CN105430002A - Vulnerability detection method and device - Google Patents
Vulnerability detection method and device Download PDFInfo
- Publication number
- CN105430002A CN105430002A CN201510960340.3A CN201510960340A CN105430002A CN 105430002 A CN105430002 A CN 105430002A CN 201510960340 A CN201510960340 A CN 201510960340A CN 105430002 A CN105430002 A CN 105430002A
- Authority
- CN
- China
- Prior art keywords
- pages
- sub
- address
- chained address
- sublink
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a vulnerability detection method and device, relates to the technical field of Internet, and solves the problem that vulnerability scanning cannot be performed completely by a vulnerability detection method in the prior art. The method comprises the following steps: acquiring a link address clicked by a user to serve as a torrent link address, and downloading a corresponding torrent webpage according to the torrent link address; capturing sub-link addresses included in the torrent webpage, and downloading corresponding sub-webpages according to the sub-link addresses; performing vulnerability detection scanning on the torrent webpage and the sub-webpages; and determining whether vulnerabilities exist in the webpages or not according to a scanning result. The vulnerability detection method is mainly applied to breadth and depth detection of the vulnerabilities in order to achieve the effect of comprehensively detecting the vulnerabilities.
Description
Technical field
The present invention relates to Internet technical field, particularly relate to a kind of leak detection method and device.
Background technology
Carry out scanning in the processing mode of leak existing; in order to all scan multistage domain name; thus ensure the degree of depth of scanning, usually can carry out vulnerability scanning by passive scanning engine, namely the passive domain name to user's access carries out vulnerability scanning.Although this mode can ensure to carry out vulnerability scanning to the domain name of darker rank, reach the effect of depth scan leak, but then cannot complete vulnerability scanning to the domain name that user does not access, thus cause the range of vulnerability scanning inadequate, namely the coverage of vulnerability scanning does not reach requirement, comprehensively cannot carry out vulnerability scanning.
Summary of the invention
In view of this, the present invention proposes a kind of leak detection method and device, main purpose is to solve the problem that leak detection method of the prior art cannot carry out vulnerability scanning comprehensively.
According to first aspect of the present invention, the invention provides a kind of leak detection method, comprising:
Obtain the chained address of user's click as seed chained address, and download corresponding sub-pages according to described seed chained address;
Capture the sublink address comprised in described sub-pages, and download corresponding sub-pages according to described sublink address;
Hole Detection Scan is carried out to described sub-pages and sub-pages;
Whether leak is there is according in scanning result determination webpage.
According to second aspect of the present invention, the invention provides a kind of Hole Detection device, comprising:
Acquiring unit, for obtaining the chained address of user's click as seed chained address, and downloads corresponding sub-pages according to described seed chained address;
Placement unit, for capturing the sublink address comprised in described sub-pages, and downloads corresponding sub-pages according to described sublink address;
Detecting unit, for carrying out Hole Detection Scan to described sub-pages and sub-pages;
Whether determining unit, for existing leak according in scanning result determination webpage.
By technique scheme, a kind of leak detection method that the embodiment of the present invention provides and device, can obtain the chained address of user's click as seed chained address, and download corresponding sub-pages according to described seed chained address; Capture the sublink address comprised in described sub-pages, and download corresponding sub-pages according to described sublink address; Hole Detection Scan is carried out to described sub-pages and sub-pages; Whether leak is there is according in scanning result determination webpage.Usually vulnerability scanning is carried out by passive scanning engine with prior art, the domain name that namely passive mode of carrying out vulnerability scanning to the domain name of user's access cannot not accessed user carries out vulnerability scanning, thus the incomplete defect of vulnerability scanning is caused to compare, the embodiment of the present invention is carried out link initiatively to the chained address of drive sweep and is crawled on the basis of drive sweep, thus the page link of wider scope can be excavated and profound vulnerability scanning is carried out to it, thus ensure that the breadth and depth of scanning, reach the effect of comprehensively carrying out vulnerability scanning.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of specification, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the flow chart of a kind of leak detection method that the embodiment of the present invention provides;
Fig. 2 shows the composition frame chart of a kind of Hole Detection device that the embodiment of the present invention provides;
Fig. 3 shows the composition frame chart of the another kind of Hole Detection device that the embodiment of the present invention provides.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in further detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
At present when detecting leak, in order to all scan multistage domain name, thus ensure the degree of depth of scanning, usually can carry out vulnerability scanning by passive scanning engine, namely passive vulnerability scanning is carried out to the domain name of user's access.Although this mode can ensure to carry out vulnerability scanning to the domain name of darker rank, then vulnerability scanning cannot be completed to the domain name that user does not access.
In order to solve the problem, embodiments provide a kind of leak detection method, the page link of wider scope can be excavated and profound vulnerability scanning is carried out to it, thus ensure that the breadth and depth of scanning, reaching the effect of comprehensively carrying out vulnerability scanning.As shown in Figure 1, the method comprises:
101, obtain the chained address of user's click as seed chained address, and download corresponding sub-pages according to described seed chained address.
Leak refers to the weakness that a system exists or defect, the mistake produced when defect when it may come from application software or operating system design or coding, also may from the unreasonable part in the design defect of business in iterative process or logic flow.Because leak is very large on the impact of the fail safes such as network, system, terminal, server, therefore how complete detection springs a leak extremely important.In order to reach the effect of complete detection leak, the chained address can clicked according to user in prior art i.e. url carry out Hole Detection to it, and the target web pointed to by a large amount of url clicked user carries out Hole Detection, usually can find the leak existed.Therefore, in the leak detection method that the embodiment of the present invention provides, need to perform step 101 and obtain the chained address of user's click as seed chained address, and download corresponding sub-pages according to described seed chained address.
102, capture the sublink address comprised in described sub-pages, and download corresponding sub-pages according to described sublink address.
When user's browsing page, although the chained address that user clicks is very many, and vulnerability scanning is carried out to a large amount of chained addresses that user clicks and can reach the effect of deeper domain name being carried out to Hole Detection, usually the multi-level domain name of these profound levels is not easy to be crawled by reptile, and the chained address that the user therefore obtained in a step 101 clicks can reach the object of degree of depth vulnerability scanning.But for the chained address that those users do not click, if do not carry out vulnerability scanning to it, the leak so wherein may hidden just cannot be found.Therefore, the embodiment of the present invention step 101 obtain chained address that user clicks as seed chained address after, also need to perform step 102 and capture the sublink address comprised in described sub-pages, and download corresponding sub-pages according to described sublink address.Wherein, the opportunity of crawl can be after user clicks certain chained address, just initiatively can capture other chained addresses be linked in webpage corresponding to this chained address.
103, Hole Detection Scan is carried out to described sub-pages and sub-pages.
When getting the chained address of user's click in a step 101, and after downloading corresponding sub-pages according to described seed chained address, usually can obtain the webpage of the profound domain name that those reptiles cannot crawl; And capture the sublink address comprised in described sub-pages in a step 102, and after downloading corresponding sub-pages according to described sublink address, usually can obtain the webpage of wider scope domain name that user does not click.Therefore, obtain, compared with after the kind subpage frame of high depth and range and subpage frame, just can performing step 103 and carrying out Hole Detection Scan to described sub-pages and sub-pages, thus reach the effect of comprehensively carrying out vulnerability scanning by step 101 and step 102.
104, whether there is leak according in scanning result determination webpage.
After in step 103 Hole Detection Scan being carried out to described sub-pages and sub-pages, just scanning result can be mated in leak rule base, whether there is leak according in the matching result determination page.
A kind of leak detection method that the embodiment of the present invention provides, can obtain the chained address of user's click as seed chained address, and download corresponding sub-pages according to described seed chained address; Capture the sublink address comprised in described sub-pages, and download corresponding sub-pages according to described sublink address; Hole Detection Scan is carried out to described sub-pages and sub-pages; Whether leak is there is according in scanning result determination webpage.Usually vulnerability scanning is carried out by passive scanning engine with prior art, the domain name that namely passive mode of carrying out vulnerability scanning to the domain name of user's access cannot not accessed user carries out vulnerability scanning, thus the incomplete defect of vulnerability scanning is caused to compare, the embodiment of the present invention is carried out link initiatively to the chained address of drive sweep and is crawled on the basis of drive sweep, thus the page link of wider scope can be excavated and profound vulnerability scanning is carried out to it, thus ensure that the breadth and depth of scanning, reach the effect of comprehensively carrying out vulnerability scanning.
Understand the method shown in above-mentioned Fig. 1 in order to better, as to the refinement of above-mentioned execution mode and expansion, the embodiment of the present invention is described in detail for the step in Fig. 1.
Due in the realistic case, user manually webpage clicking can enter the webpage with more multistage domain name usually, the webpage of these more multistage domain names is the webpage that not easily crawls of reptile normally, and the webpage that user clicks is usually all representative, the webpage that namely potential leak probability is higher.Therefore, as the optional execution mode of one, described seed chained address using obtaining the chained address of user's click as seed chained address, can be placed in and waiting to capture queue by the embodiment of the present invention; And download corresponding sub-pages according to described seed chained address, described sub-pages is placed in downloading web pages storehouse.Wherein, wait that the chained address captured in queue is that chained address for carrying out wider scope crawls, the webpage in downloading web pages storehouse is for carrying out Hole Detection Scan.
When chained address user clicked is placed in after crawl queue, in order to make the follow-up vulnerability scanning that can carry out wider scope, the embodiment of the present invention also needs to capture by reptile module the sublink address comprised in described sub-pages, wherein, the sublink address comprised in described sub-pages is exactly the chained address comprised in webpage corresponding to seed chained address clicked of user.Crawling of wider scope is carried out in seed chained address user clicked by reptile module, can crawl the chained address that user never clicks, thus ensures follow-uply to carry out vulnerability scanning to more fully webpage.But, also can there is following situation, have the seed chained address clicked with user parton chained address in those sublink addresses crawled by reptile module exactly to repeat, therefore repeat to carry out vulnerability scanning to the page in order to avoid follow-up and cause the low and scanning wasting of resources of scan efficiency, the embodiment of the present invention also needs after reptile module captures the sublink address comprised in sub-pages, wait that duplicate removal is carried out to described sublink address in the chained address captured in queue according to described, the sublink address after duplicate removal is placed in and waits to capture queue.Then download the sub-pages after corresponding duplicate removal according to the sublink address after duplicate removal, the sub-pages after duplicate removal is placed in downloading web pages storehouse.Crawled by the above-mentioned chained address utilizing reptile module to treat in crawl queue, chained address after the duplicate removal crawled is placed in and waits to capture queue, repeatedly carry out repeatedly, just can obtain the higher chained address of breadth and depth waiting to capture in queue, in downloading web pages storehouse, obtain the higher webpage of breadth and depth scope.
When the chained address clicked by passive acquisition user and the chained address initiatively crawling wider scope, and download after obtaining the higher webpage of breadth and depth scope (sub-pages and sub-pages), the embodiment of the present invention just can carry out Hole Detection Scan to the webpage in downloading web pages storehouse, thus obtains comprehensive vulnerability scanning result.Wherein, as common leak form, the embodiment of the present invention is that example illustrates to detect cross site scripting (CrossSiteScript is called for short XSS) leak, and its detecting step comprises: the decanting point 1) obtaining described sub-pages and sub-pages; Namely treat detection webpage and carry out whole scan, obtain legal links all in webpage to be detected and the decanting point of user, wherein decanting point is the place can carrying out injection, normally the utilizable place of leak; 2) at described decanting point injection loophole test code; Namely replace the input of user with ready leak test code, automatically insert these decanting points, carry out simulating artificial submission; 3) request of data is sent to described sub-pages and sub-pages; Namely send get request or the post request of http to targeted sites, to obtain the response for request that targeted sites returns.
After by the way Hole Detection Scan being completed to the webpage in downloading web pages storehouse, whether the embodiment of the present invention just can exist leak according in scanning result determination webpage, namely according to the response of the request of data sent detection side, information respond packet contained is mated in leak rule base, whether there is leak according in the matching result determination page.
As the simplification to above-mentioned execution mode, the embodiment of the present invention is by detect the explanation that XSS leak carries out overall step.The detection method of the embodiment of the present invention forms primarily of two parts, and one is the part that web crawlers crawls chained address, and two is Hole Detection parts.
Crawl in the part of chained address at web crawlers, first in order to get the chained address more wider than the chained address of user's click, the embodiment of the present invention need using the user of passive acquisition click chained address as seed chained address and be placed in wait capture queue, and initiatively capture other chained addresses comprised in the corresponding page in seed chained address, the chained address of the chained address initiatively captured and passive acquisition is carried out filtration to be placed on and to wait to capture in queue, then will wait that dns resolution is passed through in the chained address captured in queue, chained address is converted to IP address corresponding to webpage, then page download device is given by IP address and webpage relative path name, for downloading to local webpage, the webpage of download can be placed on the one hand downloading web pages storehouse to wait for and follow-uply carry out Hole Detection Scan, download URL queue can be put in the chained address of downloading web pages on the other hand, this queue describes the webpage link address that crawler system had been downloaded, avoid the repeated downloads of webpage.
When obtain in the part crawling chained address at web crawlers passive acquisition the chained address with certain depth and initiatively crawl there is the chained address of certain range after, webpage that just can be corresponding to these chained addresses in Hole Detection part carries out comprehensive Hole Detection.Current modal leak is XSS leak, and when use browser view Internet webpage, user and the mutual place of dynamic website are mainly among the list of webpage.And the input of list mainly exists in input label, input label generally has 3 attributes: name, value and type.The embodiment of the present invention can adopt the form of regular expression to search these parameters of list and list, then these information is recorded in local database.Except simply inputting, the link of webpage also can be there is in practical application, such as: <ahref=" URL " > or <framesrc=" URL " link in >, these information are exactly the decanting point analyzed.After having these decanting points above, what needs did is exactly that simulation XSS attacks, and then waits for next step analyzing responding, thus judges whether to there is XSS leak.Detailed process is: inject decanting point by cut-and-dried XSS test code, after having constructed packet, send to server, in this process, because the XSS attack existed has multiple, the mode of circulation can be used for a url, complete the detection that multiple XSS attacks, if this url exists XSS leak, so this XSS leak type is preserved in the data, continue the XSS leak type detecting other, until all XSS leak type detection are complete, then this URL put into and detect queue.When general sending request, usually use get request or the post request of HTTP, after sending request, a response can be returned, analyze this response and can know whether this url exists XSS leak.Need to store numerous XSS attack code sample that may exist in the side of analyzing responding for this reason.The XSS that stores in these data attacks sample and should comprise comprehensive as much as possible, like this can the validity of pit hole test set.So only need to judge to ask the response returned whether to exist and living substring in database.If existed, then illustrate that this url exists XSS leak.
Further, as the realization to method shown in above-mentioned Fig. 1, embodiments provide a kind of Hole Detection device, as shown in Figure 2, this device comprises: acquiring unit 21, placement unit 22, detecting unit 23 and determining unit 24, wherein,
Acquiring unit 21, for obtaining the chained address of user's click as seed chained address, and downloads corresponding sub-pages according to described seed chained address;
Placement unit 22, for capturing the sublink address comprised in described sub-pages, and downloads corresponding sub-pages according to described sublink address;
Detecting unit 23, for carrying out Hole Detection Scan to described sub-pages and sub-pages;
Whether determining unit 24, for existing leak according in scanning result determination webpage.
Further, as shown in Figure 3, acquiring unit 21 comprises:
First acquisition module 211, for obtaining the chained address of user's click as seed chained address, being placed in described seed chained address and waiting to capture queue;
First download module 212, for downloading corresponding sub-pages according to described seed chained address, is placed in downloading web pages storehouse by described sub-pages.
Further, as shown in Figure 3, placement unit 22 comprises:
Handling module 221, for capturing the sublink address comprised in described sub-pages;
Duplicate removal module 222, for waiting described in basis that duplicate removal is carried out to described sublink address in the chained address captured in queue, being placed in the sublink address after duplicate removal and waiting to capture queue;
Second download module 223, for downloading the sub-pages after corresponding duplicate removal according to the sublink address after duplicate removal, is placed in downloading web pages storehouse by the sub-pages after duplicate removal.
Further, as shown in Figure 3, detecting unit 23 comprises:
Second acquisition module 231, for obtaining the decanting point of described sub-pages and sub-pages;
Injection module 232, at described decanting point injection loophole test code;
Sending module 233, for sending request of data to described sub-pages and sub-pages.
Further, determining unit 24 determines whether there is leak in webpage for basis to the response of described request of data.
A kind of Hole Detection device that the embodiment of the present invention provides, can obtain the chained address of user's click as seed chained address, and download corresponding sub-pages according to described seed chained address; Capture the sublink address comprised in described sub-pages, and download corresponding sub-pages according to described sublink address; Hole Detection Scan is carried out to described sub-pages and sub-pages; Whether leak is there is according in scanning result determination webpage.Usually vulnerability scanning is carried out by passive scanning engine with prior art, the domain name that namely passive mode of carrying out vulnerability scanning to the domain name of user's access cannot not accessed user carries out vulnerability scanning, thus the incomplete defect of vulnerability scanning is caused to compare, the embodiment of the present invention is carried out link initiatively to the chained address of drive sweep and is crawled on the basis of drive sweep, thus the page link of wider scope can be excavated and profound vulnerability scanning is carried out to it, thus ensure that the breadth and depth of scanning, reach the effect of comprehensively carrying out vulnerability scanning.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
Be understandable that, the correlated characteristic in said method and device can reference mutually.In addition, " first ", " second " in above-described embodiment etc. are for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In specification provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this specification (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary compound mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions of the some or all parts in the denomination of invention (as determined the device of website internal chaining grade) that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computer of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Claims (10)
1. a leak detection method, is characterized in that, described method comprises:
Obtain the chained address of user's click as seed chained address, and download corresponding sub-pages according to described seed chained address;
Capture the sublink address comprised in described sub-pages, and download corresponding sub-pages according to described sublink address;
Hole Detection Scan is carried out to described sub-pages and sub-pages;
Whether leak is there is according in scanning result determination webpage.
2. method according to claim 1, is characterized in that, obtains the chained address of user's click as seed chained address, and the sub-pages corresponding according to the download of described seed chained address comprises:
Described seed chained address, as seed chained address, is placed in and waits to capture queue by the chained address obtaining user's click;
Download corresponding sub-pages according to described seed chained address, described sub-pages is placed in downloading web pages storehouse.
3. method according to claim 2, is characterized in that, captures the sublink address comprised in described sub-pages, and the sub-pages corresponding according to the download of described sublink address comprises:
Capture the sublink address comprised in described sub-pages, wait that duplicate removal is carried out to described sublink address in the chained address captured in queue according to described, the sublink address after duplicate removal is placed in and waits to capture queue;
Download the sub-pages after corresponding duplicate removal according to the sublink address after duplicate removal, the sub-pages after duplicate removal is placed in downloading web pages storehouse.
4. method according to claim 1, is characterized in that, carries out Hole Detection Scan comprise described sub-pages and sub-pages:
Obtain the decanting point of described sub-pages and sub-pages;
At described decanting point injection loophole test code;
Request of data is sent to described sub-pages and sub-pages.
5. method according to claim 4, is characterized in that, according to whether there is leak in scanning result determination webpage comprises:
Determine whether there is leak in webpage according to the response of described request of data.
6. a Hole Detection device, is characterized in that, described device comprises:
Acquiring unit, for obtaining the chained address of user's click as seed chained address, and downloads corresponding sub-pages according to described seed chained address;
Placement unit, for capturing the sublink address comprised in described sub-pages, and downloads corresponding sub-pages according to described sublink address;
Detecting unit, for carrying out Hole Detection Scan to described sub-pages and sub-pages;
Whether determining unit, for existing leak according in scanning result determination webpage.
7. device according to claim 6, is characterized in that, described acquiring unit comprises:
First acquisition module, for obtaining the chained address of user's click as seed chained address, being placed in described seed chained address and waiting to capture queue;
First download module, for downloading corresponding sub-pages according to described seed chained address, is placed in downloading web pages storehouse by described sub-pages.
8. device according to claim 7, is characterized in that, described placement unit comprises:
Handling module, for capturing the sublink address comprised in described sub-pages;
Duplicate removal module, for waiting described in basis that duplicate removal is carried out to described sublink address in the chained address captured in queue, being placed in the sublink address after duplicate removal and waiting to capture queue;
Second download module, for downloading the sub-pages after corresponding duplicate removal according to the sublink address after duplicate removal, is placed in downloading web pages storehouse by the sub-pages after duplicate removal.
9. device according to claim 6, is characterized in that, described detecting unit comprises:
Second acquisition module, for obtaining the decanting point of described sub-pages and sub-pages;
Injection module, at described decanting point injection loophole test code;
Sending module, for sending request of data to described sub-pages and sub-pages.
10. device according to claim 9, is characterized in that, described determining unit is used for according to determining whether there is leak in webpage to the response of described request of data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510960340.3A CN105430002A (en) | 2015-12-18 | 2015-12-18 | Vulnerability detection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510960340.3A CN105430002A (en) | 2015-12-18 | 2015-12-18 | Vulnerability detection method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105430002A true CN105430002A (en) | 2016-03-23 |
Family
ID=55507943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510960340.3A Pending CN105430002A (en) | 2015-12-18 | 2015-12-18 | Vulnerability detection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105430002A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161427A (en) * | 2016-06-08 | 2016-11-23 | 北京兰云科技有限公司 | A kind of web page processing method, network analhyzer and http server |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| CN106453267A (en) * | 2016-09-21 | 2017-02-22 | 中科信息安全共性技术国家工程研究中心有限公司 | Method for detecting HTTP parameter pollution vulnerability |
| CN107231364A (en) * | 2017-06-13 | 2017-10-03 | 深信服科技股份有限公司 | A kind of website vulnerability detection method and device, computer installation and storage medium |
| CN107347059A (en) * | 2016-05-06 | 2017-11-14 | 腾讯科技(深圳)有限公司 | The method and detection terminal of a kind of Hole Detection |
| CN107846407A (en) * | 2017-11-10 | 2018-03-27 | 郑州云海信息技术有限公司 | A kind of method and system of batch detection SSRF leaks |
| CN107959662A (en) * | 2016-10-18 | 2018-04-24 | 中国电信股份有限公司 | The method and system of web portal security detection |
| CN108573155A (en) * | 2018-04-18 | 2018-09-25 | 北京知道创宇信息技术有限公司 | Detect method, apparatus, electronic equipment and the storage medium of loophole coverage |
| CN109194670A (en) * | 2018-09-19 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of any file download leak detection method in website |
| CN110399723A (en) * | 2018-06-22 | 2019-11-01 | 腾讯科技(深圳)有限公司 | Leak detection method and device, storage medium and electronic device |
| CN111523123A (en) * | 2020-04-26 | 2020-08-11 | 北京信息科技大学 | Intelligent website vulnerability detection method |
| CN112003864A (en) * | 2020-08-25 | 2020-11-27 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592089A (en) * | 2011-12-29 | 2012-07-18 | 北京神州绿盟信息安全科技股份有限公司 | Detection method and detection device for webpage redirection skip loophole |
| CN102739663A (en) * | 2012-06-18 | 2012-10-17 | 奇智软件(北京)有限公司 | Detection method and scanning engine of web pages |
| CN103118028A (en) * | 2013-02-07 | 2013-05-22 | 上海上讯信息技术有限公司 | Method and system for safe scanning based on webpage resolving |
| CN103685189A (en) * | 2012-09-17 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Website security evaluation method and system |
| CN104794193A (en) * | 2015-04-17 | 2015-07-22 | 南京大学 | Webpage increment capture method for valid link acquisition |
| CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
-
2015
- 2015-12-18 CN CN201510960340.3A patent/CN105430002A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592089A (en) * | 2011-12-29 | 2012-07-18 | 北京神州绿盟信息安全科技股份有限公司 | Detection method and detection device for webpage redirection skip loophole |
| CN102739663A (en) * | 2012-06-18 | 2012-10-17 | 奇智软件(北京)有限公司 | Detection method and scanning engine of web pages |
| CN103685189A (en) * | 2012-09-17 | 2014-03-26 | 百度在线网络技术(北京)有限公司 | Website security evaluation method and system |
| CN103118028A (en) * | 2013-02-07 | 2013-05-22 | 上海上讯信息技术有限公司 | Method and system for safe scanning based on webpage resolving |
| CN104794193A (en) * | 2015-04-17 | 2015-07-22 | 南京大学 | Webpage increment capture method for valid link acquisition |
| CN104881607A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
| CN104881608A (en) * | 2015-05-21 | 2015-09-02 | 北京工业大学 | XSS vulnerability detection method based on simulating browser behavior |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107347059A (en) * | 2016-05-06 | 2017-11-14 | 腾讯科技(深圳)有限公司 | The method and detection terminal of a kind of Hole Detection |
| CN106161427A (en) * | 2016-06-08 | 2016-11-23 | 北京兰云科技有限公司 | A kind of web page processing method, network analhyzer and http server |
| CN106161427B (en) * | 2016-06-08 | 2020-02-11 | 北京兰云科技有限公司 | Webpage processing method, network analyzer and HTTP server |
| CN106230837A (en) * | 2016-08-04 | 2016-12-14 | 湖南傻蛋科技有限公司 | A kind of WEB vulnerability scanning method supporting Dynamic expansion and scanning device |
| CN106453267A (en) * | 2016-09-21 | 2017-02-22 | 中科信息安全共性技术国家工程研究中心有限公司 | Method for detecting HTTP parameter pollution vulnerability |
| CN107959662B (en) * | 2016-10-18 | 2020-12-01 | 中国电信股份有限公司 | Website security detection method and system |
| CN107959662A (en) * | 2016-10-18 | 2018-04-24 | 中国电信股份有限公司 | The method and system of web portal security detection |
| CN107231364A (en) * | 2017-06-13 | 2017-10-03 | 深信服科技股份有限公司 | A kind of website vulnerability detection method and device, computer installation and storage medium |
| CN107231364B (en) * | 2017-06-13 | 2020-06-09 | 深信服科技股份有限公司 | Website vulnerability detection method and device, computer device and storage medium |
| CN107846407A (en) * | 2017-11-10 | 2018-03-27 | 郑州云海信息技术有限公司 | A kind of method and system of batch detection SSRF leaks |
| CN108573155A (en) * | 2018-04-18 | 2018-09-25 | 北京知道创宇信息技术有限公司 | Detect method, apparatus, electronic equipment and the storage medium of loophole coverage |
| CN108573155B (en) * | 2018-04-18 | 2020-10-16 | 北京知道创宇信息技术股份有限公司 | Method and device for detecting vulnerability influence range, electronic equipment and storage medium |
| CN110399723A (en) * | 2018-06-22 | 2019-11-01 | 腾讯科技(深圳)有限公司 | Leak detection method and device, storage medium and electronic device |
| CN109194670A (en) * | 2018-09-19 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of any file download leak detection method in website |
| CN111523123A (en) * | 2020-04-26 | 2020-08-11 | 北京信息科技大学 | Intelligent website vulnerability detection method |
| CN112003864A (en) * | 2020-08-25 | 2020-11-27 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
| CN112003864B (en) * | 2020-08-25 | 2022-01-14 | 上海聚水潭网络科技有限公司 | Website security detection system and method based on full flow |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105430002A (en) | Vulnerability detection method and device | |
| CN101964025B (en) | XSS detection method and equipment | |
| US8365290B2 (en) | Web application vulnerability scanner | |
| CN103279710B (en) | Method and system for detecting malicious codes of Internet information system | |
| CN104980309A (en) | Website security detecting method and device | |
| CN103297394B (en) | Website security detection method and device | |
| CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
| CN102833258A (en) | Website access method and system | |
| CN110460612A (en) | Safety detecting method, equipment, storage medium and device | |
| CN103023905A (en) | Device, method and system for detecting spamming links | |
| CN104462985A (en) | Detecting method and device of bat loopholes | |
| CN103986731A (en) | Method and device for detecting phishing web pages through picture matching | |
| CN103617390A (en) | Malicious webpage judgment method, device and system | |
| CN105404816A (en) | Content-based vulnerability detection method and device | |
| CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
| CN103036896A (en) | Method and system for testing malicious links | |
| CN105100065B (en) | Webshell attack detection methods, device and gateway based on cloud | |
| CN104679747A (en) | Detection device and method for website redirection | |
| Apruzzese et al. | Spacephish: The evasion-space of adversarial attacks against phishing website detectors using machine learning | |
| Samarasinghe et al. | On cloaking behaviors of malicious websites | |
| Liang et al. | Malicious web pages detection based on abnormal visibility recognition | |
| CN103440454A (en) | Search engine keyword-based active honeypot detection method | |
| CN102917053B (en) | A kind of method, apparatus and system for judging webpage urlrewriting | |
| CN103838865A (en) | Method and device for mining timeliness seed page | |
| Karthik et al. | W3-Scrape-A windows based reconnaissance tool for web application fingerprinting |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160323 |
|
| RJ01 | Rejection of invention patent application after publication |