CN107239401A - A kind of automatic mode of collection system under test (SUT) essential information towards web attack tests - Google Patents
A kind of automatic mode of collection system under test (SUT) essential information towards web attack tests Download PDFInfo
- Publication number
- CN107239401A CN107239401A CN201710434400.7A CN201710434400A CN107239401A CN 107239401 A CN107239401 A CN 107239401A CN 201710434400 A CN201710434400 A CN 201710434400A CN 107239401 A CN107239401 A CN 107239401A
- Authority
- CN
- China
- Prior art keywords
- instrument
- output
- sut
- shell scripts
- collection system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 51
- 238000013515 script Methods 0.000 claims abstract description 33
- 238000000034 method Methods 0.000 claims abstract description 30
- 230000007613 environmental effect Effects 0.000 claims description 9
- 238000005538 encapsulation Methods 0.000 claims description 6
- 230000002708 enhancing effect Effects 0.000 abstract description 2
- 239000002699 waste material Substances 0.000 abstract description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of automatic mode of the collection system under test (SUT) essential information towards web attack tests, following steps are specifically included:1) instrument of different test contents, is bonded using shell, main shell scripts call the shell scripts of different instruments;2) different instrument output files and journal file, are automatically generated respectively;3), according to output file and journal file extracting tool output in focus information or based on instrument output generation focus information;4), according to focus Automatic generation of information comprehensive report;5), with survey product the main shell scripts of entitled parameter call.The present invention can be reduced the time waste of test process, the time accounting of report analysis be improved, so as to improve the intellectual resources method of salary distribution and improve efficiency using the instrument of the different test contents of shell scripts bonding.Compared with commercial automated software, function enhancing is easier, and new tool is supported faster.
Description
Technical field
The present invention relates to technical field of network security, the tested system of specifically a kind of collection towards web attack tests
The automatic mode for essential information of uniting.
Background technology
In network safety filed, the substantial amounts of instrument towards different test contents will be often applied in combination in web attack tests.
The collecting for output of these instruments to using arranges and alternate analysis, will typically manually complete;And test process will come
Switchback changes graphical interfaces or keys in order line command.Also there are some business softwares to provide the function of automated execution, and make
With the layer architecture of GUI layer, logical layer and database layer.Really brought great convenience to attack test personnel;But
The problem of extension is more difficult is brought, such as in the timely support for the new tool constantly released.
The content of the invention
It is an object of the invention to provide a kind of automation of the collection system under test (SUT) essential information towards web attack tests
Method, reduces the intellectual resources occupancy to senior security evaluation personnel, improves the efficiency of attack test, also achieve attack
Process it is unattended.
The technical scheme adopted by the invention to solve the technical problem is that:A kind of collection towards web attack tests is tested
The automatic mode of system essential information, it is characterized in that, specifically include following steps:
1) instrument of different test contents, is bonded using shell, main shell scripts call the shell pin of different instruments
This;
2) different instrument output files and journal file, are automatically generated respectively;
3), according to output file and journal file extracting tool output in focus information or based on instrument export generate
Focus information;
4), according to focus Automatic generation of information comprehensive report;
5), with survey product the main shell scripts of entitled parameter call.
Further, step 1) operation the process that implements include:
11) instrument of different test contents, is packaged into shell scripts;
12) public output file catalogue, is set to environmental variance in main shell scripts;
13) the shell scripts of encapsulation tool, are called successively;
14) the incoming parameter of order line command, is passed through.
Further, the instrument of different test contents includes the different command row option combination and different works of same instrument
Tool.
Further, step 12) public output file catalogue is set to the method for environmental variance and specifically included in operation:
121) OUT_PATH variables, are defined in main shell scripts, it is ensured that catalogue is implicitly present in;
122) OUT_PATH, is set to environmental variance;
123) OUT_ is used in the shell files for the order line command for, starting instrument under comprising Linux command row interface
OATH as output directory a part, so as to reach the purpose of shared output directory.
Further, step 13) operation in call encapsulation tool shell scripts use sh orders.
Further, step 2) output file records the output of each instrument in operation;Journal file records all instruments
Implementation procedure.
Further, step 3) operation in focus information be the row with keyword matched;
The extracting method of focus information is:By grep keywords, the output keyword of safe test tool is matched.
The beneficial effects of the invention are as follows:
The present invention tests the instrument of contents using the bonding of shell scripts towards different, and records script implementation procedure
And the output result of script, closed by the focus information in the output of shell-command extracting tool or based on instrument output generation
Note point information, is finally combed into comprehensive report by focus information.
Automated execution and report flow are built by shell scripts, security evaluation personnel can be substantially reduced in test
Time loss on pilot process, increases input to the energy in interpretation of result and follow-up strategy.Also safety has been descended in accumulation simultaneously
The Knowledge Database experience of test and appraisal.
The present invention can reduce the time waste of test process using the instrument of the different test contents of shell scripts bonding,
The time accounting of report analysis is improved, so as to improve the intellectual resources method of salary distribution and improve efficiency.With commercial automated software
Compare, function enhancing is easier, and new tool is supported faster.
Brief description of the drawings
Fig. 1 is flow chart of the method for the present invention.
Embodiment
For the technical characterstic for illustrating this programme can be understood, below by embodiment, and its accompanying drawing is combined, to this hair
It is bright to be described in detail.Following disclosure provides many different embodiments or example is used for realizing the different knots of the present invention
Structure.In order to simplify disclosure of the invention, hereinafter the part and setting of specific examples are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relation between various embodiments are discussed and/or set.It should be noted that part illustrated in the accompanying drawings is not necessarily to scale
Draw.Present invention omits the description to known assemblies and treatment technology and process to avoid being unnecessarily limiting the present invention.
As shown in figure 1, a kind of automatic mode of collection system under test (SUT) essential information towards web attack tests, will be
The order line command (containing parameter) for starting different instruments under Linux command row interface is respectively written into different shell files, so
The order line command for performing these shell files is write in another shell file (master control file) successively afterwards.So, may be used
To ensure that different instruments are activated and performed successively by the order of design.
Specifically include following steps:
1) instrument of different test contents, is bonded using shell, main shell scripts call the shell pin of different instruments
This;
2) different instrument output files and journal file, are automatically generated respectively;
3), according to output file and journal file extracting tool output in focus information or based on instrument export generate
Focus information;
4), according to focus Automatic generation of information comprehensive report;
5), with survey product the main shell scripts of entitled parameter call.
Master control shell scripts are performed in the form of " sh-x XXX.sh P1 P2 ... " on Linux command row interface.
Step 1) operation the process that implements include:
11) instrument of different test contents, is packaged into shell scripts;
12) public output file catalogue, is set to environmental variance in main shell scripts;
13) the shell scripts of encapsulation tool, are called successively;
14) the incoming parameter of order line command, is passed through.
Different instruments needs incoming different parameter, and such as incoming IP address is:
100.2.92.117 in sh-x nmap.sh 100.2.92.117
sh -x whatweb.sh https://100.2.92.117:Https in 8443://100.2.92.117:
8443。
The instrument of difference test content includes the different command row option combination and different instruments of same instrument.
Step 12) public output file catalogue is set to the method for environmental variance and specifically included in operation:
121) OUT_PATH variables, are defined in main shell scripts, it is ensured that catalogue is implicitly present in;
122) OUT_PATH, is set to environmental variance;
123) OUT_ is used in the shell files for the order line command for, starting instrument under comprising Linux command row interface
OATH as output directory a part, so as to reach the purpose of shared output directory.
Specifically procedure script can be:
OUT_PATH=" $ { base_dir }/$ { datetime }/$ { product_line }/"
mkdir-p${OUT_PATH}
export OUT_PATH
#/bin/sh
TargetIP=$ 1
nmap -n -Pn -A -p1-65535 -oN ${OUT_PATH}_${targetIP}.txt${targetIP}
Step 13) operation in call encapsulation tool shell scripts use sh orders.
Nmap instruments and the whatweb instruments is such as called to be:
sh -x nmap.sh 100.2.92.117>nmap.log 2>&1
sh -x whatweb.sh https://100.2.92.117:8443>whatweb.log 2>&1
Step 2) output file records the output of each instrument in operation;Journal file records the execution of all instruments
Journey.
Step 3) operation in focus information be the row with keyword matched;
The extracting method of focus information is:By grep keywords, the output keyword of safe test tool is matched.
Such as:grep'Summary'whatweb*.txt.
The instrument and its version of the present invention can include nmap 7.01, whatweb 0.4.8-dev, sslscan
1.10.5-static/openssl 1.0.2e-dev、ipmitool、snmpwalk 5.7.2.1、rpcinfo、showmount
1.2.8、smbclient 4.2.10-Debian。
Simply the preferred embodiment of the present invention described above, for those skilled in the art,
Without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications are also regarded as this hair
Bright protection domain.
Claims (7)
1. a kind of automatic mode of collection system under test (SUT) essential information towards web attack tests, it is characterized in that, specifically include
Following steps:
1) instrument of different test contents, is bonded using shell, main shell scripts call the shell scripts of different instruments;
2) different instrument output files and journal file, are automatically generated respectively;
3), according to output file and journal file extracting tool output in focus information or based on instrument output generation concern
Point information;
4), according to focus Automatic generation of information comprehensive report;
5), with survey product the main shell scripts of entitled parameter call.
2. a kind of automation side of collection system under test (SUT) essential information towards web attack tests according to claim 1
Method, it is characterized in that, step 1) operation the process that implements include:
11) instrument of different test contents, is packaged into shell scripts;
12) public output file catalogue, is set to environmental variance in main shell scripts;
13) the shell scripts of encapsulation tool, are called successively;
14) the incoming parameter of order line command, is passed through.
3. a kind of automation side of collection system under test (SUT) essential information towards web attack tests according to claim 2
Method, it is characterized in that, the instrument of difference test content includes the different command row option combination and different instruments of same instrument.
4. a kind of automation side of collection system under test (SUT) essential information towards web attack tests according to claim 2
Method, it is characterized in that, step 12) public output file catalogue is set to the method for environmental variance and specifically included in operation:
121) OUT_PATH variables, are defined in main shell scripts, it is ensured that catalogue is implicitly present in;
122) OUT_PATH, is set to environmental variance;
123) OUT_OATH is used in the shell files for the order line command for, starting instrument under comprising Linux command row interface
As a part for output directory, so as to reach the purpose of shared output directory.
5. a kind of automation side of collection system under test (SUT) essential information towards web attack tests according to claim 3
Method, it is characterized in that, step 13) operation in call encapsulation tool shell scripts use sh orders.
6. a kind of automation side of collection system under test (SUT) essential information towards web attack tests according to claim 1
Method, it is characterized in that, step 2) output file records the output of each instrument in operation;Journal file records the execution of all instruments
Process.
7. a kind of automation side of collection system under test (SUT) essential information towards web attack tests according to claim 1
Method, it is characterized in that, step 3) operation in focus information be the row with keyword matched;
The extracting method of focus information is:By grep keywords, the output keyword of safe test tool is matched.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710434400.7A CN107239401B (en) | 2017-06-09 | 2017-06-09 | Web attack test-oriented automatic method for collecting basic information of tested system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710434400.7A CN107239401B (en) | 2017-06-09 | 2017-06-09 | Web attack test-oriented automatic method for collecting basic information of tested system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107239401A true CN107239401A (en) | 2017-10-10 |
CN107239401B CN107239401B (en) | 2020-09-22 |
Family
ID=59986089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710434400.7A Active CN107239401B (en) | 2017-06-09 | 2017-06-09 | Web attack test-oriented automatic method for collecting basic information of tested system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107239401B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212362A (en) * | 2006-12-26 | 2008-07-02 | 中兴通讯股份有限公司 | Automatic testing device and method incorporating a variety of testing tools |
CN103412815A (en) * | 2013-08-12 | 2013-11-27 | 浪潮电子信息产业股份有限公司 | RMC software automated testing method mainly based on expect tool |
US20150261517A1 (en) * | 2012-06-29 | 2015-09-17 | Emc Corporation | Environment-driven application deployment in a virtual infrastructure |
CN106649003A (en) * | 2016-09-21 | 2017-05-10 | 郑州云海信息技术有限公司 | Method for automatically testing network card performance based on netperf |
-
2017
- 2017-06-09 CN CN201710434400.7A patent/CN107239401B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212362A (en) * | 2006-12-26 | 2008-07-02 | 中兴通讯股份有限公司 | Automatic testing device and method incorporating a variety of testing tools |
US20150261517A1 (en) * | 2012-06-29 | 2015-09-17 | Emc Corporation | Environment-driven application deployment in a virtual infrastructure |
CN103412815A (en) * | 2013-08-12 | 2013-11-27 | 浪潮电子信息产业股份有限公司 | RMC software automated testing method mainly based on expect tool |
CN106649003A (en) * | 2016-09-21 | 2017-05-10 | 郑州云海信息技术有限公司 | Method for automatically testing network card performance based on netperf |
Also Published As
Publication number | Publication date |
---|---|
CN107239401B (en) | 2020-09-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11176030B2 (en) | Conducting automated software testing using centralized controller and distributed test host servers | |
US20090199096A1 (en) | Automated gui test recording/playback | |
US8108234B2 (en) | System and method for deriving business processes | |
CN106874207A (en) | The automated testing method and device of a kind of web page | |
CN103729294A (en) | Method and device for testing performance script of application software | |
US20180329808A1 (en) | Conducting Automated Software Testing Using Centralized Controller And Distributed Test Host Servers | |
Appelbaum et al. | An introduction to data analysis for auditors and accountants | |
CN114281680B (en) | Web automatic testing method and system | |
CN111130922A (en) | Airborne information safety automatic test method and test platform | |
CN106534242A (en) | Processing method and device for requests in distributed system | |
CN114356785B (en) | Data processing method and device, electronic equipment and storage medium | |
CN105404580A (en) | Distributed pressure test system and method | |
CN108647147A (en) | It is a kind of to execute automatic test machine people and its application method using atlas analysis | |
Leno et al. | Robidium: automated synthesis of robotic process automation scripts from UI logs | |
CN107509072A (en) | A kind of automated testing method of automatic Memory test path | |
CN106484613A (en) | A kind of interface automated test frame based on fitnese | |
CN113961570A (en) | Real-time acquisition method applied to MYSQL BINLog change data | |
CN107832176A (en) | Hard disk pressure automatic test approach and system under a kind of Windows | |
CN106649102A (en) | Graphical interface program testing log record and replay method based on hook function | |
CN107239401A (en) | A kind of automatic mode of collection system under test (SUT) essential information towards web attack tests | |
CN113656109A (en) | Security control calling method, device, equipment and storage medium | |
CN109741780A (en) | A kind of method and its system based on linux system test SSD performance | |
CN102647419B (en) | Security policy online detection system facing to terminal computers | |
Sali et al. | Ram forensics: The analysis and extraction of malicious processes from memory image using gui based memory forensic toolkit | |
KR20200018966A (en) | Method and apparatus for processing cyber threat information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200825 Address after: 215100 No. 1 Guanpu Road, Guoxiang Street, Wuzhong Economic Development Zone, Suzhou City, Jiangsu Province Applicant after: SUZHOU LANGCHAO INTELLIGENT TECHNOLOGY Co.,Ltd. Address before: 450018 Henan province Zheng Dong New District of Zhengzhou City Xinyi Road No. 278 16 floor room 1601 Applicant before: ZHENGZHOU YUNHAI INFORMATION TECHNOLOGY Co.,Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |