CN108574742A - Domain-name information collection method and domain-name information collection device - Google Patents

Domain-name information collection method and domain-name information collection device Download PDF

Info

Publication number
CN108574742A
CN108574742A CN201710142641.4A CN201710142641A CN108574742A CN 108574742 A CN108574742 A CN 108574742A CN 201710142641 A CN201710142641 A CN 201710142641A CN 108574742 A CN108574742 A CN 108574742A
Authority
CN
China
Prior art keywords
name
subdomain
subdomain name
domain
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710142641.4A
Other languages
Chinese (zh)
Other versions
CN108574742B (en
Inventor
唐文韬
胡珀
郑兴
王放
郭晶
张强
范宇河
杨勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201710142641.4A priority Critical patent/CN108574742B/en
Publication of CN108574742A publication Critical patent/CN108574742A/en
Application granted granted Critical
Publication of CN108574742B publication Critical patent/CN108574742B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Abstract

A kind of domain-name information collection method and device, the method in one embodiment include:Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains the first subdomain name of rhizosphere name;The first inquiry request is sent to domain-name information source database;Receive the first inquiry response that domain-name information source database returns, the first inquiry response be included in that domain-name information source database inquires with rhizosphere name, the associated user information of the first subdomain name;The second inquiry request is sent to domain-name information source database, the second inquiry request includes the user information;The second inquiry response that domain-name information source database returns is received, the second inquiry response is included in the second subdomain name with the user information correlation that domain-name information source database inquires;The rhizosphere name, first subdomain name, second subdomain name are integrated, the domain-name information being collected into is obtained.This embodiment scheme can more fully be collected into subdomain name, and then can improve safety accordingly.

Description

Domain-name information collection method and domain-name information collection device
Technical field
The present invention relates to field of information security technology, more particularly to a kind of domain-name information collection method and a kind of domain name Information collection apparatus.
Background technology
Domain name externally provides the interface of WEB service as enterprise, often the entrance of hacker attack, therefore, passes through collection Domain-name information, it will be appreciated that all domain names that an enterprise uses, and then do not leak accordingly dead angle, in all directions carry out loophole sweep It retouches, to find loophole in time, improves security performance.At present when collecting domain-name information, generally use subdomain name is enumerated, IP is anti- Look into, Passive DNS (passive DNS (Domain Name System, domain name system)), reptile extraction etc. modes carry out, however, These domain-name information collection modes, have a single function, and can only collect subdomain name, subdomain name collection latitude is less, and the information of collection is not Complete, to be easy, there are dangers.
Invention content
Based on this, it is necessary to provide a kind of domain-name information collection method and a kind of domain-name information collection device.
Following technical scheme is used in one embodiment:
A kind of domain-name information collection method, including step:
Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains the first subdomain of rhizosphere name Name;
The first inquiry request is sent to domain-name information source database, first inquiry request includes the rhizosphere name, institute State the first subdomain name;
The first inquiry response that domain name database of information sources returns is received, first inquiry response is included in described Domain-name information source database inquire with the rhizosphere name, the associated user information of the first subdomain name;
The second inquiry request is sent to domain name database of information sources, second inquiry request includes user's letter Breath;
The second inquiry response that domain name database of information sources returns is received, second inquiry response is included in described The second subdomain name with the user information correlation that domain-name information source database inquires;
The rhizosphere name, first subdomain name, second subdomain name are integrated, the domain name letter being collected into is obtained Breath.
A kind of domain-name information collection device, including:
Subdomain name detecting module detects the subdomain name of rhizosphere name, obtains for using predetermined subdomain name detection mode Obtain the first subdomain name of rhizosphere name;
First enquiry module, for sending the first inquiry request, first inquiry request to domain-name information source database Including the rhizosphere name, first subdomain name, and receive the first inquiry response of domain name database of information sources return, institute That states that the first inquiry response is included in that domain name database of information sources inquires closes with the rhizosphere name, first subdomain name The user information of connection;
Second enquiry module, for sending the second inquiry request, second inquiry to domain name database of information sources Request includes the user information, and receives the second inquiry response of domain name database of information sources return, and described second looks into It askes response and is included in the second subdomain name with the user information correlation that domain name database of information sources inquires;
Module is integrated, for being integrated to the rhizosphere name, first subdomain name, second subdomain name, is obtained The domain-name information being collected into.
According to the scheme in embodiment as described above, in the first son for obtaining rhizosphere name by subdomain name detection mode After domain name, also from the inquiry of domain-name information source database obtain with the associated user information of the first subdomain name, then from domain-name information Source database inquiry obtains the second subdomain name with these user information correlations, then again to rhizosphere name, the first subdomain name, second Subdomain name is integrated, to obtain the domain-name information being collected into, to obtain the first son by subdomain name detection mode After domain name, be also based on the associated user information of the first subdomain name, obtained and user information from the inquiry of domain-name information source database Associated second subdomain name is integrated, and so as to more fully be collected into subdomain name, and then can improve safety accordingly Property.
Description of the drawings
Fig. 1 is the flow diagram of the domain-name information collection method in one embodiment;
Fig. 2 is the flow diagram that detection obtains subdomain name in a specific example;
Fig. 3 is the flow diagram that detection obtains subdomain name in another specific example;
Fig. 4 is the flow diagram that detection obtains subdomain name in another specific example;
Fig. 5 is the principle of work and power schematic diagram of this embodiment scheme in an application example;
Fig. 6 is the basic procedure principle schematic of this embodiment scheme in an application example;
Fig. 7 is the schematic diagram of node/node diagram of the domain-name information being collected into an application example;
Fig. 8 is the structural schematic diagram of the domain-name information collection device in one embodiment;
Fig. 9 is the composed structure schematic diagram of the subdomain name detecting module in a specific example;
Figure 10 is the schematic diagram of the application environment in one embodiment;
Figure 11 is the schematic diagram of the application environment in another embodiment;
Figure 12 is the composed structure schematic diagram of the server of this embodiment scheme application.
Specific implementation mode
To facilitate the understanding of the present invention, related embodiment is described more fully below with reference to relevant drawings.It is attached The preferred embodiment of the present invention is given in figure.It should be appreciated that the embodiment of the present invention can in many different forms be come in fact It is existing, however it is not limited to which that embodiment described herein, embodiment described herein are only used to explain the present invention, do not limit this The protection domain of invention.Keep the understanding to the disclosure of this programme more saturating on the contrary, purpose of providing these embodiments is It is thorough comprehensive.
Unless otherwise defined, all of technologies and scientific terms used here by the article and belong to the technical field of the present invention The normally understood meaning of technical staff is identical.Term used herein is only for the purpose of describing specific embodiments It is not intended to limit the present invention.Term as used herein " and/or " include appointing for one or more relevant Listed Items Meaning and all combinations.
The flow diagram of the domain-name information collection method in one embodiment is shown in Fig. 1, as shown in Figure 1, the reality The domain-name information collection method applied in example includes:
Step S101:Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains rhizosphere name First subdomain name;
Step S102:The first inquiry request is sent to domain-name information source database, first inquiry request includes described Rhizosphere name, first subdomain name;
Step S103:Receive the first inquiry response that domain name database of information sources returns, first inquiry response Be included in that domain name database of information sources inquires with the rhizosphere name, the associated user information of the first subdomain name;
Step S104:The second inquiry request is sent to domain name database of information sources, second inquiry request includes The user information;
Step S105:Receive the second inquiry response that domain name database of information sources returns, second inquiry response It is included in the second subdomain name with the user information correlation that domain name database of information sources inquires;
Step S106:The rhizosphere name, first subdomain name, second subdomain name are integrated, collected The domain-name information arrived.
According to the scheme in embodiment as described above, in the first son for obtaining rhizosphere name by subdomain name detection mode After domain name, also from the inquiry of domain-name information source database obtain with the associated user information of the first subdomain name, then from domain-name information Source database inquiry obtains the second subdomain name with these user information correlations, then again to rhizosphere name, the first subdomain name, second Subdomain name is integrated, to obtain the domain-name information being collected into, to obtain the first son by subdomain name detection mode After domain name, be also based on the associated user information of the first subdomain name, obtained and user information from the inquiry of domain-name information source database Associated second subdomain name is integrated, and so as to more fully be collected into subdomain name, and then can improve safety accordingly Property.
The subdomain name of rhizosphere name is detected in above-mentioned steps S101, when obtaining the first subdomain name of rhizosphere name, institute The predetermined subdomain name detection mode used may be used any possible mode and carry out.At one in application example, it may be used Search engine search, dns server inquiry, HTTPS certificate queries, dictionary is enumerated, DNS domain transmits the various possibility such as vulnerability detection Mode carry out.
When being detected by the way of search engine search, may be used in a specific example following manner into Row:Subdomain name searching request is sent to predetermined search engine, the subdomain name searching request includes the keyword of the rhizosphere name; The subdomain name search response that the predetermined search engine returns is received, regular expression is carried out to the subdomain name search response Match, match the subdomain name of rhizosphere name, obtains subdomain name search result.
When being detected by the way of dns server inquiry, may be used in a specific example following manner into Row:DNS query order is sent to local dns server, the DNS query order includes the rhizosphere name;Receive described The DNS query response that ground dns server returns, the DNS query response include the local dns server inquire it is described The subdomain name of rhizosphere name obtains subdomain name DNS query result;
When being detected by the way of HTTPS certificate queries, may be used in a specific example following manner into Row:Inquiry obtains the HTTPS certificate transparencies report of the rhizosphere name, is reported according to the HTTPS certificates transparency and determines institute The subdomain name of rhizosphere name is stated, subdomain name transparency query result is obtained;
When being detected by the way of being enumerated using dictionary, following manner progress may be used in a specific example:It obtains Take common subdomain name dictionary;Subdomain name in the common subdomain name dictionary is enumerated, the rhizosphere name is enumerated and exists Subdomain name, obtain subdomain name enumeration result;
When being detected by the way of transmitting vulnerability detection using DNS domain, following sides may be used in a specific example Formula carries out:It detects the corresponding goal systems of the rhizosphere name and transmits loophole with the presence or absence of DNS domain, and there are DNS domains detecting When transmitting loophole, the subdomain name of vulnerability detection rhizosphere name is transmitted using the DNS domain, is obtained subdomain name and is transmitted vulnerability detection knot Fruit.
It is understood that it is above-mentioned refer to using search engine search, dns server inquiry, HTTPS certificate queries, Dictionary is enumerated, DNS domain transmits the various modes such as vulnerability detection, can need to select in conjunction with actual techniques one such or more Kind.
In the case where selecting one of which, by above-mentioned subdomain name search result, subdomain name DNS query result, subdomain An initial probe subdomain name in name transparency query result, subdomain name enumeration result, subdomain name transmission vulnerability detection result, The initial probe subdomain name is as above-mentioned first subdomain name.For example, if what is selected is the mode of HTTPS certificate queries, it is Using subdomain name transparency query result as initial probe subdomain name.
Can use search engine in a concrete application example to more fully be detected to subdomain name Arbitrary combination in the modes such as search, dns server inquiry, HTTPS certificate queries, dictionary enumerate, DNS domain transmission vulnerability detection Mode carries out the detection of subdomain name, at this point, being that above-mentioned subdomain name search result, subdomain name DNS query result, subdomain name is transparent Degree query result, subdomain name enumeration result, subdomain name transmit the integrated results of vulnerability detection result arbitrarily combined as initial Subdomain name is detected, the initial probe subdomain name is as above-mentioned first subdomain name.For example, selecting search engine search, DNS service Then it is by subdomain name search result, subdomain name DNS query knot in the case of device inquiry, HTTPS certificate queries these three modes Fruit, subdomain name transparency query result integrated results as initial probe subdomain name.It is appreciated that from the angle detected comprehensively Consider, can be enumerated using search engine search, dns server inquiry, HTTPS certificate queries, dictionary, DNS domain is transmitted and is leaked Whole modes that exploratory tunnel excavating is surveyed etc. in modes are detected, to by above-mentioned subdomain name search result, subdomain name DNS query result, Subdomain name transparency query result, subdomain name enumeration result, subdomain name transmit the integrated results of vulnerability detection result as initial Detect subdomain name.The purpose of integration is in order to filter out identical subdomain name in the result that various detection modes obtain, to keep away Exempt from data redundancy caused by factor domain-name information repeats.
As described above, the initial probe subdomain name of above-mentioned acquisition, it can be directly as above-mentioned first subdomain name.It answers at some With in example, can also be to above-mentioned initial probe subdomain name be further processed after be re-used as above-mentioned first subdomain name.
For example, show in an example that detection obtains the flow diagram of subdomain name in Fig. 2, as shown in Fig. 2, showing at this In example, after obtaining initial probe subdomain name, following manner may be used and obtain the first subdomain name:
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address information of each initial probe subdomain name;
Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;
Carry out that IP is counter looks into IP address information after the screening, obtain it is counter looks into rear subdomain name, at this point, obtain it is counter look into after it is sub Domain name is above-mentioned first subdomain name.
So as to screen out content distributing network IP address information accordingly, and then screen out corresponding content distribution network domain Name information, further increases the accuracy of the subdomain name of acquisition.
The flow diagram that detection acquisition subdomain name in another example is shown in Fig. 3, as shown in figure 3, in the example In, after obtaining initial probe subdomain name, following manner may be used and obtain the first subdomain name:
Crawl the corresponding page of each initial probe subdomain name;
The page to crawling acquisition parses, and obtains subdomain name in the page;
Subdomain name in the initial probe subdomain name and the page is integrated, first subdomain name is obtained.
To after obtaining initial probe subdomain name, in the page for also further obtaining these initial probe subdomain names Subdomain name further can comprehensively detect to obtain subdomain name.
In another example, above two mode can be combined, show in Fig. 4 and obtained based on the exemplary detection The flow diagram of subdomain name is obtained, as shown in figure 4, in this example, after obtaining initial probe subdomain name, using following manner Obtain the first subdomain name:
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address letter of each initial probe subdomain name Breath;
Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;
It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name;
It crawls and each described counter looks into the corresponding page of rear subdomain name;The page to crawling acquisition parses, and obtains in the page Subdomain name;
To it is described it is counter look into subdomain name in rear subdomain name and the page and integrate, obtain first subdomain name.
It is thus possible to improve detection obtain subdomain name it is comprehensive while, further increase the subdomain name of acquisition Accuracy.
Wherein, above-mentioned domain-name information source database refers to the database for being stored with domain name and its relevant information, phase here It includes user information, such as registrant, the people that puts on record etc. to close information.The type of specific domain-name information source database, can combine Actual needs is set, such as can be in website record information database, whois databases, Open Source Code trustship website Any one or arbitrary combination.
At one application example in, it is above-mentioned be collected into domain-name information after, can also be by the above-mentioned domain-name information being collected into It is shown in a manner of node/relational graph, in order to more intuitively be shown the domain-name information being collected into.It will collect To domain-name information shown in a manner of node/node diagram when, any possible mode may be used and carry out, for example, can With by the way that the domain-name information being collected into is sent to neo4j database servers, Neo4j is as a high performance NOSQL figure Structural data can be stored on network rather than in table, so as to the domain name being efficiently collected by graphic data library Information is shown in a manner of the structured graphics of node/node diagram.
Based on embodiment as described above, illustrated in greater detail is carried out below in conjunction with one of application example.Fig. 5 is shown The principle of work and power schematic diagram using this embodiment scheme in example shows this using the present embodiment side in example in Fig. 6 The basic procedure principle schematic of case.
Referring to figs 5 and 6, this embodiment scheme is first for the rhizosphere name for needing collection domain-name information when implementing First subdomain name is obtained using various possible subdomain name detection mode detections.
One way in which can be detected by way of search engine search.Concrete mode can be:First to Predetermined search engine sends subdomain name searching request, and subdomain name searching request includes the keyword of rhizosphere name.Here predetermined searches Index is held up, and can be any possible search engine for having at present and being likely to occur later, it is to be understood that due to depositing Search engine it is numerous, can only search engine sends subdomain name searching request thereto, can also be to multiple and different Search engine send subdomain name searching request.Assuming that needing to search for all subdomain names for collecting rhizosphere name test.com, then should May include site in subdomain name searching request:test.com.Then the subdomain name search that predetermined search engine returns is received to ring It answers, sub- dns search is responded and carries out regular expression matching, match the subdomain name of rhizosphere name, obtain subdomain name search knot Fruit.In the case where having sent subdomain name searching request to multiple search engines, subdomain name search result here can be packet The corresponding subdomain name search result of subdomain name search response that multiple search engines return is included, can also be drawn receiving multiple search After holding up the subdomain name search response of return, the subdomain name that the subdomain name search response of each search engine matches is carried out whole It closes, obtains subdomain name search result.
Another way, the mode that dns server inquiry may be used are detected.Specific mode can be,:Xiang Ben Ground dns server sends DNS query order, and the DNS query order includes the rhizosphere name;Receive the local dns clothes The DNS query that device returns of being engaged in responds, and the DNS query response includes the rhizosphere name that the local dns server inquires Subdomain name, obtain subdomain name DNS query result.Wherein, any possible order may be used in DNS query order here The orders such as form, such as nslookup-qt=any example.com.Assuming that search for the son for collecting rhizosphere name test.com Domain name, then the form of the DNS query order can be nslookup-qt=any test.com orders.Wherein, local dns take The subdomain name for the rhizosphere name that business device inquires can be that the local dns server passes through MX records (mail routing note Record) or CNAME record (canonical name) carry out DNS name resolution acquisition the rhizosphere name subdomain name.
Another way, the mode that HTTPS certificate queries may be used are detected, you can to pass through https certificates Transparency is reported to inquire the subdomain name for obtaining rhizosphere name.It is specifically as follows:The HTTPS certificates that inquiry obtains the rhizosphere name are saturating Lightness is reported, the subdomain name of the rhizosphere name is determined according to HTTPS certificates transparency report, is obtained subdomain name transparency and is looked into Ask result.Inquiry obtains the mode of the transparency report of https certificates, may be used current existing any possible mode into Row.
Another way may be used the mode that dictionary is enumerated and be detected.It is specifically as follows:It obtains and commonly uses subdomain name Allusion quotation;Subdomain name in the common subdomain name dictionary is enumerated, subdomain name existing for the rhizosphere name is enumerated, obtains son Domain name enumeration result.It will be appreciated by those skilled in the art that by way of enumerating, subdomain name that may be present can be guessed It surveys, it is assumed for example that it needs to collect the subdomain name of rhizosphere name test.com, a.test.com, b.test.com can be attempted successively, C.test.com etc., to enumerate subdomain name existing for rhizosphere name.
Another way, the mode that DNS domain transmission vulnerability detection may be used are detected, and concrete mode can be:It visits Survey the corresponding goal systems of rhizosphere name and transmit loophole with the presence or absence of DNS domain, and detect transmit loophole there are DNS domain when, profit The subdomain name of vulnerability detection rhizosphere name is transmitted with the DNS domain, is obtained subdomain name and is transmitted vulnerability detection result.Specific detection rhizosphere The corresponding goal systems of name may be used any possible mode and carry out with the presence or absence of the mode of DNS domain transmission loophole, such as logical Being attempted using script for DNS domain transmission loophole is crossed, subdomain name information can be correctly returned, then prove that there are the loopholes.It is false If needing the subdomain name of collection rhizosphere name test.com, DNS domain transmission vulnerability detection rhizosphere name is utilized in an application example The mode of subdomain name can be:It is DNS that first type is searched in setting, finds out the name server in corresponding host domain.Or it can be with It directly keys in nslookup and enters interactive mode, then be configured by set type=ns.
C is keyed in by setting:\>After nslookup-qa=ns test.com, following similar results can be returned:
It may then use that nslookup orders enter interactive mode, pass through order>Server=ns66.worldnic.com It is the name server inquired just now to change default server.Then it can pass through order>Ls-d test.com can list server Upper all DNS records.Relevant subdomain name is can be obtained based on DNS records.
Based on various modes as described above, many subdomain names are had been obtained for, by it in these subdomain name the present embodiment It is denoted as initial probe subdomain name.It is detected as a result of various ways, detecting the subdomain name of acquisition may include There is the subdomain name of repetition, as such, it can be that by above-mentioned subdomain name search result, subdomain name DNS query result, subdomain name transparency After query result, subdomain name enumeration result, subdomain name transmission vulnerability detection result are integrated, obtained result will be integrated (integrating the subdomain name obtained later) is denoted as initial probe subdomain name.In following exemplary explanations, for concise explanation Purpose is illustrated by taking initial probe subdomain name as an example.
The initial probe subdomain name of above-mentioned acquisition actually includes many subdomain names, on this basis, to initially visiting It surveys subdomain name and carries out domain name mapping, obtain IP (Internet Protocol) address information of each initial probe subdomain name.Specifically The mode of domain name mapping (dns resolution) may be used any possible mode and carry out, such as nslookup test.com.
Then the CDN (ContentDeliveryNetwork, content distributing network) in the IP address information is screened out After the information such as information, IP address information after being screened.Then it is directed to IP address information after screening and carries out that IP is counter looks into, it is anti-to obtain IP Subdomain name after looking into is known as in the present embodiment counter looking into rear subdomain name.Carry out IP is counter look into when, may be used at present existing What possible mode carries out, such as:DNS database is counter to be looked into, has that IP is counter to look into domain name interface, using system command (nslookup 64.233.189.113 and host 64.233.189.113) inquiry etc., is not specifically limited in the present embodiment.
After obtaining counter look into after subdomain name, is crawled using reptile and each described counter look into the corresponding page of rear subdomain name;To crawling The page of acquisition is parsed, and subdomain name in the page is obtained.The mode that specific reptile crawls may be used existing at present What possible mode carries out, and is not specifically limited in the present embodiment.
Subdomain name in the page of above-mentioned acquisition, in the present embodiment referred to as the first subdomain name, also referred to as subdomain name Detection is recorded a demerit, in order to be distinguished with the subdomain name inquired from domain-name information source database.The first subdomain name obtained can To be stored in database.
Referring to figs 5 and 6, it in conjunction with the first subdomain name of above-mentioned acquisition, can be looked into domain-name information source database It askes, domain-name information source database here refers to the database for being stored with domain name and its relevant information, relevant information packet here Include user information, such as registrant, the people that puts on record etc..The type of specific domain-name information source database, can be in conjunction with actual needs It is set, such as can be that website record information database (needs the owner of website to correlation according to relevant laws and regulations The database of department's application put on record, such as the database put on record of the databases put on record of ICP and public security department), whois databases (be used for the IP of nslookup and the database of the transport protocol of information such as the owner, that is, be used for nslookup whether by Registration and registered domain name details database (such as domain name owner, Domain Name Registrar)), Open Source Code trustship net Any one in standing or arbitrary combination.
In a concrete application example, can the first inquiry request be sent to domain-name information source database first, first looks into It includes the rhizosphere name, first subdomain name to ask request, then receives the first inquiry that domain-name information source database returns and rings Answer, first inquiry response be included in that domain name database of information sources inquires with the rhizosphere name, first son The associated user information of domain name.Here domain-name information source database may include website record information database, whois data At least one of library, Open Source Code trustship website.So as to which inquiry obtains from domain-name information source database and first is sub Put on record people's information, the whois of rhizosphere name or subdomain name in the relevant user information of domain name, such as website record information database The associated root domain name or subdomain searched in registrant's information of rhizosphere name or subdomain name in database, Open Source Code trustship website Related personnel's information etc. of name.
Then, the second inquiry request is sent to above-mentioned domain-name information source database, the second inquiry request includes above-mentioned inquiry Then the user information arrived receives the second inquiry response that above-mentioned domain-name information source database returns, is wrapped in the second inquiry response Include the second subdomain name with the user information correlation inquired in domain name database of information sources.It is appreciated that this Two subdomain names are actually the domain name of the corresponding user of above-mentioned user information while registration, which is above-mentioned rhizosphere name, subdomain The fraternal domain name of name obtains corresponding fraternal domain name so as to inquire.
Then, rhizosphere name, the first subdomain name, the second subdomain name are integrated to above-mentioned, the domain name letter being collected into Breath obtains final domain-name information and collects result.When being integrated, any possible mode may be used and carry out.
The domain-name information finally obtained can be shown in a manner of node/relational graph, in order to will more intuitively receive The domain-name information collected is shown.It, can be with when being shown the domain-name information being collected into a manner of node/node diagram It is carried out using any possible mode, for example, can be by the way that the domain-name information being collected into is sent to neo4j database services Device, Neo4j as a high performance NOSQL graphic data base, structural data can be stored on network rather than table In, so as to which efficiently the domain-name information being collected into is shown in a manner of the structured graphics of node/node diagram.To receive Collection be rhizosphere name test.com subdomain name for, the section of the domain-name information being collected into an example is shown in Fig. 7 The schematic diagram of point/node diagram.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, it is non-volatile computer-readable that the program can be stored in one It takes in storage medium, in the embodiment of the present invention, which can be stored in the storage medium of computer system, and by the calculating At least one of machine system processor executes, and includes the flow such as the embodiment of above-mentioned each method with realization.Wherein, described Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
Based on thought same as mentioned above, the domain-name information collection device in one embodiment is shown in Fig. 8 Structural schematic diagram.As shown in figure 8, the device in the embodiment includes:
Subdomain name detecting module 801 visits the subdomain name of rhizosphere name for using predetermined subdomain name detection mode It surveys, obtains the first subdomain name of rhizosphere name;
First enquiry module 802, for sending the first inquiry request to domain-name information source database, first inquiry is asked It asks including the rhizosphere name, first subdomain name, and receives the first inquiry response of domain name database of information sources return, First inquiry response be included in that domain name database of information sources inquires with the rhizosphere name, first subdomain name Associated user information;
Second enquiry module 803, for sending the second inquiry request to domain name database of information sources, described second looks into It includes the user information to ask request, and receives the second inquiry response of domain name database of information sources return, and described second Inquiry response is included in the second subdomain name with the user information correlation that domain name database of information sources inquires;
Module 804 is integrated to obtain for integrating the rhizosphere name, first subdomain name, second subdomain name The domain-name information that must be collected into.
According to the scheme in embodiment as described above, in the first son for obtaining rhizosphere name by subdomain name detection mode After domain name, also from the inquiry of domain-name information source database obtain with the associated user information of the first subdomain name, then from domain-name information Source database inquiry obtains the second subdomain name with these user information correlations, then again to rhizosphere name, the first subdomain name, second Subdomain name is integrated, to obtain the domain-name information being collected into, to obtain the first son by subdomain name detection mode After domain name, be also based on the associated user information of the first subdomain name, obtained and user information from the inquiry of domain-name information source database Associated second subdomain name is integrated, and so as to more fully be collected into subdomain name, and then can improve safety accordingly Property.
Subdomain name detecting module 801 is detected in the subdomain name to rhizosphere name, when obtaining the first subdomain name of rhizosphere name, Used predetermined subdomain name detection mode may be used any possible mode and carry out.A specific example is shown in Fig. 9 In subdomain name detecting module composed structure schematic diagram, as shown in figure 9, subdomain name detecting module 801 may include subdomain name Search module 8011, DNS query module 8012, HTTPS certificates collection module 8013, dictionary enumeration module 8014, transmission loophole At least one of detecting module 8015, further include initial integration module 8016.For the purpose convenient for explanation, below to wrap simultaneously Subdomain name search module 8011, DNS query module 8012, HTTPS certificates collection module 8013, dictionary enumeration module are included 8014, it is illustrated for transmission vulnerability detection module 8015.
Wherein, above-mentioned subdomain name search module 8011, it is described for sending subdomain name searching request to predetermined search engine Subdomain name searching request includes the keyword of the rhizosphere name;The subdomain name search that the predetermined search engine returns is received to ring It answers, regular expression matching is carried out to the subdomain name search response, matches the subdomain name of rhizosphere name, obtain subdomain name search As a result.
Above-mentioned DNS query module 8012, for sending DNS query order, the DNS query life to local dns server Order includes the rhizosphere name;The DNS query response that the local dns server returns is received, the DNS query response includes The subdomain name for the rhizosphere name that the local dns server inquires obtains subdomain name DNS query result.Wherein, local The subdomain name for the rhizosphere name that dns server inquires can be that local dns server is remembered by mail route record or alias Record carries out the subdomain name of the rhizosphere name of DNS name resolution acquisition.
Above-mentioned HTTPS certificates collection module 8013, for inquiring the HTTPS certificate transparency reports for obtaining the rhizosphere name It accuses, the subdomain name of the rhizosphere name is determined according to HTTPS certificates transparency report, obtain subdomain name transparency inquiry knot Fruit.
Above-mentioned dictionary enumeration module 8014, for obtaining common subdomain name dictionary;To in the common subdomain name dictionary Subdomain name is enumerated, and subdomain name existing for the rhizosphere name is enumerated, and obtains subdomain name enumeration result.
Above-mentioned transmission vulnerability detection module 8015 whether there is DNS for detecting the corresponding goal systems of the rhizosphere name Loophole is transmitted in domain, and is detecting there are when DNS domain transmission loophole, and the DNS domain is utilized to transmit the son of vulnerability detection rhizosphere name Domain name obtains subdomain name and transmits vulnerability detection result.
And above-mentioned initial integration module 8016, it is used for above-mentioned subdomain name search result, subdomain name DNS query result, son In domain name transparency query result, subdomain name enumeration result, subdomain name transmission vulnerability detection result at least one of or it is arbitrary The integrated results of combination are as initial probe subdomain name.
Wherein, the initial probe subdomain name of above-mentioned acquisition, can be directly as above-mentioned first subdomain name.Show in some applications Can also be to be re-used as above-mentioned first subdomain name after being further processed to above-mentioned initial probe subdomain name in example.
In one example, as shown in figure 9, the subdomain name detecting module 801 can also include:
IP is counter to look into module 8017, for carrying out domain name mapping to each initial probe subdomain name, obtains each described initial Detect the IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, is sieved IP address information after choosing;It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name.At this point, above-mentioned Entitled this of one subdomain counter looks into rear subdomain name.
So as to screen out content distributing network IP address information accordingly, and then screen out corresponding content distribution network domain Name information, further increases the accuracy of the subdomain name of acquisition.
In another example, as shown in figure 9, the subdomain name detecting module 801 can also include:
Module 8018 is crawled, for crawling the corresponding page of each initial probe subdomain name;To crawling the page of acquisition It is parsed, obtains subdomain name in the page;And subdomain name in the initial probe subdomain name and the page is integrated, it obtains Obtain first subdomain name.
To after obtaining initial probe subdomain name, in the page for also further obtaining these initial probe subdomain names Subdomain name further can comprehensively detect to obtain subdomain name.
In another example, above two mode can be combined, i.e., above-mentioned subdomain name detecting module 801 can be same When include that IP counter look into and crawls module 8018 at module 8017, at this time:
IP is counter to look into module 8017, for carrying out domain name mapping to each initial probe subdomain name, obtains each described initial Detect the IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, is sieved IP address information after choosing;It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name;
Module 8018 is crawled, each described anti-the corresponding page of rear subdomain name is looked into for crawling;To crawl the page of acquisition into Row parsing, obtains subdomain name in the page;To it is described it is counter look into subdomain name in rear subdomain name and the page and integrate, described in acquisition First subdomain name.
It is thus possible to improve detection obtain subdomain name it is comprehensive while, further increase the subdomain name of acquisition Accuracy.
Wherein, above-mentioned domain-name information source database refers to the database for being stored with domain name and its relevant information, phase here It includes user information, such as registrant, the people that puts on record etc. to close information.The type of specific domain-name information source database, can combine Actual needs is set, such as can be in website record information database, whois databases, Open Source Code trustship website Any one or arbitrary combination.
At one in application example, as shown in figure 8, the device in the embodiment can also include:
Display module 805, for showing the domain-name information being collected into a manner of node/relational graph.From And it can be in order to more intuitively the domain-name information being collected into be shown.By the domain-name information being collected into node/node When the mode of figure is shown, any possible mode may be used and carry out, for example, can be by the domain-name information that will be collected into Neo4j database servers are sent to, Neo4j, can be by structural data as a high performance NOSQL graphic data base It is stored on network rather than in table, so as to efficiently by the domain-name information being collected into the structuring of node/node diagram Graphics mode is shown.
Domain-name information collection method in embodiment as described above and domain-name information collection device, can apply any The application environment of collection domain-name information is needed, such as in the collection of assets information, the collection for threatening information, vulnerability scanning etc..
One of application environment can be used for the collection of enterprise assets information, be shown based on the application in Figure 10 The schematic diagram of application environment.For the Information Security Management System of large enterprise, Asset List (IP, the domain of collecting enterprise are needed Name, port, application, personnel etc.) information, in order to be responded at the first time when there is security incident.This embodiment scheme The domain-name information collection method of offer, situation that the subdomain name that can easily obtain enterprise is distributed and personal information leaks are real Existing assets are controllable, and risk is controllable, improve safety.
Another application environment, the scanning for WEB loopholes are shown in Figure 11 with improving safety based on the application Application environment schematic diagram.After the domain-name informations such as the subdomain name and fraternal domain name for obtaining enterprise by domain-name information, such as scheme Shown in 11, WEB vulnerability scanners can reach good covering surface, scan all domain names in time, realize preferably scanning effect Fruit, to improve safety.
As described above, the domain-name information collection method and domain-name information collection device that are provided in the present embodiment, can apply To the terminal and server for needing to collect domain-name information, terminal or server as where above-mentioned Information Security Management System, on State WEB loophole servers etc..
Accordingly, the composed structure schematic diagram of the server of this embodiment scheme application is shown in Figure 12.Such as Figure 12 Shown, server includes processor, power supply module, storage medium, memory and the communication interface connected by system bus.Its In, the storage medium of server is stored with operating system, database and a kind of domain-name information collection device, which collects Device is for realizing a kind of domain-name information collection method.The processor supports entire service for providing calculating and control ability The operation of device.The domain-name information collection device operation saved as in server in storage medium provides environment, and communication interface is used It is taken in user terminal and other servers, such as above-mentioned dns server, domain-name information source database, neo4j databases Business device etc., carries out network communication.It will be understood by those skilled in the art that structure shown in Figure 12, only with embodiment side The block diagram of the relevant part-structure of case, does not constitute the restriction for the server being applied thereon to this embodiment scheme, specifically Server may include either combining certain components or with different portions than more or fewer components as shown in the figure Part is arranged.
Each technical characteristic of embodiment described above can be combined arbitrarily, to keep description succinct, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, it is all considered to be the range of this specification record.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention Range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.

Claims (10)

1. a kind of domain-name information collection method, which is characterized in that including step:
Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains the first subdomain name of rhizosphere name;
The first inquiry request is sent to domain-name information source database, first inquiry request includes the rhizosphere name, described the One subdomain name;
The first inquiry response that domain name database of information sources returns is received, first inquiry response is included in domain name Database of information sources inquire with the rhizosphere name, the associated user information of the first subdomain name;
The second inquiry request is sent to domain name database of information sources, second inquiry request includes the user information;
The second inquiry response that domain name database of information sources returns is received, second inquiry response is included in domain name The second subdomain name with the user information correlation that database of information sources inquires;
The rhizosphere name, first subdomain name, second subdomain name are integrated, the domain-name information being collected into is obtained.
2. domain-name information collection method according to claim 1, which is characterized in that predetermined subdomain name detection mode is used, The subdomain name of rhizosphere name is detected, obtain rhizosphere name the first subdomain name mode include following items at least one :
Subdomain name searching request is sent to predetermined search engine, the subdomain name searching request includes the key of the rhizosphere name Word;The subdomain name search response that the predetermined search engine returns is received, regular expressions are carried out to the subdomain name search response Formula matches, and matches the subdomain name of rhizosphere name, obtains subdomain name search result;
DNS query order is sent to local dns server, the DNS query order includes the rhizosphere name;Receive described The DNS query response that ground dns server returns, the DNS query response include the local dns server inquire it is described The subdomain name of rhizosphere name obtains subdomain name DNS query result;
Inquiry obtains the HTTPS certificate transparencies report of the rhizosphere name, is reported according to the HTTPS certificates transparency and determines institute The subdomain name of rhizosphere name is stated, subdomain name transparency query result is obtained;
It obtains and commonly uses subdomain name dictionary;Subdomain name in the common subdomain name dictionary is enumerated, the rhizosphere is enumerated Subdomain name existing for name obtains subdomain name enumeration result;
It detects the corresponding goal systems of the rhizosphere name and transmits loophole with the presence or absence of DNS domain, and there are DNS domain transmission detecting When loophole, the subdomain name of vulnerability detection rhizosphere name is transmitted using the DNS domain, is obtained subdomain name and is transmitted vulnerability detection result;
By the subdomain name search result, the subdomain name DNS query result, the subdomain name transparency query result, described Subdomain name enumeration result, the subdomain name transmit at least one in vulnerability detection result or the integrated results arbitrarily combined are made For initial probe subdomain name, the entitled initial probe subdomain name of the first subdomain.
3. domain-name information collection method according to claim 2, which is characterized in that obtaining the initial probe subdomain name Later, further include any one in following three:
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address information of each initial probe subdomain name; Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;To the sieve IP address information carries out that IP is counter looks into after choosing, obtain it is counter look into rear subdomain name, first subdomain is entitled described counter to look into rear subdomain name;
Crawl the corresponding page of each initial probe subdomain name;The page to crawling acquisition parses, and obtains page neutron Domain name;Subdomain name in the initial probe subdomain name and the page is integrated, first subdomain name is obtained;
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address information of each initial probe subdomain name; Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;To the sieve IP address information carries out that IP is counter looks into after choosing, obtains and counter looks into rear subdomain name;It crawls and each described counter looks into the corresponding page of rear subdomain name;It is right The page for crawling acquisition is parsed, and subdomain name in the page is obtained;Anti- subdomain name in rear subdomain name and the page is looked into described It is integrated, obtains first subdomain name.
4. domain-name information collection method according to claim 2, which is characterized in that the local dns server inquires The rhizosphere name subdomain name, be that the local dns server passes through mail route record or canonical name and carries out DNS domain The subdomain name for the rhizosphere name that name parsing obtains.
5. domain-name information collection method according to claim 1, which is characterized in that including at least one in following two :
Domain name database of information sources includes in website record information database, whois databases, Open Source Code trustship website Any one or arbitrary combination;
It further include step:The domain-name information being collected into is shown in a manner of node/relational graph.
6. a kind of domain-name information collection device, which is characterized in that including:
Subdomain name detecting module detects the subdomain name of rhizosphere name, obtains root for using predetermined subdomain name detection mode First subdomain name of domain name;
First enquiry module, for sending the first inquiry request to domain-name information source database, first inquiry request includes The rhizosphere name, first subdomain name, and the first inquiry response of domain name database of information sources return is received, described the One inquiry response be included in domain name database of information sources inquire it is associated with the rhizosphere name, first subdomain name User information;
Second enquiry module, for sending the second inquiry request, second inquiry request to domain name database of information sources Including the user information, and the second inquiry response of domain name database of information sources return is received, second inquiry is rung The second subdomain name with the user information correlation that domain name database of information sources inquires should be included in;
Module is integrated to be collected for integrating the rhizosphere name, first subdomain name, second subdomain name The domain-name information arrived.
7. domain-name information collection device according to claim 6, which is characterized in that the subdomain name detecting module includes: Subdomain name search module, HTTPS certificates collection module, dictionary enumeration module, transmits vulnerability detection module at DNS query module At least one of and initial integration module:
The subdomain name search module, for sending subdomain name searching request to predetermined search engine, the subdomain name search is asked Seek the keyword for including the rhizosphere name;The subdomain name search response that the predetermined search engine returns is received, to the subdomain Name search response carries out regular expression matching, matches the subdomain name of rhizosphere name, obtains subdomain name search result;
The DNS query module, for sending DNS query order to local dns server, the DNS query order includes The rhizosphere name;The DNS query response that the local dns server returns is received, the DNS query response includes the local The subdomain name for the rhizosphere name that dns server inquires obtains subdomain name DNS query result;
The HTTPS certificates collection module, for inquiring the HTTPS certificate transparencies report for obtaining the rhizosphere name, according to institute The subdomain name that the report of HTTPS certificate transparencies determines the rhizosphere name is stated, subdomain name transparency query result is obtained;
The dictionary enumeration module, for obtaining common subdomain name dictionary;To the subdomain name in the common subdomain name dictionary into Row is enumerated, and subdomain name existing for the rhizosphere name is enumerated, and obtains subdomain name enumeration result;
The transmission vulnerability detection module, for detecting the corresponding goal systems of the rhizosphere name with the presence or absence of DNS domain transmission leakage Hole, and detecting there are when DNS domain transmission loophole, it utilizes the DNS domain to transmit the subdomain name of vulnerability detection rhizosphere name, obtains Subdomain name transmits vulnerability detection result;
The initial integration module is used for the subdomain name search result, the subdomain name DNS query result, the subdomain In name transparency query result, the subdomain name enumeration result, subdomain name transmission vulnerability detection result at least one of or The integrated results that person arbitrarily combines are as initial probe subdomain name, the entitled initial probe subdomain name of the first subdomain.
8. domain-name information collection device according to claim 7, which is characterized in that the subdomain name detecting module also wraps It includes:IP is counter to be looked into module or crawls module:
The IP is counter to look into module, for carrying out domain name mapping to each initial probe subdomain name, obtains each initial probe The IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, after being screened IP address information;Carry out that IP is counter looks into IP address information after the screening, obtain it is counter looks into rear subdomain name, first subdomain is entitled It is described counter to look into rear subdomain name;
It is described to crawl module, for crawling the corresponding page of each initial probe subdomain name;The page to crawling acquisition carries out Parsing obtains subdomain name in the page;Subdomain name in the initial probe subdomain name and the page is integrated, described in acquisition First subdomain name.
9. domain-name information collection device according to claim 7, which is characterized in that the subdomain name detecting module also wraps It includes:IP is counter to be looked into module and crawls module:
The IP is counter to look into module, for carrying out domain name mapping to each initial probe subdomain name, obtains each initial probe The IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, after being screened IP address information;It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name;
It is described to crawl module, each described counter look into the corresponding page of rear subdomain name for crawling;The page to crawling acquisition solves Analysis obtains subdomain name in the page;To it is described it is counter look into subdomain name in rear subdomain name and the page and integrate, obtain described first Subdomain name.
10. domain-name information collection device according to claim 6, which is characterized in that including at least one in following two :
Domain name database of information sources includes in website record information database, whois databases, Open Source Code trustship website Any one or arbitrary combination;
It further include display module:For the domain-name information being collected into be shown in a manner of node/relational graph.
CN201710142641.4A 2017-03-10 2017-03-10 Domain name information collection method and domain name information collection device Active CN108574742B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710142641.4A CN108574742B (en) 2017-03-10 2017-03-10 Domain name information collection method and domain name information collection device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710142641.4A CN108574742B (en) 2017-03-10 2017-03-10 Domain name information collection method and domain name information collection device

Publications (2)

Publication Number Publication Date
CN108574742A true CN108574742A (en) 2018-09-25
CN108574742B CN108574742B (en) 2021-04-16

Family

ID=63578144

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710142641.4A Active CN108574742B (en) 2017-03-10 2017-03-10 Domain name information collection method and domain name information collection device

Country Status (1)

Country Link
CN (1) CN108574742B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109451094A (en) * 2018-12-20 2019-03-08 北京奇安信科技有限公司 A kind of acquisition source station IP address method, system, electronic equipment and medium
CN109600385A (en) * 2018-12-28 2019-04-09 北京神州绿盟信息安全科技股份有限公司 A kind of access control method and device
CN110493224A (en) * 2019-08-20 2019-11-22 杭州安恒信息技术股份有限公司 A kind of subdomain name abduction vulnerability detection method, device and equipment
CN110719344A (en) * 2019-10-10 2020-01-21 北京知道创宇信息技术股份有限公司 Domain name acquisition method and device, electronic equipment and storage medium
CN111432041A (en) * 2020-02-29 2020-07-17 深圳壹账通智能科技有限公司 Domain name acquisition method, system, terminal and computer readable storage medium
CN111447304A (en) * 2020-06-17 2020-07-24 中国人民解放军国防科技大学 Anycast node IP address enumeration method and system for anycast recursive domain name system
CN111556077A (en) * 2020-05-15 2020-08-18 杭州安恒信息技术股份有限公司 Network data acquisition method, equipment and related equipment
NL2026468A (en) * 2019-12-19 2021-08-11 Group Ib Tds Ltd Method and system for determining network vulnerabilities
CN113301001A (en) * 2020-04-07 2021-08-24 阿里巴巴集团控股有限公司 Attacker determination method, device, computing equipment and medium
CN114765599A (en) * 2021-01-13 2022-07-19 腾讯科技(深圳)有限公司 Sub-domain name acquisition method and device
CN115277129A (en) * 2022-07-13 2022-11-01 杭州安恒信息技术股份有限公司 Domain name asset vulnerability scanning method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094129A (en) * 2006-06-20 2007-12-26 腾讯科技(深圳)有限公司 Method for accessing domain name, and client terminal
CN103685606A (en) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method
CN105407186A (en) * 2015-12-23 2016-03-16 北京奇虎科技有限公司 Method and device for acquiring subdomain names
US20170005959A1 (en) * 2015-07-01 2017-01-05 Sean P. Fenlon Method for publishing and sharing content on the internet

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101094129A (en) * 2006-06-20 2007-12-26 腾讯科技(深圳)有限公司 Method for accessing domain name, and client terminal
CN103685606A (en) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method
US20170005959A1 (en) * 2015-07-01 2017-01-05 Sean P. Fenlon Method for publishing and sharing content on the internet
CN105407186A (en) * 2015-12-23 2016-03-16 北京奇虎科技有限公司 Method and device for acquiring subdomain names

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109451094B (en) * 2018-12-20 2022-02-22 奇安信科技集团股份有限公司 Method, system, electronic device and medium for acquiring IP address of source station
CN109451094A (en) * 2018-12-20 2019-03-08 北京奇安信科技有限公司 A kind of acquisition source station IP address method, system, electronic equipment and medium
CN109600385B (en) * 2018-12-28 2021-06-15 绿盟科技集团股份有限公司 Access control method and device
CN109600385A (en) * 2018-12-28 2019-04-09 北京神州绿盟信息安全科技股份有限公司 A kind of access control method and device
CN110493224A (en) * 2019-08-20 2019-11-22 杭州安恒信息技术股份有限公司 A kind of subdomain name abduction vulnerability detection method, device and equipment
CN110493224B (en) * 2019-08-20 2022-01-07 杭州安恒信息技术股份有限公司 Sub-domain name hijacking vulnerability detection method, device and equipment
CN110719344B (en) * 2019-10-10 2022-02-15 北京知道创宇信息技术股份有限公司 Domain name acquisition method and device, electronic equipment and storage medium
CN110719344A (en) * 2019-10-10 2020-01-21 北京知道创宇信息技术股份有限公司 Domain name acquisition method and device, electronic equipment and storage medium
NL2026468A (en) * 2019-12-19 2021-08-11 Group Ib Tds Ltd Method and system for determining network vulnerabilities
CN111432041A (en) * 2020-02-29 2020-07-17 深圳壹账通智能科技有限公司 Domain name acquisition method, system, terminal and computer readable storage medium
CN113301001A (en) * 2020-04-07 2021-08-24 阿里巴巴集团控股有限公司 Attacker determination method, device, computing equipment and medium
CN113301001B (en) * 2020-04-07 2023-05-23 阿里巴巴集团控股有限公司 Attacker determination method, attacker determination device, computing equipment and attacker determination medium
CN111556077A (en) * 2020-05-15 2020-08-18 杭州安恒信息技术股份有限公司 Network data acquisition method, equipment and related equipment
CN111447304B (en) * 2020-06-17 2020-09-11 中国人民解放军国防科技大学 Anycast node IP address enumeration method and system for anycast recursive domain name system
CN111447304A (en) * 2020-06-17 2020-07-24 中国人民解放军国防科技大学 Anycast node IP address enumeration method and system for anycast recursive domain name system
CN114765599A (en) * 2021-01-13 2022-07-19 腾讯科技(深圳)有限公司 Sub-domain name acquisition method and device
CN114765599B (en) * 2021-01-13 2024-04-05 腾讯科技(深圳)有限公司 Subdomain name acquisition method and device
CN115277129A (en) * 2022-07-13 2022-11-01 杭州安恒信息技术股份有限公司 Domain name asset vulnerability scanning method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN108574742B (en) 2021-04-16

Similar Documents

Publication Publication Date Title
CN108574742A (en) Domain-name information collection method and domain-name information collection device
US11310132B2 (en) System and method of identifying internet-facing assets
Cova et al. An analysis of rogue AV campaigns
US9413777B2 (en) Detection of network security breaches based on analysis of network record logs
US20060230039A1 (en) Online identity tracking
US20090126022A1 (en) Method and System for Generating Data for Security Assessment
CN107277038A (en) Access control method, device and system
US20210149957A1 (en) Asset Search and Discovery System Using Graph Data Structures
US20120011590A1 (en) Systems, methods and devices for providing situational awareness, mitigation, risk analysis of assets, applications and infrastructure in the internet and cloud
US20130067582A1 (en) Systems, methods and devices for providing device authentication, mitigation and risk analysis in the internet and cloud
CN110119469A (en) A kind of data collection and transmission and method towards darknet
US20100235915A1 (en) Using host symptoms, host roles, and/or host reputation for detection of host infection
RU2722693C1 (en) Method and system for detecting the infrastructure of a malicious software or a cybercriminal
CN103685290A (en) Vulnerability scanning system based on GHDB
KR20170089129A (en) Incidents information management module comprised in incidents information intelligence analysis system
US20140244684A1 (en) System and method of processing database queries
KR101832295B1 (en) Incidents information intelligence analysis system
Zhang et al. Hunting for invisibility: Characterizing and detecting malicious web infrastructures through server visibility analysis
US20140237091A1 (en) Method and System of Network Discovery
CN114500122B (en) Specific network behavior analysis method and system based on multi-source data fusion
Kumar et al. A Novel Approach to Enhance DNS Cache Performance in Web Browser using SPV Algorithm
Guo et al. Active probing-based schemes and data analytics for investigating malicious fast-flux web-cloaking based domains
Wang et al. An empirical study: automated subdomain takeover threat detection
Fabian Secure name services for the Internet of Things
Aggarwal et al. The design and development of an undercover multipurpose anti-spoofing kit (unmask)

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant