CN108449355A - A kind of vulnerability scanning method and system - Google Patents

A kind of vulnerability scanning method and system Download PDF

Info

Publication number
CN108449355A
CN108449355A CN201810297515.0A CN201810297515A CN108449355A CN 108449355 A CN108449355 A CN 108449355A CN 201810297515 A CN201810297515 A CN 201810297515A CN 108449355 A CN108449355 A CN 108449355A
Authority
CN
China
Prior art keywords
url
scanned
current
page
weights
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810297515.0A
Other languages
Chinese (zh)
Inventor
江均勇
李志航
朱国文
邓军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Cloud Information Technology Co Ltd
Original Assignee
Shanghai Cloud Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Cloud Information Technology Co Ltd filed Critical Shanghai Cloud Information Technology Co Ltd
Priority to CN201810297515.0A priority Critical patent/CN108449355A/en
Publication of CN108449355A publication Critical patent/CN108449355A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Abstract

The embodiment of the invention discloses a kind of vulnerability scanning method and system.This method includes:Message server obtains current first URL to be scanned and corresponding M current second URL to be scanned of current first URL to be scanned;Wherein, M is the natural number more than or equal to 1;By current first URL to be scanned and all, current second URL to be scanned is ranked up the message server;Each scan node carries out vulnerability scanning according to ranking results to current first URL to be scanned and each current second URL to be scanned.Pass through above-mentioned technical proposal, the smaller URL of loophole may first be scanned in existing Distributed Hole scanning by, which solving, then scans the larger URL of loophole, the problem of cannot finding page loophole in time, can find page loophole in time, so as to improve the validity of vulnerability scanning.

Description

A kind of vulnerability scanning method and system
Technical field
The present embodiments relate to the safety test technology of internet more particularly to a kind of vulnerability scanning method and system.
Background technology
A kind of technological means that vulnerability scanning is supervised as network security enforcement needs precisely and efficient discovery is leaked Hole provides important reference frame for Network security planning and reparation.
Increasingly huge with website scale, website vulnerability scan mode is developed into via the vulnerability scanning based on single machine Distributed Hole scans.The tool of crawling mainly is laid in different equipment by existing Distributed Hole scanning, so as to multiple Equipment independently carries out, and the efficiency and stability of website vulnerability scanning are improved with this.
In existing vulnerability scanning method, message server first obtains the current first URL to be scanned and current first Corresponding current second URL to be scanned of URL to be scanned;Then each scan node according to the sequence of first in first out in messenger service The current first URL to be scanned and corresponding current second URL to be scanned of current first URL to be scanned is obtained in device one by one;So Each scan node URL to be scanned to current first and each current second URL to be scanned carry out vulnerability scanning afterwards.
It can be seen that existing vulnerability scanning method, each scan node is according to the sequence of first in first out one by one to current First URL to be scanned and each current second URL to be scanned carry out vulnerability scanning, and it is smaller may first to scan loophole in this way URL then scans the larger URL of loophole, cannot find page loophole in time, influence the validity of vulnerability scanning.
Invention content
The embodiment of the present invention provides a kind of vulnerability scanning method and system, can find page loophole in time, so as to Improve the validity of vulnerability scanning.
In a first aspect, an embodiment of the present invention provides a kind of vulnerability scanning method, the method includes:
Message server obtain current first URL to be scanned and current first URL to be scanned it is corresponding M it is current Second URL to be scanned;Wherein, M is the natural number more than or equal to 1;
By current first URL to be scanned and all, current second URL to be scanned is arranged the message server Sequence;
Each scan node is according to ranking results to current first URL to be scanned and each current second to be scanned URL carries out vulnerability scanning.
Second aspect, the embodiment of the present invention additionally provide a kind of vulnerability scanning system, the system comprises:
Message server and at least one scan node;Wherein,
The message server is corresponded to for obtaining the current first URL to be scanned and current first URL to be scanned M current second URL to be scanned;Wherein, M is the natural number more than or equal to 1;By current first URL to be scanned and All current second URL to be scanned is ranked up;
The scan node is used for according to ranking results to current first URL to be scanned and each current second URL to be scanned carries out vulnerability scanning.
The embodiment of the present invention proposes a kind of vulnerability scanning method and system, and message server first obtains current first and waits sweeping Retouch URL and corresponding M current second URL to be scanned of current first URL to be scanned;By the current first URL to be scanned and All current second URL to be scanned is ranked up;Then each scan node is according to ranking results URL to be scanned to current first And each current second URL to be scanned carries out vulnerability scanning.That is, the technical solution proposed in the embodiment of the present invention In, each scan node can be according to message server URL to be scanned to current first and whole current second URL to be scanned Ranking results URL to be scanned to current first and each current second URL to be scanned carry out vulnerability scanning.And existing In vulnerability scanning method, each scan node obtains current first in message server according to the sequence of first in first out and waits for one by one Scan URL and corresponding current second URL to be scanned of current first URL to be scanned;Then each scan node is to current One URL to be scanned and each current second URL to be scanned carry out vulnerability scanning.Therefore, compared to the prior art, the present invention is implemented The vulnerability scanning method and system that example proposes, can find page loophole, so as to improve the validity of vulnerability scanning in time; Also, the technical solution realization of the embodiment of the present invention is simple and convenient, it is universal to be convenient for, and the scope of application is wider.
Description of the drawings
Fig. 1 is the structural schematic diagram of the vulnerability scanning system in the embodiment of the present invention;
Fig. 2 is the flow chart of the vulnerability scanning method in the embodiment of the present invention one;
Fig. 3 is the flow chart of the vulnerability scanning method in the embodiment of the present invention two;
Fig. 4 is the structural schematic diagram of the vulnerability scanning system in the embodiment of the present invention three.
Specific implementation mode
The present invention is described in further detail with reference to the accompanying drawings and examples.It is understood that this place is retouched The specific embodiment stated is used only for explaining the present invention rather than limitation of the invention.It also should be noted that in order to just Only the parts related to the present invention are shown in description, attached drawing rather than entire infrastructure.
The vulnerability scanning method that the embodiment of the present invention is provided is Distributed Hole scan method, is based on SaaS platforms, Using virtualization technology, unified management and maintenance of the control node to vulnerability scanning task and scan node, Ke Yigen are realized According to the size of task and the limitation of sweep time, required scan node quantity is dynamically distributed, can be met to station system, especially It is the quick scanning of ultra-large station system.
Fig. 1 is the structural schematic diagram of the vulnerability scanning system in the embodiment of the present invention;As shown in Figure 1, control node 110 is made For distributed management end, it is responsible for establishment, management and the startup etc. of scan task, and the collection for being responsible for scanning result is managed with unified Reason, wherein scan task and scanning result can be uniformly stored in database 120;Scan node 130 is used as Distributed engine, The responsible page crawls, leak analysis and scanning result report;Two kinds of nodes are one-to-many relationships.Between two kinds of nodes, Message server 140 is set, and message queue 141 to be crawled wherein included is as the matchmaker for carrying out message transmission between two kinds of nodes It is situated between, which shares for all scan nodes, realizes that the page crawls evenly distributing for task.
When executing single sweep operation task (being known as Current Scan task), Current Scan task will be sent out from control node 110 It is sent to message server 140, by the message queue to be crawled 141 in message server 140 in Current Scan task own The unified management (sequence and/or duplicate removal) of URL to be scanned.Each scan node 130 will be from message queue 140 to be crawled one by one Obtaining URL progress to be scanned, the page crawls, leak analysis and result report.All scan nodes 130 are carried out at the same time vulnerability scanning, Vulnerability scanning operation in the embodiment of the present invention includes that the page crawls two parts of operation and leak analysis operation.
Embodiment one
Vulnerability scanning method provided in this embodiment is applicable to the vulnerability scanning of the station system of different scales, this method It can be executed by vulnerability scanning system, which can be realized that the system can be set to by the mode of software and/or hardware Have in the equipment of data-handling capacity, such as:Typically server, laptop or desktop computer etc..Fig. 2 is this hair The flow chart of vulnerability scanning method in bright embodiment one;As shown in Fig. 2, the method for this implementation can specifically include following step Suddenly:
S110, message server obtain current first URL to be scanned and current first corresponding M of URL to be scanned works as Preceding second URL to be scanned.
In a specific embodiment of the present invention, the current first URL to be scanned is referred in Current Scan task, and user initiates Initial URL to be scanned.Current second URL to be scanned refers to that carrying out the page by scan node crawls the subchain obtained afterwards It connects.All it is the current first URL to be scanned due to obtaining initial URL based on current second URL to be scanned, so current second URL to be scanned is corresponding with the current first URL to be scanned.
Specifically, due to the communication between distributed system interior joint typically striding course and cross-server, so, Rpc (long-range tune is carried out by the form of encapsulation messages queue between control node and each scan node in the embodiment of the present invention With) communication, to hide network communication details.And in message server in the form of message queue, carry out all URL's to be scanned Management.It should be understood that message server can be arranged in the server where control node, can also be to be separately provided Server.
After user initiates station scans task, for example user inputs the Current Scan mission bit stream of an initial URL, control Node processed carries out the establishment of Current Scan task according to Current Scan mission bit stream input by user, and is stored in database. When needing to execute the current scan task, control node obtains the current scan task and is started from database again, that is, controls Node processed extracts the initial URL in Current Scan mission bit stream, as the current first URL to be scanned, and is sent to To message server.
Message server then obtains the above-mentioned first URL to be scanned, and is stored in message queue to be crawled.This waits crawling It is stored in message queue and was not carried out the URL that the page crawls operation in all URL to be scanned.Message queue to be crawled is entire leakage Hole scanning system shares, and each scan node obtains URL to be scanned from the message queue to be crawled.Each scan node obtains After URL to be scanned, the page can be carried out according to it and crawled, acquisition crawls as a result, obtaining the corresponding sons of URL to be scanned accordingly Link, and all sublinks of acquisition are sent to message queue to be crawled, it is stored as new URL to be scanned, i.e., message takes Device be engaged in from each scan node current second URL to be scanned of acquisition, and is stored in message queue to be crawled.It should be understood that It is that current second URL to be scanned is constantly cyclically updated, i.e., each scan node can be crawled based on the URL to be scanned of acquisition It is linked to next straton, straton link can be stored in message queue to be crawled as new URL to be scanned;Subsequent scanning section Point can be based on the straton again and link, i.e., above-mentioned new URL to be scanned, then crawls further sublink and be stored in and wait climbing Message queue is taken, is so recycled, until scan node crawls operation and can not crawl more further sublink.
Optionally, message server URL to be scanned to current first and current second URL to be scanned are carried out at duplicate removal Reason.Since the second URL to be scanned in message server is that each scan node progress page crawls obtained sublink, It is possible that being repeated with stored URL to be scanned in message queue to be crawled.It is held in order to avoid the same URL to be scanned is repeated The row page crawls operation, and the message server in the embodiment of the present invention, which can be treated, crawls URL to be scanned all in message queue, I.e. current first URL to be scanned and corresponding M current second URL to be scanned of current first URL to be scanned, carries out duplicate removal behaviour Make.
Optionally, as shown in Figure 1, message server 140 includes having crawled message queue 142.Message queue 141 to be crawled In URL to be scanned be scanned node obtain after, the page can be performed and crawl operation, is i.e. the URL to be scanned being acquired is just No longer it is the URL for being not carried out the page and crawling operation.So, operation is crawled in order to avoid this kind of URL is repeatedly executed the page, this Message server 140 in inventive embodiments can safeguard one and crawl message queue 142 again, for storing message team to be crawled The URL to be scanned that node obtains is scanned in row 141.Correspondingly, the scanned node can be removed in message queue 141 to be crawled The URL to be scanned obtained.
Current second URL to be scanned is ranked up by the current first URL to be scanned and all for S120, message server.
Specifically, the current first URL to be scanned and whole current second URL to be scanned that message server is obtained, According to there is a possibility that loophole size, there is height danger level, for example loophole there is a possibility that the smaller URL pages, endangering Dangerous degree is smaller, and loophole there is a possibility that the smaller URL pages, danger level are then larger.So, in order to ensure having for vulnerability scanning Effect property, it should be the URL that first scanning danger level is big, then scan the smaller URL of danger level.At this moment, message server just needs pair Its obtain whole URL to be scanned be ranked up so that its safeguard message queue to be crawled in URL to be scanned be according to The danger level of URL carries out priority ranking.In this way, when each scan node obtains URL to be scanned, high-risk will be first obtained The URL of degree ensures that entire vulnerability scanning system carries out station system vulnerability scanning so that high-risk URL is first handled Validity.
On the other hand, the time of station system vulnerability scanning is usually longer, during its execution, due to various originals Cause, the possibility stopped halfway are larger.Such as during vulnerability scanning, Client-initiated scans halt instruction, or reaches User initiates the maximum scan time being arranged when Current Scan task or maximum scan page number etc., that is, reaches Current Scan task Suspension condition, then the vulnerability scanning process can all be aborted.At this moment, control node can be collected into the vulnerability scanning for having scanned the page As a result.For the validity for ensureing the vulnerability scanning result and higher reference value, it is also desirable to high-risk URL is first scanned, Low danger level URL is then scanned, that is, the whole that message server obtains it URL to be scanned is needed to carry out priority ranking.
S130, each scan node wait sweeping according to ranking results URL to be scanned to current first and each current second It retouches URL and carries out vulnerability scanning.
Specifically, each scan node monitors the message queue to be crawled in message server.When some scanning The vulnerability scanning task that intra-node is not carrying out, and listen to wait crawl have URL to be scanned in message queue when, according to Sequence (i.e. ranking results) acquisition in message queue to be crawled is arranged in primary URL to be scanned, carries out the page and crawls behaviour Make.The new sublink crawled is sent to message queue to be crawled, is stored as new URL to be scanned, is i.e. update is worked as Preceding second URL to be scanned;Sublink new to the URL to be scanned of acquisition and the whole crawled simultaneously carries out leak analysis behaviour Make, when leaky, then generates loophole data.
Each scan node recycles according to aforesaid operations and executes scan task, and only acquisition one is to be scanned for cycle every time URL, until message queue to be crawled is empty or reaches Current Scan suspension of task condition, then entire Current Scan task execution It finishes.
Optionally, scan node generates scanning result according to loophole data, and the scanning result is passed through message server Message queue, report to control node.The generation of above-mentioned scanning result with report, can be the single sweep operation in scan node It is carried out after task, can also be to be carried out after entire scan task.Scanning result includes loophole position, loophole type And the information such as loophole details.
The embodiment of the present invention propose vulnerability scanning method, message server first obtain the current first URL to be scanned and Corresponding M current second URL to be scanned of current first URL to be scanned;By the current first URL to be scanned and all current the Two URL to be scanned are ranked up;Then each scan node according to ranking results URL to be scanned to current first and each is worked as Preceding second URL to be scanned carries out vulnerability scanning.That is, in the technical solution that the embodiment of the present invention proposes, each scanning Node can be according to the ranking results of message server URL to be scanned to current first and whole current second URL to be scanned URL to be scanned to current first and each current second URL to be scanned carry out vulnerability scanning.And in existing vulnerability scanning side In method, each scan node obtained one by one in message server according to the sequence of first in first out the current first URL to be scanned with And corresponding current second URL to be scanned of current first URL to be scanned;Then each scan node is to be scanned to current first URL and each current second URL to be scanned carry out vulnerability scanning.Therefore, compared to the prior art, the embodiment of the present invention proposes Vulnerability scanning method can find page loophole in time, so as to improve the validity of vulnerability scanning;Also, the present invention is real Apply example technical solution realize it is simple and convenient, convenient for universal, the scope of application is wider.
Embodiment two
The present embodiment on the basis of the above embodiment 1, to " message server is by the current first URL to be scanned and complete The current second URL to be scanned of portion is ranked up " it is advanced optimized.Wherein identical as the various embodiments described above or corresponding art Details are not described herein for the explanation of language.Fig. 3 is the flow chart of the vulnerability scanning method in the embodiment of the present invention two;As shown in figure 3, this The vulnerability scanning method that embodiment provides can specifically include following steps:
S210, message server obtain current first URL to be scanned and current first corresponding M of URL to be scanned works as Preceding second URL to be scanned.
S220, message server determine the current first URL to be scanned and all classes of pages of current second URL to be scanned Type.
Wherein, page type refers to the type belonging to the page divided according to page properties.The page type can be by User determines according to the setting attribute of URL priority rankings to be scanned, such as can be the transaction class page or knowledge brief introduction class The page type that page etc. is divided according to page functional attributes can also be that height danger level page etc. exists according to page loophole The page type that possibility size divides.
Specifically, message server is according to the setting attribute of preset priority ranking and the page of URL to be scanned Face attribute determines the current first URL to be scanned and all page type of current second URL to be scanned.
S230, message server are according to the current first URL to be scanned and whole classes of pages of current second URL to be scanned Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
Specifically, message server can be directly to be scanned by current first according to the page type belonging to URL to be scanned URL and all current second URL to be scanned is ranked up, for example page type is the high-risk class page, then priority is most Height, sequence is near preceding, and page type is the low danger level class page, then priority is minimum, and sequence is rearward etc..Message server also may be used With the page type belonging to URL to be scanned, the comprehensive page weights for determining URL to be scanned, then according to the page weights URL to be scanned to current first and whole current second URL to be scanned are ranked up.
Optionally, S230 includes:Message server is to be scanned according to the current first URL to be scanned and whole current second The page type of URL determines the current first URL to be scanned and all page weights of current second URL to be scanned;Message takes Device be engaged according to the current first URL to be scanned and whole page weights of current second URL to be scanned, it is to be scanned by current first URL and whole current second URL to be scanned are ranked up.
Wherein, page weights refer to that URL corresponding pages carry out the weights size of priority ranking.
Specifically, the page properties of a URL corresponding page have multiple, for example a page belongs to knowledge brief introduction class page Face also belongs to the comment class page, then a synthesis of the page can be determined according to each page type corresponding weights Page weights or user preset the corresponding page weights of each page type, to message server according to the page Face weights, URL to be scanned to current first and whole current second URL to be scanned are ranked up.The benefit being arranged in this way exists In page weights can quantitatively determine the priority of the page so that the ranking results obtained by message server are finer, into One step improves the validity of vulnerability scanning.
Further, message server is according to the current first URL to be scanned and whole pages of current second URL to be scanned Noodles type determines the current first URL to be scanned and all page weights of current second URL to be scanned, including:
If the page type of current first URL to be scanned or any one current second URL to be scanned are low danger level The class page determines that the page weights of the current first URL to be scanned or current second URL to be scanned are the first weighting parameter;If The page type of current first URL to be scanned or any one current second URL to be scanned are the middle danger level class page, are determined The page weights of current first URL to be scanned or current second URL to be scanned are the second weighting parameter;If current first waits sweeping The page type for retouching URL or any one current second URL to be scanned is the high-risk class page, determines that current first waits sweeping The page weights for retouching URL or current second URL to be scanned are third weighting parameter.
Wherein, the low danger level page, the middle danger level page and the high-risk page refer respectively to the page there are loopholes Possibility is respectively low, medium and high.Illustratively, the low danger level class page includes at least:Login page exits the page;In The danger level class page includes at least:The knowledge brief introduction page or item detail page;The high-risk class page includes at least:Review pages Face or transaction page.
First weighting parameter, the second weighting parameter and third weighting parameter can on demand be pre-set by user, and First weighting parameter is less than the second weighting parameter;Second weighting parameter is less than third weighting parameter.For example, the first weighting parameter, Second weighting parameter and third weighting parameter are preset as 1,5 and 10 respectively.
Specifically, message server can URL to be scanned to current first and all the current second URL progress to be scanned Sequence, so it needs to be determined that the page weights of current first URL to be scanned and any one current second URL to be scanned.If The page type of current first URL to be scanned or any one current second URL to be scanned are the low danger level class page, are such as stepped on The record page exits the page, then sets its corresponding page weights to the first weighting parameter, such as 1;If current first waits for The page type for scanning URL or any one current second URL to be scanned is the middle danger level class page, such as the knowledge brief introduction page Or item detail page, then set its corresponding page weights to the second weighting parameter, such as 5;If current first waits sweeping The page type for retouching URL or any one current second URL to be scanned is the high-risk class page, such as transaction page or comment The page then sets its corresponding page weights to third weighting parameter, such as 10.The advantages of this arrangement are as follows according to leakage Possibility size existing for hole, classifies to the page, and the page power of the different danger level pages can be voluntarily arranged in user Value so that user can more subtly be scanned task control, and promote the performance of vulnerability scanning system.
S240, each scan node wait sweeping according to ranking results URL to be scanned to current first and each current second It retouches URL and carries out vulnerability scanning.
In a specific embodiment of the present invention, the current first URL to be scanned is determined by message server and all worked as The page type of preceding second URL to be scanned;And according to page type, by the current first URL to be scanned and whole current second URL to be scanned is ranked up, and enables to ranking results finer, further increases the validity of vulnerability scanning.
It is the embodiment of vulnerability scanning system provided in an embodiment of the present invention, the leakage of the system and the various embodiments described above below Hole scan method belongs to the same inventive concept, the detail content of not detailed description in the embodiment of vulnerability scanning system, can With the embodiment with reference to above-mentioned vulnerability scanning method.
Embodiment three
The present embodiment provides a kind of vulnerability scanning system, Fig. 4 is the knot of the vulnerability scanning system in the embodiment of the present invention three Structure schematic diagram;As shown in figure 4, vulnerability scanning system provided in this embodiment includes:
Message server 310 and at least one scan node 320;Wherein,
Message server 310, it is M corresponding for obtaining the current first URL to be scanned and current first URL to be scanned Current second URL to be scanned;Wherein, M is the natural number more than or equal to 1;By the current first URL to be scanned and all current the Two URL to be scanned are ranked up;
Scan node 320, for according to ranking results URL to be scanned to current first and each current second to be scanned URL carries out vulnerability scanning.
Optionally, message server includes:Determining module and sorting module;Wherein,
Determining module, for determining the current first URL to be scanned and all classes of pages of current second URL to be scanned Type;
Sorting module, for the classes of pages according to the current first URL to be scanned and whole current second URL to be scanned Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
Optionally, sorting module is specifically used for be scanned according to the current first URL to be scanned and whole current second The page type of URL determines the current first URL to be scanned and all page weights of current second URL to be scanned;According to working as Preceding first URL to be scanned and all page weights of current second URL to be scanned, by the current first URL to be scanned and entirely The current second URL to be scanned of portion is ranked up.
Optionally, sorting module, if specifically for the current first URL to be scanned or any one is current second to be scanned The page type of URL is the low danger level class page, determines the page of the current first URL to be scanned or current second URL to be scanned Face weights are the first weighting parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned are middle danger level The class page determines that the page weights of the current first URL to be scanned or current second URL to be scanned are the second weighting parameter;If The page type of current first URL to be scanned or any one current second URL to be scanned are the high-risk class page, are determined The page weights of current first URL to be scanned or current second URL to be scanned are third weighting parameter.
Wherein, the first weighting parameter is less than the second weighting parameter;Second weighting parameter is less than third weighting parameter.
Further, the low danger level class page includes at least:Login page exits the page;The middle danger level class page is extremely Include less:The knowledge brief introduction page or item detail page;The high-risk class page includes at least:Review pages or transaction page Face.
Three a kind of vulnerability scanning system through the embodiment of the present invention, solving may in existing Distributed Hole scanning The problem of smaller URL of loophole then scans the larger URL of loophole, cannot find page loophole in time can be first scanned, is reached Page loophole is found in time, to improve the effect of vulnerability scanning validity.
The vulnerability scanning system that the embodiment of the present invention is provided can perform the loophole that any embodiment of the present invention is provided and sweep Method is retouched, has the corresponding function module of execution method and advantageous effect.
It is worth noting that, in the embodiment of above-mentioned vulnerability scanning system, included each unit and module are only pressed It is divided according to function logic, but is not limited to above-mentioned division, as long as corresponding function can be realized;In addition, The specific name of each functional unit is also only to facilitate mutually distinguish, the protection domain being not intended to restrict the invention.
Note that above are only presently preferred embodiments of the present invention and institute's application technology principle.It will be appreciated by those skilled in the art that The present invention is not limited to specific embodiments described here, can carry out for a person skilled in the art it is various it is apparent variation, It readjusts and substitutes without departing from protection scope of the present invention.Therefore, although being carried out to the present invention by above example It is described in further detail, but the present invention is not limited only to above example, without departing from the inventive concept, also May include other more equivalent embodiments, and the scope of the present invention is determined by scope of the appended claims.

Claims (10)

1. a kind of vulnerability scanning method, which is characterized in that the method includes:
Message server obtains current first URL to be scanned and current first URL to be scanned is M current second corresponding URL to be scanned;Wherein, M is the natural number more than or equal to 1;
By current first URL to be scanned and all, current second URL to be scanned is ranked up the message server;
Each scan node is according to ranking results to current first URL to be scanned and each current second URL to be scanned Carry out vulnerability scanning.
2. according to the method described in claim 1, it is characterized in that, the message server is to be scanned by described current first URL and whole current second URL to be scanned are ranked up, including:
The message server determines current first URL to be scanned and all classes of pages of current second URL to be scanned Type;
The message server is according to current first URL to be scanned and whole classes of pages of current second URL to be scanned Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
3. according to the method described in claim 2, it is characterized in that, described according to current first URL to be scanned and complete The page type of the current second URL to be scanned of portion, current first URL to be scanned and whole current second is to be scanned URL is ranked up, including:
The message server is according to current first URL to be scanned and whole classes of pages of current second URL to be scanned Type determines current first URL to be scanned and all page weights of current second URL to be scanned;
The message server according to current first URL to be scanned and all, weigh by the page of current second URL to be scanned Current first URL to be scanned and whole current second URL to be scanned are ranked up by value.
4. according to the method described in claim 3, it is characterized in that, the message server is to be scanned according to described current first The page type of URL and current second URL to be scanned of whole determine that current first URL to be scanned and whole are current The page weights of second URL to be scanned, including:
If the page type of current first URL to be scanned or any one current second URL to be scanned is low danger level The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are the first weights Parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned is middle danger level The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are the second weights Parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned is high-risk The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are third weights Parameter;
Wherein, first weighting parameter is less than second weighting parameter;Second weighting parameter is weighed less than the third Value parameter.
5. according to the method described in claim 4, it is characterized in that, the low danger level class page includes at least:Login page Or exit the page;The middle danger level class page includes at least:The knowledge brief introduction page or item detail page;The high-risk The degree class page includes at least:Review pages or transaction page.
6. a kind of vulnerability scanning system, which is characterized in that the system comprises:Message server and at least one scan node; Wherein,
The message server, for obtaining the current first URL to be scanned and corresponding M of current first URL to be scanned A current second URL to be scanned;Wherein, M is the natural number more than or equal to 1;By current first URL to be scanned and whole Current second URL to be scanned is ranked up;
The scan node, for waiting sweeping to current first URL to be scanned and each current second according to ranking results It retouches URL and carries out vulnerability scanning.
7. system according to claim 6, which is characterized in that the message server includes:Determining module and sequence mould Block;Wherein,
The determining module, for determining current first URL to be scanned and all page of current second URL to be scanned Type;
The sorting module, for the page according to current first URL to be scanned and whole current second URL to be scanned Current first URL to be scanned and whole current second URL to be scanned are ranked up by type.
8. system according to claim 7, it is characterised in that:
The sorting module is specifically used for according to current first URL's to be scanned and whole current second URL to be scanned Page type determines current first URL to be scanned and all page weights of current second URL to be scanned;According to institute The current first URL to be scanned and all page weights of current second URL to be scanned are stated, it is to be scanned by described current first URL and whole current second URL to be scanned are ranked up.
9. system according to claim 8, it is characterised in that:
The sorting module, if being specifically used for current first URL to be scanned or any one current second URL to be scanned Page type be the low danger level class page, determine current first URL to be scanned or current second URL to be scanned Page weights be the first weighting parameter;
If the page type of current first URL to be scanned or any one current second URL to be scanned is middle danger level The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are the second weights Parameter;If the page type of current first URL to be scanned or any one current second URL to be scanned is high-risk The class page determines that the page weights of current first URL to be scanned or current second URL to be scanned are third weights Parameter;Wherein, first weighting parameter is less than second weighting parameter;Second weighting parameter is weighed less than the third Value parameter.
10. system according to claim 9, which is characterized in that the low danger level class page includes at least:Login page Or exit the page;The middle danger level class page includes at least:The knowledge brief introduction page or item detail page;The high-risk The degree class page includes at least:Review pages or transaction page.
CN201810297515.0A 2018-04-04 2018-04-04 A kind of vulnerability scanning method and system Pending CN108449355A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810297515.0A CN108449355A (en) 2018-04-04 2018-04-04 A kind of vulnerability scanning method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810297515.0A CN108449355A (en) 2018-04-04 2018-04-04 A kind of vulnerability scanning method and system

Publications (1)

Publication Number Publication Date
CN108449355A true CN108449355A (en) 2018-08-24

Family

ID=63199229

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810297515.0A Pending CN108449355A (en) 2018-04-04 2018-04-04 A kind of vulnerability scanning method and system

Country Status (1)

Country Link
CN (1) CN108449355A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114422253A (en) * 2022-01-21 2022-04-29 北京知道创宇信息技术股份有限公司 Distributed vulnerability scanning system, method and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8127354B1 (en) * 2008-10-09 2012-02-28 Mcafee, Inc. System, method, and computer program product for identifying vulnerabilities associated with data loaded in memory
US8266703B1 (en) * 2001-11-30 2012-09-11 Mcafee, Inc. System, method and computer program product for improving computer network intrusion detection by risk prioritization
CN102789502A (en) * 2012-07-17 2012-11-21 北京奇虎科技有限公司 Method and device for scanning website
CN103856467A (en) * 2012-12-06 2014-06-11 百度在线网络技术(北京)有限公司 Method and distributed system for achieving safety scanning
CN104933056A (en) * 2014-03-18 2015-09-23 腾讯科技(深圳)有限公司 Uniform resource locator (URL) de-duplication method and device
CN104980309A (en) * 2014-04-11 2015-10-14 北京奇虎科技有限公司 Website security detecting method and device
CN107194262A (en) * 2017-05-19 2017-09-22 北京匡恩网络科技有限责任公司 Method and device for scanning leak and generation vulnerability information storehouse
CN107634945A (en) * 2017-09-11 2018-01-26 平安科技(深圳)有限公司 Website vulnerability scan method, device, computer equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8266703B1 (en) * 2001-11-30 2012-09-11 Mcafee, Inc. System, method and computer program product for improving computer network intrusion detection by risk prioritization
US8127354B1 (en) * 2008-10-09 2012-02-28 Mcafee, Inc. System, method, and computer program product for identifying vulnerabilities associated with data loaded in memory
CN102789502A (en) * 2012-07-17 2012-11-21 北京奇虎科技有限公司 Method and device for scanning website
CN103856467A (en) * 2012-12-06 2014-06-11 百度在线网络技术(北京)有限公司 Method and distributed system for achieving safety scanning
CN104933056A (en) * 2014-03-18 2015-09-23 腾讯科技(深圳)有限公司 Uniform resource locator (URL) de-duplication method and device
CN104980309A (en) * 2014-04-11 2015-10-14 北京奇虎科技有限公司 Website security detecting method and device
CN107194262A (en) * 2017-05-19 2017-09-22 北京匡恩网络科技有限责任公司 Method and device for scanning leak and generation vulnerability information storehouse
CN107634945A (en) * 2017-09-11 2018-01-26 平安科技(深圳)有限公司 Website vulnerability scan method, device, computer equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114422253A (en) * 2022-01-21 2022-04-29 北京知道创宇信息技术股份有限公司 Distributed vulnerability scanning system, method and storage medium
CN114422253B (en) * 2022-01-21 2023-11-28 北京知道创宇信息技术股份有限公司 Distributed vulnerability scanning system, method and storage medium

Similar Documents

Publication Publication Date Title
CN109067890B (en) CDN node edge computing system based on docker container
CN111444019B (en) Cloud collaborative deep learning model distributed training method and system
US11777981B1 (en) Risk scoring based on compliance verification test results in a local network
RU2645266C1 (en) Method and device for planning web-crowlers in accordance with keyword search
CN103366117B (en) A kind of viral restorative procedure of infection type and system
CN109656688B (en) Method, system and server for realizing distributed business rules
CN113934763B (en) SQL query method and device for distributed database
CN101833714A (en) Method, device and system for controlling power of examination and approval
CN104834557A (en) Data analysis method based on Hadoop
US20060010024A1 (en) System construction guide system
Olsthoorn et al. Syntest-solidity: Automated test case generation and fuzzing for smart contracts
CN110633120A (en) Configuration software control processing method, device, server, user terminal and system
CN113934512A (en) Load balancing implementation method, device, equipment and storage medium
Ting et al. Constructing a cloud computing based social networks data warehousing and analyzing system
CN108449355A (en) A kind of vulnerability scanning method and system
CN111277427B (en) Data center network equipment inspection method and system
CN104834734A (en) Efficient data analysis and processing method
Walkowski et al. Container based analysis tool for vulnerability prioritization in cyber security systems
Granata et al. Automated threat modeling approaches: Comparison of open source tools
US9733917B2 (en) Predicting whether a party will purchase a product
Hassan et al. Mace: A dynamic caching framework for mashups
CN109284436B (en) Path planning method and network piracy discovery system during searching unknown information network
DE202021004327U1 (en) Auto-scaling of external functional requests
Zhang et al. A heuristic approach to break cycles for the class integration test order generation
CN104657507A (en) Distributed system-based mode detection method and device of image data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180824