invention, and details are not described herein.
The electronic equipment exists in a variety of forms, including but not limited to:
(1) mobile communication equipment: the characteristics of this kind of equipment is that have mobile communication function, and to provide speech, data
Communication is main target.This Terminal Type includes: smart phone (such as iPhone), multimedia handset, functional mobile phone and low
Hold mobile phone etc..
(2) super mobile personal computer equipment: this kind of equipment belongs to the scope of personal computer, there is calculating and processing function
Can, generally also have mobile Internet access characteristic.This Terminal Type includes: PDA, MID and UMPC equipment etc., such as iPad.
(3) portable entertainment device: this kind of equipment can show and play multimedia content.Such equipment include: audio,
Video player (such as iPod), handheld device, e-book and intelligent toy and portable car-mounted navigation equipment.
(4) server: providing the equipment of the service of calculating, and the composition of server includes that processor, hard disk, memory, system are total
Line etc., server is similar with general computer architecture, but due to needing to provide highly reliable service, in processing energy
Power, stability, reliability, safety, scalability, manageability etc. are more demanding.
(5) other electronic equipments with data interaction function.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (RandomAccess
Memory, RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (13)
1. a kind of method for scanning loophole, which is characterized in that this method comprises:
Intercept and capture each vulnerability scanning request message that client will be sent to server;
From each vulnerability scanning request message of intercepting and capturing, filters out and asked using the vulnerability scanning of pre-set transport protocol transmission
Seek message;
Message body in the vulnerability scanning request message filtered out is parsed, the required parameter in the message body of parsing is edited
Value;
It will be encapsulated as vulnerability scanning request message to be sent by the message body of editor, according to the pre-set time cycle to clothes
Business device is sent, and receives the vulnerability scanning response message returned from the server, with the determination server with the presence or absence of leakage
Hole;
Wherein, the message body in the described pair of vulnerability scanning request message filtered out parses, and edits in the message body of parsing
Required parameter value include:
Parse the vulnerability scanning request message extracted, the heading parsed and message body, the message according to the parsing
Head judges mode when making requests-responding between client and server:
If mode when making requests-responding between the client and server is get mode, the unification of message body is edited
Required parameter value in Resource Locator;
If mode when making requests-responding between the client and server is post mode, the packet of message body is edited
In required parameter value.
2. the method according to claim 1, wherein described filter out is transmitted using pre-set transport protocol
Vulnerability scanning request message include:
The heading for the vulnerability scanning request message intercepted and captured is parsed, if the relevant field for including in the heading that parsing obtains is
Pre-set transport protocol field stores the vulnerability scanning request message.
3. according to the method described in claim 2, it is characterized in that, being passed in described filter out using pre-set transport protocol
After defeated vulnerability scanning request message, the method further includes:
To the vulnerability scanning request message filtered out according to application function duplicate removal, obtains the corresponding loophole of each application function and sweep
Request message is retouched to be stored.
4. the method according to claim 1, wherein the vulnerability scanning returned from the server that receives is rung
Message is answered, includes: with the presence or absence of loophole with the determination server
The vulnerability scanning response message that server returns is extracted, extracts feature words after parsing the vulnerability scanning response message,
It is matched with the feature words in pre-set vulnerability database, loophole whether there is with the determination server.
5. the method according to claim 1, wherein the vulnerability scanning returned from the server that receives is rung
Message is answered, includes: with the presence or absence of loophole with the determination server
Extract the vulnerability scanning response message that server returns, standard request response report corresponding with pre-set application function
Text is matched, and whether there is loophole with the determination server.
6. method according to any one of claims 1 to 5, which is characterized in that the pre-set transport protocol is super
Text transfer protocol.
7. it is a kind of scan loophole device, which is characterized in that the device include: interception module, extraction module, editor module and
Vulnerability scanning module, wherein
Interception module, each vulnerability scanning request message that server will be sent to for intercepting and capturing client;
Extraction module is passed for filtering out from each vulnerability scanning request message of intercepting and capturing using pre-set transport protocol
Defeated vulnerability scanning request message;
Editor module edits the message of parsing for parsing to the message body in the vulnerability scanning request message filtered out
Required parameter value in body;
Vulnerability scanning module, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent, according to preparatory
The time cycle of setting sends to server, and receives the vulnerability scanning response message returned from the server, to determine
Server is stated with the presence or absence of loophole;
The editor module include: packet parsing unit, request response mode judging unit, the first edit cell of required parameter with
And the second edit cell of required parameter, wherein
Packet parsing unit, for parsing the vulnerability scanning request message extracted, the heading parsed and message body;
Response mode judging unit is requested, for judging to be asked between client and server according to the heading of the parsing
Mode when asking-responding:
If mode when making requests-responding between the client and server is get mode, required parameter first is notified
Edit cell;If mode when making requests-responding between the client and server is post mode, notice request ginseng
Several second edit cells;
The first edit cell of required parameter edits the required parameter in the uniform resource locator of message body for receiving notice
Value;
The second edit cell of required parameter edits the required parameter value in the packet of message body for receiving notice.
8. device according to claim 7, which is characterized in that the extraction module includes: resolution unit, field judgement list
Member and storage unit, wherein
Resolution unit, for parsing the heading for the vulnerability scanning request message intercepted and captured;
Field judging unit, if the relevant field for including in the heading that parsing obtains is pre-set transport protocol word
Section notifies storage unit;
Storage unit, for storing the vulnerability scanning request message.
9. device according to claim 8, which is characterized in that the extraction module further comprises:
Duplicate removal unit, for receiving the notice of field judging unit output, to the vulnerability scanning request message filtered out according to answering
With function duplicate removal, the corresponding vulnerability scanning request message of each application function, output to storage unit are obtained.
10. device according to claim 7, which is characterized in that the vulnerability scanning module includes: encapsulation unit, sends
Unit, feature extraction unit and characteristic matching unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request report to be sent to server according to the pre-set time cycle
Text;
Feature extraction unit parses the vulnerability scanning response report for extracting the vulnerability scanning response message of server return
Feature words is extracted after text;
Characteristic matching unit, for the feature words of extraction to be matched with the feature words in pre-set vulnerability database,
It whether there is loophole with the determination server.
11. device according to claim 7, which is characterized in that the vulnerability scanning module includes: encapsulation unit, sends
Unit and message matching unit, wherein
Encapsulation unit, for the message body for passing through editor to be encapsulated as vulnerability scanning request message to be sent;
Transmission unit, for sending the vulnerability scanning request report to be sent to server according to the pre-set time cycle
Text;
Message matching unit, for extracting the vulnerability scanning response message of server return, with pre-set application function pair
The standard request response message answered is matched, and whether there is loophole with the determination server.
12. according to the described in any item devices of claim 7 to 11, which is characterized in that the pre-set transport protocol is
Hypertext transfer protocol.
13. a kind of electronic equipment, which is characterized in that the electronic equipment includes: shell, processor, memory, circuit board and electricity
Source circuit, wherein circuit board is placed in the space interior that shell surrounds, and processor and memory setting are on circuit boards;Power supply
Circuit, for each circuit or the device power supply for above-mentioned electronic equipment;Memory is for storing executable program code;Processing
Device runs program corresponding with executable program code by reading the executable program code stored in memory, for holding
The method of loophole is scanned described in the aforementioned any claim 1-6 of row.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510890941.1A CN105516131B (en) | 2015-12-04 | 2015-12-04 | A kind of method, apparatus and electronic equipment scanning loophole |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510890941.1A CN105516131B (en) | 2015-12-04 | 2015-12-04 | A kind of method, apparatus and electronic equipment scanning loophole |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105516131A CN105516131A (en) | 2016-04-20 |
CN105516131B true CN105516131B (en) | 2019-03-26 |
Family
ID=55723768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510890941.1A Active CN105516131B (en) | 2015-12-04 | 2015-12-04 | A kind of method, apparatus and electronic equipment scanning loophole |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105516131B (en) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106953860A (en) * | 2017-03-20 | 2017-07-14 | 腾讯科技(深圳)有限公司 | A kind of data scanning method and scanning server |
CN108809890B (en) * | 2017-04-26 | 2021-05-25 | 腾讯科技(深圳)有限公司 | Vulnerability detection method, test server and client |
CN107145784B (en) * | 2017-05-04 | 2023-04-04 | 腾讯科技(深圳)有限公司 | Vulnerability scanning method and device and computer readable medium |
CN108881114B (en) * | 2017-05-10 | 2020-12-29 | 上海交通大学 | RTP protocol encapsulation method for STL/SFN transmission |
CN107040553A (en) * | 2017-06-16 | 2017-08-11 | 腾讯科技(深圳)有限公司 | Leak analysis method, device, terminal and storage medium |
CN107276852B (en) * | 2017-06-27 | 2020-02-21 | 福建省天奕网络科技有限公司 | Data security detection method and terminal |
CN107360189A (en) * | 2017-08-23 | 2017-11-17 | 杭州安恒信息技术有限公司 | Break through the vulnerability scanning method and device of Web protection |
CN109428878B (en) * | 2017-09-01 | 2021-11-23 | 阿里巴巴集团控股有限公司 | Vulnerability detection method, detection device and detection system |
CN108400978B (en) * | 2018-02-07 | 2021-08-06 | 深圳壹账通智能科技有限公司 | Vulnerability detection method and device, computer equipment and storage medium |
CN110881043B (en) * | 2019-11-29 | 2022-07-01 | 杭州迪普科技股份有限公司 | Method and device for detecting web server vulnerability |
CN110971599A (en) * | 2019-11-29 | 2020-04-07 | 杭州迪普科技股份有限公司 | Vulnerability scanning method and device |
CN111371745B (en) * | 2020-02-21 | 2022-06-28 | 北京百度网讯科技有限公司 | Method and apparatus for determining SSRF vulnerability |
CN112632554A (en) * | 2020-11-05 | 2021-04-09 | 杭州孝道科技有限公司 | Vulnerability verification method based on runtime modification payload technology |
CN112685301A (en) * | 2020-12-28 | 2021-04-20 | 浙江国利网安科技有限公司 | Fuzzy test method and device |
CN114915442A (en) * | 2022-02-21 | 2022-08-16 | 奇安信科技集团股份有限公司 | Advanced persistent threat attack detection method and device |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103384242A (en) * | 2013-03-15 | 2013-11-06 | 中标软件有限公司 | Intrusion detection method and system based on Nginx proxy server |
CN104200166A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Script-based website vulnerability scanning method and system |
CN104243475A (en) * | 2014-09-18 | 2014-12-24 | 东软集团股份有限公司 | Method and system for dynamic mixing based on WEB reverse proxy |
CN104506522A (en) * | 2014-12-19 | 2015-04-08 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for scanning vulnerability |
CN104735092A (en) * | 2015-04-22 | 2015-06-24 | 北京瑞星信息技术有限公司 | Method and device for detecting web vulnerability |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102082659B (en) * | 2009-12-01 | 2014-07-23 | 厦门市美亚柏科信息股份有限公司 | Vulnerability scanning system oriented to safety assessment and processing method thereof |
CN103020529B (en) * | 2012-10-31 | 2015-12-09 | 中国航天科工集团第二研究院七○六所 | A kind of software vulnerability analytical approach based on model of place |
CN102932370B (en) * | 2012-11-20 | 2015-11-25 | 华为技术有限公司 | A kind of security sweep method, equipment and system |
CN103902912B (en) * | 2012-12-26 | 2017-09-19 | 深圳市腾讯计算机系统有限公司 | The detection method and device of webpage leak |
CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
CN105516114B (en) * | 2015-12-01 | 2018-12-14 | 珠海市君天电子科技有限公司 | Method and device for scanning vulnerability based on webpage hash value and electronic equipment |
-
2015
- 2015-12-04 CN CN201510890941.1A patent/CN105516131B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103384242A (en) * | 2013-03-15 | 2013-11-06 | 中标软件有限公司 | Intrusion detection method and system based on Nginx proxy server |
CN104200166A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Script-based website vulnerability scanning method and system |
CN104243475A (en) * | 2014-09-18 | 2014-12-24 | 东软集团股份有限公司 | Method and system for dynamic mixing based on WEB reverse proxy |
CN104506522A (en) * | 2014-12-19 | 2015-04-08 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for scanning vulnerability |
CN104735092A (en) * | 2015-04-22 | 2015-06-24 | 北京瑞星信息技术有限公司 | Method and device for detecting web vulnerability |
Also Published As
Publication number | Publication date |
---|---|
CN105516131A (en) | 2016-04-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105516131B (en) | A kind of method, apparatus and electronic equipment scanning loophole | |
CN109428878B (en) | Vulnerability detection method, detection device and detection system | |
CN109450649A (en) | Gateway verification method and device based on application program interface and electronic equipment | |
CN101605074A (en) | The method and system of communication behavioural characteristic monitoring wooden horse Network Based | |
CN107743130B (en) | Fingerprint matching method, device and system | |
CN103647695A (en) | Client application program user registration method, mobile terminal and server | |
CN102208978A (en) | Input verification system and method | |
CN103313429A (en) | Processing method for recognizing fabricated WIFI (Wireless Fidelity) hotspot | |
CN108174360A (en) | A kind of note transmission method and device, short-message verification method and device | |
CN103581909A (en) | Suspected mobile phone malicious software positioning method and device | |
CN105245489A (en) | Verification method and verification device | |
CN103905194A (en) | Identity traceability authentication method and system | |
CN110099129A (en) | A kind of data transmission method and equipment | |
CN103561063B (en) | A kind of method of Register top box and terminal | |
CN106358157A (en) | Networking method and device for intelligent equipment | |
CN111953668B (en) | Network security information processing method and device | |
CN108874612A (en) | A kind of method of acquisition of information, relevant device and system | |
CN106331042A (en) | Single sign-on method and device for heterogeneous user system | |
CN106162640A (en) | A kind of portal authentication method and system | |
CN104333538B (en) | A kind of network equipment access method | |
Shi et al. | The penetration testing framework for large-scale network based on network fingerprint | |
CN104239798A (en) | Mobile office system, antivirus method thereof and movable end and server end in system | |
CN111262746A (en) | Equipment opening deployment system and method | |
CN104506249A (en) | Method and device for realizing network configuration on wireless device, and wireless device | |
CN110120220A (en) | A kind of working method and system of cloud speaker |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20181217 Address after: 519031 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd. Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |