CN106411855A - Vulnerability directory search method and apparatus - Google Patents

Vulnerability directory search method and apparatus Download PDF

Info

Publication number
CN106411855A
CN106411855A CN201610806383.0A CN201610806383A CN106411855A CN 106411855 A CN106411855 A CN 106411855A CN 201610806383 A CN201610806383 A CN 201610806383A CN 106411855 A CN106411855 A CN 106411855A
Authority
CN
China
Prior art keywords
targeted website
directory
website
data base
catalogue
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610806383.0A
Other languages
Chinese (zh)
Other versions
CN106411855B (en
Inventor
郭燕慧
孙博文
张淼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201610806383.0A priority Critical patent/CN106411855B/en
Publication of CN106411855A publication Critical patent/CN106411855A/en
Application granted granted Critical
Publication of CN106411855B publication Critical patent/CN106411855B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection

Abstract

The invention provides a vulnerability directory search method and apparatus. The method comprises the following steps: scanning a target website, and acquiring characteristic parameters of the target website when a content management system of the target website is determined as a non open source system; acquiring a website topological graph of the target website, and inquiring directory database subsets matched with the website topological graph in a pre-established directory database; screening the directory database subsets according to the characteristic parameters of the target website to acquire at least one directory database subset satisfying the characteristic parameters; and generating a directory dictionary according to the at least one directory database subset, and carrying out directory scanning on the directory dictionary to search vulnerability directories in the directory dictionary. According to the vulnerability directory search method and apparatus provided by the invention, the directory database subsets are screened from the directory database according to the website topological graph and the characteristic parameters of the target website to generate the directory dictionary, and the directory scanning is performed on the directory dictionary to search vulnerability directories in the directory dictionary, thereby improving the vulnerability directory search efficiency.

Description

A kind of vulnerability directory search method and device
Technical field
The present invention relates to computer and field of information security technology, in particular to a kind of vulnerability directory search side Method and device.
Background technology
With developing rapidly of WWW (WEB) technology, the application of WEB is increasingly popularized, and the thing followed is asked safely Topic also becomes increasingly conspicuous, and the attack of WEB catalogue is also occurred repeatedly, and directory scan is attacked and can be obtained by attacking directory web site Take website backstage, the sensitive information such as upload interface, thus lead to website to be had a strong impact on.
Catalogue in order to prevent website is attacked, and needs website is detected, finds the vulnerability catalogue of website, in time The modification network architecture, guarding website safety.It is mostly to enter column catalogue to website by the way of catalogue iteration to sweep in prior art Retouch, will the catalogue data in site databases be scanned one by one, thus searching the vulnerability catalogue of website, as such, it is desirable to Carry out substantial amounts of scanning work, and wherein the work of substantial amounts of directory scan is all to repeat and useless, the efficiency of scanning and speed Very low, that is, efficiency and the speed of searching vulnerability catalogue are very low.
Content of the invention
In view of this, the purpose of the embodiment of the present invention is to provide a kind of vulnerability directory search method and device, to solve Certainly search in prior art that vulnerability inventory work amount is big and the efficiency searched and the very low problem of speed.
In a first aspect, embodiments providing a kind of vulnerability directory search method, wherein, methods described includes:
Targeted website is scanned, when the Content Management System determining described targeted website is non-open source system, obtains Take the characteristic parameter of described targeted website, described characteristic parameter includes the web site architecture of described targeted website, script, network Interconnection protocol address and domain name;
Obtain the network station Topol of described targeted website, inquire about in the catalog data base pre-building and open up with described website Flutter the catalog data base subset of figure coupling;
According to the characteristic parameter of described targeted website, described catalog data base subset is screened, obtain and described mesh At least one catalog data base subset that the characteristic parameter of mark website is consistent;
Generate the catalog directory of described targeted website according at least one catalog data base subset described, to described catalogue word Allusion quotation carries out directory scan, searches the vulnerability catalogue in described catalog directory.
In conjunction with a first aspect, embodiments providing the first possible implementation of above-mentioned first aspect, its In, when the Content Management System determining described targeted website is open source system, directory scan is carried out to described targeted website, looks into Look for the vulnerability catalogue of described targeted website.
In conjunction with a first aspect, the possible implementation of the second that embodiments provides above-mentioned first aspect, its In, before the network station Topol of the described targeted website of described acquisition, also include:
Set TCP parameter, TCP is carried out to described targeted website according to described TCP parameter, determine Whether the corresponding port of described TCP parameter opens, and described TCP parameter includes port numbers, the institute of scanning scanned State the network interconnection protocol address of targeted website and the thread of scanning;
When determining the corresponding open-ended of described TCP parameter, inquiry and described end from described catalog data base The corresponding catalog data base subset of mouth, carries out directory scan to described catalog data base subset, searches described targeted website Vulnerability catalogue.
In conjunction with the possible implementation of the second of first aspect, embodiments provide the of above-mentioned first aspect Three kinds of possible implementations, wherein, described carry out TCP according to described TCP parameter to described targeted website, really Whether the fixed corresponding port of described TCP parameter opens, including:
According to the TCP parameter setting, initiate socket request to described targeted website;
According to the response condition of described targeted website, determine whether port corresponding with described TCP parameter opens.
In conjunction with a first aspect, embodiments providing the 4th kind of possible implementation of above-mentioned first aspect, its In, described targeted website is scanned, including:
Set up a web site fingerprint recognition instrument based on model of client/server;
Using described website fingerprint identification facility, described targeted website is scanned.
In conjunction with a first aspect, embodiments providing the 5th kind of possible implementation of above-mentioned first aspect, its In, the described network station Topol obtaining described targeted website, including:
Determine the reptile strategy of described targeted website, the catalogue of described targeted website that described reptile strategy includes crawling is deep Degree and the catalogue range preferentially crawling described targeted website;
Obtain the network station Topol of described targeted website according to described reptile strategy.
Second aspect, embodiments provides a kind of vulnerability directory search device, wherein, described device includes:
First scan module, for being scanned to targeted website, when the Content Management System determining described targeted website During for non-open source system, obtain the characteristic parameter of described targeted website, described characteristic parameter includes the website of described targeted website Framework, script, network interconnection protocol address and domain name;
Enquiry module, for obtaining the network station Topol of described targeted website, looks in the catalog data base pre-building Ask the catalog data base subset mated with described network station Topol;
Screening module, for the characteristic parameter according to described targeted website, screens to described catalog data base subset, Obtain at least one the catalog data base subset being consistent with the characteristic parameter of described targeted website;
First directory scan module, for generating described targeted website according at least one catalog data base subset described Catalog directory, carries out directory scan to described catalog directory, searches the vulnerability catalogue in described catalog directory.
In conjunction with second aspect, embodiments provide the first possible implementation of above-mentioned second aspect, its In, described device also includes:
Second scan module, for setting TCP parameter, according to described TCP parameter to described targeted website Carry out TCP, determine whether the corresponding port of described TCP parameter opens, described TCP parameter includes scanning Port numbers, scanning the network interconnection protocol address of described targeted website and the thread of scanning;
Second directory scan module, for when determining the corresponding open-ended of described TCP parameter, from described mesh Inquire about the catalog data base subset corresponding with described port in record data base, column catalogue is entered to described catalog data base subset and sweeps Retouch, search the vulnerability catalogue of described targeted website.
In conjunction with the first possible implementation of second aspect, embodiments provide the of above-mentioned second aspect Two kinds of possible implementations, wherein, described second scan module includes:
Request unit, for according to the TCP parameter setting, initiating socket request to described targeted website;
First determining unit, for the response condition according to described targeted website, determines and described TCP parameter pair Whether the port answered opens.
In conjunction with second aspect, embodiments provide the third possible implementation of above-mentioned second aspect, its In, described enquiry module includes:
Second determining unit, for determining the reptile strategy of described targeted website, described reptile strategy includes the institute crawling The directories deep stating targeted website and the catalogue range preferentially crawling described targeted website;
Acquiring unit, for obtaining the network station Topol of described targeted website according to described reptile strategy.
Vulnerability directory search method and device provided in an embodiment of the present invention, the network station Topol according to targeted website and Characteristic parameter, screens the catalog data base being consistent with network station Topol and the characteristic parameter of targeted website from catalog data base Subset generates the catalog directory of this targeted website, and carries out directory scan to this catalog directory, searches crisp in this catalog directory Weak property catalogue, so, decreases the workload of directory scan, improves efficiency and the speed of vulnerability directory search.
For enabling the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate Appended accompanying drawing, is described in detail below.
Brief description
In order to be illustrated more clearly that the technical scheme of the embodiment of the present invention, below will be attached to use required in embodiment Figure is briefly described it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, and it is right to be therefore not construed as The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this A little accompanying drawings obtain other related accompanying drawings.
The flow chart that Fig. 1 shows the vulnerability directory search method that the embodiment of the present invention 1 is provided;
Fig. 2 shows the structural representation of the vulnerability directory search device that the embodiment of the present invention 2 is provided.
Specific embodiment
Purpose, technical scheme and advantage for making the embodiment of the present invention are clearer, below in conjunction with the embodiment of the present invention Middle accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described it is clear that described embodiment only It is a part of embodiment of the present invention, rather than whole embodiments.The present invention generally described and illustrated in accompanying drawing herein is real The assembly applying example can be arranged with various different configurations and design.Therefore, below to the present invention's providing in the accompanying drawings The detailed description of embodiment is not intended to limit the scope of claimed invention, but is merely representative of the selected reality of the present invention Apply example.Based on embodiments of the invention, the institute that those skilled in the art are obtained on the premise of not making creative work There is other embodiment, broadly fall into the scope of protection of the invention.
In view of in prior art, the catalogue in order to prevent website is attacked, and needs website is detected, finds website Vulnerability catalogue, change web site architecture, guarding website safety, is mostly to net by the way of catalogue iteration in prior art Station carries out directory scan, the catalogue data in directory web site data base will be scanned one by one, searches the vulnerability mesh of website Record, so, the workload of scanning is very big, and substantial amounts of scanning work is all to repeat and useless, the efficiency of scanning and speed Very low, that is, the efficiency of vulnerability directory search and speed are very low.Based on this, embodiments provide a kind of vulnerability catalogue Lookup method and device, are described below by embodiment.
Embodiment 1
Embodiments provide a kind of vulnerability directory search method, search the fragility of targeted website using the method Property catalogue when, the network station Topol according to targeted website and characteristic parameter, screening and this network station Topol from catalog data base The catalog data base subset being consistent with characteristic parameter, and generate catalog directory, this catalog directory is carried out with directory scan, searches Vulnerability catalogue in this catalog directory, decreases the workload of directory scan, there is provided the efficiency of vulnerability directory search and Speed.
As shown in figure 1, when searching the vulnerability catalogue of website using method provided in an embodiment of the present invention, specifically including step Rapid S110-S140.
S110, is scanned to targeted website, as the Content Management System (Content determining targeted website Management System, CMS) for non-open source system when, obtain the characteristic parameter of targeted website, this feature parameter includes mesh The web site architecture of mark website, script, network interconnection agreement (Internet Protocol, IP) address and domain name.
Targeted website is scanned including:Net is set up based on client/server (Client/Server, C/S) model Fingerprint recognition of standing (WhatWeb) instrument;Using website fingerprint identification facility, targeted website is scanned.
In embodiments of the present invention, WhatWeb scanning tools are set up based on C/S model, this WhatWeb instrument is to increase income WhatWeb, when being scanned to targeted website using WhatWeb, can open WhatWeb service, on linux by target Website and WhatWeb service are connected by long-range, using WhatWeb, targeted website is scanned, targeted website is being carried out May determine that whether the CMS of this targeted website is the CMS that increases income during WhatWeb scanning.
When the CMS determining above-mentioned targeted website is to increase income CMS, this targeted website is carried out with directory scan, searching should The vulnerability catalogue of targeted website.
Above-mentioned when directory scan is carried out to targeted website, can be using based on HTTP (Hypertext Transfer protocol, HTTP) answer code directory scan techniques, that is, to targeted website send HTTP request, targeted website After receiving HTTP request, answer code information can be returned, target network be may determine that according to the answer code information that targeted website returns Stand and whether deposit Current Scan catalogue, and the address of Current Scan catalogue.
Web site architecture, the script language of targeted website also can be obtained during targeted website is carried out with WhatWeb scanning Speech, IP address and these characteristic parameters of domain name, therefore, when the CMS determining above-mentioned targeted website be non-increase income CMS when, then need The features described above parameter of targeted website to be obtained.
After WhatWeb scanning is carried out to targeted website, TCP can also be carried out to targeted website, carry out port and sweep The detailed process retouched includes:Set TCP parameter, TCP is carried out according to TCP parameters on target website, determine Whether the corresponding port of TCP parameter opens, and this TCP parameter includes port numbers, the targeted website of scanning scanned IP address and scanning thread;When determine TCP parameter corresponding open-ended when, from catalog data base inquiry with The corresponding catalog data base subset in this port, carries out directory scan to this catalog data base subset, searches the crisp of directory site Weak property catalogue.
In embodiments of the present invention, when TCP is carried out to targeted website it is thus necessary to determine that website service known to some Whether corresponding port opens, such as, HTTP service, file transfer protocol (FTP) (File Transfer Protocol, FTP) clothes The corresponding port of business, TFTP (Trivial File Transfer Protocol, TFTP) service etc. exists Whether open it is necessary first to the corresponding port numbers of known website service are determined according to port information data base on targeted website, Store the corresponding port numbers of various service in port information data base, such as, the corresponding port numbers of HTTP service are 80/ The corresponding port numbers of tcp, FTP service are 21/tcp etc., by corresponding for this service port numbers, the IP address of targeted website and Scanning thread be defined as TCP parameter, according on this TCP parameter scanning targeted website with this TCP parameter Corresponding port, thus judge whether this port opens.
The detailed process of scanning includes:According to the TCP parameter setting, initiate socket to targeted website (Socket) ask;According to the response condition of targeted website, determine whether open with this corresponding port of TCP parameter.
In embodiments of the present invention, carry out TCP to targeted website to use based on transmission control protocol The port responses scan mode of (Transmission Control Protocol, TCP) agreement, joins when setting TCP After number, according to the TCP parameter setting, initiate Socket request to targeted website, according to the response condition of website, determine Go out whether this corresponding port of TCP parameter opens, if this corresponding open-ended of TCP parameter, from catalogue This open port corresponding catalog data base subset is inquired about, to this catalog data base by the way of http response in data base Collection carries out directory scan, searches the vulnerability catalogue in this catalog data base subset, the vulnerability in this catalog data base subset Catalogue is exactly this targeted website corresponding vulnerability catalogue.
When determining that the corresponding port of above-mentioned TCP parameter does not open, then execute subsequent step.
Above-mentioned first TCP can be carried out to targeted website, then WhatWeb scanning is carried out to targeted website it is also possible to elder generation WhatWeb scanning is carried out to targeted website, then TCP is carried out to targeted website, the embodiment of the present invention does not limit above-mentioned two Plant the particular order of scanning, it is of course also possible to only TCP be carried out to targeted website, or only targeted website is carried out WhatWeb scans.
S120, obtain targeted website network station Topol (Sitemap), in the catalog data base pre-building inquiry with The catalog data base subset that this Sitemap matches.
The Sitemap of above-mentioned acquisition targeted website, including:Determine the reptile strategy of targeted website, this reptile strategy includes The directories deep of the targeted website crawling and the catalogue range preferentially crawling targeted website;Target is obtained according to above-mentioned reptile strategy The network station Topol of website.
In embodiments of the present invention, using the Sitemap of web crawlers technical limit spacing targeted website, adopting web crawlers Before the Sitemap of technical limit spacing targeted website, the network architecture of targeted website can be analyzed, determine targeted website Directories deep, the directories deep of targeted website is defined as the depth crawling, or, can according to actual needs, by crawl Directories deep is set as fixed numbers, such as, the directories deep crawling is set as 8, it is, of course, also possible to be other numerical value, The embodiment of the present invention does not limit the concrete numerical value of the above-mentioned directories deep crawling, in addition to this it is possible to setting is preferentially carried out Catalogue breadth first search, certainly, above-mentioned reptile strategy can also include other and crawl condition, and above-mentioned reptile strategy can be according to reality Needs are configured, and the embodiment of the present invention does not limit the particular content of above-mentioned reptile strategy.
During crawling targeted website, according to the reptile strategy of above-mentioned determination, using width first traversal (Breadth-First-Search, BFS) and depth-priority-searching method (Depth-First-Search, DFS) travel through targeted website On each child node, obtain the Sitemap of this targeted website.
Wherein, be stored with the above-mentioned catalog data base pre-building the catalogue data of multiple websites, the mesh of each website Record data corresponds to a catalog data base subset, or can also be that a class website corresponds to a catalog data base subset, such as Say, script identical website corresponds to a catalog data base subset, the embodiment of the present invention does not limit catalog data base The corresponding relation of the catalogue data of collection and website.
After obtaining the Sitemap of targeted website, inquiry and this Sitemap phase in the catalog data base pre-building The catalog data base subset of coupling, detailed process includes:Using regular expression by the Sitemap of targeted website obtaining and mesh Each catalog data base subset in record data base is mated, and obtains the catalogue matching with the Sitemap of this targeted website Database subset.
Or, the catalog data base subset in catalog data base can also be converted into directory tree structure, using Cnut- Mo Lisi-Alexandre Desplat (The Knuth-Morris-Pratt Algorithm, KMP) pattern matching algorithm is by described targeted website Sitemap and catalog data base in directory tree structure carry out node matching, choose and targeted website in catalog data base Sitemap similarity be more than or equal to preset value directory tree structure, by corresponding for this directory tree structure catalogue data Storehouse subset is defined as the catalog data base subset matching with the Sitemap of targeted website.
Wherein, above-mentioned preset value is the numerical value pre-setting, when the node of the directory tree structure in catalog data base When being more than or equal to this numerical value with the similarity of the node of the Sitemap of targeted website, then be judged as this directory tree structure with This targeted website is same or like, and corresponding for this directory tree structure directory tree subset is defined as matching with this targeted website Catalog data base subset, above-mentioned preset value can be configured according to practical situation, and the embodiment of the present invention does not limit above-mentioned The concrete numerical value of preset value.
The node of the directory tree structure in above-mentioned catalog data base is referred to the similarity of the node of the Sitemap of targeted website Be the node consistent with the node of the Sitemap of targeted website and total node ratio.
Such as, the catalogue table structure mated with targeted website is three-level catalogue, and first order catalogue is a node, Second level catalogue is two nodes, and each node of second level catalogue has three nodes in third level catalogue, and target The Sitemap of website there is also three-level catalogue, and first order catalogue is a node, and second level catalogue is two nodes, and second Each node of level catalogue there is also three nodes in third level catalogue, at this moment it can be determined that being this directory tree structure and mesh Mark website Sitemap identical, certainly, above-mentioned be merely illustrative the detailed process being compared, if above-mentioned directory tree knot Structure is not identical with the node of the Sitemap of targeted website, but there is the difference of any it is also possible to be judged as this mesh Record tree construction is same or like with targeted website, is judged as that same or like actual conditions can enter according to practical situation Row setting, the embodiment of the present invention does not limit and is judged as same or like actual conditions.
It is, of course, also possible to the catalogue data matching with this Sitemap is inquired about in catalog data base by additive method Storehouse subset, the embodiment of the present invention does not limit the concrete grammar of above-mentioned inquiry.
S130, according to the characteristic parameter of targeted website, screens to catalog data base subset, obtains and above-mentioned target network At least one catalog data base subset that the characteristic parameter stood is consistent.
Obtain the characteristic parameter of targeted website in above-mentioned S110, inquired in S120 and targeted website The catalog data base subset that Sitemap matches, next, according to the characteristic parameter of the targeted website obtaining in S110, to step The catalog data base subset obtaining in rapid S120 is screened, and obtains the catalogue data being consistent with the characteristic parameter of targeted website Storehouse subset.
The concrete mistake that target database subset is screened will be introduced below taking the script in characteristic parameter as a example Journey, such as, the script of targeted website is hypertext pretreatment language (Hypertext Preprocessor, PHP), then The catalog data base subset that script is PHP is filtered out from above-mentioned catalog data base subset.
Afterwards, further according to the web site architecture in the characteristic parameter of targeted website, IP address and domain name respectively to meeting target The catalog data base subset of the script of website is screened, and finally, obtains being consistent with the characteristic parameter of targeted website One or more catalog data base subsets.
S140, generates the catalog directory of targeted website, to this catalogue word according at least one catalog data base subset above-mentioned Allusion quotation carries out directory scan, searches the vulnerability catalogue in catalog directory.
In embodiments of the present invention, by least one catalogue data after the screening of the above-mentioned characteristic parameter according to targeted website Storehouse subset forms the catalog directory of this targeted website, using the directory scan techniques based on http response code, this catalog directory is entered Column catalogue scans, and when carrying out directory scan, typically passes through to set answer code, to this catalog directory by the way of http response Initiate the request of catalogue iteration, search the vulnerability catalogue in this catalog directory, the vulnerability catalogue in this catalog directory i.e. this mesh Vulnerability catalogue in mark website, after finding the vulnerability catalogue of this targeted website, then can show this vulnerability catalogue Address, is adjusted to the framework of this targeted website afterwards, to improve the safety of this targeted website.
Wherein, when carrying out directory scan using the directory scan techniques based on http response code it is necessary first to set mesh The parameters such as the IP address of mark website, the total number of threads carrying out directory scan, the time-out time of scanning, answer code, initiate afterwards HTTP catalogue iteration is asked, and carries out directory scan, and records the state of directory scan, returns the directory address scanning, and shows Show.
If not finding the vulnerability catalogue of targeted website by the way, then suitably relax this targeted website Catalog directory choose condition, such as, the catalogue number that inquiry and the Sitemap of targeted website match in catalog data base During according to storehouse subset, can will determine that the preset value of similarity is turned down, it is, of course, also possible to by some characteristic parameters of targeted website Suitably relax, or reduce the comparison of some characteristic parameters.
Afterwards, the catalog directory of the targeted website obtaining after to the selection condition suitably relaxing catalog directory enters column catalogue Scanning, searches the vulnerability catalogue in this catalog directory, the vulnerability catalogue in this catalog directory finding is then this target The vulnerability catalogue of website.
Vulnerability directory search method provided in an embodiment of the present invention, the network station Topol according to targeted website and feature ginseng Number, screens the catalog data base subset life being consistent with network station Topol and the characteristic parameter of targeted website from catalog data base Become the catalog directory of this targeted website, and directory scan is carried out to this catalog directory, search the vulnerability mesh in this catalog directory Record, so, decreases the workload of directory scan, improves efficiency and the speed of vulnerability directory search.
Embodiment 2
Embodiments provide a kind of vulnerability directory search device, as shown in Fig. 2 provided in an embodiment of the present invention Device includes the first scan module 210, enquiry module 220, screening module 230 and the first directory scan module 240;
Above-mentioned first scan module 210, for being scanned to targeted website, when the CMS determining targeted website is to increase income During CMS, obtain the characteristic parameter of targeted website, this feature parameter includes the web site architecture of targeted website, script, IP address And domain name;
Above-mentioned enquiry module 220, for obtaining the Sitemap of targeted website, looks in the catalog data base pre-building Ask the catalog data base subset mated with Sitemap;
Above-mentioned screening module 230, for the characteristic parameter according to targeted website, screens to catalog data base subset, Obtain at least one the catalog data base subset being consistent with the characteristic parameter of targeted website;
Above-mentioned first directory scan module 240, for generating targeted website according at least one catalog data base subset Catalog directory, carries out directory scan to catalog directory, searches the vulnerability catalogue in catalog directory.
Wherein, in embodiments of the present invention in the Sitemap that enquiry module 220 is obtained with targeted website, pre-building Catalog data base in inquire about before the catalog data base subset mated with Sitemap in addition it is also necessary to port is carried out to targeted website Scanning, carries out to targeted website passing through what the second scan module and the second directory scan module were realized during TCP, concrete wraps Include:
Above-mentioned second scan module, for setting TCP parameter, is carried out according to TCP parameters on target website TCP, determines whether the corresponding port of TCP parameter opens, above-mentioned TCP parameter include port port numbers, The IP address of targeted website of scanning and the thread of scanning;Above-mentioned second directory scan module, for when determination TCP ginseng During the corresponding open-ended of number, inquire about the catalog data base subset corresponding with above-mentioned port from catalog data base, to catalogue Database subset carries out directory scan, searches the vulnerability catalogue of above-mentioned targeted website.
Wherein, above-mentioned second scan module carries out TCP according to TCP parameters on target website, determines port Whether the corresponding port of sweep parameter opens, and is to be realized by request unit and the first determining unit, specifically includes:
Above-mentioned request unit, for according to the TCP parameter setting, initiating Socket request to targeted website;Above-mentioned First determining unit, for the response condition according to targeted website, determines whether port corresponding with TCP parameter opens.
Wherein, above-mentioned enquiry module 220 obtains the network station Topol of targeted website, is by the second determining unit and acquisition Unit is realized, and specifically includes:
Above-mentioned second determining unit, for determining the reptile strategy of targeted website, this reptile strategy includes the target crawling The directories deep of website and the catalogue range preferentially crawling targeted website;Above-mentioned acquiring unit, for obtaining according to reptile strategy The network station Topol of targeted website.
In embodiments of the present invention, using the Sitemap of web crawlers technical limit spacing targeted website, adopting web crawlers Before the Sitemap of technical limit spacing targeted website, the network architecture of targeted website can be analyzed, determine targeted website Directories deep, the directories deep of targeted website is defined as the depth crawling, or, can according to actual needs, by crawl Directories deep is set as fixed numbers, such as, the directories deep crawling is set as 8, it is, of course, also possible to be other numerical value, The embodiment of the present invention does not limit the concrete numerical value of the above-mentioned directories deep crawling, in addition to this it is possible to setting is preferentially carried out Catalogue breadth first search, certainly, above-mentioned reptile strategy can also include other and crawl condition, and above-mentioned reptile strategy can be according to reality Needs are configured, and the embodiment of the present invention does not limit the particular content of above-mentioned reptile strategy.
During crawling targeted website, according to the reptile strategy of above-mentioned determination, using width first traversal (Breadth-First-Search, BFS) and depth-priority-searching method (Depth-First-Search, DFS) travel through targeted website On each child node, obtain the Sitemap of this targeted website.
Vulnerability directory search device provided in an embodiment of the present invention, the network station Topol according to targeted website and feature ginseng Number, screens the catalog data base subset life being consistent with network station Topol and the characteristic parameter of targeted website from catalog data base Become the catalog directory of this targeted website, and directory scan is carried out to this catalog directory, search the vulnerability mesh in this catalog directory Record, so, decreases the workload of directory scan, improves efficiency and the speed of vulnerability directory search.
The vulnerability directory search device that the embodiment of the present invention is provided can be the specific hardware on equipment or installation Software on equipment or firmware etc..The device that the embodiment of the present invention is provided, its realize the technique effect of principle and generation and Preceding method embodiment is identical, and for briefly describing, device embodiment part does not refer to part, refers in preceding method embodiment Corresponding contents.Those skilled in the art can be understood that, for convenience and simplicity of description, described above is The specific work process of system, device and unit, all may be referred to the corresponding process in said method embodiment, here is no longer superfluous State.
It should be understood that disclosed apparatus and method in embodiment provided by the present invention, other sides can be passed through Formula is realized.Device embodiment described above is only that schematically for example, the division of described unit, only one kind are patrolled Volume function divides, and actual can have other dividing mode when realizing, and for example, multiple units or assembly can in conjunction with or can To be integrated into another system, or some features can be ignored, or does not execute.Another, shown or discussed each other Coupling or direct-coupling or communication connection can be by some communication interfaces, the INDIRECT COUPLING of device or unit or communication link Connect, can be electrical, mechanical or other forms.
The described unit illustrating as separating component can be or may not be physically separate, show as unit The part showing can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.The mesh to realize this embodiment scheme for some or all of unit therein can be selected according to the actual needs 's.
In addition, each functional unit in the embodiment that the present invention provides can be integrated in a processing unit, also may be used To be that unit is individually physically present it is also possible to two or more units are integrated in a unit.
If described function realized using in the form of SFU software functional unit and as independent production marketing or use when, permissible It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words Partly being embodied in the form of software product of part that prior art is contributed or this technical scheme, this meter Calculation machine software product is stored in a storage medium, including some instructions with so that a computer equipment (can be individual People's computer, server, or network equipment etc.) execution each embodiment methods described of the present invention all or part of step. And aforesaid storage medium includes:USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory), random access memory are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
It should be noted that:Similar label and letter represent similar terms in following accompanying drawing, therefore, once a certain Xiang Yi It is defined in individual accompanying drawing, then do not need it to be defined further and explains in subsequent accompanying drawing, additionally, term " the One ", " second ", " the 3rd " etc. are only used for distinguishing description, and it is not intended that indicating or hint relative importance.
Finally it should be noted that:The specific embodiment of embodiment described above, the only present invention, in order to illustrate the present invention Technical scheme, be not intended to limit, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this Bright be described in detail, it will be understood by those within the art that:Any those familiar with the art The invention discloses technical scope in, it still can be modified to the technical scheme described in previous embodiment or can be light It is readily conceivable that change, or equivalent is carried out to wherein some technical characteristics;And these modifications, change or replacement, do not make The essence of appropriate technical solution departs from the spirit and scope of embodiment of the present invention technical scheme.The protection in the present invention all should be covered Within the scope of.Therefore, protection scope of the present invention should be defined by described scope of the claims.

Claims (10)

1. a kind of vulnerability directory search method is it is characterised in that methods described includes:
Targeted website is scanned, when the Content Management System determining described targeted website is non-open source system, obtains institute State the characteristic parameter of targeted website, described characteristic parameter includes the web site architecture of described targeted website, script, the network interconnection Protocol address and domain name;
Obtain the network station Topol of described targeted website, inquiry and described network station Topol in the catalog data base pre-building The catalog data base subset of coupling;
According to the characteristic parameter of described targeted website, described catalog data base subset is screened, obtain and described target network At least one catalog data base subset that the characteristic parameter stood is consistent;
Generate the catalog directory of described targeted website according at least one catalog data base subset described, described catalog directory is entered Column catalogue scans, and searches the vulnerability catalogue in described catalog directory.
2. method according to claim 1 is it is characterised in that work as the Content Management System determining described targeted website for opening During origin system, described targeted website is carried out with directory scan, search the vulnerability catalogue of described targeted website.
3. method according to claim 1 it is characterised in that the described targeted website of described acquisition network station Topol it Before, also include:
Set TCP parameter, TCP is carried out according to described TCP parameter to described targeted website, determine described Whether the corresponding port of TCP parameter opens, and described TCP parameter includes port numbers, the described mesh of scanning scanning The mark network interconnection protocol address of website and the thread of scanning;
When determining the corresponding open-ended of described TCP parameter, inquiry and described port phase from described catalog data base Corresponding catalog data base subset, carries out directory scan to described catalog data base subset, searches the fragility of described targeted website Property catalogue.
4. method according to claim 3 it is characterised in that described according to described TCP parameter to described target network Station carries out TCP, determines whether the corresponding port of described TCP parameter opens, including:
According to the TCP parameter setting, initiate socket request to described targeted website;
According to the response condition of described targeted website, determine whether port corresponding with described TCP parameter opens.
5. method according to claim 1 is it is characterised in that described be scanned to targeted website, including:
Set up a web site fingerprint recognition instrument based on model of client/server;
Using described website fingerprint identification facility, described targeted website is scanned.
6. method according to claim 1, it is characterised in that the network station Topol of the described targeted website of described acquisition, is wrapped Include:
Determine the reptile strategy of described targeted website, described reptile strategy include the directories deep of described targeted website crawling and Preferentially crawl the catalogue range of described targeted website;
Obtain the network station Topol of described targeted website according to described reptile strategy.
7. a kind of vulnerability directory search device is it is characterised in that described device includes:
First scan module, for being scanned to targeted website, when the Content Management System determining described targeted website is non- During open source system, obtain described targeted website characteristic parameter, described characteristic parameter include described targeted website web site architecture, Script, network interconnection protocol address and domain name;
Enquiry module, for obtaining the network station Topol of described targeted website, in the catalog data base pre-building inquiry with The catalog data base subset of described network station Topol coupling;
Screening module, for the characteristic parameter according to described targeted website, screens to described catalog data base subset, obtains At least one the catalog data base subset being consistent with the characteristic parameter of described targeted website;
First directory scan module, for generating the catalogue of described targeted website according at least one catalog data base subset described Dictionary, carries out directory scan to described catalog directory, searches the vulnerability catalogue in described catalog directory.
8. device according to claim 7 is it is characterised in that described device also includes:
Second scan module, for setting TCP parameter, is carried out to described targeted website according to described TCP parameter TCP, determines whether the corresponding port of described TCP parameter opens, and described TCP parameter includes the end scanned Slogan, the network interconnection protocol address of described targeted website of scanning and the thread of scanning;
Second directory scan module, for when determining the corresponding open-ended of described TCP parameter, from described catalogue number Inquire about the catalog data base subset corresponding with described port according in storehouse, directory scan carried out to described catalog data base subset, Search the vulnerability catalogue of described targeted website.
9. device according to claim 8 is it is characterised in that described second scan module includes:
Request unit, for according to the TCP parameter setting, initiating socket request to described targeted website;
First determining unit, for the response condition according to described targeted website, determines corresponding with described TCP parameter Whether port opens.
10. device according to claim 7 is it is characterised in that described enquiry module includes:
Second determining unit, for determining the reptile strategy of described targeted website, described reptile strategy includes the described mesh crawling The directories deep of mark website and the catalogue range preferentially crawling described targeted website;
Acquiring unit, for obtaining the network station Topol of described targeted website according to described reptile strategy.
CN201610806383.0A 2016-09-06 2016-09-06 A kind of fragility directory search method and device Active CN106411855B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610806383.0A CN106411855B (en) 2016-09-06 2016-09-06 A kind of fragility directory search method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610806383.0A CN106411855B (en) 2016-09-06 2016-09-06 A kind of fragility directory search method and device

Publications (2)

Publication Number Publication Date
CN106411855A true CN106411855A (en) 2017-02-15
CN106411855B CN106411855B (en) 2019-03-05

Family

ID=57998590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610806383.0A Active CN106411855B (en) 2016-09-06 2016-09-06 A kind of fragility directory search method and device

Country Status (1)

Country Link
CN (1) CN106411855B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667766A (en) * 2017-03-28 2018-10-16 腾讯科技(深圳)有限公司 File detection method and file detection device
CN109547294A (en) * 2018-12-27 2019-03-29 中国人民解放军国防科技大学 A kind of networked devices model detection method, device based on firmware analysis

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101017458A (en) * 2007-03-02 2007-08-15 北京邮电大学 Software safety code analyzer based on static analysis of source code and testing method therefor
US20080028065A1 (en) * 2006-07-26 2008-01-31 Nt Objectives, Inc. Application threat modeling
CN103428219A (en) * 2013-08-25 2013-12-04 金华比奇网络技术有限公司 Web vulnerability scanning method based on webpage template matching
CN105337776A (en) * 2015-11-19 2016-02-17 北京金山安全软件有限公司 Method and device for generating website fingerprint and electronic equipment
CN105553917A (en) * 2014-10-28 2016-05-04 腾讯科技(深圳)有限公司 Detection method and system of webpage bugs

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080028065A1 (en) * 2006-07-26 2008-01-31 Nt Objectives, Inc. Application threat modeling
CN101017458A (en) * 2007-03-02 2007-08-15 北京邮电大学 Software safety code analyzer based on static analysis of source code and testing method therefor
CN103428219A (en) * 2013-08-25 2013-12-04 金华比奇网络技术有限公司 Web vulnerability scanning method based on webpage template matching
CN105553917A (en) * 2014-10-28 2016-05-04 腾讯科技(深圳)有限公司 Detection method and system of webpage bugs
CN105337776A (en) * 2015-11-19 2016-02-17 北京金山安全软件有限公司 Method and device for generating website fingerprint and electronic equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108667766A (en) * 2017-03-28 2018-10-16 腾讯科技(深圳)有限公司 File detection method and file detection device
CN108667766B (en) * 2017-03-28 2020-08-14 腾讯科技(深圳)有限公司 File detection method and file detection device
CN109547294A (en) * 2018-12-27 2019-03-29 中国人民解放军国防科技大学 A kind of networked devices model detection method, device based on firmware analysis

Also Published As

Publication number Publication date
CN106411855B (en) 2019-03-05

Similar Documents

Publication Publication Date Title
US7774380B2 (en) Technique for finding rest resources using an n-ary tree structure navigated using a collision free progressive hash
AU2009246750B2 (en) Fingerprint representation using gradient histograms
US20190020683A1 (en) Automatic generation of low-interaction honeypots
US8335750B1 (en) Associative pattern memory with vertical sensors, amplitude sampling, adjacent hashes and fuzzy hashes
CN106411855A (en) Vulnerability directory search method and apparatus
CN106888280A (en) DNS update methods, apparatus and system
CN106874768A (en) The method and device of penetration testing
CN107347076A (en) The detection method and device of SSRF leaks
CN110557382A (en) Malicious domain name detection method and system by utilizing domain name co-occurrence relation
CN107426148B (en) Crawler-resisting method and system based on running environment feature recognition
CN109600382A (en) Webshell detection method and device, HMM model training method and device
CN103685237B (en) Improve the method and device of website vulnerability scanning speed
Makkar et al. Fs2rnn: Feature selection scheme for web spam detection using recurrent neural networks
CN107784228A (en) SQL injection attack detection and device
CN103927325A (en) URL (uniform resource locator) classifying method and device
CN107807976A (en) IP attribution inquiry methods and device
CN109561163A (en) The generation method and device of uniform resource locator rewriting rule
CN102902820B (en) The recognition methods of type of database and device
CN111368163A (en) Crawler data identification method, system and equipment
CN105262730B (en) Monitoring method and device based on enterprise domain name safety
CN106161352A (en) A kind of matching process and client, server and matching unit
CN109376291B (en) Website fingerprint information scanning method and device based on web crawler
CN108768982A (en) Detection method, device, computing device and the computer storage media of fishing website
CN109101657A (en) Multiple level marketing referrer website identification method, device and equipment
KR20180088655A (en) A method for detecting web tracking services

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
GR01 Patent grant