CN108540491A - Semi-automatic Permeation Test System based on drive sweep and method - Google Patents

Semi-automatic Permeation Test System based on drive sweep and method Download PDF

Info

Publication number
CN108540491A
CN108540491A CN201810392824.6A CN201810392824A CN108540491A CN 108540491 A CN108540491 A CN 108540491A CN 201810392824 A CN201810392824 A CN 201810392824A CN 108540491 A CN108540491 A CN 108540491A
Authority
CN
China
Prior art keywords
information
module
measured
penetration testing
automatic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810392824.6A
Other languages
Chinese (zh)
Other versions
CN108540491B (en
Inventor
丁锐
常清雪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201810392824.6A priority Critical patent/CN108540491B/en
Publication of CN108540491A publication Critical patent/CN108540491A/en
Application granted granted Critical
Publication of CN108540491B publication Critical patent/CN108540491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to information security measuring technologies.Current penetrating cannot be targetedly to needing the parameter for carrying out penetration testing to test in testing tool, there are limitations for the information of penetration testing, test input information is collected and validating vulnerability does not combine well, the present invention is to solve above-mentioned technical problem, it proposes a kind of semi-automatic Permeation Test System based on drive sweep and method, drip irrigation device is:Monitor and capture the traffic flow information of object to be measured website, and the traffic flow information of crawl is judged with the presence or absence of the data information to be measured comprising special parameter and whether meets test interface specification, the traffic flow information is passed into message processing module if meeting the requirements, it can be automatic by treated the data information to be measured comprising special parameter or manual transmission is updated to information storage module one by one, and automatic or manual is distributed to each penetration testing module or specified single penetration testing module one by one, executes specific penetration testing action.

Description

Semi-automatic Permeation Test System based on drive sweep and method
Technical field
The present invention relates to information security measuring technologies, more particularly to interface penetration testing technology.
Background technology
With the development of network and computer software information technology, network security is increasingly by everybody attention and pass Note, relevant safety test are also more and more essential.
In safety test, in order to improve accuracy rate and test coverage as far as possible, generally require to examining system into The a large amount of frequent tests of row, tester can be attacked with analog hacker, and infiltration survey is carried out to the total interface of business to be measured The verification of examination technology, it is ensured that the security level of operation system reaches business need, but single operation system has usually contained very Multiplex roles address, it is artificial to carry out verifying undoubtedly a muscular labor, and the testing time is limited, this also brings to safety test personnel Many operating pressures;Current penetration testing tool or be to only provide agent functionality, is only capable of obtaining testing data (such as ip, url, interface IP address etc.), penetration testing authentication module need additional integrated or are only authentication modules, cannot refer to It is fixed or batch that testing data is verified;The time for increasing safety test, with now popular struts2- For 046 verification tool, Weblogic XML unserializing loophole checking tools, the only only authentication module of penetration testing, There is no testing data acquisition module;Which results in the information limitation of penetration testing, test input information is collected and validating vulnerability Do not combine well, many inconvenience is brought to safety test work.
Referring to application No. is the patent applications of CN201410381582.2, it discloses a kind of automation penetration testing methods And system, but its be primarily directed to current semi-automation or manually carry out penetration testing process take time and effort ask Topic, although this penetration testing method is efficient, after full-automatic penetration testing, the only final knot of output and display Fruit, can not specific aim selection need carry out penetration testing parameter, can not be arbitrarily designated needs penetration testing module execute Penetration testing works.Therefore the means that test input information is collected and validating vulnerability combines can be made by needing one, pacified with meeting It is simpler, faster in full test job, more effectively to target service carry out quickly, comprehensively, targetedly penetration testing Demand.
Invention content
The object of the present invention is to provide a kind of semi-automatic Permeation Test System and method based on drive sweep, solves Current penetrating in testing tool cannot targetedly test the parameter for needing progress penetration testing, penetration testing There are limitation, test input informations to collect the problem of not combining well with validating vulnerability for information.
The present invention solves its technical problem, the technical solution adopted is that:Semi-automatic penetration testing based on drive sweep System, including client and high in the clouds, which is characterized in that the client includes that information monitors module, information identification module, information Processing module, information storage module and penetration testing module, described information are monitored module and are passed through at information identification module and information Module connection is managed, described information memory module is connect with message processing module, and described information processing module passes through penetration testing mould Block with high in the clouds for connecting;
Described information monitors module, is monitored for the relevant interface message data to targeted sites to be measured, to network On information transmission be managed and capture the traffic flow information of object to be measured website;
Described information identification module, for judging that the traffic flow information of crawl whether there is the number to be measured for including special parameter It is believed that breath and whether meet test interface specification, if there are the data information to be measured comprising special parameter and meeting test and connecing Mouth specification, then pass to message processing module by the traffic flow information, be otherwise failure to actuate;
Described information processing module, for handling the data information to be measured for including special parameter in traffic flow information, simultaneously It is treated the data information to be measured comprising special parameter is automatic or manual transmission is updated to information storage module one by one, And it extracts the data information to be measured comprising special parameter increased newly in information storage module and distributes its automatic or manual one by one To each penetration testing module or specified single penetration testing module;
Described information memory module, for receiving through message processing module treated data to be measured for including special parameter Information, and preserving one by one, will when message processing module needs to extract updated data information to be measured comprising special parameter The data information transfer is to message processing module;
The penetration testing module, for receiving the data to be measured for including special parameter come from message processing module transmission Information, and specific penetration testing action is executed, finally outputing test result and being sent to high in the clouds is updated and shows.
Specifically, the client is at least one.
Further, the data information of the special parameter includes the addresses URL and/or ip and/or interface link.
Specifically, the client is installed or is integrated in end objectives in the form of SDK, or with individual software form In the presence of.
Still further, the specific penetration testing action includes web applications Hole Detection and/or the inspection of server loophole It surveys.
Specifically, the web applications Hole Detection includes SQL injection detection, cross-site attack script XSS detections, inspection of going beyond one's commission It surveys, arbitrary file reads detection and weak passwurd explosion detection.
Still further, the server Hole Detection includes heart, bleed Hole Detection, Bash remote commands executes leakage Hole detection, Strust2 remote commands execute Hole Detection and the detection of Weblogic unserializing Remote Code Execution Vulnerabilities.
Semi-automatic penetration testing method based on drive sweep is applied to the semi-automatic infiltration based on drive sweep and surveys Test system, which is characterized in that include the following steps:
Step 1 establishes connection between client and high in the clouds;
Step 2 monitors relevant interface message data progress of the module to targeted sites to be measured by the information in client Monitoring, is managed and captures the traffic flow information of object to be measured website to the information transmission on network, and traffic flow information is grabbed After taking, 3 are entered step;
It includes special parameter that step 3, the traffic flow information captured by information identification module judgement, which whether there is to be measured, Data information and whether meet test interface specification, if there are the data information to be measured comprising special parameter and meeting test The traffic flow information is then passed to message processing module, and enters step 4 by interface specification, is otherwise failure to actuate;
Step 4, message processing module receive and process the data information to be measured for including special parameter in traffic flow information, together When by treated the data information to be measured comprising special parameter it is automatic or one by one manual transmission to information storage module progress more Newly, it and extracts the data information to be measured comprising special parameter increased newly in information storage module and divides its automatic or manual one by one It is dealt into each penetration testing module or specified single penetration testing module, subsequently into step 5;
Step 5, when penetration testing module receive from message processing module transmission come the number to be measured for including special parameter It is believed that after breath, specific penetration testing action is executed, finally outputing test result and being sent to high in the clouds is updated and shows.
Specifically, in step 5, if after executing the action of specific penetration testing, high in the clouds does not update and shows test result, then into Enter step 1.
The invention has the advantages that by above-mentioned semi-automatic Permeation Test System and method based on drive sweep, It treats measurement information data to be monitored, and testing data is selected and stored according to test specification, in batch or specified class In type penetration testing, the testing data of storage can quickly and be automatically traversed or be specified, and carries out specified or batch to it and oozes The verification of saturating measuring technology eliminates the artificial time for carrying out validating vulnerability, realizes the high efficiency of safety test, agility and Accuracy.
Description of the drawings
Fig. 1 is that the present invention is based on the structural schematic diagrams of the semi-automatic Permeation Test System of drive sweep.
Specific implementation mode
With reference to embodiment and attached drawing, detailed description of the present invention technical solution.
Semi-automatic Permeation Test System of the present invention based on drive sweep, referring to Fig. 1, this is structural schematic diagram System includes client and high in the clouds, and client includes that information monitors module, information identification module, message processing module, information storage Module and penetration testing module, information are monitored module and are connect with message processing module by information identification module, information storage mould Block is connect with message processing module, and message processing module is used to connect with high in the clouds by penetration testing module;Information monitors module, It is monitored for the relevant interface message data to targeted sites to be measured, the information transmission on network is managed and is grabbed Take the traffic flow information of object to be measured website;Information identification module, for judging the traffic flow information of crawl with the presence or absence of to be measured Including the data information of special parameter and whether meet test interface specification, if there are the to be measured data letter comprising special parameter It ceases and meets test interface specification, then the traffic flow information is passed into message processing module, be otherwise failure to actuate;Information processing Module, for handling the data information to be measured for including special parameter in traffic flow information, while will treated to be measured includes spy Determine the data information of parameter automatically or manual transmission is updated to information storage module one by one, and extracts in information storage module The newly-increased data information to be measured comprising special parameter and by its automatic or manual be distributed to one by one each penetration testing module or Specified single penetration testing module;Information storage module, for receive through message processing module treated it is to be measured comprising spy Determine the data information of parameter, and preserve one by one, when message processing module need to extract it is updated to be measured comprising special parameter By the data information transfer to message processing module when data information;Penetration testing module, for receiving from message processing module The to be measured of transmission includes the data information of special parameter, and executes specific penetration testing action, finally outputs test result simultaneously High in the clouds is sent to be updated and show.
Semi-automatic penetration testing method based on drive sweep is applied to the semi-automatic infiltration based on drive sweep and surveys Test system comprises the steps of:First, the connection between client and high in the clouds is established;Secondly, pass through the information in client Monitor module the relevant interface message data of targeted sites to be measured is monitored, on network information transmission be managed with And the traffic flow information of crawl object to be measured website, after traffic flow information captures, judge to capture by information identification module Traffic flow information with the presence or absence of the data information to be measured comprising special parameter and whether meet test interface specification, if in the presence of Data information to be measured comprising special parameter and meet test interface specification, then the traffic flow information is passed into information processing Module;Then, message processing module receives and processes the data information to be measured for including special parameter in traffic flow information, simultaneously will Treated the data information to be measured comprising special parameter is automatic or manual transmission is updated to information storage module one by one, and It extracts the data information to be measured comprising special parameter increased newly in information storage module and is distributed to its automatic or manual one by one Each penetration testing module or specified single penetration testing module;It is passed when penetration testing module is received from message processing module After passing the data information to be measured comprising special parameter come, specific penetration testing action is executed, is finally outputed test result concurrent High in the clouds is sent to be updated and show.
Here, during being monitored to the information data of targeted sites to be measured, measurement information number is treated according to test specification According to being selected and stored, in batch or specified type penetration testing, can quickly and automatically traverse or specified storage Testing data, and specified or batch penetration testing technology verification is carried out to it, the artificial time for carrying out validating vulnerability is eliminated, Realize the high efficiency of safety test, agility and accuracy.
Embodiment 1
Semi-automatic Permeation Test System of the embodiment of the present invention based on drive sweep, including client and high in the clouds, client End is at least one, and each client may include that information monitors module, information identification module, message processing module, information are deposited Module and penetration testing module etc. are stored up, information is monitored module and connect with message processing module by information identification module, and information is deposited Storage module is connect with message processing module, and message processing module is used to connect with high in the clouds by penetration testing module;Information is monitored Module is monitored for the relevant interface message data to targeted sites to be measured, is managed to the information transmission on network And the traffic flow information of crawl object to be measured website;Information identification module, for judging whether the traffic flow information of crawl is deposited In the data information to be measured comprising special parameter and whether meet test interface specification, if there are to be measured comprising special parameter Data information and meet test interface specification, then the traffic flow information is passed into message processing module, be otherwise failure to actuate;Letter Processing module is ceased, for handling the data information to be measured for include special parameter in traffic flow information, while that treated is to be measured by general Including the data information of special parameter is automatic or manual transmission is updated to information storage module one by one, and extract information storage In module increase newly the data information to be measured comprising special parameter and its automatic or manual is distributed to each penetration testing one by one Module or specified single penetration testing module;Information storage module, for receiving, through message processing module, that treated is to be measured Include the data information of special parameter, and preserve one by one, when message processing module need to extract it is updated to be measured comprising specific By the data information transfer to message processing module when the data information of parameter;Penetration testing module, for receiving from information Reason module transmits come to be measured and include the data information of special parameter, and executes the action of specific penetration testing, and finally output is tested As a result it and is sent to high in the clouds and is updated and shows.
The data information for the special parameter mentioned in this example is illustrated by taking URL as an example, based on the semi-automatic of drive sweep Change penetration testing method, is applied to the semi-automatic Permeation Test System based on drive sweep, includes the following steps:
Step 1 establishes connection between client and high in the clouds, and client is at least one;
Step 2 monitors relevant interface message data progress of the module to targeted sites to be measured by the information in client Monitoring, is managed and captures the traffic flow information of object to be measured website to the information transmission on network, and traffic flow information is grabbed After taking, 3 are entered step;
Step 3, by information identification module judge crawl traffic flow information with the presence or absence of it is to be measured comprising URL and whether Meet URL test interface specifications, if there are to be measured comprising URL and meets URL test interface specifications, by the traffic flow information Message processing module is passed to, and enters step 4, is otherwise failure to actuate;
It includes URL that step 4, message processing module, which receive and process to be measured in traffic flow information, while will treated waits for It includes that manual transmission is updated URL to information storage module one by one to survey, and what is increased newly in needing to information storage module is to be measured Including when URL is tested, extracted by message processing module increased newly in information storage module it is to be measured comprising URL and by its from It is dynamic to be distributed to each penetration testing module or specified single penetration testing module, subsequently into step 5;
Step 5, when penetration testing module receive from message processing module transmission come it is to be measured comprising URL after, execute spy Determine penetration testing action, finally outputing test result and being sent to high in the clouds is updated and shows;If executing specific penetration testing After action, high in the clouds does not update and shows test result, then enters step 1.
Embodiment 2
On the basis of the semi-automatic Permeation Test System based on drive sweep in embodiment 1, the number of special parameter It is believed that breath is equally illustrated by taking URL as an example.Semi-automatic penetration testing method based on drive sweep is applied to based on passive The semi-automatic Permeation Test System of scanning, includes the following steps:
Step 1 establishes connection between client and high in the clouds, and client is at least one;
Step 2 monitors relevant interface message data progress of the module to targeted sites to be measured by the information in client Monitoring, is managed and captures the traffic flow information of object to be measured website to the information transmission on network, and traffic flow information is grabbed After taking, 3 are entered step;
Step 3, by information identification module judge crawl traffic flow information with the presence or absence of it is to be measured comprising URL and whether Meet URL test interface specifications, if there are to be measured comprising URL and meets URL test interface specifications, by the traffic flow information Message processing module is passed to, and enters step 4, is otherwise failure to actuate;
It includes URL that step 4, message processing module, which receive and process to be measured in traffic flow information, while will treated waits for It includes that manual transmission is updated URL to information storage module one by one to survey, and what is increased newly in needing to information storage module is to be measured Including when URL is tested, extracted by message processing module increased newly in information storage module it is to be measured comprising URL and by its hand It is dynamic to be distributed to each penetration testing module or specified single penetration testing module one by one, subsequently into step 5;
Step 5, when penetration testing module receive from message processing module transmission come it is to be measured comprising URL after, execute spy Determine penetration testing action, finally outputing test result and being sent to high in the clouds is updated and shows;If executing specific penetration testing After action, high in the clouds does not update and shows test result, then enters step 1.
Embodiment 3
On the basis of the semi-automatic Permeation Test System based on drive sweep in embodiment 1, the number of special parameter It is believed that breath is equally also illustrated by taking URL as an example.Semi-automatic penetration testing method based on drive sweep is applied to be based on quilt The semi-automatic Permeation Test System of dynamic scanning, includes the following steps:
Step 1 establishes connection between client and high in the clouds, and client is at least one;
Step 2 monitors relevant interface message data progress of the module to targeted sites to be measured by the information in client Monitoring, is managed and captures the traffic flow information of object to be measured website to the information transmission on network, and traffic flow information is grabbed After taking, 3 are entered step;
Step 3, by information identification module judge crawl traffic flow information with the presence or absence of it is to be measured comprising URL and whether Meet URL test interface specifications, if there are to be measured comprising URL and meets URL test interface specifications, by the traffic flow information Message processing module is passed to, and enters step 4, is otherwise failure to actuate;
It includes URL that step 4, message processing module, which receive and process to be measured in traffic flow information, while will treated waits for Survey is automatically transferred to information storage module comprising URL and is updated, newly-increased in needing to information storage module to be measured to include When URL is tested, by message processing module extract information storage module in increase newly it is to be measured comprising URL and by its manually by One is distributed to each penetration testing module or specified single penetration testing module, subsequently into step 5;
Step 5, when penetration testing module receive from message processing module transmission come it is to be measured comprising URL after, execute spy Determine penetration testing action, finally outputing test result and being sent to high in the clouds is updated and shows;If executing specific penetration testing After action, high in the clouds does not update and shows test result, then enters step 1.
Embodiment 4
On the basis of the semi-automatic Permeation Test System based on drive sweep in embodiment 1, the number of special parameter It is believed that breath is still illustrated by taking URL as an example.Semi-automatic penetration testing method based on drive sweep is applied to based on passive The semi-automatic Permeation Test System of scanning, includes the following steps:
Step 1 establishes connection between client and high in the clouds, and client is at least one;
Step 2 monitors relevant interface message data progress of the module to targeted sites to be measured by the information in client Monitoring, is managed and captures the traffic flow information of object to be measured website to the information transmission on network, and traffic flow information is grabbed After taking, 3 are entered step;
Step 3, by information identification module judge crawl traffic flow information with the presence or absence of it is to be measured comprising URL and whether Meet URL test interface specifications, if there are to be measured comprising URL and meets URL test interface specifications, by the traffic flow information Message processing module is passed to, and enters step 4, is otherwise failure to actuate;
It includes URL that step 4, message processing module, which receive and process to be measured in traffic flow information, while will treated waits for Survey is automatically transferred to information storage module comprising URL and is updated, newly-increased in needing to information storage module to be measured to include It is to be measured comprising URL and by its automatic point by what is increased newly in message processing module extraction information storage module when URL is tested It is dealt into each penetration testing module or specified single penetration testing module, subsequently into step 5;
Step 5, when penetration testing module receive from message processing module transmission come it is to be measured comprising URL after, execute spy Determine penetration testing action, finally outputing test result and being sent to high in the clouds is updated and shows;If executing specific penetration testing After action, high in the clouds does not update and shows test result, then enters step 1.
According to aforementioned four embodiment, the semi-automatic Permeation Test System system based on drive sweep of the application proposition And in method, the data information of special parameter can be linked with the addresses ip and/or interface etc., method and step and principle and this Shen Four embodiments that please be proposed are similar, and the application no longer carries out the data information of other special parameters with individual embodiment It is described in detail;Also, in order to more meet the routine operation custom of this field, client is installed or is integrated in end in the form of SDK It holds in target, it is, of course, also possible to exist with individual software form;Wherein, specific penetration testing action may include web applications Hole Detection and/or server Hole Detection;Web applications Hole Detection may include preferably SQL injection detection, cross-site attack Script XSS detections, detection of going beyond one's commission, arbitrary file read detection and weak passwurd explosion detection etc.;Server Hole Detection is preferred May include heart bleed Hole Detection, Bash remote commands execute Hole Detection, Strust2 remote commands execute Hole Detection With Weblogic unserializing Remote Code Execution Vulnerabilities detection etc..

Claims (9)

1. the semi-automatic Permeation Test System based on drive sweep, including client and high in the clouds, which is characterized in that the client End includes that information monitors module, information identification module, message processing module, information storage module and penetration testing module, described Information is monitored module and is connect with message processing module by information identification module, described information memory module and message processing module Connection, described information processing module are used to connect with high in the clouds by penetration testing module;
Described information monitors module, is monitored for the relevant interface message data to targeted sites to be measured, on network Information transmits the traffic flow information for being managed and capturing object to be measured website;
Described information identification module, for judging the traffic flow information of crawl with the presence or absence of the data letter to be measured comprising special parameter Test interface specification is ceased and whether meets, if there are the data information to be measured comprising special parameter and meeting test interface rule The traffic flow information is then passed to message processing module, is otherwise failure to actuate by model;
Described information processing module, for handling the data information to be measured for including special parameter in traffic flow information, while will place The data information to be measured comprising special parameter after reason is automatic or manual transmission is updated to information storage module one by one, and carries It takes the data information to be measured comprising special parameter increased newly in information storage module and is distributed to its automatic or manual respectively one by one A penetration testing module or specified single penetration testing module;
Described information memory module, for receiving, through message processing module, treated that data to be measured comprising special parameter are believed Breath, and preserves one by one, should when message processing module needs to extract updated data information to be measured comprising special parameter Data information transfer is to message processing module;
The penetration testing module, for receiving the data letter to be measured comprising special parameter come from message processing module transmission Breath, and specific penetration testing action is executed, finally outputing test result and being sent to high in the clouds is updated and shows.
2. the semi-automatic Permeation Test System according to claim 1 based on drive sweep, which is characterized in that the visitor Family end is at least one.
3. the semi-automatic Permeation Test System according to claim 1 based on drive sweep, which is characterized in that the spy The data information for determining parameter includes the addresses URL and/or ip and/or interface link.
4. the semi-automatic Permeation Test System according to claim 1 based on drive sweep, which is characterized in that the visitor Family end is installed or is integrated in end objectives in the form of SDK, or exists with individual software form.
5. the semi-automatic Permeation Test System according to claim 1 based on drive sweep, which is characterized in that the spy It includes web applications Hole Detection and/or server Hole Detection to determine penetration testing action.
6. the semi-automatic Permeation Test System according to claim 5 based on drive sweep, which is characterized in that described Web application Hole Detections include SQL injection detection, cross-site attack script XSS detections, detection of going beyond one's commission, the reading detection of arbitrary file It is detected with weak passwurd explosion.
7. the semi-automatic Permeation Test System according to claim 5 based on drive sweep, which is characterized in that the clothes Business device Hole Detection include heart bleed Hole Detection, Bash remote commands execute Hole Detection, Strust2 remote commands execute Hole Detection and the detection of Weblogic unserializing Remote Code Execution Vulnerabilities.
8. the semi-automatic penetration testing method based on drive sweep, be applied to described in claim 1-7 any one based on The semi-automatic Permeation Test System of drive sweep, which is characterized in that include the following steps:
Step 1 establishes connection between client and high in the clouds;
Step 2 is monitored module by information in client and is monitored to the relevant interface message data of targeted sites to be measured, Information transmission on network is managed and is captured the traffic flow information of object to be measured website, traffic flow information crawl finishes Afterwards, 3 are entered step;
Step 3 judges that the traffic flow information of crawl whether there is the data to be measured for including special parameter by information identification module Information and whether meet test interface specification, if there are the data information to be measured comprising special parameter and meeting test interface The traffic flow information is then passed to message processing module, and enters step 4 by specification, is otherwise failure to actuate;
Step 4, message processing module receive and process the data information to be measured for including special parameter in traffic flow information, simultaneously will Treated the data information to be measured comprising special parameter is automatic or manual transmission is updated to information storage module one by one, and It extracts the data information to be measured comprising special parameter increased newly in information storage module and is distributed to its automatic or manual one by one Each penetration testing module or specified single penetration testing module, subsequently into step 5;
Step 5 is believed when penetration testing module receives the data to be measured comprising special parameter come from message processing module transmission After breath, specific penetration testing action is executed, finally outputing test result and being sent to high in the clouds is updated and shows.
9. the semi-automatic penetration testing method according to claim 8 based on drive sweep, which is characterized in that step 5 In, if after executing specific penetration testing action, high in the clouds does not update and shows test result, then enters step 1.
CN201810392824.6A 2018-04-27 2018-04-27 Semi-automatic penetration testing system and method based on passive scanning Active CN108540491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810392824.6A CN108540491B (en) 2018-04-27 2018-04-27 Semi-automatic penetration testing system and method based on passive scanning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810392824.6A CN108540491B (en) 2018-04-27 2018-04-27 Semi-automatic penetration testing system and method based on passive scanning

Publications (2)

Publication Number Publication Date
CN108540491A true CN108540491A (en) 2018-09-14
CN108540491B CN108540491B (en) 2020-06-30

Family

ID=63479426

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810392824.6A Active CN108540491B (en) 2018-04-27 2018-04-27 Semi-automatic penetration testing system and method based on passive scanning

Country Status (1)

Country Link
CN (1) CN108540491B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109284611A (en) * 2018-09-20 2019-01-29 北京计算机技术及应用研究所 The method of test macro and realization internet security test based on Metasploit frame
CN109344624A (en) * 2018-10-26 2019-02-15 深信服科技股份有限公司 Penetration test method, platform, equipment and storage medium based on cloud cooperation
CN109697362A (en) * 2018-12-13 2019-04-30 西安四叶草信息技术有限公司 Network hole detection method and device
CN111431878A (en) * 2020-03-16 2020-07-17 武汉猎鹰网安科技有限公司 Network security penetration testing system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170006055A1 (en) * 2015-06-30 2017-01-05 The Mitre Corporation Network attack simulation systems and methods
CN106874768A (en) * 2016-12-30 2017-06-20 北京瑞卓喜投科技发展有限公司 The method and device of penetration testing
CN107145786A (en) * 2017-05-08 2017-09-08 四川长虹电器股份有限公司 The safety test system and method for test is injected based on database

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170006055A1 (en) * 2015-06-30 2017-01-05 The Mitre Corporation Network attack simulation systems and methods
CN106874768A (en) * 2016-12-30 2017-06-20 北京瑞卓喜投科技发展有限公司 The method and device of penetration testing
CN107145786A (en) * 2017-05-08 2017-09-08 四川长虹电器股份有限公司 The safety test system and method for test is injected based on database

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109284611A (en) * 2018-09-20 2019-01-29 北京计算机技术及应用研究所 The method of test macro and realization internet security test based on Metasploit frame
CN109284611B (en) * 2018-09-20 2021-05-18 北京计算机技术及应用研究所 Test system based on Metasplait framework and method for realizing network security test
CN109344624A (en) * 2018-10-26 2019-02-15 深信服科技股份有限公司 Penetration test method, platform, equipment and storage medium based on cloud cooperation
CN109344624B (en) * 2018-10-26 2022-02-18 深信服科技股份有限公司 Penetration testing method, platform, equipment and storage medium based on cloud cooperation
CN109697362A (en) * 2018-12-13 2019-04-30 西安四叶草信息技术有限公司 Network hole detection method and device
CN111431878A (en) * 2020-03-16 2020-07-17 武汉猎鹰网安科技有限公司 Network security penetration testing system

Also Published As

Publication number Publication date
CN108540491B (en) 2020-06-30

Similar Documents

Publication Publication Date Title
CN108540491A (en) Semi-automatic Permeation Test System based on drive sweep and method
CN105068925B (en) Software safety defect finds system
US10873594B2 (en) Test system and method for identifying security vulnerabilities of a device under test
CN105208000B (en) The method and Network Security Device of network analysis attack backtracking
CN104462962B (en) A kind of method for detecting unknown malicious code and binary vulnerability
CN107046526A (en) Distributed heterogeneous network hole method for digging based on Fuzzing algorithms
CN106982194A (en) Vulnerability scanning method and device
CN109922073A (en) Network security monitoring device, method and system
CN109995705B (en) Attack chain detection method and device based on high-interaction honeypot system
CN109063486B (en) Safety penetration testing method and system based on PLC equipment fingerprint identification
CN104751056A (en) Vulnerability verification system and method based on attack library
CN108390864A (en) A kind of Trojan detecting method and system based on attack chain behavioural analysis
CN113158197B (en) SQL injection vulnerability detection method and system based on active IAST
CN103051627A (en) Rebound trojan horse detection method
CN112818352B (en) Database detection method and device, storage medium and electronic device
CN107038372A (en) Leaking data interface detection method and device
CN106453256A (en) Password feature library system with automatic learning function and learning method thereof
CN108965327A (en) Method, apparatus, computer equipment and the storage medium of detection system loophole
CN109711149A (en) Dynamic Updating Mechanism determination method and application Life cycle behavior monitoring method
US10757402B2 (en) Camera certification for video surveillance systems
CN107222332A (en) Method of testing, device, system and machinable medium
CN103441890A (en) Performance testing method for internet of things
CN101453454B (en) Internal tracking method and network attack detection
US20180020012A1 (en) Malware analysis system, malware analysis method, and malware analysis program
CN106294126B (en) The automation formula correctness management method and device of SEN ion injection machine table

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant