CN108154033A - A kind of method, apparatus, electronic equipment and the storage medium of administrative vulnerability information - Google Patents
A kind of method, apparatus, electronic equipment and the storage medium of administrative vulnerability information Download PDFInfo
- Publication number
- CN108154033A CN108154033A CN201711158562.9A CN201711158562A CN108154033A CN 108154033 A CN108154033 A CN 108154033A CN 201711158562 A CN201711158562 A CN 201711158562A CN 108154033 A CN108154033 A CN 108154033A
- Authority
- CN
- China
- Prior art keywords
- application program
- general purpose
- purpose application
- host
- loophole
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The method and device of administrative vulnerability information provided by the invention, belongs to computer realm.This method includes:Obtain the mark of the general purpose application program in each host and version number of each general purpose application program in institute's generic;The vulnerability information of general purpose application program is obtained, the mark of general purpose application program and the latest edition number of general purpose application program are extracted from vulnerability information;For each host in each host, according to the identifying of general purpose application program each in the host, the latest edition number of version number and each general purpose application program of each general purpose application program in the host, determine whether each general purpose application program needs to carry out loophole reparation, if there is the general purpose application program for needing to carry out loophole reparation in each general purpose application program, it is determined that the host is the destination host for needing to carry out loophole reparation;It exports the corresponding loophole of destination host and repairs prompt message.The efficiency for repairing universal loophole can be improved using the present invention.
Description
Technical field
The present invention relates to computer realm, more particularly to a kind of method, apparatus of administrative vulnerability information, electronic equipment and deposit
Storage media.
Background technology
With the development of science and technology, a fairly large number of host can be configured in most of company, number is installed on these hosts
According to general purpose application programs such as library, OFFICE office softwares.Since general purpose application program written in code is not perfect, these common applications
Program is likely to occur loophole (can be described as universal loophole), and leading to host, there are risks.Therefore, it is necessary to these universal loopholes
It is repaired.
At present, when the host in server breaks out universal loophole, it usually needs manually write out attack load
(payload), based on attack load generation plug-in type scanner, then using plug-in type scanner to the common application in host
Program is scanned, and obtains which general purpose application program be mounted on host.Then it manually announces from vulnerability information and is obtained on website
Take these installed general purpose application programs vulnerability information (vulnerability information generally include title (title) and
The parts such as description (description), title and description be used for describe vulnerability information influence common application into
Mark cve labels corresponding with the general purpose application program, vulnerability information also typically include the latest edition of general purpose application program
Number).Technical staff is by comparing general purpose application program in version number of the general purpose application program in the host and vulnerability information
Latest edition number, determine whether the general purpose application program in host is compared with lowest version, if compared with lowest version, is then needed
Loophole reparation is carried out to the general purpose application program.Cve number of the last technical staff in vulnerability information, from each announcement loophole
Download flaw patch in official's server of patch, then these loophole patch are installed to corresponding host
In, carry out loophole reparation.
However, the method for above-mentioned administrative vulnerability information, it is each there is new universal loophole when, more than each step will
Artificial repetitive operation causes loophole remediation efficiency low.
Invention content
The embodiment of the present invention is designed to provide a kind of method, apparatus, electronic equipment and the storage of administrative vulnerability information
Medium can improve the efficiency for repairing universal loophole.Specific technical solution is as follows:
In a first aspect, a kind of method of administrative vulnerability information is provided, the method includes:
Obtain the mark of the general purpose application program in each host and version number of each general purpose application program in institute's generic;
The vulnerability information of each general purpose application program is crawled from the network server of publication vulnerability information, from the leakage
The mark of the general purpose application program and the latest edition number of the general purpose application program are extracted in the information of hole;
For each host in each host, according to the identifying of general purpose application program each in the host, described each logical
With version number of the application program in the host and the latest edition number of each general purpose application program, determine it is described it is each it is general should
Whether needed to carry out loophole reparation with program, if in each general purpose application program existing needs to carry out the general of loophole reparation
Application program, it is determined that the host is the destination host for needing to carry out loophole reparation;
According to the corresponding general purpose application program for needing to carry out loophole reparation of each destination host, each destination host is exported
Corresponding loophole repairs prompt message.
Optionally, it is described according to the identifying of general purpose application program each in the host, each general purpose application program is in the master
The latest edition number of version number and each general purpose application program in machine, determine each general purpose application program whether need into
Row loophole reparation, including:
For any general purpose application program, according to preset version number's comparison rule, judge the general purpose application program in institute
Whether the version number in generic is less than the latest edition number of the general purpose application program, if it is, judging the common application journey
Sequence is the target general purpose application program for needing to carry out loophole reparation;If it is not, then judge the general purpose application program do not need into
Row loophole reparation.
Optionally, it is described according to the corresponding general purpose application program for needing to carry out loophole reparation of each destination host, export institute
It states the corresponding loophole of each destination host and repairs prompt message, including:
According to preset canonical matching algorithm and the vulnerability information, the common application journey for needing to carry out loophole reparation is determined
The corresponding public loophole of sequence and exposure cve are numbered;
According to cve numbers and the mark of the destination host, generate the corresponding loophole reparation of the destination host and carry
Show information;
It exports the corresponding loophole of the destination host and repairs prompt message.
Optionally, the loophole letter that each general purpose application program is crawled from the network server of publication vulnerability information
Breath, including:
According to the keyword in the mark of preset each general purpose application program, from the network service of publication vulnerability information
The vulnerability information for including the keyword is crawled in device, obtains the vulnerability information of each general purpose application program.
Optionally, the mark for obtaining the general purpose application program in each host and each general purpose application program are in institute's generic
In version number, including:
The mark of general purpose application program in each host is obtained by network mapping device nmap and each general purpose application program exists
Version number in institute's generic.
Second aspect, provides a kind of device of administrative vulnerability information, and described device includes:
Acquisition module, for obtaining the mark of the general purpose application program in each host and each general purpose application program in institute owner
Version number in machine;
Extraction module, for crawling the loophole of each general purpose application program from the network server of publication vulnerability information
Information extracts the mark of the general purpose application program and the latest edition of the general purpose application program from the vulnerability information
Number;
First determining module, for for each host in each host, according to common application journey each in the host
The identifying of sequence, the latest edition of version number and each general purpose application program of each general purpose application program in the host
Number, determine whether each general purpose application program needs to carry out loophole reparation, if existing in each general purpose application program needs
Carry out the general purpose application program of loophole reparation, it is determined that the host is the destination host for needing to carry out loophole reparation;
First output module, for according to each destination host it is corresponding need carry out loophole reparation general purpose application program,
It exports the corresponding loophole of each destination host and repairs prompt message.
Optionally, the determining module, is additionally operable to:
For any general purpose application program, according to preset version number's comparison rule, judge the general purpose application program in institute
Whether the version number in generic is less than the latest edition number of the general purpose application program, if it is, judging the common application journey
Sequence is the target general purpose application program for needing to carry out loophole reparation;If it is not, then judge the general purpose application program do not need into
Row loophole reparation.
Optionally, first output module, including:
Second determining module, for according to preset canonical matching algorithm and the vulnerability information, determining to be leaked
The corresponding public loophole of general purpose application program and exposure cve that hole is repaired are numbered;
Generation module for the mark according to cve numbers and the destination host, generates the destination host and corresponds to
Loophole repair prompt message;
Second output module repairs prompt message for exporting the corresponding loophole of the destination host.
Optionally, the extraction module, is additionally operable to:
According to the keyword in the mark of preset each general purpose application program, from the network service of publication vulnerability information
The vulnerability information for including the keyword is crawled in device, obtains the vulnerability information of each general purpose application program.
Optionally, the acquisition module, is additionally operable to:
The mark of general purpose application program in each host is obtained by network mapping device nmap and each general purpose application program exists
Version number in institute's generic.
The third aspect, provides a kind of electronic equipment, the electronic equipment include processor, communication interface, memory and
Communication bus, wherein, the processor, the communication interface, the memory is completed mutual by the communication bus
Communication;
The memory, for storing computer program;
The processor during for performing the program stored on the memory, is realized described in above-mentioned first aspect
The method and step of administrative vulnerability information.
Fourth aspect, provides a kind of computer readable storage medium, and the computer readable storage medium memory contains
Computer program, the computer program realize the side of the administrative vulnerability information described in above-mentioned first aspect when being executed by processor
Method step.
Method, apparatus, electronic equipment and the storage medium of a kind of administrative vulnerability information provided in an embodiment of the present invention, pass through
Obtain the mark of the general purpose application program in each host and version number of each general purpose application program in institute's generic;Then from hair
The vulnerability information of each general purpose application program is crawled in the network server of cloth vulnerability information, common application is extracted from vulnerability information
The mark of program and the latest edition number of general purpose application program;For each host in each host, according to each logical in the host
With the identifying of application program, the latest edition of version number and each general purpose application program of each general purpose application program in the host
Number, it determines whether each general purpose application program needs to carry out loophole reparation, is leaked if existed in each general purpose application program
The general purpose application program that hole is repaired, it is determined that the host is the destination host for needing to carry out loophole reparation;Finally according to each target
The corresponding general purpose application program for needing to carry out loophole reparation of host exports the corresponding loophole reparation prompting letter of each destination host
Breath.Using the method for administrative vulnerability information provided by the invention, the mark of the general purpose application program in each host can be obtained automatically
Knowledge and version number of each general purpose application program in institute's generic, and obtain these from the network server of publication vulnerability information
Then the vulnerability information of general purpose application program just can determine that needs by comparing the version number of each general purpose application program in each host
The destination host of loophole reparation is carried out, the corresponding loophole of destination host is finally exported and repairs prompt message.In this way, without manually into
Row above-mentioned steps can improve the efficiency for repairing universal loophole.Certainly, implement any of the products of the present invention or method not necessarily
It needs to reach all the above advantage simultaneously.
Description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described.
Fig. 1 is a kind of method flow diagram of administrative vulnerability information of the embodiment of the present invention;
Fig. 2 is a kind of apparatus structure schematic diagram of administrative vulnerability information of the embodiment of the present invention;
Fig. 3 is the structure diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is described.
The embodiment of the invention discloses a kind of method, apparatus, electronic equipment and the storage medium of administrative vulnerability information, below
It is described in detail respectively.The executive agent of this method can be any one host in each host in server or again
A host (being properly termed as managing main frame) being newly configured, the managing main frame can manage each host (including managing main frame sheet
Body and other each host).
As shown in FIG. 1, FIG. 1 is a kind of method flow diagram of administrative vulnerability information of the embodiment of the present invention, including walking as follows
Suddenly:
Step 101, obtain each general purpose application program in each host mark and general purpose application program in institute's generic
Version number.
In force, master can be managed with general purpose application programs such as installation database, OFFICE office softwares in every host
Machine can obtain the mark of general purpose application program installed in each host, for example, the title of general purpose application program can be obtained,
Or the keyword of the title of the general purpose application program is obtained, managing main frame can also obtain each general purpose application program in institute owner
The information such as the version number in machine.Managing main frame is getting the mark of the general purpose application program of each host and each common application journey
After version number of the sequence in institute's generic, the mark of each host and the information of the general purpose application program in the host can be carried out
Corresponding storage.The mark of host can be the IP (Internet Protocol, the agreement interconnected between network) of the host
Location or the number for distinguishing the host.
Step 102, the vulnerability information of general purpose application program is crawled from the network server of publication vulnerability information, from loophole
The mark of general purpose application program and the latest edition number of general purpose application program are extracted in information.
In force, many network servers can store the vulnerability information of each general purpose application program, for example, http://
Www.seebug.org/rss/new and https:The server of the website links such as //www.exploit-db.com/rss.xml.
Managing main frame can crawl the corresponding leakage of each general purpose application program respectively from the network server of these publication vulnerability informations
Hole information, for any general purpose application program, vulnerability information includes the parts such as title and description, title and
Description be used for describe the vulnerability information influence common application into mark cve corresponding with the general purpose application program
Label, vulnerability information also typically include the latest edition number of general purpose application program.
Step 103, for each host in each host, according to the identifying of general purpose application program each in the host, each logical
With version number of the application program in the host and the latest edition number of each general purpose application program, determine that each general purpose application program is
It is no to need to carry out loophole reparation, if there is the general purpose application program for needing to carry out loophole reparation in each general purpose application program,
It is the destination host for needing to carry out loophole reparation to determine the host.
In force, managing main frame can one by one be detected every host after vulnerability information is obtained.For every
Host, by version number of each general purpose application program in the host in the host and the latest edition number of each general purpose application program
It is compared, determines whether each general purpose application program in every host needs to carry out loophole reparation, if had in some host
The general purpose application program of progress loophole reparation is needed, then the host needs to carry out loophole reparation;It is if each general in the host
Application program does not all need to carry out loophole reparation, then the host does not need to carry out loophole reparation.After destination host is determined, management
Host can be by the identifying of each general purpose application program for needing to carry out loophole reparation in destination host and the host, each common application
The corresponding preservation of latest edition number of version number and each general purpose application program of the program in the host is in the database.
Step 104, according to the corresponding general purpose application program for needing to carry out loophole reparation of each destination host, each target is exported
The corresponding loophole of host repairs prompt message.
In force, managing main frame, can be according to the mark of destination host and destination host pair after destination host is determined
The vulnerability information answered, the corresponding loophole of generation destination host repair prompt message, these loopholes then are repaired prompt message hair
It is sent in the management terminal of administrative staff.For example, loophole is repaired prompt message hair by managing main frame in a manner of mail or short message etc.
It is sent on the mailbox or mobile phone of administrative staff, so that administrative staff is allowed to know, which of which platform host is general purpose application program needs
Carry out loophole reparation.
It optionally, can be according to pre- when whether the general purpose application program in determining each host needs to carry out loophole reparation
If version number's comparison rule, judge version number of the general purpose application program in institute's generic whether be less than the common application journey
The latest edition number of sequence, if it is, judging target common application journey of the general purpose application program to need progress loophole reparation
Sequence;If it is not, then judge that the general purpose application program does not need to carry out loophole reparation.
In force, for any general purpose application program, can by comparing the general program institute's generic version
Number and the general purpose application program latest edition number, come determine the general purpose application program whether need carry out loophole reparation.Wherein,
Version number's comparison rule can be diversified.For example, version number can be made of number and spaced points, these number priorities
The sequence of grade is from left to right to continuously decrease, and at this moment preset version number's comparison rule can be:By comparing version number successively
In number, come determine same general purpose application program institute's generic version number whether be less than the general purpose application program most
New version number, if it is, judging target general purpose application program of the general purpose application program to need progress loophole reparation;If
It is not then to judge that the general purpose application program does not need to carry out loophole reparation.Alternatively, version number is individual number, at this moment version
Number comparison rule can directly compare the number of version number, to determine whether general purpose application program needs to carry out loophole reparation.
It (is made of for example, version number of some general purpose application program in some host is 3.1 number and spaced points
), the general purpose application program is corresponding in the vulnerability information that obtains from the network server of publication vulnerability information for managing main frame
Version number is 3.2 (being made of number and spaced points), and preset version number's comparison rule first compares the two version numbers
Highest priority position corresponding 3 since corresponding two data of highest order are equal, is then followed by comparing the number that priority is taken second place
Word at this moment since 1 is less than 2, then judges that version number 3.1 is less than version number 3.2, i.e., the common application journey of 3.1 versions in the host
Sequence needs to carry out loophole reparation.When version number is individual number, such as Liang Ge version numbers are 4.0 and 3.6 respectively, at this moment version
This number comparison rule by comparing the two numerical value size, it may be determined that 4.0 be higher version, if general in host
The version number of application program is 4.0, and the corresponding version number of vulnerability information is 3.6, then the general purpose application program does not need to be leaked
It repairs in hole;If the version number of the general purpose application program in host is 3.6, the corresponding version number of vulnerability information is 4.0, then this is logical
It is needed to carry out loophole reparation with application program.
In scheme provided in an embodiment of the present invention, since general purpose application program is after loophole reparation is carried out, version number's meeting
It updates therewith, it is therefore possible to use compare the mode of version number to determine whether general purpose application program needs to carry out loophole reparation,
It can quickly determine that the general purpose application program of which version needs to carry out loophole reparation in this way, so as to improve loophole remediation efficiency.
Optionally, managing main frame can determine to need to carry out loophole by preset canonical matching algorithm and vulnerability information
The corresponding public loophole of general purpose application program and exposure cve of reparation are numbered;Then according to cve numbers and the mark of destination host
Know, the corresponding loophole of generation destination host repairs prompt message;Finally the corresponding loophole of output destination host repairs prompt message.
In force, after managing main frame determines destination host, can obtain needs progress loophole to repair in the destination host
The corresponding cve numbers of multiple general purpose application program.The title and description of vulnerability information generally include cve numbers, in advance
If canonical matching algorithm can matching be detected in the title and description to vulnerability information by keyword, when
When detecting cve numbers, then cve numbers are extracted.Then, managing main frame is numbered according to cve and the mark of the destination host is given birth to
It is repaired in prompt message, then the terminal of management that loophole reparation prompt message is sent to administrative staff into loophole.
In scheme provided in an embodiment of the present invention, loophole repair prompt message including host mark and host in need into
The corresponding cve labels of each general purpose application program of row loophole reparation, the staff of such managing main frame carry according to loophole reparation
Show that information can quickly determine which host needs to carry out loophole reparation, and which common application journey in these hosts known
Sequence needs to carry out loophole reparation, these general purpose application programs need the loophole patch for carrying out loophole reparation can be according to each logical
It is downloaded from each official's server for announcing loophole patch with the corresponding cve numbers of application program.
Optionally, managing main frame can be leaked according to the keyword in the mark of preset each general purpose application program from publication
The vulnerability information comprising the keyword is crawled in the network server of hole information.
In force, the title and description of vulnerability information generally include the mark or logical of general purpose application program
With the keyword in the mark of application, managing main frame can be (a kind of by chromium headless according to these keywords
The title of browser) browser without a head such as browser or phantom (a kind of title of browser) without a head is from publication loophole letter
The vulnerability information including these keywords is crawled in the network server of breath.
In scheme provided in an embodiment of the present invention, loophole is obtained by the keyword in the mark of general purpose application program and is believed
Breath can rapidly extract the corresponding loophole letter of installed general program in host from numerous vulnerability informations in this way
Breath improves the efficiency for obtaining vulnerability information.
Optionally, managing main frame can be obtained by network mapping device (Network Mapper, nmap) in each host
Version number of the mark and general purpose application program of each general purpose application program in institute's generic.
In force, managing main frame periodically can be scanned a host according to the preset period by nmap, obtain
Which general purpose application program be mounted with to each host, and obtains the mark and these general purpose application programs of these general purpose application programs
Version number in institute's generic.The information of this acquisition after these information are obtained, is stored in data by managing main frame every time
In library, and by the mark of each general purpose application program in each host obtained before and general purpose application program in institute's generic
Version number information is deleted.
In scheme provided in an embodiment of the present invention, the mark of each general purpose application program in each host can be obtained by nmap
Knowledge and version number of the general purpose application program in institute's generic, and when nmap is used to obtain the information of each host, Bu Huiying
Ring the normal operation of each host.
The method of a kind of administrative vulnerability information provided in an embodiment of the present invention, by obtaining the common application journey in each host
The mark of sequence and version number of each general purpose application program in institute's generic;Then from the network server of publication vulnerability information
The vulnerability information of each general purpose application program is crawled, the mark and general purpose application program of general purpose application program are extracted from vulnerability information
Latest edition number;For each host in each host, according to the identifying of general purpose application program each in the host, it is each it is general should
With version number of the program in the host and the latest edition number of each general purpose application program, determine whether each general purpose application program needs
Loophole reparation is carried out, if there is the general purpose application program for needing to carry out loophole reparation in each general purpose application program, it is determined that
The host is the destination host for needing to carry out loophole reparation;Finally need to carry out loophole reparation according to each destination host is corresponding
General purpose application program exports the corresponding loophole of each destination host and repairs prompt message.Believe using administrative vulnerability provided by the invention
The method of breath, can obtain automatically general purpose application program in each host mark and each general purpose application program in institute's generic
Version number, and the vulnerability informations of these general purpose application programs, Ran Houtong are obtained from the network server of publication vulnerability information
The version number for crossing each general purpose application program in more each host just can determine that the destination host for needing to carry out loophole reparation, last defeated
Go out the corresponding loophole of destination host and repair prompt message.In this way, without manually carrying out above-mentioned steps, it is universal that reparation can be improved
The efficiency of loophole.
Based on identical technical concept, corresponding to embodiment of the method shown in Fig. 1, the embodiment of the present invention additionally provides a kind of pipe
The device of vulnerability information is managed, as shown in Fig. 2, the device includes:
Acquisition module 201, for obtaining the mark of the general purpose application program in each host and each general purpose application program in institute
Version number in generic;
Extraction module 202, for crawling each general purpose application program from the network server of publication vulnerability information
Vulnerability information extracts the mark of the general purpose application program and the latest edition of the general purpose application program from the vulnerability information
This number;
First determining module 203, for for each host in each host, according to common application each in the host
The identifying of program, the latest edition of version number and each general purpose application program of each general purpose application program in the host
Number, determine whether each general purpose application program needs to carry out loophole reparation, if existing in each general purpose application program needs
Carry out the general purpose application program of loophole reparation, it is determined that the host is the destination host for needing to carry out loophole reparation;
First output module 204, for according to the corresponding common application journey for needing to carry out loophole reparation of each destination host
Sequence exports the corresponding loophole of each destination host and repairs prompt message.
Optionally, the determining module, is additionally operable to:
For any general purpose application program, according to preset version number's comparison rule, judge the general purpose application program in institute
Whether the version number in generic is less than the latest edition number of the general purpose application program, if it is, judging the common application journey
Sequence is the target general purpose application program for needing to carry out loophole reparation;If it is not, then judge the general purpose application program do not need into
Row loophole reparation.
In scheme provided in an embodiment of the present invention, since general purpose application program is after loophole reparation is carried out, version number's meeting
It updates therewith, it is therefore possible to use compare the mode of version number to determine whether general purpose application program needs to carry out loophole reparation,
It can quickly determine that the general purpose application program of which version needs to carry out loophole reparation in this way, so as to improve loophole remediation efficiency.
Optionally, first output module, including:
Second determining module, for according to preset canonical matching algorithm and the vulnerability information, determining to be leaked
The corresponding public loophole of general purpose application program and exposure cve that hole is repaired are numbered;
Generation module for the mark according to cve numbers and the destination host, generates the destination host and corresponds to
Loophole repair prompt message;
Second output module repairs prompt message for exporting the corresponding loophole of the destination host.
In scheme provided in an embodiment of the present invention, loophole repair prompt message including host mark and host in need into
The corresponding cve labels of each general purpose application program of row loophole reparation, the staff of such managing main frame carry according to loophole reparation
Show that information can quickly determine which host needs to carry out loophole reparation, and which common application journey in these hosts known
Sequence needs to carry out loophole reparation, these general purpose application programs need the loophole patch for carrying out loophole reparation can be according to each logical
It is downloaded from each official's server for announcing loophole patch with the corresponding cve numbers of application program.
Optionally, the extraction module, is additionally operable to:
According to the keyword in the mark of preset each general purpose application program, from the network service of publication vulnerability information
The vulnerability information for including the keyword is crawled in device, obtains the vulnerability information of each general purpose application program.
In scheme provided in an embodiment of the present invention, loophole is obtained by the keyword in the mark of general purpose application program and is believed
Breath can rapidly extract the corresponding loophole letter of installed general program in host from numerous vulnerability informations in this way
Breath improves the efficiency for obtaining vulnerability information.
Optionally, the acquisition module, is additionally operable to:
The mark of general purpose application program in each host is obtained by network mapping device nmap and each general purpose application program exists
Version number in institute's generic.
In scheme provided in an embodiment of the present invention, the mark of each general purpose application program in each host can be obtained by nmap
Knowledge and version number of the general purpose application program in institute's generic, and when nmap is used to obtain the information of each host, Bu Huiying
Ring the normal operation of each host.
The device of a kind of administrative vulnerability information provided in an embodiment of the present invention, by obtaining the common application journey in each host
The mark of sequence and version number of each general purpose application program in institute's generic;Then from the network server of publication vulnerability information
The vulnerability information of each general purpose application program is crawled, the mark and general purpose application program of general purpose application program are extracted from vulnerability information
Latest edition number;For each host in each host, according to the identifying of general purpose application program each in the host, it is each it is general should
With version number of the program in the host and the latest edition number of each general purpose application program, determine whether each general purpose application program needs
Loophole reparation is carried out, if there is the general purpose application program for needing to carry out loophole reparation in each general purpose application program, it is determined that
The host is the destination host for needing to carry out loophole reparation;Finally need to carry out loophole reparation according to each destination host is corresponding
General purpose application program exports the corresponding loophole of each destination host and repairs prompt message.Believe using administrative vulnerability provided by the invention
The method of breath, can obtain automatically general purpose application program in each host mark and each general purpose application program in institute's generic
Version number, and the vulnerability informations of these general purpose application programs, Ran Houtong are obtained from the network server of publication vulnerability information
The version number for crossing each general purpose application program in more each host just can determine that the destination host for needing to carry out loophole reparation, last defeated
Go out the corresponding loophole of destination host and repair prompt message.In this way, without manually carrying out above-mentioned steps, it is universal that reparation can be improved
The efficiency of loophole.
The embodiment of the present invention additionally provides a kind of electronic equipment, as shown in figure 3, including processor 301, communication interface 302,
Memory 303 and communication bus 304, wherein, processor 301, communication interface 302, memory 303 is complete by communication bus 304
Into mutual communication;
Memory 303, for storing computer program;
Processor 301 during for performing the program stored on memory 303, realizes pipe provided in an embodiment of the present invention
The method for managing vulnerability information.
Specifically, the method for above-mentioned administrative vulnerability information, including:
Obtain the mark of the general purpose application program in each host and version number of each general purpose application program in institute's generic;
The vulnerability information of each general purpose application program is crawled from the network server of publication vulnerability information, from the leakage
The mark of the general purpose application program and the latest edition number of the general purpose application program are extracted in the information of hole;
For each host in each host, according to the identifying of general purpose application program each in the host, described each logical
With version number of the application program in the host and the latest edition number of each general purpose application program, determine it is described it is each it is general should
Whether needed to carry out loophole reparation with program, if in each general purpose application program existing needs to carry out the general of loophole reparation
Application program, it is determined that the host is the destination host for needing to carry out loophole reparation;
According to the corresponding general purpose application program for needing to carry out loophole reparation of each destination host, each destination host is exported
Corresponding loophole repairs prompt message.
It should be noted that other realization methods of the method for above-mentioned administrative vulnerability information and preceding method embodiment part
Identical, which is not described herein again.
The communication bus of above-mentioned electronic equipment can be Peripheral Component Interconnect standard (Peripheral
ComponentInterconnect, abbreviation PCI) bus or expanding the industrial standard structure (Extended Industry
Standard Architecture, abbreviation EISA) bus etc..The communication bus can be divided into address bus, data/address bus, control
Bus processed etc..It for ease of representing, is only represented in figure with a thick line, it is not intended that an only bus or a type of total
Line.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory can include random access memory (Random Access Memory, abbreviation RAM), can also include
Nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be at least one storage device for being located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
Abbreviation CPU), network processing unit (Network Processor, abbreviation NP) etc.;It can also be digital signal processor
(Digital Signal Processing, abbreviation DSP), application-specific integrated circuit (Application Specific
Integrated Circuit, abbreviation ASIC), field programmable gate array (Field Programmable Gate Array,
Abbreviation FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.
In another embodiment provided by the invention, a kind of computer readable storage medium is additionally provided, which can
It reads to be stored with instruction in storage medium, when run on a computer so that computer performs any institute in above-described embodiment
The method of administrative vulnerability information stated.
In another embodiment provided by the invention, a kind of computer program product for including instruction is additionally provided, when it
When running on computers so that the method that computer performs any administrative vulnerability information in above-described embodiment.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or its arbitrary combination real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.The computer program
Product includes one or more computer instructions.When loading on computers and performing the computer program instructions, all or
It partly generates according to the flow or function described in the embodiment of the present invention.The computer can be all-purpose computer, special meter
Calculation machine, computer network or other programmable devices.The computer instruction can be stored in computer readable storage medium
In or from a computer readable storage medium to another computer readable storage medium transmit, for example, the computer
Instruction can pass through wired (such as coaxial cable, optical fiber, number from a web-site, computer, server or data center
User's line (DSL)) or wireless (such as infrared, wireless, microwave etc.) mode to another web-site, computer, server or
Data center is transmitted.The computer readable storage medium can be any usable medium that computer can access or
It is the data storage devices such as server, the data center integrated comprising one or more usable mediums.The usable medium can be with
It is magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or semiconductor medium (such as solid state disk
Solid State Disk (SSD)) etc..
Method, apparatus, electronic equipment and the storage medium of a kind of administrative vulnerability information provided in an embodiment of the present invention, pass through
Obtain the mark of the general purpose application program in each host and version number of each general purpose application program in institute's generic;Then from hair
The vulnerability information of each general purpose application program is crawled in the network server of cloth vulnerability information, common application is extracted from vulnerability information
The mark of program and the latest edition number of general purpose application program;For each host in each host, according to each logical in the host
With the identifying of application program, the latest edition of version number and each general purpose application program of each general purpose application program in the host
Number, it determines whether each general purpose application program needs to carry out loophole reparation, is leaked if existed in each general purpose application program
The general purpose application program that hole is repaired, it is determined that the host is the destination host for needing to carry out loophole reparation;Finally according to each target
The corresponding general purpose application program for needing to carry out loophole reparation of host exports the corresponding loophole reparation prompting letter of each destination host
Breath.Using the method for administrative vulnerability information provided by the invention, the mark of the general purpose application program in each host can be obtained automatically
Knowledge and version number of each general purpose application program in institute's generic, and obtain these from the network server of publication vulnerability information
Then the vulnerability information of general purpose application program just can determine that needs by comparing the version number of each general purpose application program in each host
The destination host of loophole reparation is carried out, the corresponding loophole of destination host is finally exported and repairs prompt message.In this way, without manually into
Row above-mentioned steps can improve the efficiency for repairing universal loophole.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any this practical relationship or sequence.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Non-exclusive inclusion, so that process, method, article or equipment including a series of elements not only will including those
Element, but also including other elements that are not explicitly listed or further include as this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
Also there are other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is described using relevant mode, identical similar portion between each embodiment
Point just to refer each other, and the highlights of each of the examples are difference from other examples.Especially for system reality
For applying example, since it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
Claims (12)
- A kind of 1. method of administrative vulnerability information, which is characterized in that the method includes:Obtain the mark of the general purpose application program in each host and version number of each general purpose application program in institute's generic;The vulnerability information of each general purpose application program is crawled from the network server of publication vulnerability information, is believed from the loophole The mark of the general purpose application program and the latest edition number of the general purpose application program are extracted in breath;For each host in each host, according to the identifying of general purpose application program each in the host, it is described it is each it is general should With version number of the program in the host and the latest edition number of each general purpose application program, each common application journey is determined Whether sequence needs to carry out loophole reparation, if there is the common application for needing to carry out loophole reparation in each general purpose application program Program, it is determined that the host is the destination host for needing to carry out loophole reparation;According to the corresponding general purpose application program for needing to carry out loophole reparation of each destination host, output each destination host corresponds to Loophole repair prompt message.
- 2. the according to the method described in claim 1, it is characterized in that, mark according to general purpose application program each in the host Know, the latest edition number of version number and each general purpose application program of each general purpose application program in the host, determine Whether each general purpose application program needs to carry out loophole reparation, including:For any general purpose application program, according to preset version number's comparison rule, judge the general purpose application program in institute owner Whether the version number in machine is less than the latest edition number of the general purpose application program, if it is, judging that the general purpose application program is Need the target general purpose application program of progress loophole reparation;If it is not, then judge that the general purpose application program does not need to be leaked It repairs in hole.
- 3. according to the method described in claim 1, it is characterized in that, described need to carry out loophole according to each destination host is corresponding The general purpose application program of reparation exports the corresponding loophole of each destination host and repairs prompt message, including:According to preset canonical matching algorithm and the vulnerability information, the general purpose application program pair for needing to carry out loophole reparation is determined The public loophole and exposure cve answered are numbered;According to cve numbers and the mark of the destination host, the corresponding loophole reparation prompting letter of the destination host is generated Breath;It exports the corresponding loophole of the destination host and repairs prompt message.
- 4. according to the method described in claim 1, it is characterized in that, described crawl from the network server of publication vulnerability information The vulnerability information of each general purpose application program, including:According to the keyword in the mark of preset each general purpose application program, from the network server of publication vulnerability information The vulnerability information for including the keyword is crawled, obtains the vulnerability information of each general purpose application program.
- 5. the according to the method described in claim 1, it is characterized in that, mark for obtaining the general purpose application program in each host With version number of each general purpose application program in institute's generic, including:By the mark and each general purpose application program of the general purpose application program in each host of network mapping device nmap acquisitions affiliated Version number in host.
- 6. a kind of device of administrative vulnerability information, which is characterized in that described device includes:Acquisition module, for obtaining the mark of the general purpose application program in each host and each general purpose application program in institute's generic Version number;Extraction module, for crawling the loophole letter of each general purpose application program from the network server of publication vulnerability information Breath extracts the mark of the general purpose application program and the latest edition number of the general purpose application program from the vulnerability information;First determining module, for for each host in each host, according to general purpose application program each in the host Mark, the latest edition number of version number and each general purpose application program of each general purpose application program in the host, really Whether fixed each general purpose application program needs to carry out loophole reparation, if existing in each general purpose application program needs to carry out The general purpose application program of loophole reparation, it is determined that the host is the destination host for needing to carry out loophole reparation;First output module, for according to the corresponding general purpose application program for needing to carry out loophole reparation of each destination host, output The corresponding loophole of each destination host repairs prompt message.
- 7. device according to claim 6, which is characterized in that the determining module is additionally operable to:For any general purpose application program, according to preset version number's comparison rule, judge the general purpose application program in institute owner Whether the version number in machine is less than the latest edition number of the general purpose application program, if it is, judging that the general purpose application program is Need the target general purpose application program of progress loophole reparation;If it is not, then judge that the general purpose application program does not need to be leaked It repairs in hole.
- 8. device according to claim 6, which is characterized in that first output module, including:Second determining module, for according to preset canonical matching algorithm and the vulnerability information, determining that progress loophole is needed to repair The corresponding public loophole of multiple general purpose application program and exposure cve are numbered;Generation module for the mark according to cve numbers and the destination host, generates the corresponding leakage of the destination host Repair prompt message in hole;Second output module repairs prompt message for exporting the corresponding loophole of the destination host.
- 9. device according to claim 6, which is characterized in that the extraction module is additionally operable to:According to the keyword in the mark of preset each general purpose application program, from the network server of publication vulnerability information The vulnerability information for including the keyword is crawled, obtains the vulnerability information of each general purpose application program.
- 10. device according to claim 6, which is characterized in that the acquisition module is additionally operable to:By the mark and each general purpose application program of the general purpose application program in each host of network mapping device nmap acquisitions affiliated Version number in host.
- 11. a kind of electronic equipment, which is characterized in that it is total that the electronic equipment includes processor, communication interface, memory and communication Line, wherein, the processor, the communication interface, the memory passes through the communication bus and completes mutual communication;The memory, for storing computer program;The processor during for performing the program stored on the memory, realizes any sides of claim 1-5 Method step.
- 12. a kind of computer readable storage medium, which is characterized in that the computer readable storage medium memory contains computer Program realizes claim 1-5 any method and steps when the computer program is executed by processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711158562.9A CN108154033A (en) | 2017-11-20 | 2017-11-20 | A kind of method, apparatus, electronic equipment and the storage medium of administrative vulnerability information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711158562.9A CN108154033A (en) | 2017-11-20 | 2017-11-20 | A kind of method, apparatus, electronic equipment and the storage medium of administrative vulnerability information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108154033A true CN108154033A (en) | 2018-06-12 |
Family
ID=62468035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711158562.9A Pending CN108154033A (en) | 2017-11-20 | 2017-11-20 | A kind of method, apparatus, electronic equipment and the storage medium of administrative vulnerability information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108154033A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109542498A (en) * | 2018-11-27 | 2019-03-29 | 郑州云海信息技术有限公司 | A kind of method and apparatus for administrative vulnerability |
| WO2022062924A1 (en) * | 2020-09-23 | 2022-03-31 | 华为云计算技术有限公司 | Vulnerability assessment method and apparatus, computation device and storage medium |
| CN114996718A (en) * | 2022-06-30 | 2022-09-02 | 浙江网商银行股份有限公司 | Data processing method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101727337A (en) * | 2008-10-24 | 2010-06-09 | 鸿富锦精密工业(深圳)有限公司 | Electronic device with automatic software updating function and method |
| CN102541596A (en) * | 2011-12-22 | 2012-07-04 | 中标软件有限公司 | Operating system upgrading method and device |
| CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
| CN106201607A (en) * | 2016-07-04 | 2016-12-07 | 乐视控股(北京)有限公司 | The upgrade method of a kind of software version and equipment |
| CN106503564A (en) * | 2016-10-26 | 2017-03-15 | 上海携程商务有限公司 | The discovery method and system of software vulnerability |
| CN106843933A (en) * | 2016-12-27 | 2017-06-13 | 北京五八信息技术有限公司 | A kind of leak restorative procedure of application program, mobile terminal and patch server |
-
2017
- 2017-11-20 CN CN201711158562.9A patent/CN108154033A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101727337A (en) * | 2008-10-24 | 2010-06-09 | 鸿富锦精密工业(深圳)有限公司 | Electronic device with automatic software updating function and method |
| CN102541596A (en) * | 2011-12-22 | 2012-07-04 | 中标软件有限公司 | Operating system upgrading method and device |
| CN103473505A (en) * | 2012-06-06 | 2013-12-25 | 腾讯科技(深圳)有限公司 | Scanning prompt method and device for software vulnerabilities |
| CN106201607A (en) * | 2016-07-04 | 2016-12-07 | 乐视控股(北京)有限公司 | The upgrade method of a kind of software version and equipment |
| CN106503564A (en) * | 2016-10-26 | 2017-03-15 | 上海携程商务有限公司 | The discovery method and system of software vulnerability |
| CN106843933A (en) * | 2016-12-27 | 2017-06-13 | 北京五八信息技术有限公司 | A kind of leak restorative procedure of application program, mobile terminal and patch server |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109542498A (en) * | 2018-11-27 | 2019-03-29 | 郑州云海信息技术有限公司 | A kind of method and apparatus for administrative vulnerability |
| WO2022062924A1 (en) * | 2020-09-23 | 2022-03-31 | 华为云计算技术有限公司 | Vulnerability assessment method and apparatus, computation device and storage medium |
| CN114996718A (en) * | 2022-06-30 | 2022-09-02 | 浙江网商银行股份有限公司 | Data processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zahan et al. | What are weak links in the npm supply chain? | |
| JP6676480B2 (en) | Vulnerability risk assessment system | |
| US8230497B2 (en) | Method of identifying software vulnerabilities on a computer system | |
| CN102833258B (en) | Network address access method and system | |
| EP3178011B1 (en) | Method and system for facilitating terminal identifiers | |
| TW201931187A (en) | URL attack detection method and apparatus, and electronic device | |
| US20130160126A1 (en) | Malware remediation system and method for modern applications | |
| US20090113548A1 (en) | Executable Download Tracking System | |
| CN104769598B (en) | System and method for detecting unauthorized applications | |
| CN109376534B (en) | Method and apparatus for detecting applications | |
| CN104580133A (en) | Malicious program protection method and system and filtering table updating method thereof | |
| CN108154033A (en) | A kind of method, apparatus, electronic equipment and the storage medium of administrative vulnerability information | |
| CN110895472A (en) | Method and device for identifying service change | |
| RU2701040C1 (en) | Method and a computer for informing on malicious web resources | |
| CN107239701A (en) | Recognize the method and device of malicious websites | |
| CN108052824A (en) | A kind of risk prevention system method, apparatus and electronic equipment | |
| US10320816B1 (en) | Systems and methods for uniquely identifying malicious advertisements | |
| EP3671512B1 (en) | Automated software vulnerability determination | |
| JP6623128B2 (en) | Log analysis system, log analysis method, and log analysis device | |
| TWI703846B (en) | URL abnormal location method, device, server and storage medium | |
| CN115495740A (en) | Virus detection method and device | |
| JP2009053896A (en) | Unauthorized operation detector and program | |
| CN113934625A (en) | Software detection method, device and storage medium | |
| CN113344598A (en) | Data verification method, device, medium and electronic equipment | |
| US11785028B1 (en) | Dynamic analysis for detecting harmful content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180612 |