CN108449355A - A kind of vulnerability scanning method and system - Google Patents
A kind of vulnerability scanning method and system Download PDFInfo
- Publication number
- CN108449355A CN108449355A CN201810297515.0A CN201810297515A CN108449355A CN 108449355 A CN108449355 A CN 108449355A CN 201810297515 A CN201810297515 A CN 201810297515A CN 108449355 A CN108449355 A CN 108449355A
- Authority
- CN
- China
- Prior art keywords
- url
- scanned
- current
- page
- weights
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Abstract
The embodiment of the invention discloses a kind of vulnerability scanning method and system.This method includes:Message server obtains current first URL to be scanned and corresponding M current second URL to be scanned of current first URL to be scanned;Wherein, M is the natural number more than or equal to 1;By current first URL to be scanned and all, current second URL to be scanned is ranked up the message server;Each scan node carries out vulnerability scanning according to ranking results to current first URL to be scanned and each current second URL to be scanned.Pass through above-mentioned technical proposal, the smaller URL of loophole may first be scanned in existing Distributed Hole scanning by, which solving, then scans the larger URL of loophole, the problem of cannot finding page loophole in time, can find page loophole in time, so as to improve the validity of vulnerability scanning.
Description
Technical field
The present embodiments relate to the safety test technology of internet more particularly to a kind of vulnerability scanning method and system.
Background technology
A kind of technological means that vulnerability scanning is supervised as network security enforcement needs precisely and efficient discovery is leaked
Hole provides important reference frame for Network security planning and reparation.
Increasingly huge with website scale, website vulnerability scan mode is developed into via the vulnerability scanning based on single machine
Distributed Hole scans.The tool of crawling mainly is laid in different equipment by existing Distributed Hole scanning, so as to multiple
Equipment independently carries out, and the efficiency and stability of website vulnerability scanning are improved with this.
In existing vulnerability scanning method, message server first obtains the current first URL to be scanned and current first
Corresponding current second URL to be scanned of URL to be scanned;Then each scan node according to the sequence of first in first out in messenger service
The current first URL to be scanned and corresponding current second URL to be scanned of current first URL to be scanned is obtained in device one by one;So
Each scan node URL to be scanned to current first and each current second URL to be scanned carry out vulnerability scanning afterwards.
It can be seen that existing vulnerability scanning method, each scan node is according to the sequence of first in first out one by one to current
First URL to be scanned and each current second URL to be scanned carry out vulnerability scanning, and it is smaller may first to scan loophole in this way
URL then scans the larger URL of loophole, cannot find page loophole in time, influence the validity of vulnerability scanning.
Invention content
The embodiment of the present invention provides a kind of vulnerability scanning method and system, can find page loophole in time, so as to
Improve the validity of vulnerability scanning.
In a first aspect, an embodiment of the present invention provides a kind of vulnerability scanning method, the method includes:
Message server obtain current first URL to be scanned and current first URL to be scanned it is corresponding M it is current
Second URL to be scanned;Wherein, M is the natural number more than or equal to 1;
By current first URL to be scanned and all, current second URL to be scanned is arranged the message server
Sequence;
Each scan node is according to ranking results to current first URL to be scanned and each current second to be scanned
URL carries out vulnerability scanning.
Second aspect, the embodiment of the present invention additionally provide a kind of vulnerability scanning system, the system comprises:
Message server and at least one scan node;Wherein,
The message server is corresponded to for obtaining the current first URL to be scanned and current first URL to be scanned
M current second URL to be scanned;Wherein, M is the natural number more than or equal to 1;By current first URL to be scanned and
All current second URL to be scanned is ranked up;
The scan node is used for according to ranking results to current first URL to be scanned and each current second
URL to be scanned carries out vulnerability scanning.
The embodiment of the present invention proposes a kind of vulnerability scanning method and system, and message server first obtains current first and waits sweeping
Retouch URL and corresponding M current second URL to be scanned of current first URL to be scanned;By the current first URL to be scanned and
All current second URL to be scanned is ranked up;Then each scan node is according to ranking results URL to be scanned to current first
And each current second URL to be scanned carries out vulnerability scanning.That is, the technical solution proposed in the embodiment of the present invention
In, each scan node can be according to message server URL to be scanned to current first and whole current second URL to be scanned
Ranking results URL to be scanned to current first and each current second URL to be scanned carry out vulnerability scanning.And existing
In vulnerability scanning method, each scan node obtains current first in message server according to the sequence of first in first out and waits for one by one
Scan URL and corresponding current second URL to be scanned of current first URL to be scanned;Then each scan node is to current
One URL to be scanned and each current second URL to be scanned carry out vulnerability scanning.Therefore, compared to the prior art, the present invention is implemented
The vulnerability scanning method and system that example proposes, can find page loophole, so as to improve the validity of vulnerability scanning in time;
Also, the technical solution realization of the embodiment of the present invention is simple and convenient, it is universal to be convenient for, and the scope of application is wider.
Description of the drawings
Fig. 1 is the structural schematic diagram of the vulnerability scanning system in the embodiment of the present invention;
Fig. 2 is the flow chart of the vulnerability scanning method in the embodiment of the present invention one;
Fig. 3 is the flow chart of the vulnerability scanning method in the embodiment of the present invention two;
Fig. 4 is the structural schematic diagram of the vulnerability scanning system in the embodiment of the present invention three.
Specific implementation mode
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched
The specific embodiment stated is used only for explaining the present invention rather than limitation of the invention.It also should be noted that in order to just
Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
The vulnerability scanning method that the embodiment of the present invention is provided is Distributed Hole scan method, is based on SaaS platforms,
Using virtualization technology, unified management and maintenance of the control node to vulnerability scanning task and scan node, Ke Yigen are realized
According to the size of task and the limitation of sweep time, required scan node quantity is dynamically distributed, can be met to station system, especially
It is the quick scanning of ultra-large station system.
Fig. 1 is the structural schematic diagram of the vulnerability scanning system in the embodiment of the present invention;As shown in Figure 1, control node 110 is made
For distributed management end, it is responsible for establishment, management and the startup etc. of scan task, and the collection for being responsible for scanning result is managed with unified
Reason, wherein scan task and scanning result can be uniformly stored in database 120;Scan node 130 is used as Distributed engine,
The responsible page crawls, leak analysis and scanning result report;Two kinds of nodes are one-to-many relationships.Between two kinds of nodes,
Message server 140 is set, and message queue 141 to be crawled wherein included is as the matchmaker for carrying out message transmission between two kinds of nodes
It is situated between, which shares for all scan nodes, realizes that the page crawls evenly distributing for task.
When executing single sweep operation task (being known as Current Scan task), Current Scan task will be sent out from control node 110
It is sent to message server 140, by the message queue to be crawled 141 in message server 140 in Current Scan task own
The unified management (sequence and/or duplicate removal) of URL to be scanned.Each scan node 130 will be from message queue 140 to be crawled one by one
Obtaining URL progress to be scanned, the page crawls, leak analysis and result report.All scan nodes 130 are carried out at the same time vulnerability scanning,
Vulnerability scanning operation in the embodiment of the present invention includes that the page crawls two parts of operation and leak analysis operation.
Embodiment one
Vulnerability scanning method provided in this embodiment is applicable to the vulnerability scanning of the station system of different scales, this method
It can be executed by vulnerability scanning system, which can be realized that the system can be set to by the mode of software and/or hardware
Have in the equipment of data-handling capacity, such as:Typically server, laptop or desktop computer etc..Fig. 2 is this hair
The flow chart of vulnerability scanning method in bright embodiment one;As shown in Fig. 2, the method for this implementation can specifically include following step
Suddenly:
S110, message server obtain current first URL to be scanned and current first corresponding M of URL to be scanned works as
Preceding second URL to be scanned.
In a specific embodiment of the present invention, the current first URL to be scanned is referred in Current Scan task, and user initiates
Initial URL to be scanned.Current second URL to be scanned refers to that carrying out the page by scan node crawls the subchain obtained afterwards
It connects.All it is the current first URL to be scanned due to obtaining initial URL based on current second URL to be scanned, so current second
URL to be scanned is corresponding with the current first URL to be scanned.
Specifically, due to the communication between distributed system interior joint typically striding course and cross-server, so,
Rpc (long-range tune is carried out by the form of encapsulation messages queue between control node and each scan node in the embodiment of the present invention
With) communication, to hide network communication details.And in message server in the form of message queue, carry out all URL's to be scanned
Management.It should be understood that message server can be arranged in the server where control node, can also be to be separately provided
Server.
After user initiates station scans task, for example user inputs the Current Scan mission bit stream of an initial URL, control
Node processed carries out the establishment of Current Scan task according to Current Scan mission bit stream input by user, and is stored in database.
When needing to execute the current scan task, control node obtains the current scan task and is started from database again, that is, controls
Node processed extracts the initial URL in Current Scan mission bit stream, as the current first URL to be scanned, and is sent to
To message server.
Message server then obtains the above-mentioned first URL to be scanned, and is stored in message queue to be crawled.This waits crawling
It is stored in message queue and was not carried out the URL that the page crawls operation in all URL to be scanned.Message queue to be crawled is entire leakage
Hole scanning system shares, and each scan node obtains URL to be scanned from the message queue to be crawled.Each scan node obtains
After URL to be scanned, the page can be carried out according to it and crawled, acquisition crawls as a result, obtaining the corresponding sons of URL to be scanned accordingly
Link, and all sublinks of acquisition are sent to message queue to be crawled, it is stored as new URL to be scanned, i.e., message takes
Device be engaged in from each scan node current second URL to be scanned of acquisition, and is stored in message queue to be crawled.It should be understood that
It is that current second URL to be scanned is constantly cyclically updated, i.e., each scan node can be crawled based on the URL to be scanned of acquisition
It is linked to next straton, straton link can be stored in message queue to be crawled as new URL to be scanned;Subsequent scanning section
Point can be based on the straton again and link, i.e., above-mentioned new URL to be scanned, then crawls further sublink and be stored in and wait climbing
Message queue is taken, is so recycled, until scan node crawls operation and can not crawl more further sublink.
Optionally, message server URL to be scanned to current first and current second URL to be scanned are carried out at duplicate removal
Reason.Since the second URL to be scanned in message server is that each scan node progress page crawls obtained sublink,
It is possible that being repeated with stored URL to be scanned in message queue to be crawled.It is held in order to avoid the same URL to be scanned is repeated
The row page crawls operation, and the message server in the embodiment of the present invention, which can be treated, crawls URL to be scanned all in message queue,
I.e. current first URL to be scanned and corresponding M current second URL to be scanned of current first URL to be scanned, carries out duplicate removal behaviour
Make.
Optionally, as shown in Figure 1, message server 140 includes having crawled message queue 142.Message queue 141 to be crawled
In URL to be scanned be scanned node obtain after, the page can be performed and crawl operation, is i.e. the URL to be scanned being acquired is just
No longer it is the URL for being not carried out the page and crawling operation.So, operation is crawled in order to avoid this kind of URL is repeatedly executed the page, this
Message server 140 in inventive embodiments can safeguard one and crawl message queue 142 again, for storing message team to be crawled
The URL to be scanned that node obtains is scanned in row 141.Correspondingly, the scanned node can be removed in message queue 141 to be crawled
The URL to be scanned obtained.
Current second URL to be scanned is ranked up by the current first URL to be scanned and all for S120, message server.
Specifically, the current first URL to be scanned and whole current second URL to be scanned that message server is obtained,
According to there is a possibility that loophole size, there is height danger level, for example loophole there is a possibility that the smaller URL pages, endangering
Dangerous degree is smaller, and loophole there is a possibility that the smaller URL pages, danger level are then larger.So, in order to ensure having for vulnerability scanning
Effect property, it should be the URL that first scanning danger level is big, then scan the smaller URL of danger level.At this moment, message server just needs pair
Its obtain whole URL to be scanned be ranked up so that its safeguard message queue to be crawled in URL to be scanned be according to
The danger level of URL carries out priority ranking.In this way, when each scan node obtains URL to be scanned, high-risk will be first obtained
The URL of degree ensures that entire vulnerability scanning system carries out station system vulnerability scanning so that high-risk URL is first handled
Validity.
On the other hand, the time of station system vulnerability scanning is usually longer, during its execution, due to various originals
Cause, the possibility stopped halfway are larger.Such as during vulnerability scanning, Client-initiated scans halt instruction, or reaches
User initiates the maximum scan time being arranged when Current Scan task or maximum scan page number etc., that is, reaches Current Scan task
Suspension condition, then the vulnerability scanning process can all be aborted.At this moment, control node can be collected into the vulnerability scanning for having scanned the page
As a result.For the validity for ensureing the vulnerability scanning result and higher reference value, it is also desirable to high-risk URL is first scanned,
Low danger level URL is then scanned, that is, the whole that message server obtains it URL to be scanned is needed to carry out priority ranking.
S130, each scan node wait sweeping according to ranking results URL to be scanned to current first and each current second
It retouches URL and carries out vulnerability scanning.
Specifically, each scan node monitors the message queue to be crawled in message server.When some scanning
The vulnerability scanning task that intra-node is not carrying out, and listen to wait crawl have URL to be scanned in message queue when, according to
Sequence (i.e. ranking results) acquisition in message queue to be crawled is arranged in primary URL to be scanned, carries out the page and crawls behaviour
Make.The new sublink crawled is sent to message queue to be crawled, is stored as new URL to be scanned, is i.e. update is worked as
Preceding second URL to be scanned;Sublink new to the URL to be scanned of acquisition and the whole crawled simultaneously carries out leak analysis behaviour
Make, when leaky, then generates loophole data.
Each scan node recycles according to aforesaid operations and executes scan task, and only acquisition one is to be scanned for cycle every time
URL, until message queue to be crawled is empty or reaches Current Scan suspension of task condition, then entire Current Scan task execution
It finishes.
Optionally, scan node generates scanning result according to loophole data, and the scanning result is passed through message server
Message queue, report to control node.The generation of above-mentioned scanning result with report, can be the single sweep operation in scan node
It is carried out after task, can also be to be carried out after entire scan task.Scanning result includes loophole position, loophole type
And the information such as loophole details.
The embodiment of the present invention propose vulnerability scanning method, message server first obtain the current first URL to be scanned and
Corresponding M current second URL to be scanned of current first URL to be scanned;By the current first URL to be scanned and all current the
Two URL to be scanned are ranked up;Then each scan node according to ranking results URL to be scanned to current first and each is worked as
Preceding second URL to be scanned carries out vulnerability scanning.That is, in the technical solution that the embodiment of the present invention proposes, each scanning
Node can be according to the ranking results of message server URL to be scanned to current first and whole current second URL to be scanned
URL to be scanned to current first and each current second URL to be scanned carry out vulnerability scanning.And in existing vulnerability scanning side
In method, each scan node obtained one by one in message server according to the sequence of first in first out the current first URL to be scanned with
And corresponding current second URL to be scanned of current first URL to be scanned;Then each scan node is to be scanned to current first
URL and each current second URL to be scanned carry out vulnerability scanning.Therefore, compared to the prior art, the embodiment of the present invention proposes
Vulnerability scanning method can find page loophole in time, so as to improve the validity of vulnerability scanning;Also, the present invention is real
Apply example technical solution realize it is simple and convenient, convenient for universal, the scope of application is wider.
Embodiment two
The present embodiment on the basis of the above embodiment 1, to " message server is by the current first URL to be scanned and complete
The current second URL to be scanned of portion is ranked up " it is advanced optimized.Wherein identical as the various embodiments described above or corresponding art
Details are not described herein for the explanation of language.Fig. 3 is the flow chart of the vulnerability scanning method in the embodiment of the present invention two;As shown in figure 3, this
The vulnerability scanning method that embodiment provides can specifically include following steps:
S210, message server obtain current first URL to be scanned and current first corresponding M of URL to be scanned works as
Preceding second URL to be scanned.
S220, message server determine the current first URL to be scanned and all classes of pages of current second URL to be scanned
Type.
Wherein, page type refers to the type belonging to the page divided according to page properties.The page type can be by
User determines according to the setting attribute of URL priority rankings to be scanned, such as can be the transaction class page or knowledge brief introduction class
The page type that page etc. is divided according to page functional attributes can also be that height danger level page etc. exists according to page loophole
The page type that possibility size divides.
Specifically, message server is according to the setting attribute of preset priority ranking and the page of URL to be scanned
Face attribute determines the current first URL to be scanned and all page type of current second URL to be scanned.
S230, message server are according to the current first URL to be scanned and whole classes of pages of current second URL to be scanned
Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
Specifically, message server can be directly to be scanned by current first according to the page type belonging to URL to be scanned
URL and all current second URL to be scanned is ranked up, for example page type is the high-risk class page, then priority is most
Height, sequence is near preceding, and page type is the low danger level class page, then priority is minimum, and sequence is rearward etc..Message server also may be used
With the page type belonging to URL to be scanned, the comprehensive page weights for determining URL to be scanned, then according to the page weights
URL to be scanned to current first and whole current second URL to be scanned are ranked up.
Optionally, S230 includes:Message server is to be scanned according to the current first URL to be scanned and whole current second
The page type of URL determines the current first URL to be scanned and all page weights of current second URL to be scanned;Message takes
Device be engaged according to the current first URL to be scanned and whole page weights of current second URL to be scanned, it is to be scanned by current first
URL and whole current second URL to be scanned are ranked up.
Wherein, page weights refer to that URL corresponding pages carry out the weights size of priority ranking.
Specifically, the page properties of a URL corresponding page have multiple, for example a page belongs to knowledge brief introduction class page
Face also belongs to the comment class page, then a synthesis of the page can be determined according to each page type corresponding weights
Page weights or user preset the corresponding page weights of each page type, to message server according to the page
Face weights, URL to be scanned to current first and whole current second URL to be scanned are ranked up.The benefit being arranged in this way exists
In page weights can quantitatively determine the priority of the page so that the ranking results obtained by message server are finer, into
One step improves the validity of vulnerability scanning.
Further, message server is according to the current first URL to be scanned and whole pages of current second URL to be scanned
Noodles type determines the current first URL to be scanned and all page weights of current second URL to be scanned, including:
If the page type of current first URL to be scanned or any one current second URL to be scanned are low danger level
The class page determines that the page weights of the current first URL to be scanned or current second URL to be scanned are the first weighting parameter;If
The page type of current first URL to be scanned or any one current second URL to be scanned are the middle danger level class page, are determined
The page weights of current first URL to be scanned or current second URL to be scanned are the second weighting parameter;If current first waits sweeping
The page type for retouching URL or any one current second URL to be scanned is the high-risk class page, determines that current first waits sweeping
The page weights for retouching URL or current second URL to be scanned are third weighting parameter.
Wherein, the low danger level page, the middle danger level page and the high-risk page refer respectively to the page there are loopholes
Possibility is respectively low, medium and high.Illustratively, the low danger level class page includes at least:Login page exits the page;In
The danger level class page includes at least:The knowledge brief introduction page or item detail page;The high-risk class page includes at least:Review pages
Face or transaction page.
First weighting parameter, the second weighting parameter and third weighting parameter can on demand be pre-set by user, and
First weighting parameter is less than the second weighting parameter;Second weighting parameter is less than third weighting parameter.For example, the first weighting parameter,
Second weighting parameter and third weighting parameter are preset as 1,5 and 10 respectively.
Specifically, message server can URL to be scanned to current first and all the current second URL progress to be scanned
Sequence, so it needs to be determined that the page weights of current first URL to be scanned and any one current second URL to be scanned.If
The page type of current first URL to be scanned or any one current second URL to be scanned are the low danger level class page, are such as stepped on
The record page exits the page, then sets its corresponding page weights to the first weighting parameter, such as 1;If current first waits for
The page type for scanning URL or any one current second URL to be scanned is the middle danger level class page, such as the knowledge brief introduction page
Or item detail page, then set its corresponding page weights to the second weighting parameter, such as 5;If current first waits sweeping
The page type for retouching URL or any one current second URL to be scanned is the high-risk class page, such as transaction page or comment
The page then sets its corresponding page weights to third weighting parameter, such as 10.The advantages of this arrangement are as follows according to leakage
Possibility size existing for hole, classifies to the page, and the page power of the different danger level pages can be voluntarily arranged in user
Value so that user can more subtly be scanned task control, and promote the performance of vulnerability scanning system.
S240, each scan node wait sweeping according to ranking results URL to be scanned to current first and each current second
It retouches URL and carries out vulnerability scanning.
In a specific embodiment of the present invention, the current first URL to be scanned is determined by message server and all worked as
The page type of preceding second URL to be scanned;And according to page type, by the current first URL to be scanned and whole current second
URL to be scanned is ranked up, and enables to ranking results finer, further increases the validity of vulnerability scanning.
It is the embodiment of vulnerability scanning system provided in an embodiment of the present invention, the leakage of the system and the various embodiments described above below
Hole scan method belongs to the same inventive concept, the detail content of not detailed description in the embodiment of vulnerability scanning system, can
With the embodiment with reference to above-mentioned vulnerability scanning method.
Embodiment three
The present embodiment provides a kind of vulnerability scanning system, Fig. 4 is the knot of the vulnerability scanning system in the embodiment of the present invention three
Structure schematic diagram;As shown in figure 4, vulnerability scanning system provided in this embodiment includes:
Message server 310 and at least one scan node 320;Wherein,
Message server 310, it is M corresponding for obtaining the current first URL to be scanned and current first URL to be scanned
Current second URL to be scanned;Wherein, M is the natural number more than or equal to 1;By the current first URL to be scanned and all current the
Two URL to be scanned are ranked up;
Scan node 320, for according to ranking results URL to be scanned to current first and each current second to be scanned
URL carries out vulnerability scanning.
Optionally, message server includes:Determining module and sorting module;Wherein,
Determining module, for determining the current first URL to be scanned and all classes of pages of current second URL to be scanned
Type;
Sorting module, for the classes of pages according to the current first URL to be scanned and whole current second URL to be scanned
Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
Optionally, sorting module is specifically used for be scanned according to the current first URL to be scanned and whole current second
The page type of URL determines the current first URL to be scanned and all page weights of current second URL to be scanned;According to working as
Preceding first URL to be scanned and all page weights of current second URL to be scanned, by the current first URL to be scanned and entirely
The current second URL to be scanned of portion is ranked up.
Optionally, sorting module, if specifically for the current first URL to be scanned or any one is current second to be scanned
The page type of URL is the low danger level class page, determines the page of the current first URL to be scanned or current second URL to be scanned
Face weights are the first weighting parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned are middle danger level
The class page determines that the page weights of the current first URL to be scanned or current second URL to be scanned are the second weighting parameter;If
The page type of current first URL to be scanned or any one current second URL to be scanned are the high-risk class page, are determined
The page weights of current first URL to be scanned or current second URL to be scanned are third weighting parameter.
Wherein, the first weighting parameter is less than the second weighting parameter;Second weighting parameter is less than third weighting parameter.
Further, the low danger level class page includes at least:Login page exits the page;The middle danger level class page is extremely
Include less:The knowledge brief introduction page or item detail page;The high-risk class page includes at least:Review pages or transaction page
Face.
Three a kind of vulnerability scanning system through the embodiment of the present invention, solving may in existing Distributed Hole scanning
The problem of smaller URL of loophole then scans the larger URL of loophole, cannot find page loophole in time can be first scanned, is reached
Page loophole is found in time, to improve the effect of vulnerability scanning validity.
The vulnerability scanning system that the embodiment of the present invention is provided can perform the loophole that any embodiment of the present invention is provided and sweep
Method is retouched, has the corresponding function module of execution method and advantageous effect.
It is worth noting that, in the embodiment of above-mentioned vulnerability scanning system, included each unit and module are only pressed
It is divided according to function logic, but is not limited to above-mentioned division, as long as corresponding function can be realized;In addition,
The specific name of each functional unit is also only to facilitate mutually distinguish, the protection domain being not intended to restrict the invention.
Note that above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that
The present invention is not limited to specific embodiments described here, can carry out for a person skilled in the art it is various it is apparent variation,
It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out to the present invention by above example
It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also
May include other more equivalent embodiments, and the scope of the present invention is determined by scope of the appended claims.
Claims (10)
1. a kind of vulnerability scanning method, which is characterized in that the method includes:
Message server obtains current first URL to be scanned and current first URL to be scanned is M current second corresponding
URL to be scanned;Wherein, M is the natural number more than or equal to 1;
By current first URL to be scanned and all, current second URL to be scanned is ranked up the message server;
Each scan node is according to ranking results to current first URL to be scanned and each current second URL to be scanned
Carry out vulnerability scanning.
2. according to the method described in claim 1, it is characterized in that, the message server is to be scanned by described current first
URL and whole current second URL to be scanned are ranked up, including:
The message server determines current first URL to be scanned and all classes of pages of current second URL to be scanned
Type;
The message server is according to current first URL to be scanned and whole classes of pages of current second URL to be scanned
Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
3. according to the method described in claim 2, it is characterized in that, described according to current first URL to be scanned and complete
The page type of the current second URL to be scanned of portion, current first URL to be scanned and whole current second is to be scanned
URL is ranked up, including:
The message server is according to current first URL to be scanned and whole classes of pages of current second URL to be scanned
Type determines current first URL to be scanned and all page weights of current second URL to be scanned;
The message server according to current first URL to be scanned and all, weigh by the page of current second URL to be scanned
Current first URL to be scanned and whole current second URL to be scanned are ranked up by value.
4. according to the method described in claim 3, it is characterized in that, the message server is to be scanned according to described current first
The page type of URL and current second URL to be scanned of whole determine that current first URL to be scanned and whole are current
The page weights of second URL to be scanned, including:
If the page type of current first URL to be scanned or any one current second URL to be scanned is low danger level
The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are the first weights
Parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned is middle danger level
The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are the second weights
Parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned is high-risk
The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are third weights
Parameter;
Wherein, first weighting parameter is less than second weighting parameter;Second weighting parameter is weighed less than the third
Value parameter.
5. according to the method described in claim 4, it is characterized in that, the low danger level class page includes at least:Login page
Or exit the page;The middle danger level class page includes at least:The knowledge brief introduction page or item detail page;The high-risk
The degree class page includes at least:Review pages or transaction page.
6. a kind of vulnerability scanning system, which is characterized in that the system comprises:Message server and at least one scan node;
Wherein,
The message server, for obtaining the current first URL to be scanned and corresponding M of current first URL to be scanned
A current second URL to be scanned;Wherein, M is the natural number more than or equal to 1;By current first URL to be scanned and whole
Current second URL to be scanned is ranked up;
The scan node, for waiting sweeping to current first URL to be scanned and each current second according to ranking results
It retouches URL and carries out vulnerability scanning.
7. system according to claim 6, which is characterized in that the message server includes:Determining module and sequence mould
Block;Wherein,
The determining module, for determining current first URL to be scanned and all page of current second URL to be scanned
Type;
The sorting module, for the page according to current first URL to be scanned and whole current second URL to be scanned
Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
8. system according to claim 7, it is characterised in that:
The sorting module is specifically used for according to current first URL's to be scanned and whole current second URL to be scanned
Page type determines current first URL to be scanned and all page weights of current second URL to be scanned;According to institute
The current first URL to be scanned and all page weights of current second URL to be scanned are stated, it is to be scanned by described current first
URL and whole current second URL to be scanned are ranked up.
9. system according to claim 8, it is characterised in that:
The sorting module, if being specifically used for current first URL to be scanned or any one current second URL to be scanned
Page type be the low danger level class page, determine current first URL to be scanned or current second URL to be scanned
Page weights be the first weighting parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned is middle danger level
The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are the second weights
Parameter;If the page type of current first URL to be scanned or any one current second URL to be scanned is high-risk
The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are third weights
Parameter;Wherein, first weighting parameter is less than second weighting parameter;Second weighting parameter is weighed less than the third
Value parameter.
10. system according to claim 9, which is characterized in that the low danger level class page includes at least:Login page
Or exit the page;The middle danger level class page includes at least:The knowledge brief introduction page or item detail page;The high-risk
The degree class page includes at least:Review pages or transaction page.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810297515.0A CN108449355A (en) | 2018-04-04 | 2018-04-04 | A kind of vulnerability scanning method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810297515.0A CN108449355A (en) | 2018-04-04 | 2018-04-04 | A kind of vulnerability scanning method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108449355A true CN108449355A (en) | 2018-08-24 |
Family
ID=63199229
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810297515.0A Pending CN108449355A (en) | 2018-04-04 | 2018-04-04 | A kind of vulnerability scanning method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108449355A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422253A (en) * | 2022-01-21 | 2022-04-29 | 北京知道创宇信息技术股份有限公司 | Distributed vulnerability scanning system, method and storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8127354B1 (en) * | 2008-10-09 | 2012-02-28 | Mcafee, Inc. | System, method, and computer program product for identifying vulnerabilities associated with data loaded in memory |
US8266703B1 (en) * | 2001-11-30 | 2012-09-11 | Mcafee, Inc. | System, method and computer program product for improving computer network intrusion detection by risk prioritization |
CN102789502A (en) * | 2012-07-17 | 2012-11-21 | 北京奇虎科技有限公司 | Method and device for scanning website |
CN103856467A (en) * | 2012-12-06 | 2014-06-11 | 百度在线网络技术(北京)有限公司 | Method and distributed system for achieving safety scanning |
CN104933056A (en) * | 2014-03-18 | 2015-09-23 | 腾讯科技(深圳)有限公司 | Uniform resource locator (URL) de-duplication method and device |
CN104980309A (en) * | 2014-04-11 | 2015-10-14 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN107194262A (en) * | 2017-05-19 | 2017-09-22 | 北京匡恩网络科技有限责任公司 | Method and device for scanning leak and generation vulnerability information storehouse |
CN107634945A (en) * | 2017-09-11 | 2018-01-26 | 平安科技(深圳)有限公司 | Website vulnerability scan method, device, computer equipment and storage medium |
-
2018
- 2018-04-04 CN CN201810297515.0A patent/CN108449355A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8266703B1 (en) * | 2001-11-30 | 2012-09-11 | Mcafee, Inc. | System, method and computer program product for improving computer network intrusion detection by risk prioritization |
US8127354B1 (en) * | 2008-10-09 | 2012-02-28 | Mcafee, Inc. | System, method, and computer program product for identifying vulnerabilities associated with data loaded in memory |
CN102789502A (en) * | 2012-07-17 | 2012-11-21 | 北京奇虎科技有限公司 | Method and device for scanning website |
CN103856467A (en) * | 2012-12-06 | 2014-06-11 | 百度在线网络技术(北京)有限公司 | Method and distributed system for achieving safety scanning |
CN104933056A (en) * | 2014-03-18 | 2015-09-23 | 腾讯科技(深圳)有限公司 | Uniform resource locator (URL) de-duplication method and device |
CN104980309A (en) * | 2014-04-11 | 2015-10-14 | 北京奇虎科技有限公司 | Website security detecting method and device |
CN107194262A (en) * | 2017-05-19 | 2017-09-22 | 北京匡恩网络科技有限责任公司 | Method and device for scanning leak and generation vulnerability information storehouse |
CN107634945A (en) * | 2017-09-11 | 2018-01-26 | 平安科技(深圳)有限公司 | Website vulnerability scan method, device, computer equipment and storage medium |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114422253A (en) * | 2022-01-21 | 2022-04-29 | 北京知道创宇信息技术股份有限公司 | Distributed vulnerability scanning system, method and storage medium |
CN114422253B (en) * | 2022-01-21 | 2023-11-28 | 北京知道创宇信息技术股份有限公司 | Distributed vulnerability scanning system, method and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109067890B (en) | CDN node edge computing system based on docker container | |
CN111444019B (en) | Cloud collaborative deep learning model distributed training method and system | |
US11777981B1 (en) | Risk scoring based on compliance verification test results in a local network | |
RU2645266C1 (en) | Method and device for planning web-crowlers in accordance with keyword search | |
CN103366117B (en) | A kind of viral restorative procedure of infection type and system | |
CN109656688B (en) | Method, system and server for realizing distributed business rules | |
CN113934763B (en) | SQL query method and device for distributed database | |
CN101833714A (en) | Method, device and system for controlling power of examination and approval | |
CN104834557A (en) | Data analysis method based on Hadoop | |
US20060010024A1 (en) | System construction guide system | |
Olsthoorn et al. | Syntest-solidity: Automated test case generation and fuzzing for smart contracts | |
CN110633120A (en) | Configuration software control processing method, device, server, user terminal and system | |
CN113934512A (en) | Load balancing implementation method, device, equipment and storage medium | |
Ting et al. | Constructing a cloud computing based social networks data warehousing and analyzing system | |
CN108449355A (en) | A kind of vulnerability scanning method and system | |
CN111277427B (en) | Data center network equipment inspection method and system | |
CN104834734A (en) | Efficient data analysis and processing method | |
Walkowski et al. | Container based analysis tool for vulnerability prioritization in cyber security systems | |
Granata et al. | Automated threat modeling approaches: Comparison of open source tools | |
US9733917B2 (en) | Predicting whether a party will purchase a product | |
Hassan et al. | Mace: A dynamic caching framework for mashups | |
CN109284436B (en) | Path planning method and network piracy discovery system during searching unknown information network | |
DE202021004327U1 (en) | Auto-scaling of external functional requests | |
Zhang et al. | A heuristic approach to break cycles for the class integration test order generation | |
CN104657507A (en) | Distributed system-based mode detection method and device of image data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180824 |