CN107392031A - The scan method and device of leak - Google Patents

The scan method and device of leak Download PDF

Info

Publication number
CN107392031A
CN107392031A CN201710664116.9A CN201710664116A CN107392031A CN 107392031 A CN107392031 A CN 107392031A CN 201710664116 A CN201710664116 A CN 201710664116A CN 107392031 A CN107392031 A CN 107392031A
Authority
CN
China
Prior art keywords
assets
address information
information
access request
leak
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710664116.9A
Other languages
Chinese (zh)
Inventor
罗跃
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN201710664116.9A priority Critical patent/CN107392031A/en
Publication of CN107392031A publication Critical patent/CN107392031A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a kind of scan method of leak and device, it is related to the technical field of vulnerability scanning, this method is applied to detector, and detector is arranged between terminal device and server, and this method includes:Detector obtains the vulnerability scanning being scanned to the leak of the assets request that user sends, wherein, vulnerability scanning asks the name information for including assets;Detector reads the address information of assets according to name information, wherein, address information is to be in advance based on the address information that the history access information of user is established, and history access information includes the name information and address information for the assets that history accesses;Detector pushes address information to the vulnerability scanners of assets, so that vulnerability scanners carry out vulnerability scanning to assets.Existing human cost higher technical problem when the present invention alleviates traditional vulnerability scanners scanning leak.

Description

The scan method and device of leak
Technical field
The present invention relates to Vulnerability-scanning technology field, more particularly, to the scan method and device of a kind of leak.
Background technology
Security of network and information technology has gone through development for many years, nowadays, for the vulnerability scanning of networked asset Technology becomes the primary study object of information security field.
The general scanning process of the vulnerability scanners of existing networked asset is:
Step 1:The storage address of assets title to be scanned and assets to be scanned is manually set in vulnerability scanners, Then scanning sign on is issued to vulnerability scanners.
Step 2:Vulnerability scanners pass through default procotol and storage address according to the storage address of scanning assets Corresponding equipment is established the link, and vulnerability scanning is carried out to assets.
Step 3:Scanner feedback carries out the scanning result of vulnerability scanning to assets.
Above-mentioned vulnerability scanners need the artificial storage address for actively setting assets title to be scanned and assets to be scanned, To initiate vulnerability scanning operation, there is the higher technical problem of human cost.
The content of the invention
In view of this, it is an object of the invention to provide a kind of method and device of vulnerability scanning, to alleviate traditional leakage Existing human cost higher technical problem during the scanner scanning leak of hole.
In a first aspect, the embodiments of the invention provide a kind of scan method of leak, applied to detector, the detector Between terminal device and server, methods described includes:
The detector obtains the vulnerability scanning being scanned to the leak of the assets request that user sends, wherein, it is described Vulnerability scanning asks the name information for including the assets;
The detector reads the address information of the assets according to the name information, wherein, the address information is The address information that the history access information of the user is established is in advance based on, the history access information includes the money that history accesses The name information and address information of production;
The detector pushes the address information to the vulnerability scanners of the assets, so as to the vulnerability scanners pair The assets carry out vulnerability scanning.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the first of first aspect, wherein, Before obtaining the vulnerability scanning being scanned to the leak of the assets request that user sends, methods described includes:
When the user accesses any one assets by the terminal device, the ground of any one assets is obtained Location information;
The name information of the address information of any one assets and any one assets is accordingly stored in In the memory of the detector.
With reference to first aspect, the first may obtain embodiment, and the embodiments of the invention provide second of first aspect Possible embodiment, wherein, when the user accesses any one assets by terminal device, obtain it is described any one The address information of assets, including:
When the user accesses any one assets by the terminal device, the detector obtains the terminal and set The access request that preparation is sent;
According to the access request, it is determined that the communication protocol of the access request is transmitted, wherein, the communication protocol is institute State the agreement that the access request is transmitted between terminal device and the server;
The communication protocol is parsed, obtains the data format of the access request;
Based on the data format, address information is inquired about in the access request.
With reference to second of possible embodiment of first aspect, the embodiments of the invention provide the third of first aspect Possible embodiment, wherein, by the address information of any one assets and the name information of any one assets Accordingly it is stored in the memory of the detector, including:
After inquiry obtains the address information of any one assets in the access request, to the memory The middle caching address information.
With reference in a first aspect, the embodiments of the invention provide the possible embodiment of the 4th of first aspect kind, wherein, institute Stating address information includes:
Store the server address of the assets or the URL of the assets.
Second aspect, the embodiment of the present invention also provide a kind of scanning means of leak, and described device is arranged on terminal device Between server, described device includes:
First acquisition module, for obtaining the vulnerability scanning being scanned to the leak of the assets request of user's transmission, its In, the vulnerability scanning request includes the name information of the assets;
Read module, for according to the name information, reading the address information of the assets, wherein, the address letter Cease to be in advance based on the address information of the history access information of user foundation, the history access information accesses including history Assets name information and address information;
Pushing module, for pushing the address information to the vulnerability scanners of the assets, so as to the vulnerability scanning Device carries out vulnerability scanning to the assets.
With reference to second aspect, the embodiments of the invention provide the possible embodiment of the first of second aspect, wherein, institute Stating device includes:
Second acquisition module, for asking it in the vulnerability scanning being scanned to the leak of assets for obtaining user's transmission Before, when the user accesses any one assets by the terminal device, obtain the address letter of any one assets Breath;
Memory module, for by the name information of the address information of any one assets and any one assets Accordingly it is stored in the memory of described device.
With reference to the first possible embodiment of second aspect, the embodiments of the invention provide second of second aspect Possible embodiment, wherein, second acquisition module includes:
Acquiring unit, for when the user accesses any one assets by the terminal device, obtaining the end The access request that end equipment is sent;
Determining unit, for according to the access request, it is determined that the communication protocol of the access request is transmitted, wherein, institute State the agreement that communication protocol transmits the access request between the terminal device and the server;
Resolution unit, for being parsed to the communication protocol, obtain the data format of the access request;
Query unit, for based on the data format, address information to be inquired about in the access request.
With reference to second of possible embodiment of second aspect, the embodiments of the invention provide the third of second aspect Possible embodiment, wherein, the memory module is used for:
After inquiry obtains the address information of any one assets in the access request, to the memory The middle caching address information.
With reference to second aspect, the embodiments of the invention provide the possible embodiment of the 4th of second aspect kind, wherein, institute Stating address information includes:
Store the server address of the assets or the URL of the assets.
The embodiment of the present invention brings following beneficial effect:The scan method of this kind of leak includes obtaining what user sent The vulnerability scanning request being scanned to the leak of assets, the name information of the assets in being asked according to vulnerability scanning read assets Address information, then to assets vulnerability scanners push address information, so as to vulnerability scanners to assets carry out leak sweep Retouch, wherein, address information is to be in advance based on the address information that the history access information of user is established, and inputs ground without user Location information, existing human cost higher technical problem when alleviating traditional vulnerability scanners scanning leak.
Other features and advantages of the present invention will illustrate in the following description, also, partly become from specification Obtain it is clear that or being understood by implementing the present invention.The purpose of the present invention and other advantages are in specification, claims And specifically noted structure is realized and obtained in accompanying drawing.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate Appended accompanying drawing, is described in detail below.
Brief description of the drawings
, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical scheme of the prior art The required accompanying drawing used is briefly described in embodiment or description of the prior art, it should be apparent that, in describing below Accompanying drawing is some embodiments of the present invention, for those of ordinary skill in the art, before creative work is not paid Put, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of flow chart of the scan method for leak that the embodiment of the present invention one provides;
Fig. 2 is the flow chart of the scan method for another leak that the embodiment of the present invention one provides;
Fig. 3 is a kind of structured flowchart of the scan method for leak that the embodiment of the present invention two provides;
Fig. 4 is the structured flowchart of the scan method for another leak that the embodiment of the present invention two provides;
Fig. 5 is the structured flowchart for the second acquisition module that the embodiment of the present invention two provides.
Icon:The acquisition modules of 100- second;101- acquiring units;102- determining units;103- resolution units;104- is inquired about Unit;200- memory modules;The acquisition modules of 300- first;400- read modules;500- pushing modules.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with accompanying drawing to the present invention Technical scheme be clearly and completely described, it is clear that described embodiment is part of the embodiment of the present invention, rather than Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creative work premise Lower obtained every other embodiment, belongs to the scope of protection of the invention.
Vulnerability scanners need the artificial storage address for actively setting assets title to be scanned and assets to be scanned at present To initiate vulnerability scanning operation, there is the higher technical problem of human cost.Based on this, a kind of leakage provided in an embodiment of the present invention The scan method and device in hole, existing human cost higher technology when can alleviate traditional vulnerability scanners scanning leak Problem.
Embodiment one
A kind of scan method of leak provided in an embodiment of the present invention, as shown in figure 1, it is applied to detector, detector peace Between terminal device and server, the scan method of this kind of leak includes:
Step S103, detector obtain the vulnerability scanning being scanned to the leak of the assets request that user sends, wherein, Vulnerability scanning asks the name information for including assets.
Step S104, detector read the address information of assets according to name information, wherein, address information is advance base In user history access information establish address information, history access information include history access assets name information and Address information.
Step S105, detector pushes address information to the vulnerability scanners of assets, so that vulnerability scanners are entered to assets Row vulnerability scanning.
It should be noted that detector is arranged between terminal device and server, refer to that terminal device is able to access that spy Device is surveyed, and detector can access server.Wherein, terminal device includes the subscriber's main station that user uses, and server includes depositing Store up the assets main frame of assets.Further, detector can be deployed on any main frame that subscriber's main station is able to access that, can also portion Affix one's name on subscriber's main station or assets main frame on.
In embodiments of the present invention, the scan method of this kind of leak include obtain user send the leak to assets enter The vulnerability scanning request of row scanning, the name information of the assets in being asked according to vulnerability scanning read the address information of assets, so The vulnerability scanners push address information of backward assets, so that vulnerability scanners carry out vulnerability scanning to assets, wherein, address letter Cease to be in advance based on the address information of the history access information of user foundation, without user's input address information, alleviate Existing human cost higher technical problem when traditional vulnerability scanners scan leak.
In one optional embodiment of the embodiment of the present invention, as shown in Fig. 2 obtaining the leakage to assets of user's transmission Before the vulnerability scanning request that hole is scanned, the scan method of leak, including:
Step S101, when user accesses any one assets by terminal device, obtain the address of any one assets Information.
Step S102, the name information of the address information of any one assets and any one assets is accordingly stored in In the memory of detector.
In the embodiment of the present invention, when user accesses any one assets by terminal device, any one assets is obtained Address information so that the address information and name information for all assets that user is accessed by terminal device all accordingly store In the memory of detector, i.e. to user by terminal device access any one assets process carried out analysis and Filtering, can not find during vulnerability scanning or indiscoverable assets so as to be advantageous to obtain traditional scanner.
In another optional embodiment of the embodiment of the present invention, any one assets is accessed by terminal device in user When, the address information of any one assets is obtained, including:
When user accesses any one assets by terminal device, detector obtains the access that terminal device is sent please Ask.
Specifically, when user accesses any one assets by terminal device, user sends one section by terminal device Data message, to represent that user operates to assets, the data message in the embodiment of the present invention is to pass through a kind of communication protocols The data message that view is transmitted during being communicated, thus, contained in data message corresponding to corresponding communication protocol Formatted data.
In addition, user is not limited to real operating personnel, any equipment in the side of user role one should also contain.
According to access request, it is determined that the communication protocol of access request is transmitted, wherein, communication protocol is terminal device and service The agreement of access request is transmitted between device.
Specifically, the data message in access request is parsed, determines to transmit the communication protocol of access request.
Communication protocol is parsed, obtains the data format of access request;
Based on data format, address information is inquired about in access request.
Exemplified by carrying out vulnerability scanning to WEB assets, terminal device have sent the access request for accessing WEB assets, detection After device can carry out SSL (Secure Sockets Layer, abbreviation SSL) decryption to access request, to access request In data message parsed, it is then determined that going out WEB http protocols, further, the access request of WEB http protocols is entered Row decoding, filters to the data message of access request, extracts the address information of assets of concern.
Specifically, such as user initiates to access https in terminal device by browser://www.dbapp.com/ During WEB assets corresponding to admin/login.php, after detector receives such linking request, SSL decryption is carried out, then Decrypt http protocol and deposit the address information of the assets main frame of WEB assets.Next, detector and assets main frame are led to Letter, assets main frame make corresponding response and push https to detector://www.dbapp.com/admin/login.php Corresponding assets, detector is after the work such as the encryption in communication, coding by https://www.dbapp.com/ Assets corresponding to admin/login.php are pushed to terminal device.Above-mentioned WEB assets are scanned in follow-up vulnerability scanners When, the communication channel information between terminal device and the assets main frame of storage WEB assets is pushed to vulnerability scanners by detector, Be advantageous to the convenience that vulnerability scanners carry out vulnerability scanning to WEB assets.
In another optional embodiment of the embodiment of the present invention, by the address information of any one assets and any one The name information of assets is accordingly stored in the memory of detector, including:
After inquiry obtains the address information of any one assets in access request, into memory, buffer address is believed Breath.
Specifically, into memory after buffer address information, memory is persistently stored to address information, and memory can It is each in order to access to set general SDK (Software Development Kit, abbreviation SDK) interface The vulnerability scanners of kind of isomery, the assets for making vulnerability scanners corresponding to the address information that has in memory carry out leak and swept Retouch.
In another optional embodiment of the embodiment of the present invention, address information includes:
Store the server address of assets or the URL of assets.
Specifically, address information can be the server address of such as 192.168.54.200 forms, or such as https:URL (the Uniform of the resource of //www.dbapp.com/admin/login.php forms Resource Locator, abbreviation URL).
Embodiment two
The scanning means of a kind of leak provided in an embodiment of the present invention, as shown in figure 3, the scanning means of leak is arranged on eventually Between end equipment and server, the scanning means of leak includes:
First acquisition module 300, for obtaining the vulnerability scanning being scanned to the leak of the assets request of user's transmission, Wherein, vulnerability scanning request includes the name information of assets;
Read module 400, for according to name information, reading the address information of assets, wherein, address information is advance base In user history access information establish address information, history access information include history access assets name information and Address information;
Pushing module 500, for pushing address information to the vulnerability scanners of assets, so that vulnerability scanners are entered to assets Row vulnerability scanning.
In embodiments of the present invention, the first acquisition module 300 obtains what the leak to assets that user sends was scanned Vulnerability scanning ask, read module 400 asked according to vulnerability scanning in assets name information read assets address information, Then pushing module 500 pushes address information to the vulnerability scanners of assets, is swept so that vulnerability scanners carry out leak to assets Retouch, wherein, address information is to be in advance based on the address information that the history access information of user is established, so as to which the scanning of the leak fills Put existing human cost higher skill when without user's input address information, alleviating traditional vulnerability scanners scanning leak Art problem.
In another optional embodiment of the embodiment of the present invention, as shown in figure 4, the scanning means of leak also includes:
Second acquisition module 100, for being asked in the vulnerability scanning being scanned to the leak of assets for obtaining user's transmission Before asking, when user accesses any one assets by terminal device, the address information of any one assets is obtained;
Memory module 200, for the address information of any one assets is corresponding with the name information of any one assets Ground is stored in the memory of device.
Another optional embodiment of the embodiment of the present invention, as shown in figure 5, the second acquisition module 100 includes:
Acquiring unit 101, sent for when user accesses any one assets by terminal device, obtaining terminal device Access request;
Determining unit 102, for according to access request, it is determined that the communication protocol of transmission access request, wherein, communication protocol The agreement of access request is transmitted between terminal device and server;
Resolution unit 103, for being parsed to communication protocol, obtain the data format of access request;
Query unit 104, for based on data format, address information to be inquired about in access request.
In another optional embodiment of the embodiment of the present invention, memory module 200 is used for:
After inquiry obtains the address information of any one assets in access request, into memory, buffer address is believed Breath.
In another optional embodiment of the embodiment of the present invention, address information includes:
Store the server address of assets or the URL of assets.
The scan method for the leak that the embodiment of the present invention is provided and the computer program product of device, including store journey The computer-readable recording medium of sequence code, the instruction that described program code includes can be used for performing institute in previous methods embodiment The method stated, specific implementation can be found in embodiment of the method, will not be repeated here.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description With the specific work process of device, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In addition, in the description of the embodiment of the present invention, unless otherwise clearly defined and limited, term " installation ", " phase Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected;Can To be mechanical connection or electrical connection;Can be joined directly together, can also be indirectly connected by intermediary, Ke Yishi The connection of two element internals.For the ordinary skill in the art, with concrete condition above-mentioned term can be understood at this Concrete meaning in invention.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
In the description of the invention, it is necessary to explanation, term " " center ", " on ", " under ", "left", "right", " vertical ", The orientation or position relationship of the instruction such as " level ", " interior ", " outer " be based on orientation shown in the drawings or position relationship, merely to Be easy to the description present invention and simplify description, rather than instruction or imply signified device or element must have specific orientation, With specific azimuth configuration and operation, therefore it is not considered as limiting the invention.
In addition, term " first ", " second ", " the 3rd " are only used for describing purpose, and it is not intended that instruction or implying phase To importance.
Finally it should be noted that:Embodiment described above, it is only the embodiment of the present invention, to illustrate the present invention Technical scheme, rather than its limitations, protection scope of the present invention is not limited thereto, although with reference to the foregoing embodiments to this hair It is bright to be described in detail, it will be understood by those within the art that:Any one skilled in the art The invention discloses technical scope in, it can still modify to the technical scheme described in previous embodiment or can be light Change is readily conceivable that, or equivalent substitution is carried out to which part technical characteristic;And these modifications, change or replacement, do not make The essence of appropriate technical solution departs from the spirit and scope of technical scheme of the embodiment of the present invention, should all cover the protection in the present invention Within the scope of.Therefore, protection scope of the present invention described should be defined by scope of the claims.

Claims (10)

1. a kind of scan method of leak, it is characterised in that applied to detector, the detector is arranged on terminal device kimonos It is engaged between device, methods described includes:
The detector obtains the vulnerability scanning being scanned to the leak of the assets request that user sends, wherein, the leak Scan request includes the name information of the assets;
The detector reads the address information of the assets according to the name information, wherein, the address information is advance The address information that history access information based on the user is established, the history access information include the assets that history accesses Name information and address information;
The detector pushes the address information to the vulnerability scanners of the assets, so that the vulnerability scanners are to described Assets carry out vulnerability scanning.
2. according to the method for claim 1, it is characterised in that be scanned in the leak to assets for obtaining user's transmission Vulnerability scanning request before, methods described includes:
When the user accesses any one assets by the terminal device, the address letter of any one assets is obtained Breath;
The name information of the address information of any one assets and any one assets is accordingly stored in described In the memory of detector.
3. according to the method for claim 2, it is characterised in that any one money is accessed by terminal device in the user During production, the address information of any one assets is obtained, including:
When the user accesses any one assets by the terminal device, the detector obtains the terminal device hair The access request sent;
According to the access request, it is determined that the communication protocol of the access request is transmitted, wherein, the communication protocol is the end The agreement of the access request is transmitted between end equipment and the server;
The communication protocol is parsed, obtains the data format of the access request;
Based on the data format, address information is inquired about in the access request.
4. according to the method for claim 3, it is characterised in that by the address information of any one assets and described The name information of one assets of meaning is accordingly stored in the memory of the detector, including:
After inquiry obtains the address information of any one assets in the access request, delay into the memory Deposit the address information.
5. according to the method for claim 1, it is characterised in that the address information includes:
Store the server address of the assets or the URL of the assets.
6. a kind of scanning means of leak, it is characterised in that described device is arranged between terminal device and server, the dress Put including:
First acquisition module, for obtaining the vulnerability scanning being scanned to the leak of the assets request of user's transmission, wherein, institute Stating vulnerability scanning request includes the name information of the assets;
Read module, for according to the name information, reading the address information of the assets, wherein, the address information is The address information that the history access information of the user is established is in advance based on, the history access information includes the money that history accesses The name information and address information of production;
Pushing module, for pushing the address information to the vulnerability scanners of the assets, so as to the vulnerability scanners pair The assets carry out vulnerability scanning.
7. device according to claim 6, it is characterised in that described device includes:
Second acquisition module, before the vulnerability scanning being scanned to the leak of assets for being sent in acquisition user is asked, When the user accesses any one assets by the terminal device, the address information of any one assets is obtained;
Memory module, for the name information of the address information of any one assets and any one assets is corresponding Ground is stored in the memory of described device.
8. device according to claim 7, it is characterised in that second acquisition module includes:
Acquiring unit, for when the user accesses any one assets by the terminal device, obtaining the terminal and setting The access request that preparation is sent;
Determining unit, for according to the access request, it is determined that the communication protocol of the access request is transmitted, wherein, it is described logical Letter agreement transmits the agreement of the access request between the terminal device and the server;
Resolution unit, for being parsed to the communication protocol, obtain the data format of the access request;
Query unit, for based on the data format, address information to be inquired about in the access request.
9. device according to claim 8, it is characterised in that the memory module is used for:
After inquiry obtains the address information of any one assets in the access request, delay into the memory Deposit the address information.
10. device according to claim 6, it is characterised in that the address information includes:
Store the server address of the assets or the URL of the assets.
CN201710664116.9A 2017-08-04 2017-08-04 The scan method and device of leak Pending CN107392031A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710664116.9A CN107392031A (en) 2017-08-04 2017-08-04 The scan method and device of leak

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710664116.9A CN107392031A (en) 2017-08-04 2017-08-04 The scan method and device of leak

Publications (1)

Publication Number Publication Date
CN107392031A true CN107392031A (en) 2017-11-24

Family

ID=60344049

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710664116.9A Pending CN107392031A (en) 2017-08-04 2017-08-04 The scan method and device of leak

Country Status (1)

Country Link
CN (1) CN107392031A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108520179A (en) * 2018-04-09 2018-09-11 福建中金在线信息科技有限公司 A kind for the treatment of method and apparatus of webview loopholes
CN110730180A (en) * 2019-10-17 2020-01-24 杭州安恒信息技术股份有限公司 Portable communication equipment detection instrument and communication equipment detection method
CN110971599A (en) * 2019-11-29 2020-04-07 杭州迪普科技股份有限公司 Vulnerability scanning method and device
CN111447224A (en) * 2020-03-26 2020-07-24 江苏亨通工控安全研究院有限公司 Web vulnerability scanning method and vulnerability scanner
CN112560048A (en) * 2020-12-22 2021-03-26 南方电网深圳数字电网研究院有限公司 Code security scanning method, code security scanning system and storage medium
CN112580053A (en) * 2020-10-28 2021-03-30 西安四叶草信息技术有限公司 Vulnerability scanning method and device
CN112637159A (en) * 2020-12-14 2021-04-09 杭州安恒信息技术股份有限公司 Network asset scanning method, device and equipment based on active detection technology
CN113422759A (en) * 2021-06-10 2021-09-21 杭州安恒信息技术股份有限公司 Vulnerability scanning method, electronic device and storage medium
CN113596056A (en) * 2021-08-11 2021-11-02 北京知道创宇信息技术股份有限公司 Vulnerability scanning method and device, electronic equipment and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103999089A (en) * 2011-12-23 2014-08-20 迈克菲公司 System and method for scanning for computer vulnerabilities in a network environment
CN104200166A (en) * 2014-08-05 2014-12-10 杭州安恒信息技术有限公司 Script-based website vulnerability scanning method and system
CN106130980A (en) * 2016-06-23 2016-11-16 杭州迪普科技有限公司 A kind of vulnerability scanning method and device
CN106790190A (en) * 2016-12-30 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of Vulnerability Management system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103999089A (en) * 2011-12-23 2014-08-20 迈克菲公司 System and method for scanning for computer vulnerabilities in a network environment
CN104200166A (en) * 2014-08-05 2014-12-10 杭州安恒信息技术有限公司 Script-based website vulnerability scanning method and system
CN106130980A (en) * 2016-06-23 2016-11-16 杭州迪普科技有限公司 A kind of vulnerability scanning method and device
CN106790190A (en) * 2016-12-30 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of Vulnerability Management system and method

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108520179A (en) * 2018-04-09 2018-09-11 福建中金在线信息科技有限公司 A kind for the treatment of method and apparatus of webview loopholes
CN108520179B (en) * 2018-04-09 2021-01-15 福建中金在线信息科技有限公司 Method and device for processing webview vulnerability
CN110730180A (en) * 2019-10-17 2020-01-24 杭州安恒信息技术股份有限公司 Portable communication equipment detection instrument and communication equipment detection method
CN110971599A (en) * 2019-11-29 2020-04-07 杭州迪普科技股份有限公司 Vulnerability scanning method and device
CN111447224A (en) * 2020-03-26 2020-07-24 江苏亨通工控安全研究院有限公司 Web vulnerability scanning method and vulnerability scanner
CN112580053A (en) * 2020-10-28 2021-03-30 西安四叶草信息技术有限公司 Vulnerability scanning method and device
CN112637159A (en) * 2020-12-14 2021-04-09 杭州安恒信息技术股份有限公司 Network asset scanning method, device and equipment based on active detection technology
CN112560048A (en) * 2020-12-22 2021-03-26 南方电网深圳数字电网研究院有限公司 Code security scanning method, code security scanning system and storage medium
CN112560048B (en) * 2020-12-22 2024-01-30 南方电网深圳数字电网研究院有限公司 Code security scanning method, code security scanning system and storage medium
CN113422759A (en) * 2021-06-10 2021-09-21 杭州安恒信息技术股份有限公司 Vulnerability scanning method, electronic device and storage medium
CN113596056A (en) * 2021-08-11 2021-11-02 北京知道创宇信息技术股份有限公司 Vulnerability scanning method and device, electronic equipment and computer readable storage medium
CN113596056B (en) * 2021-08-11 2022-12-27 北京知道创宇信息技术股份有限公司 Vulnerability scanning method and device, electronic equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN107392031A (en) The scan method and device of leak
CN102868696B (en) The communication of many equipment rooms and information synchronization method and system
CN110502887B (en) Electronic payment method and device
CN105933888B (en) A kind of eSIM card method for burn-recording and device based on NFC
CN103065178B (en) A kind of Quick Response Code sharing apparatus, access means and sharing method
CN108668277B (en) Method and equipment for sharing and acquiring information
CN104008325A (en) Mobile phone Wi-Fi network-connecting real name identity authentication platform and method based on two-dimension codes
CN102710777A (en) Advertisement push-delivery method and system, as well as advertisement pusher
CN110290015A (en) Remote deployment method, apparatus and storage medium
FR2923337A1 (en) METHOD AND SYSTEM FOR EXCHANGING DATA BETWEEN REMOTE SERVERS.
CN101635714A (en) Method and system for improving network application safety
US20130031260A1 (en) Method and apparatus for establishing an ad-hoc bi-directional network with an optical identifier
CN111262746B (en) Equipment opening deployment system and method
CN111066014B (en) Apparatus, method, and program for remotely managing devices
CN103581881B (en) Comprehensive number-obtaining device as well as system and method for obtaining cell phone number of user on network side
CN110505188A (en) A kind of terminal authentication method, relevant device and Verification System
CN105554136B (en) Backup Data restoring method, apparatus and system
CN109560895A (en) Data transmission method and device
US9392454B2 (en) System and method for computer authentication using image analysis of a shared secret
CN103634396A (en) Method, gateway equipment and system for accessing intranet webpage service data
CN106789905A (en) A kind of network access equipment and method
CN110034979A (en) A kind of proxy resources monitoring method, device, electronic equipment and storage medium
CN102299945A (en) Gateway configuration page registration method, system thereof and portal certificate server
CN103491120A (en) System and method for user information transferring based on cloud storage
CN112101924A (en) Information display method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171124

RJ01 Rejection of invention patent application after publication