CN107181768A - A kind of leak detection method of server system - Google Patents
A kind of leak detection method of server system Download PDFInfo
- Publication number
- CN107181768A CN107181768A CN201710618368.8A CN201710618368A CN107181768A CN 107181768 A CN107181768 A CN 107181768A CN 201710618368 A CN201710618368 A CN 201710618368A CN 107181768 A CN107181768 A CN 107181768A
- Authority
- CN
- China
- Prior art keywords
- server
- measured
- leak
- detection method
- leak detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The present invention provides a kind of leak detection method of server system, and the method comprising the steps of:(1) Window systems local side receives the log-on message of user's input, passes through TCP session Telnet Linux test platforms;(2) Window systems local side is successively read server address to be measured in server list file to be measured, often reads a server address to be measured, then a Linux test platform is logged in, then in test platform perform detection order;(3) Window systems local side collects testing result, and testing result is compared with leak unique mark, if testing result contains leaky unique mark, then it represents that server to be measured is leaky.The batch scanning Hole Detection of server to be measured can be realized by the present invention, and testing result is accurate;Other this method can be run under Windows, facilitate easy-to-use.
Description
Technical field
The present invention relates to system detectio field, more particularly, to a kind of leak detection method of server system.
Background technology
In order to ensure system safety, server generally can all carry out Hole Detection, for example:
1st, OpenSSL gift Hole Detections initiated into monkhood:
Order:openssl s_client–connect(ip/dnsname):443-cipher RC4 (command interpretations:Profit
The mode encrypted with Openssl connect orders with RC4 is attempted to carry out TCP three-way handshake with tested server);
More than input order under linux, ip represents to be detected the ip addresses of server, and dnsname represents to be detected clothes
The domain name of business device.If certificate information can be viewed, then be exactly the presence of risk leak;If display
Sslv3alerthandshake failure, represent server without this leak.
2nd, OpenSSL Freak Hole Detections:
Order:openssl s_client-connect(ip/dnsname):443-cipher EXPORT (command interpretations:
The mode encrypted using Openssl connect orders with EXPORT is attempted to carry out TCP three-way handshake with tested server);
More than input order under linux, ip represents to be detected the ip addresses of server, and dnsname represents to be detected clothes
The domain name of business device.If certificate information can be viewed, then be exactly the presence of risk leak;If display
Sslv3alerthandshake failure, represent server without this leak.
However, the following shortcoming that foregoing two kinds of Hole Detections can be present:
1st, it can only log under linux system with order detection;
2nd, OpenSSL Hole Detections are unable to batch detection, for N number of server, can only manually enter n times order and be examined
Survey;
3rd, testing result is not directly perceived, it is necessary to which whether manual identified has leak, if server is more, easily occurs artificial
Mistake.
The content of the invention
It is an object of the invention to:There is provided a kind of Hole Detection of server system for the problem of existing for prior art
Method, solve existing leak detection method operation inconvenience, efficiency it is low, it is error-prone the problem of.
The goal of the invention of the present invention is achieved through the following technical solutions:
A kind of leak detection method of server system, the method comprising the steps of:
(1) Window systems local side receives the log-on message of user's input, is surveyed by TCP session Telnets Linux
Try platform;
(2) Window systems local side is successively read server address to be measured in server list file to be measured, often reads
One server address to be measured, then log in a Linux test platform, then in test platform perform detection order;
(3) Window systems local side collects testing result, and testing result is compared with leak unique mark, if detection
As a result leaky unique mark is contained, then it represents that server to be measured is leaky.
As further technical scheme, the log-on message includes Linux test platforms IP, user name and logged in close
Code.
As further technical scheme, it is by calling that Window systems local side, which logs in Linux test platforms,
Python paramico modules are completed.
As further technical scheme, after step (1) is completed, server list file to be measured is checked for,
Current Graphics interface is loaded into if there is then directly opening and reading, if there is no then newly-built one server row to be measured
List file and read be loaded into current Graphics interface.
As further technical scheme, user edits server list to be measured and protected in server list file to be measured
Save as txt file.
As further technical scheme, leak unique mark by server to be measured it is leaky with without leak compare difference
Field.
As further technical scheme, the inspection result of server to be measured is shown on current Graphics interface.
Compared with prior art, the present invention has advantages below:
1st, the batch scanning Hole Detection of server to be measured can be realized by the present invention;
2nd, testing result is accurate;
3rd, this method can be run under Windows, facilitate easy-to-use.
Brief description of the drawings
Fig. 1 is system architecture figure of the invention.
Embodiment
The present invention is described in detail with specific embodiment below in conjunction with the accompanying drawings.
Embodiment
The present invention provides a kind of leak detection method of server system, this method be mainly used in OpenSSL gifts initiated into monkhood and
Freak Hole Detections, the method comprising the steps of:
(1) Window systems local side receives the log-on message of user's input, is surveyed by TCP session Telnets Linux
Try platform.This step is specific as follows:
When Windows runs this program, system can call Python paramico modules (existing module), utilize user
IP, user name, the password of offer, by TCP session telnet Linux test platforms, (this step is Python paramico
Module is completed, and user need to only provide IP, user name, cryptographic parameter).
(2) Window systems local side is successively read server address to be measured in server list file to be measured, often reads
One server address to be measured, then log in a Linux test platform, then in test platform perform detection order.This step
It is specific as follows:
Program can check that (listing file is program in initialization to current directory with the presence or absence of server list file to be measured
When, by detecting that current directory whether there is the file of file name, read if there is then directly opening, if there is no
Then a newly-built file name and read), if there is being then loaded into current Graphics interface, if without server to be measured row
List file is then loaded into current Graphics interface after establishment file.User can edit server list to be measured and be stored in txt
In file (storage and display need the server address tested, and down-stream can be by row reading service device IP address), Yong Huke
To input the IP address of multiple servers to be measured in list.When performing scanning, program can call a paramico to log in
Linux test platforms, then in test platform perform detection order, the order during sense command used in existing artificial detection.
(3) Window systems local side collects testing result, and testing result is compared with leak unique mark, if detection
As a result leaky unique mark is contained, then it represents that server to be measured is leaky.This step is specific as follows:
Collect testing result, by testing result and leak unique mark (unique mark can oneself setting, as long as have leakage
Hole with just can be so that it is that " Server certificate " input openssl s_ to obtain here without the different field of leak
client–connect(ip/dnsname):443-cipher RC4/EXPORT are obtained, and if the two leaks, all can
The field is printed, if the not field, then it represents that set up connection failure, no leak) compare, will after optimizing detection result
As a result current screen is returned to, user can intuitively check whether destination server there is OpenSSL gifts initiated into monkhood and Freak to leak
Hole.
When specifically used of the invention, module frame as shown in Figure 1 need to be built, wherein:
Paramico modules are used to log in Linux test platforms;
Leak mark nucleus module is used to store leak unique mark;
GUI module is used to carry out man-machine interaction.
Following functions can be realized by the present invention:
1st, realize under Window, run this program, input detection platform IP, user name, password are that leak can be achieved
One key scanning, is operated without logging under Linux community face.
2nd, the Hole Detection of multiple destination servers can be realized, Hole Detection efficiency is significantly lifted.
3rd, Programmable detection leak attribute field is utilized, it is ensured that Hole Detection reliable results.
4th, scanning result is very clear by directly being shown after optimization.
Explanation of nouns:
Leak:Leak be hardware, software, agreement implement or System Security Policy present on defect so that
Attacker can be enable to be accessed in the case of unauthorized or destruction system.It is restricted computer, component, application program
Or the unprotected entrance left unintentionally of other online dictionaries.
OpenSSL:OpenSecureSocketsLayer (Open Security socket layer protocol) OpenSSL is one powerful
Security socket layer cryptographic libraries, include main cryptographic algorithm, conventional key and certificate encapsulation manager function and SSL association
Discuss, and abundant application program is provided and used for test or other purposes.
OpenSSL gift leaks initiated into monkhood:The attack carried out to the consistency weak key of RC4 AESs, i.e. " gift initiated into monkhood " are attacked
Hit (Bar Mitzvah Attack).Attacked by " gift initiated into monkhood ", attacker only can be monitored by sniff in certain circumstances
The plain text in the encryption information protected using RC4 can be just reduced, causes the important sensitivity such as account, password, credit card information
Information exposes, and the abduction that can be conversated by go-between (Man-in-the-middle).
OpenSSL Freak leaks:In s3_clnt.c files in OpenSSL storehouses, ssl3_get_key_exchange
Function, it is allowed to which client initiates RSA-to-EXPORT_RSA downgrade attacks to SSL service end using a weak RSA key,
Brute Force is carried out with this, service end key is obtained.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, it is noted that all
Any modifications, equivalent substitutions and improvements made within the spirit and principles in the present invention etc., should be included in the guarantor of the present invention
Within the scope of shield.
Claims (7)
1. a kind of leak detection method of server system, it is characterised in that the method comprising the steps of:
(1) Window systems local side receives the log-on message of user's input, tests flat by TCP session Telnets Linux
Platform;
(2) Window systems local side is successively read server address to be measured in server list file to be measured, often reads one
Server address to be measured, then log in a Linux test platform, then in test platform perform detection order;
(3) Window systems local side collects testing result, testing result is compared with leak unique mark, if testing result
Containing leaky unique mark, then it represents that server to be measured is leaky.
2. a kind of leak detection method of server system according to claim 1, it is characterised in that the log-on message
Including Linux test platforms IP, user name and login password.
3. a kind of leak detection method of server system according to claim 1, it is characterised in that Window system sheets
It is by calling Python paramico modules to complete that ground terminal, which logs in Linux test platforms,.
4. the leak detection method of a kind of server system according to claim 1, it is characterised in that complete step
(1) after, server list file to be measured is checked for, current Graphics are loaded into if there is then directly opening and reading
Interface, if there is no then newly-built one server list file to be measured and read be loaded into current Graphics interface.
5. the leak detection method of a kind of server system according to claim 4, it is characterised in that user is in clothes to be measured
Server list to be measured is edited in business device listing file and saves as txt file.
6. a kind of leak detection method of server system according to claim 1, it is characterised in that leak unique mark
It is leaky for server to be measured with different fields are compared without leak.
7. the leak detection method of a kind of server system according to claim 1, it is characterised in that by server to be measured
Inspection result shown on current Graphics interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710618368.8A CN107181768A (en) | 2017-07-26 | 2017-07-26 | A kind of leak detection method of server system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710618368.8A CN107181768A (en) | 2017-07-26 | 2017-07-26 | A kind of leak detection method of server system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107181768A true CN107181768A (en) | 2017-09-19 |
Family
ID=59837465
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710618368.8A Withdrawn CN107181768A (en) | 2017-07-26 | 2017-07-26 | A kind of leak detection method of server system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107181768A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109302433A (en) * | 2018-12-17 | 2019-02-01 | 深信服科技股份有限公司 | Detection method, device, equipment and the storage medium of remote command execution loophole |
| CN109948334A (en) * | 2019-03-26 | 2019-06-28 | 深信服科技股份有限公司 | A kind of leak detection method, system and electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
| CN102082659A (en) * | 2009-12-01 | 2011-06-01 | 厦门市美亚柏科信息股份有限公司 | Vulnerability scanning system oriented to safety assessment and processing method thereof |
-
2017
- 2017-07-26 CN CN201710618368.8A patent/CN107181768A/en not_active Withdrawn
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6513122B1 (en) * | 2001-06-29 | 2003-01-28 | Networks Associates Technology, Inc. | Secure gateway for analyzing textual content to identify a harmful impact on computer systems with known vulnerabilities |
| CN102082659A (en) * | 2009-12-01 | 2011-06-01 | 厦门市美亚柏科信息股份有限公司 | Vulnerability scanning system oriented to safety assessment and processing method thereof |
Non-Patent Citations (2)
| Title |
|---|
| 服务器之家: "python openssl tcp OpenSSL漏洞扫描", 《HTTP://WWW.FUWUQIZHIJIA.COM/JIAOCHENG/201704/3748463.HTML》 * |
| 陈衍鹏: "基于Linux操作系统的批量管理工具", 《微型电脑应用》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109302433A (en) * | 2018-12-17 | 2019-02-01 | 深信服科技股份有限公司 | Detection method, device, equipment and the storage medium of remote command execution loophole |
| CN109302433B (en) * | 2018-12-17 | 2021-05-04 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for detecting remote command execution vulnerability |
| CN109948334A (en) * | 2019-03-26 | 2019-06-28 | 深信服科技股份有限公司 | A kind of leak detection method, system and electronic equipment and storage medium |
| CN109948334B (en) * | 2019-03-26 | 2024-02-23 | 深信服科技股份有限公司 | Vulnerability detection method and system, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109525558B (en) | Data leakage detection method, system, device and storage medium | |
| McLaughlin et al. | Multi-vendor penetration testing in the advanced metering infrastructure | |
| CN108809951A (en) | A kind of penetration testing frame suitable for industrial control system | |
| Khera et al. | Analysis and impact of vulnerability assessment and penetration testing | |
| CN109660502A (en) | Detection method, device, equipment and the storage medium of abnormal behaviour | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| KR20090121579A (en) | System for checking vulnerabilities of servers and method thereof | |
| CN111783096B (en) | Method and device for detecting security hole | |
| CN113315767B (en) | Electric power internet of things equipment safety detection system and method | |
| CN108989355A (en) | A kind of leak detection method and device | |
| CN112131057B (en) | AI test method, client and system of network security equipment | |
| CN106559419A (en) | The application and identification method and identification terminal of short message verification code | |
| Raghuvanshi et al. | An investigation on detection of vulnerabilities in Internet of Things | |
| CN111884989A (en) | Vulnerability detection method and system for power web system | |
| CN101127645A (en) | An integrity check method for remote network service | |
| CN107181768A (en) | A kind of leak detection method of server system | |
| CN108965251A (en) | A kind of safe mobile phone guard system that cloud combines | |
| CN110505116A (en) | Power information acquisition system and penetration test method, device, readable storage medium storing program for executing | |
| CN113987508A (en) | Vulnerability processing method, device, equipment and medium | |
| CN107392033A (en) | A kind of Android device Permeation Test System and its automation penetration testing method | |
| CN111800427B (en) | Internet of things equipment evaluation method, device and system | |
| CN206195821U (en) | Industry control network security detection device | |
| CN112118241B (en) | Audit penetration testing method, testing node server, management server and system | |
| CN113868670A (en) | Vulnerability detection flow inspection method and system | |
| Choi et al. | Two-step hierarchical scheme for detecting detoured attacks to the web server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170919 |