CN108574742A - Domain-name information collection method and domain-name information collection device - Google Patents
Domain-name information collection method and domain-name information collection device Download PDFInfo
- Publication number
- CN108574742A CN108574742A CN201710142641.4A CN201710142641A CN108574742A CN 108574742 A CN108574742 A CN 108574742A CN 201710142641 A CN201710142641 A CN 201710142641A CN 108574742 A CN108574742 A CN 108574742A
- Authority
- CN
- China
- Prior art keywords
- name
- subdomain
- subdomain name
- domain
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
A kind of domain-name information collection method and device, the method in one embodiment include:Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains the first subdomain name of rhizosphere name;The first inquiry request is sent to domain-name information source database;Receive the first inquiry response that domain-name information source database returns, the first inquiry response be included in that domain-name information source database inquires with rhizosphere name, the associated user information of the first subdomain name;The second inquiry request is sent to domain-name information source database, the second inquiry request includes the user information;The second inquiry response that domain-name information source database returns is received, the second inquiry response is included in the second subdomain name with the user information correlation that domain-name information source database inquires;The rhizosphere name, first subdomain name, second subdomain name are integrated, the domain-name information being collected into is obtained.This embodiment scheme can more fully be collected into subdomain name, and then can improve safety accordingly.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of domain-name information collection method and a kind of domain name
Information collection apparatus.
Background technology
Domain name externally provides the interface of WEB service as enterprise, often the entrance of hacker attack, therefore, passes through collection
Domain-name information, it will be appreciated that all domain names that an enterprise uses, and then do not leak accordingly dead angle, in all directions carry out loophole sweep
It retouches, to find loophole in time, improves security performance.At present when collecting domain-name information, generally use subdomain name is enumerated, IP is anti-
Look into, Passive DNS (passive DNS (Domain Name System, domain name system)), reptile extraction etc. modes carry out, however,
These domain-name information collection modes, have a single function, and can only collect subdomain name, subdomain name collection latitude is less, and the information of collection is not
Complete, to be easy, there are dangers.
Invention content
Based on this, it is necessary to provide a kind of domain-name information collection method and a kind of domain-name information collection device.
Following technical scheme is used in one embodiment:
A kind of domain-name information collection method, including step:
Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains the first subdomain of rhizosphere name
Name;
The first inquiry request is sent to domain-name information source database, first inquiry request includes the rhizosphere name, institute
State the first subdomain name;
The first inquiry response that domain name database of information sources returns is received, first inquiry response is included in described
Domain-name information source database inquire with the rhizosphere name, the associated user information of the first subdomain name;
The second inquiry request is sent to domain name database of information sources, second inquiry request includes user's letter
Breath;
The second inquiry response that domain name database of information sources returns is received, second inquiry response is included in described
The second subdomain name with the user information correlation that domain-name information source database inquires;
The rhizosphere name, first subdomain name, second subdomain name are integrated, the domain name letter being collected into is obtained
Breath.
A kind of domain-name information collection device, including:
Subdomain name detecting module detects the subdomain name of rhizosphere name, obtains for using predetermined subdomain name detection mode
Obtain the first subdomain name of rhizosphere name;
First enquiry module, for sending the first inquiry request, first inquiry request to domain-name information source database
Including the rhizosphere name, first subdomain name, and receive the first inquiry response of domain name database of information sources return, institute
That states that the first inquiry response is included in that domain name database of information sources inquires closes with the rhizosphere name, first subdomain name
The user information of connection;
Second enquiry module, for sending the second inquiry request, second inquiry to domain name database of information sources
Request includes the user information, and receives the second inquiry response of domain name database of information sources return, and described second looks into
It askes response and is included in the second subdomain name with the user information correlation that domain name database of information sources inquires;
Module is integrated, for being integrated to the rhizosphere name, first subdomain name, second subdomain name, is obtained
The domain-name information being collected into.
According to the scheme in embodiment as described above, in the first son for obtaining rhizosphere name by subdomain name detection mode
After domain name, also from the inquiry of domain-name information source database obtain with the associated user information of the first subdomain name, then from domain-name information
Source database inquiry obtains the second subdomain name with these user information correlations, then again to rhizosphere name, the first subdomain name, second
Subdomain name is integrated, to obtain the domain-name information being collected into, to obtain the first son by subdomain name detection mode
After domain name, be also based on the associated user information of the first subdomain name, obtained and user information from the inquiry of domain-name information source database
Associated second subdomain name is integrated, and so as to more fully be collected into subdomain name, and then can improve safety accordingly
Property.
Description of the drawings
Fig. 1 is the flow diagram of the domain-name information collection method in one embodiment;
Fig. 2 is the flow diagram that detection obtains subdomain name in a specific example;
Fig. 3 is the flow diagram that detection obtains subdomain name in another specific example;
Fig. 4 is the flow diagram that detection obtains subdomain name in another specific example;
Fig. 5 is the principle of work and power schematic diagram of this embodiment scheme in an application example;
Fig. 6 is the basic procedure principle schematic of this embodiment scheme in an application example;
Fig. 7 is the schematic diagram of node/node diagram of the domain-name information being collected into an application example;
Fig. 8 is the structural schematic diagram of the domain-name information collection device in one embodiment;
Fig. 9 is the composed structure schematic diagram of the subdomain name detecting module in a specific example;
Figure 10 is the schematic diagram of the application environment in one embodiment;
Figure 11 is the schematic diagram of the application environment in another embodiment;
Figure 12 is the composed structure schematic diagram of the server of this embodiment scheme application.
Specific implementation mode
To facilitate the understanding of the present invention, related embodiment is described more fully below with reference to relevant drawings.It is attached
The preferred embodiment of the present invention is given in figure.It should be appreciated that the embodiment of the present invention can in many different forms be come in fact
It is existing, however it is not limited to which that embodiment described herein, embodiment described herein are only used to explain the present invention, do not limit this
The protection domain of invention.Keep the understanding to the disclosure of this programme more saturating on the contrary, purpose of providing these embodiments is
It is thorough comprehensive.
Unless otherwise defined, all of technologies and scientific terms used here by the article and belong to the technical field of the present invention
The normally understood meaning of technical staff is identical.Term used herein is only for the purpose of describing specific embodiments
It is not intended to limit the present invention.Term as used herein " and/or " include appointing for one or more relevant Listed Items
Meaning and all combinations.
The flow diagram of the domain-name information collection method in one embodiment is shown in Fig. 1, as shown in Figure 1, the reality
The domain-name information collection method applied in example includes:
Step S101:Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains rhizosphere name
First subdomain name;
Step S102:The first inquiry request is sent to domain-name information source database, first inquiry request includes described
Rhizosphere name, first subdomain name;
Step S103:Receive the first inquiry response that domain name database of information sources returns, first inquiry response
Be included in that domain name database of information sources inquires with the rhizosphere name, the associated user information of the first subdomain name;
Step S104:The second inquiry request is sent to domain name database of information sources, second inquiry request includes
The user information;
Step S105:Receive the second inquiry response that domain name database of information sources returns, second inquiry response
It is included in the second subdomain name with the user information correlation that domain name database of information sources inquires;
Step S106:The rhizosphere name, first subdomain name, second subdomain name are integrated, collected
The domain-name information arrived.
According to the scheme in embodiment as described above, in the first son for obtaining rhizosphere name by subdomain name detection mode
After domain name, also from the inquiry of domain-name information source database obtain with the associated user information of the first subdomain name, then from domain-name information
Source database inquiry obtains the second subdomain name with these user information correlations, then again to rhizosphere name, the first subdomain name, second
Subdomain name is integrated, to obtain the domain-name information being collected into, to obtain the first son by subdomain name detection mode
After domain name, be also based on the associated user information of the first subdomain name, obtained and user information from the inquiry of domain-name information source database
Associated second subdomain name is integrated, and so as to more fully be collected into subdomain name, and then can improve safety accordingly
Property.
The subdomain name of rhizosphere name is detected in above-mentioned steps S101, when obtaining the first subdomain name of rhizosphere name, institute
The predetermined subdomain name detection mode used may be used any possible mode and carry out.At one in application example, it may be used
Search engine search, dns server inquiry, HTTPS certificate queries, dictionary is enumerated, DNS domain transmits the various possibility such as vulnerability detection
Mode carry out.
When being detected by the way of search engine search, may be used in a specific example following manner into
Row:Subdomain name searching request is sent to predetermined search engine, the subdomain name searching request includes the keyword of the rhizosphere name;
The subdomain name search response that the predetermined search engine returns is received, regular expression is carried out to the subdomain name search response
Match, match the subdomain name of rhizosphere name, obtains subdomain name search result.
When being detected by the way of dns server inquiry, may be used in a specific example following manner into
Row:DNS query order is sent to local dns server, the DNS query order includes the rhizosphere name;Receive described
The DNS query response that ground dns server returns, the DNS query response include the local dns server inquire it is described
The subdomain name of rhizosphere name obtains subdomain name DNS query result;
When being detected by the way of HTTPS certificate queries, may be used in a specific example following manner into
Row:Inquiry obtains the HTTPS certificate transparencies report of the rhizosphere name, is reported according to the HTTPS certificates transparency and determines institute
The subdomain name of rhizosphere name is stated, subdomain name transparency query result is obtained;
When being detected by the way of being enumerated using dictionary, following manner progress may be used in a specific example:It obtains
Take common subdomain name dictionary;Subdomain name in the common subdomain name dictionary is enumerated, the rhizosphere name is enumerated and exists
Subdomain name, obtain subdomain name enumeration result;
When being detected by the way of transmitting vulnerability detection using DNS domain, following sides may be used in a specific example
Formula carries out:It detects the corresponding goal systems of the rhizosphere name and transmits loophole with the presence or absence of DNS domain, and there are DNS domains detecting
When transmitting loophole, the subdomain name of vulnerability detection rhizosphere name is transmitted using the DNS domain, is obtained subdomain name and is transmitted vulnerability detection knot
Fruit.
It is understood that it is above-mentioned refer to using search engine search, dns server inquiry, HTTPS certificate queries,
Dictionary is enumerated, DNS domain transmits the various modes such as vulnerability detection, can need to select in conjunction with actual techniques one such or more
Kind.
In the case where selecting one of which, by above-mentioned subdomain name search result, subdomain name DNS query result, subdomain
An initial probe subdomain name in name transparency query result, subdomain name enumeration result, subdomain name transmission vulnerability detection result,
The initial probe subdomain name is as above-mentioned first subdomain name.For example, if what is selected is the mode of HTTPS certificate queries, it is
Using subdomain name transparency query result as initial probe subdomain name.
Can use search engine in a concrete application example to more fully be detected to subdomain name
Arbitrary combination in the modes such as search, dns server inquiry, HTTPS certificate queries, dictionary enumerate, DNS domain transmission vulnerability detection
Mode carries out the detection of subdomain name, at this point, being that above-mentioned subdomain name search result, subdomain name DNS query result, subdomain name is transparent
Degree query result, subdomain name enumeration result, subdomain name transmit the integrated results of vulnerability detection result arbitrarily combined as initial
Subdomain name is detected, the initial probe subdomain name is as above-mentioned first subdomain name.For example, selecting search engine search, DNS service
Then it is by subdomain name search result, subdomain name DNS query knot in the case of device inquiry, HTTPS certificate queries these three modes
Fruit, subdomain name transparency query result integrated results as initial probe subdomain name.It is appreciated that from the angle detected comprehensively
Consider, can be enumerated using search engine search, dns server inquiry, HTTPS certificate queries, dictionary, DNS domain is transmitted and is leaked
Whole modes that exploratory tunnel excavating is surveyed etc. in modes are detected, to by above-mentioned subdomain name search result, subdomain name DNS query result,
Subdomain name transparency query result, subdomain name enumeration result, subdomain name transmit the integrated results of vulnerability detection result as initial
Detect subdomain name.The purpose of integration is in order to filter out identical subdomain name in the result that various detection modes obtain, to keep away
Exempt from data redundancy caused by factor domain-name information repeats.
As described above, the initial probe subdomain name of above-mentioned acquisition, it can be directly as above-mentioned first subdomain name.It answers at some
With in example, can also be to above-mentioned initial probe subdomain name be further processed after be re-used as above-mentioned first subdomain name.
For example, show in an example that detection obtains the flow diagram of subdomain name in Fig. 2, as shown in Fig. 2, showing at this
In example, after obtaining initial probe subdomain name, following manner may be used and obtain the first subdomain name:
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address information of each initial probe subdomain name;
Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;
Carry out that IP is counter looks into IP address information after the screening, obtain it is counter looks into rear subdomain name, at this point, obtain it is counter look into after it is sub
Domain name is above-mentioned first subdomain name.
So as to screen out content distributing network IP address information accordingly, and then screen out corresponding content distribution network domain
Name information, further increases the accuracy of the subdomain name of acquisition.
The flow diagram that detection acquisition subdomain name in another example is shown in Fig. 3, as shown in figure 3, in the example
In, after obtaining initial probe subdomain name, following manner may be used and obtain the first subdomain name:
Crawl the corresponding page of each initial probe subdomain name;
The page to crawling acquisition parses, and obtains subdomain name in the page;
Subdomain name in the initial probe subdomain name and the page is integrated, first subdomain name is obtained.
To after obtaining initial probe subdomain name, in the page for also further obtaining these initial probe subdomain names
Subdomain name further can comprehensively detect to obtain subdomain name.
In another example, above two mode can be combined, show in Fig. 4 and obtained based on the exemplary detection
The flow diagram of subdomain name is obtained, as shown in figure 4, in this example, after obtaining initial probe subdomain name, using following manner
Obtain the first subdomain name:
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address letter of each initial probe subdomain name
Breath;
Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;
It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name;
It crawls and each described counter looks into the corresponding page of rear subdomain name;The page to crawling acquisition parses, and obtains in the page
Subdomain name;
To it is described it is counter look into subdomain name in rear subdomain name and the page and integrate, obtain first subdomain name.
It is thus possible to improve detection obtain subdomain name it is comprehensive while, further increase the subdomain name of acquisition
Accuracy.
Wherein, above-mentioned domain-name information source database refers to the database for being stored with domain name and its relevant information, phase here
It includes user information, such as registrant, the people that puts on record etc. to close information.The type of specific domain-name information source database, can combine
Actual needs is set, such as can be in website record information database, whois databases, Open Source Code trustship website
Any one or arbitrary combination.
At one application example in, it is above-mentioned be collected into domain-name information after, can also be by the above-mentioned domain-name information being collected into
It is shown in a manner of node/relational graph, in order to more intuitively be shown the domain-name information being collected into.It will collect
To domain-name information shown in a manner of node/node diagram when, any possible mode may be used and carry out, for example, can
With by the way that the domain-name information being collected into is sent to neo4j database servers, Neo4j is as a high performance NOSQL figure
Structural data can be stored on network rather than in table, so as to the domain name being efficiently collected by graphic data library
Information is shown in a manner of the structured graphics of node/node diagram.
Based on embodiment as described above, illustrated in greater detail is carried out below in conjunction with one of application example.Fig. 5 is shown
The principle of work and power schematic diagram using this embodiment scheme in example shows this using the present embodiment side in example in Fig. 6
The basic procedure principle schematic of case.
Referring to figs 5 and 6, this embodiment scheme is first for the rhizosphere name for needing collection domain-name information when implementing
First subdomain name is obtained using various possible subdomain name detection mode detections.
One way in which can be detected by way of search engine search.Concrete mode can be:First to
Predetermined search engine sends subdomain name searching request, and subdomain name searching request includes the keyword of rhizosphere name.Here predetermined searches
Index is held up, and can be any possible search engine for having at present and being likely to occur later, it is to be understood that due to depositing
Search engine it is numerous, can only search engine sends subdomain name searching request thereto, can also be to multiple and different
Search engine send subdomain name searching request.Assuming that needing to search for all subdomain names for collecting rhizosphere name test.com, then should
May include site in subdomain name searching request:test.com.Then the subdomain name search that predetermined search engine returns is received to ring
It answers, sub- dns search is responded and carries out regular expression matching, match the subdomain name of rhizosphere name, obtain subdomain name search knot
Fruit.In the case where having sent subdomain name searching request to multiple search engines, subdomain name search result here can be packet
The corresponding subdomain name search result of subdomain name search response that multiple search engines return is included, can also be drawn receiving multiple search
After holding up the subdomain name search response of return, the subdomain name that the subdomain name search response of each search engine matches is carried out whole
It closes, obtains subdomain name search result.
Another way, the mode that dns server inquiry may be used are detected.Specific mode can be,:Xiang Ben
Ground dns server sends DNS query order, and the DNS query order includes the rhizosphere name;Receive the local dns clothes
The DNS query that device returns of being engaged in responds, and the DNS query response includes the rhizosphere name that the local dns server inquires
Subdomain name, obtain subdomain name DNS query result.Wherein, any possible order may be used in DNS query order here
The orders such as form, such as nslookup-qt=any example.com.Assuming that search for the son for collecting rhizosphere name test.com
Domain name, then the form of the DNS query order can be nslookup-qt=any test.com orders.Wherein, local dns take
The subdomain name for the rhizosphere name that business device inquires can be that the local dns server passes through MX records (mail routing note
Record) or CNAME record (canonical name) carry out DNS name resolution acquisition the rhizosphere name subdomain name.
Another way, the mode that HTTPS certificate queries may be used are detected, you can to pass through https certificates
Transparency is reported to inquire the subdomain name for obtaining rhizosphere name.It is specifically as follows:The HTTPS certificates that inquiry obtains the rhizosphere name are saturating
Lightness is reported, the subdomain name of the rhizosphere name is determined according to HTTPS certificates transparency report, is obtained subdomain name transparency and is looked into
Ask result.Inquiry obtains the mode of the transparency report of https certificates, may be used current existing any possible mode into
Row.
Another way may be used the mode that dictionary is enumerated and be detected.It is specifically as follows:It obtains and commonly uses subdomain name
Allusion quotation;Subdomain name in the common subdomain name dictionary is enumerated, subdomain name existing for the rhizosphere name is enumerated, obtains son
Domain name enumeration result.It will be appreciated by those skilled in the art that by way of enumerating, subdomain name that may be present can be guessed
It surveys, it is assumed for example that it needs to collect the subdomain name of rhizosphere name test.com, a.test.com, b.test.com can be attempted successively,
C.test.com etc., to enumerate subdomain name existing for rhizosphere name.
Another way, the mode that DNS domain transmission vulnerability detection may be used are detected, and concrete mode can be:It visits
Survey the corresponding goal systems of rhizosphere name and transmit loophole with the presence or absence of DNS domain, and detect transmit loophole there are DNS domain when, profit
The subdomain name of vulnerability detection rhizosphere name is transmitted with the DNS domain, is obtained subdomain name and is transmitted vulnerability detection result.Specific detection rhizosphere
The corresponding goal systems of name may be used any possible mode and carry out with the presence or absence of the mode of DNS domain transmission loophole, such as logical
Being attempted using script for DNS domain transmission loophole is crossed, subdomain name information can be correctly returned, then prove that there are the loopholes.It is false
If needing the subdomain name of collection rhizosphere name test.com, DNS domain transmission vulnerability detection rhizosphere name is utilized in an application example
The mode of subdomain name can be:It is DNS that first type is searched in setting, finds out the name server in corresponding host domain.Or it can be with
It directly keys in nslookup and enters interactive mode, then be configured by set type=ns.
C is keyed in by setting:\>After nslookup-qa=ns test.com, following similar results can be returned:
It may then use that nslookup orders enter interactive mode, pass through order>Server=ns66.worldnic.com
It is the name server inquired just now to change default server.Then it can pass through order>Ls-d test.com can list server
Upper all DNS records.Relevant subdomain name is can be obtained based on DNS records.
Based on various modes as described above, many subdomain names are had been obtained for, by it in these subdomain name the present embodiment
It is denoted as initial probe subdomain name.It is detected as a result of various ways, detecting the subdomain name of acquisition may include
There is the subdomain name of repetition, as such, it can be that by above-mentioned subdomain name search result, subdomain name DNS query result, subdomain name transparency
After query result, subdomain name enumeration result, subdomain name transmission vulnerability detection result are integrated, obtained result will be integrated
(integrating the subdomain name obtained later) is denoted as initial probe subdomain name.In following exemplary explanations, for concise explanation
Purpose is illustrated by taking initial probe subdomain name as an example.
The initial probe subdomain name of above-mentioned acquisition actually includes many subdomain names, on this basis, to initially visiting
It surveys subdomain name and carries out domain name mapping, obtain IP (Internet Protocol) address information of each initial probe subdomain name.Specifically
The mode of domain name mapping (dns resolution) may be used any possible mode and carry out, such as nslookup test.com.
Then the CDN (ContentDeliveryNetwork, content distributing network) in the IP address information is screened out
After the information such as information, IP address information after being screened.Then it is directed to IP address information after screening and carries out that IP is counter looks into, it is anti-to obtain IP
Subdomain name after looking into is known as in the present embodiment counter looking into rear subdomain name.Carry out IP is counter look into when, may be used at present existing
What possible mode carries out, such as:DNS database is counter to be looked into, has that IP is counter to look into domain name interface, using system command
(nslookup 64.233.189.113 and host 64.233.189.113) inquiry etc., is not specifically limited in the present embodiment.
After obtaining counter look into after subdomain name, is crawled using reptile and each described counter look into the corresponding page of rear subdomain name;To crawling
The page of acquisition is parsed, and subdomain name in the page is obtained.The mode that specific reptile crawls may be used existing at present
What possible mode carries out, and is not specifically limited in the present embodiment.
Subdomain name in the page of above-mentioned acquisition, in the present embodiment referred to as the first subdomain name, also referred to as subdomain name
Detection is recorded a demerit, in order to be distinguished with the subdomain name inquired from domain-name information source database.The first subdomain name obtained can
To be stored in database.
Referring to figs 5 and 6, it in conjunction with the first subdomain name of above-mentioned acquisition, can be looked into domain-name information source database
It askes, domain-name information source database here refers to the database for being stored with domain name and its relevant information, relevant information packet here
Include user information, such as registrant, the people that puts on record etc..The type of specific domain-name information source database, can be in conjunction with actual needs
It is set, such as can be that website record information database (needs the owner of website to correlation according to relevant laws and regulations
The database of department's application put on record, such as the database put on record of the databases put on record of ICP and public security department), whois databases
(be used for the IP of nslookup and the database of the transport protocol of information such as the owner, that is, be used for nslookup whether by
Registration and registered domain name details database (such as domain name owner, Domain Name Registrar)), Open Source Code trustship net
Any one in standing or arbitrary combination.
In a concrete application example, can the first inquiry request be sent to domain-name information source database first, first looks into
It includes the rhizosphere name, first subdomain name to ask request, then receives the first inquiry that domain-name information source database returns and rings
Answer, first inquiry response be included in that domain name database of information sources inquires with the rhizosphere name, first son
The associated user information of domain name.Here domain-name information source database may include website record information database, whois data
At least one of library, Open Source Code trustship website.So as to which inquiry obtains from domain-name information source database and first is sub
Put on record people's information, the whois of rhizosphere name or subdomain name in the relevant user information of domain name, such as website record information database
The associated root domain name or subdomain searched in registrant's information of rhizosphere name or subdomain name in database, Open Source Code trustship website
Related personnel's information etc. of name.
Then, the second inquiry request is sent to above-mentioned domain-name information source database, the second inquiry request includes above-mentioned inquiry
Then the user information arrived receives the second inquiry response that above-mentioned domain-name information source database returns, is wrapped in the second inquiry response
Include the second subdomain name with the user information correlation inquired in domain name database of information sources.It is appreciated that this
Two subdomain names are actually the domain name of the corresponding user of above-mentioned user information while registration, which is above-mentioned rhizosphere name, subdomain
The fraternal domain name of name obtains corresponding fraternal domain name so as to inquire.
Then, rhizosphere name, the first subdomain name, the second subdomain name are integrated to above-mentioned, the domain name letter being collected into
Breath obtains final domain-name information and collects result.When being integrated, any possible mode may be used and carry out.
The domain-name information finally obtained can be shown in a manner of node/relational graph, in order to will more intuitively receive
The domain-name information collected is shown.It, can be with when being shown the domain-name information being collected into a manner of node/node diagram
It is carried out using any possible mode, for example, can be by the way that the domain-name information being collected into is sent to neo4j database services
Device, Neo4j as a high performance NOSQL graphic data base, structural data can be stored on network rather than table
In, so as to which efficiently the domain-name information being collected into is shown in a manner of the structured graphics of node/node diagram.To receive
Collection be rhizosphere name test.com subdomain name for, the section of the domain-name information being collected into an example is shown in Fig. 7
The schematic diagram of point/node diagram.
One of ordinary skill in the art will appreciate that realizing all or part of flow in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, it is non-volatile computer-readable that the program can be stored in one
It takes in storage medium, in the embodiment of the present invention, which can be stored in the storage medium of computer system, and by the calculating
At least one of machine system processor executes, and includes the flow such as the embodiment of above-mentioned each method with realization.Wherein, described
Storage medium can be magnetic disc, CD, read-only memory (Read-Only Memory, ROM) or random access memory
(Random Access Memory, RAM) etc..
Based on thought same as mentioned above, the domain-name information collection device in one embodiment is shown in Fig. 8
Structural schematic diagram.As shown in figure 8, the device in the embodiment includes:
Subdomain name detecting module 801 visits the subdomain name of rhizosphere name for using predetermined subdomain name detection mode
It surveys, obtains the first subdomain name of rhizosphere name;
First enquiry module 802, for sending the first inquiry request to domain-name information source database, first inquiry is asked
It asks including the rhizosphere name, first subdomain name, and receives the first inquiry response of domain name database of information sources return,
First inquiry response be included in that domain name database of information sources inquires with the rhizosphere name, first subdomain name
Associated user information;
Second enquiry module 803, for sending the second inquiry request to domain name database of information sources, described second looks into
It includes the user information to ask request, and receives the second inquiry response of domain name database of information sources return, and described second
Inquiry response is included in the second subdomain name with the user information correlation that domain name database of information sources inquires;
Module 804 is integrated to obtain for integrating the rhizosphere name, first subdomain name, second subdomain name
The domain-name information that must be collected into.
According to the scheme in embodiment as described above, in the first son for obtaining rhizosphere name by subdomain name detection mode
After domain name, also from the inquiry of domain-name information source database obtain with the associated user information of the first subdomain name, then from domain-name information
Source database inquiry obtains the second subdomain name with these user information correlations, then again to rhizosphere name, the first subdomain name, second
Subdomain name is integrated, to obtain the domain-name information being collected into, to obtain the first son by subdomain name detection mode
After domain name, be also based on the associated user information of the first subdomain name, obtained and user information from the inquiry of domain-name information source database
Associated second subdomain name is integrated, and so as to more fully be collected into subdomain name, and then can improve safety accordingly
Property.
Subdomain name detecting module 801 is detected in the subdomain name to rhizosphere name, when obtaining the first subdomain name of rhizosphere name,
Used predetermined subdomain name detection mode may be used any possible mode and carry out.A specific example is shown in Fig. 9
In subdomain name detecting module composed structure schematic diagram, as shown in figure 9, subdomain name detecting module 801 may include subdomain name
Search module 8011, DNS query module 8012, HTTPS certificates collection module 8013, dictionary enumeration module 8014, transmission loophole
At least one of detecting module 8015, further include initial integration module 8016.For the purpose convenient for explanation, below to wrap simultaneously
Subdomain name search module 8011, DNS query module 8012, HTTPS certificates collection module 8013, dictionary enumeration module are included
8014, it is illustrated for transmission vulnerability detection module 8015.
Wherein, above-mentioned subdomain name search module 8011, it is described for sending subdomain name searching request to predetermined search engine
Subdomain name searching request includes the keyword of the rhizosphere name;The subdomain name search that the predetermined search engine returns is received to ring
It answers, regular expression matching is carried out to the subdomain name search response, matches the subdomain name of rhizosphere name, obtain subdomain name search
As a result.
Above-mentioned DNS query module 8012, for sending DNS query order, the DNS query life to local dns server
Order includes the rhizosphere name;The DNS query response that the local dns server returns is received, the DNS query response includes
The subdomain name for the rhizosphere name that the local dns server inquires obtains subdomain name DNS query result.Wherein, local
The subdomain name for the rhizosphere name that dns server inquires can be that local dns server is remembered by mail route record or alias
Record carries out the subdomain name of the rhizosphere name of DNS name resolution acquisition.
Above-mentioned HTTPS certificates collection module 8013, for inquiring the HTTPS certificate transparency reports for obtaining the rhizosphere name
It accuses, the subdomain name of the rhizosphere name is determined according to HTTPS certificates transparency report, obtain subdomain name transparency inquiry knot
Fruit.
Above-mentioned dictionary enumeration module 8014, for obtaining common subdomain name dictionary;To in the common subdomain name dictionary
Subdomain name is enumerated, and subdomain name existing for the rhizosphere name is enumerated, and obtains subdomain name enumeration result.
Above-mentioned transmission vulnerability detection module 8015 whether there is DNS for detecting the corresponding goal systems of the rhizosphere name
Loophole is transmitted in domain, and is detecting there are when DNS domain transmission loophole, and the DNS domain is utilized to transmit the son of vulnerability detection rhizosphere name
Domain name obtains subdomain name and transmits vulnerability detection result.
And above-mentioned initial integration module 8016, it is used for above-mentioned subdomain name search result, subdomain name DNS query result, son
In domain name transparency query result, subdomain name enumeration result, subdomain name transmission vulnerability detection result at least one of or it is arbitrary
The integrated results of combination are as initial probe subdomain name.
Wherein, the initial probe subdomain name of above-mentioned acquisition, can be directly as above-mentioned first subdomain name.Show in some applications
Can also be to be re-used as above-mentioned first subdomain name after being further processed to above-mentioned initial probe subdomain name in example.
In one example, as shown in figure 9, the subdomain name detecting module 801 can also include:
IP is counter to look into module 8017, for carrying out domain name mapping to each initial probe subdomain name, obtains each described initial
Detect the IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, is sieved
IP address information after choosing;It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name.At this point, above-mentioned
Entitled this of one subdomain counter looks into rear subdomain name.
So as to screen out content distributing network IP address information accordingly, and then screen out corresponding content distribution network domain
Name information, further increases the accuracy of the subdomain name of acquisition.
In another example, as shown in figure 9, the subdomain name detecting module 801 can also include:
Module 8018 is crawled, for crawling the corresponding page of each initial probe subdomain name;To crawling the page of acquisition
It is parsed, obtains subdomain name in the page;And subdomain name in the initial probe subdomain name and the page is integrated, it obtains
Obtain first subdomain name.
To after obtaining initial probe subdomain name, in the page for also further obtaining these initial probe subdomain names
Subdomain name further can comprehensively detect to obtain subdomain name.
In another example, above two mode can be combined, i.e., above-mentioned subdomain name detecting module 801 can be same
When include that IP counter look into and crawls module 8018 at module 8017, at this time:
IP is counter to look into module 8017, for carrying out domain name mapping to each initial probe subdomain name, obtains each described initial
Detect the IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, is sieved
IP address information after choosing;It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name;
Module 8018 is crawled, each described anti-the corresponding page of rear subdomain name is looked into for crawling;To crawl the page of acquisition into
Row parsing, obtains subdomain name in the page;To it is described it is counter look into subdomain name in rear subdomain name and the page and integrate, described in acquisition
First subdomain name.
It is thus possible to improve detection obtain subdomain name it is comprehensive while, further increase the subdomain name of acquisition
Accuracy.
Wherein, above-mentioned domain-name information source database refers to the database for being stored with domain name and its relevant information, phase here
It includes user information, such as registrant, the people that puts on record etc. to close information.The type of specific domain-name information source database, can combine
Actual needs is set, such as can be in website record information database, whois databases, Open Source Code trustship website
Any one or arbitrary combination.
At one in application example, as shown in figure 8, the device in the embodiment can also include:
Display module 805, for showing the domain-name information being collected into a manner of node/relational graph.From
And it can be in order to more intuitively the domain-name information being collected into be shown.By the domain-name information being collected into node/node
When the mode of figure is shown, any possible mode may be used and carry out, for example, can be by the domain-name information that will be collected into
Neo4j database servers are sent to, Neo4j, can be by structural data as a high performance NOSQL graphic data base
It is stored on network rather than in table, so as to efficiently by the domain-name information being collected into the structuring of node/node diagram
Graphics mode is shown.
Domain-name information collection method in embodiment as described above and domain-name information collection device, can apply any
The application environment of collection domain-name information is needed, such as in the collection of assets information, the collection for threatening information, vulnerability scanning etc..
One of application environment can be used for the collection of enterprise assets information, be shown based on the application in Figure 10
The schematic diagram of application environment.For the Information Security Management System of large enterprise, Asset List (IP, the domain of collecting enterprise are needed
Name, port, application, personnel etc.) information, in order to be responded at the first time when there is security incident.This embodiment scheme
The domain-name information collection method of offer, situation that the subdomain name that can easily obtain enterprise is distributed and personal information leaks are real
Existing assets are controllable, and risk is controllable, improve safety.
Another application environment, the scanning for WEB loopholes are shown in Figure 11 with improving safety based on the application
Application environment schematic diagram.After the domain-name informations such as the subdomain name and fraternal domain name for obtaining enterprise by domain-name information, such as scheme
Shown in 11, WEB vulnerability scanners can reach good covering surface, scan all domain names in time, realize preferably scanning effect
Fruit, to improve safety.
As described above, the domain-name information collection method and domain-name information collection device that are provided in the present embodiment, can apply
To the terminal and server for needing to collect domain-name information, terminal or server as where above-mentioned Information Security Management System, on
State WEB loophole servers etc..
Accordingly, the composed structure schematic diagram of the server of this embodiment scheme application is shown in Figure 12.Such as Figure 12
Shown, server includes processor, power supply module, storage medium, memory and the communication interface connected by system bus.Its
In, the storage medium of server is stored with operating system, database and a kind of domain-name information collection device, which collects
Device is for realizing a kind of domain-name information collection method.The processor supports entire service for providing calculating and control ability
The operation of device.The domain-name information collection device operation saved as in server in storage medium provides environment, and communication interface is used
It is taken in user terminal and other servers, such as above-mentioned dns server, domain-name information source database, neo4j databases
Business device etc., carries out network communication.It will be understood by those skilled in the art that structure shown in Figure 12, only with embodiment side
The block diagram of the relevant part-structure of case, does not constitute the restriction for the server being applied thereon to this embodiment scheme, specifically
Server may include either combining certain components or with different portions than more or fewer components as shown in the figure
Part is arranged.
Each technical characteristic of embodiment described above can be combined arbitrarily, to keep description succinct, not to above-mentioned reality
It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited
In contradiction, it is all considered to be the range of this specification record.
Several embodiments of the invention above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to the protection of the present invention
Range.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (10)
1. a kind of domain-name information collection method, which is characterized in that including step:
Using predetermined subdomain name detection mode, the subdomain name of rhizosphere name is detected, obtains the first subdomain name of rhizosphere name;
The first inquiry request is sent to domain-name information source database, first inquiry request includes the rhizosphere name, described the
One subdomain name;
The first inquiry response that domain name database of information sources returns is received, first inquiry response is included in domain name
Database of information sources inquire with the rhizosphere name, the associated user information of the first subdomain name;
The second inquiry request is sent to domain name database of information sources, second inquiry request includes the user information;
The second inquiry response that domain name database of information sources returns is received, second inquiry response is included in domain name
The second subdomain name with the user information correlation that database of information sources inquires;
The rhizosphere name, first subdomain name, second subdomain name are integrated, the domain-name information being collected into is obtained.
2. domain-name information collection method according to claim 1, which is characterized in that predetermined subdomain name detection mode is used,
The subdomain name of rhizosphere name is detected, obtain rhizosphere name the first subdomain name mode include following items at least one
:
Subdomain name searching request is sent to predetermined search engine, the subdomain name searching request includes the key of the rhizosphere name
Word;The subdomain name search response that the predetermined search engine returns is received, regular expressions are carried out to the subdomain name search response
Formula matches, and matches the subdomain name of rhizosphere name, obtains subdomain name search result;
DNS query order is sent to local dns server, the DNS query order includes the rhizosphere name;Receive described
The DNS query response that ground dns server returns, the DNS query response include the local dns server inquire it is described
The subdomain name of rhizosphere name obtains subdomain name DNS query result;
Inquiry obtains the HTTPS certificate transparencies report of the rhizosphere name, is reported according to the HTTPS certificates transparency and determines institute
The subdomain name of rhizosphere name is stated, subdomain name transparency query result is obtained;
It obtains and commonly uses subdomain name dictionary;Subdomain name in the common subdomain name dictionary is enumerated, the rhizosphere is enumerated
Subdomain name existing for name obtains subdomain name enumeration result;
It detects the corresponding goal systems of the rhizosphere name and transmits loophole with the presence or absence of DNS domain, and there are DNS domain transmission detecting
When loophole, the subdomain name of vulnerability detection rhizosphere name is transmitted using the DNS domain, is obtained subdomain name and is transmitted vulnerability detection result;
By the subdomain name search result, the subdomain name DNS query result, the subdomain name transparency query result, described
Subdomain name enumeration result, the subdomain name transmit at least one in vulnerability detection result or the integrated results arbitrarily combined are made
For initial probe subdomain name, the entitled initial probe subdomain name of the first subdomain.
3. domain-name information collection method according to claim 2, which is characterized in that obtaining the initial probe subdomain name
Later, further include any one in following three:
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address information of each initial probe subdomain name;
Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;To the sieve
IP address information carries out that IP is counter looks into after choosing, obtain it is counter look into rear subdomain name, first subdomain is entitled described counter to look into rear subdomain name;
Crawl the corresponding page of each initial probe subdomain name;The page to crawling acquisition parses, and obtains page neutron
Domain name;Subdomain name in the initial probe subdomain name and the page is integrated, first subdomain name is obtained;
Domain name mapping is carried out to each initial probe subdomain name, obtains the IP address information of each initial probe subdomain name;
Screen out the content distributing network IP address information in the IP address information, IP address information after being screened;To the sieve
IP address information carries out that IP is counter looks into after choosing, obtains and counter looks into rear subdomain name;It crawls and each described counter looks into the corresponding page of rear subdomain name;It is right
The page for crawling acquisition is parsed, and subdomain name in the page is obtained;Anti- subdomain name in rear subdomain name and the page is looked into described
It is integrated, obtains first subdomain name.
4. domain-name information collection method according to claim 2, which is characterized in that the local dns server inquires
The rhizosphere name subdomain name, be that the local dns server passes through mail route record or canonical name and carries out DNS domain
The subdomain name for the rhizosphere name that name parsing obtains.
5. domain-name information collection method according to claim 1, which is characterized in that including at least one in following two
:
Domain name database of information sources includes in website record information database, whois databases, Open Source Code trustship website
Any one or arbitrary combination;
It further include step:The domain-name information being collected into is shown in a manner of node/relational graph.
6. a kind of domain-name information collection device, which is characterized in that including:
Subdomain name detecting module detects the subdomain name of rhizosphere name, obtains root for using predetermined subdomain name detection mode
First subdomain name of domain name;
First enquiry module, for sending the first inquiry request to domain-name information source database, first inquiry request includes
The rhizosphere name, first subdomain name, and the first inquiry response of domain name database of information sources return is received, described the
One inquiry response be included in domain name database of information sources inquire it is associated with the rhizosphere name, first subdomain name
User information;
Second enquiry module, for sending the second inquiry request, second inquiry request to domain name database of information sources
Including the user information, and the second inquiry response of domain name database of information sources return is received, second inquiry is rung
The second subdomain name with the user information correlation that domain name database of information sources inquires should be included in;
Module is integrated to be collected for integrating the rhizosphere name, first subdomain name, second subdomain name
The domain-name information arrived.
7. domain-name information collection device according to claim 6, which is characterized in that the subdomain name detecting module includes:
Subdomain name search module, HTTPS certificates collection module, dictionary enumeration module, transmits vulnerability detection module at DNS query module
At least one of and initial integration module:
The subdomain name search module, for sending subdomain name searching request to predetermined search engine, the subdomain name search is asked
Seek the keyword for including the rhizosphere name;The subdomain name search response that the predetermined search engine returns is received, to the subdomain
Name search response carries out regular expression matching, matches the subdomain name of rhizosphere name, obtains subdomain name search result;
The DNS query module, for sending DNS query order to local dns server, the DNS query order includes
The rhizosphere name;The DNS query response that the local dns server returns is received, the DNS query response includes the local
The subdomain name for the rhizosphere name that dns server inquires obtains subdomain name DNS query result;
The HTTPS certificates collection module, for inquiring the HTTPS certificate transparencies report for obtaining the rhizosphere name, according to institute
The subdomain name that the report of HTTPS certificate transparencies determines the rhizosphere name is stated, subdomain name transparency query result is obtained;
The dictionary enumeration module, for obtaining common subdomain name dictionary;To the subdomain name in the common subdomain name dictionary into
Row is enumerated, and subdomain name existing for the rhizosphere name is enumerated, and obtains subdomain name enumeration result;
The transmission vulnerability detection module, for detecting the corresponding goal systems of the rhizosphere name with the presence or absence of DNS domain transmission leakage
Hole, and detecting there are when DNS domain transmission loophole, it utilizes the DNS domain to transmit the subdomain name of vulnerability detection rhizosphere name, obtains
Subdomain name transmits vulnerability detection result;
The initial integration module is used for the subdomain name search result, the subdomain name DNS query result, the subdomain
In name transparency query result, the subdomain name enumeration result, subdomain name transmission vulnerability detection result at least one of or
The integrated results that person arbitrarily combines are as initial probe subdomain name, the entitled initial probe subdomain name of the first subdomain.
8. domain-name information collection device according to claim 7, which is characterized in that the subdomain name detecting module also wraps
It includes:IP is counter to be looked into module or crawls module:
The IP is counter to look into module, for carrying out domain name mapping to each initial probe subdomain name, obtains each initial probe
The IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, after being screened
IP address information;Carry out that IP is counter looks into IP address information after the screening, obtain it is counter looks into rear subdomain name, first subdomain is entitled
It is described counter to look into rear subdomain name;
It is described to crawl module, for crawling the corresponding page of each initial probe subdomain name;The page to crawling acquisition carries out
Parsing obtains subdomain name in the page;Subdomain name in the initial probe subdomain name and the page is integrated, described in acquisition
First subdomain name.
9. domain-name information collection device according to claim 7, which is characterized in that the subdomain name detecting module also wraps
It includes:IP is counter to be looked into module and crawls module:
The IP is counter to look into module, for carrying out domain name mapping to each initial probe subdomain name, obtains each initial probe
The IP address information of subdomain name;The content distributing network IP address information in the IP address information is screened out, after being screened
IP address information;It carries out that IP is counter looks into IP address information after the screening, obtains and counter looks into rear subdomain name;
It is described to crawl module, each described counter look into the corresponding page of rear subdomain name for crawling;The page to crawling acquisition solves
Analysis obtains subdomain name in the page;To it is described it is counter look into subdomain name in rear subdomain name and the page and integrate, obtain described first
Subdomain name.
10. domain-name information collection device according to claim 6, which is characterized in that including at least one in following two
:
Domain name database of information sources includes in website record information database, whois databases, Open Source Code trustship website
Any one or arbitrary combination;
It further include display module:For the domain-name information being collected into be shown in a manner of node/relational graph.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710142641.4A CN108574742B (en) | 2017-03-10 | 2017-03-10 | Domain name information collection method and domain name information collection device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710142641.4A CN108574742B (en) | 2017-03-10 | 2017-03-10 | Domain name information collection method and domain name information collection device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108574742A true CN108574742A (en) | 2018-09-25 |
CN108574742B CN108574742B (en) | 2021-04-16 |
Family
ID=63578144
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710142641.4A Active CN108574742B (en) | 2017-03-10 | 2017-03-10 | Domain name information collection method and domain name information collection device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108574742B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109451094A (en) * | 2018-12-20 | 2019-03-08 | 北京奇安信科技有限公司 | A kind of acquisition source station IP address method, system, electronic equipment and medium |
CN109600385A (en) * | 2018-12-28 | 2019-04-09 | 北京神州绿盟信息安全科技股份有限公司 | A kind of access control method and device |
CN110493224A (en) * | 2019-08-20 | 2019-11-22 | 杭州安恒信息技术股份有限公司 | A kind of subdomain name abduction vulnerability detection method, device and equipment |
CN110719344A (en) * | 2019-10-10 | 2020-01-21 | 北京知道创宇信息技术股份有限公司 | Domain name acquisition method and device, electronic equipment and storage medium |
CN111432041A (en) * | 2020-02-29 | 2020-07-17 | 深圳壹账通智能科技有限公司 | Domain name acquisition method, system, terminal and computer readable storage medium |
CN111447304A (en) * | 2020-06-17 | 2020-07-24 | 中国人民解放军国防科技大学 | Anycast node IP address enumeration method and system for anycast recursive domain name system |
CN111556077A (en) * | 2020-05-15 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Network data acquisition method, equipment and related equipment |
NL2026468A (en) * | 2019-12-19 | 2021-08-11 | Group Ib Tds Ltd | Method and system for determining network vulnerabilities |
CN113301001A (en) * | 2020-04-07 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Attacker determination method, device, computing equipment and medium |
CN114765599A (en) * | 2021-01-13 | 2022-07-19 | 腾讯科技(深圳)有限公司 | Sub-domain name acquisition method and device |
CN115277129A (en) * | 2022-07-13 | 2022-11-01 | 杭州安恒信息技术股份有限公司 | Domain name asset vulnerability scanning method, device, equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101094129A (en) * | 2006-06-20 | 2007-12-26 | 腾讯科技(深圳)有限公司 | Method for accessing domain name, and client terminal |
CN103685606A (en) * | 2013-12-23 | 2014-03-26 | 北京奇虎科技有限公司 | Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method |
CN105407186A (en) * | 2015-12-23 | 2016-03-16 | 北京奇虎科技有限公司 | Method and device for acquiring subdomain names |
US20170005959A1 (en) * | 2015-07-01 | 2017-01-05 | Sean P. Fenlon | Method for publishing and sharing content on the internet |
-
2017
- 2017-03-10 CN CN201710142641.4A patent/CN108574742B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101094129A (en) * | 2006-06-20 | 2007-12-26 | 腾讯科技(深圳)有限公司 | Method for accessing domain name, and client terminal |
CN103685606A (en) * | 2013-12-23 | 2014-03-26 | 北京奇虎科技有限公司 | Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method |
US20170005959A1 (en) * | 2015-07-01 | 2017-01-05 | Sean P. Fenlon | Method for publishing and sharing content on the internet |
CN105407186A (en) * | 2015-12-23 | 2016-03-16 | 北京奇虎科技有限公司 | Method and device for acquiring subdomain names |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109451094B (en) * | 2018-12-20 | 2022-02-22 | 奇安信科技集团股份有限公司 | Method, system, electronic device and medium for acquiring IP address of source station |
CN109451094A (en) * | 2018-12-20 | 2019-03-08 | 北京奇安信科技有限公司 | A kind of acquisition source station IP address method, system, electronic equipment and medium |
CN109600385B (en) * | 2018-12-28 | 2021-06-15 | 绿盟科技集团股份有限公司 | Access control method and device |
CN109600385A (en) * | 2018-12-28 | 2019-04-09 | 北京神州绿盟信息安全科技股份有限公司 | A kind of access control method and device |
CN110493224A (en) * | 2019-08-20 | 2019-11-22 | 杭州安恒信息技术股份有限公司 | A kind of subdomain name abduction vulnerability detection method, device and equipment |
CN110493224B (en) * | 2019-08-20 | 2022-01-07 | 杭州安恒信息技术股份有限公司 | Sub-domain name hijacking vulnerability detection method, device and equipment |
CN110719344B (en) * | 2019-10-10 | 2022-02-15 | 北京知道创宇信息技术股份有限公司 | Domain name acquisition method and device, electronic equipment and storage medium |
CN110719344A (en) * | 2019-10-10 | 2020-01-21 | 北京知道创宇信息技术股份有限公司 | Domain name acquisition method and device, electronic equipment and storage medium |
NL2026468A (en) * | 2019-12-19 | 2021-08-11 | Group Ib Tds Ltd | Method and system for determining network vulnerabilities |
CN111432041A (en) * | 2020-02-29 | 2020-07-17 | 深圳壹账通智能科技有限公司 | Domain name acquisition method, system, terminal and computer readable storage medium |
CN113301001A (en) * | 2020-04-07 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Attacker determination method, device, computing equipment and medium |
CN113301001B (en) * | 2020-04-07 | 2023-05-23 | 阿里巴巴集团控股有限公司 | Attacker determination method, attacker determination device, computing equipment and attacker determination medium |
CN111556077A (en) * | 2020-05-15 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Network data acquisition method, equipment and related equipment |
CN111447304B (en) * | 2020-06-17 | 2020-09-11 | 中国人民解放军国防科技大学 | Anycast node IP address enumeration method and system for anycast recursive domain name system |
CN111447304A (en) * | 2020-06-17 | 2020-07-24 | 中国人民解放军国防科技大学 | Anycast node IP address enumeration method and system for anycast recursive domain name system |
CN114765599A (en) * | 2021-01-13 | 2022-07-19 | 腾讯科技(深圳)有限公司 | Sub-domain name acquisition method and device |
CN114765599B (en) * | 2021-01-13 | 2024-04-05 | 腾讯科技(深圳)有限公司 | Subdomain name acquisition method and device |
CN115277129A (en) * | 2022-07-13 | 2022-11-01 | 杭州安恒信息技术股份有限公司 | Domain name asset vulnerability scanning method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN108574742B (en) | 2021-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108574742A (en) | Domain-name information collection method and domain-name information collection device | |
US11310132B2 (en) | System and method of identifying internet-facing assets | |
Cova et al. | An analysis of rogue AV campaigns | |
US9413777B2 (en) | Detection of network security breaches based on analysis of network record logs | |
US20060230039A1 (en) | Online identity tracking | |
US20090126022A1 (en) | Method and System for Generating Data for Security Assessment | |
CN107277038A (en) | Access control method, device and system | |
US20210149957A1 (en) | Asset Search and Discovery System Using Graph Data Structures | |
US20120011590A1 (en) | Systems, methods and devices for providing situational awareness, mitigation, risk analysis of assets, applications and infrastructure in the internet and cloud | |
US20130067582A1 (en) | Systems, methods and devices for providing device authentication, mitigation and risk analysis in the internet and cloud | |
CN110119469A (en) | A kind of data collection and transmission and method towards darknet | |
US20100235915A1 (en) | Using host symptoms, host roles, and/or host reputation for detection of host infection | |
RU2722693C1 (en) | Method and system for detecting the infrastructure of a malicious software or a cybercriminal | |
CN103685290A (en) | Vulnerability scanning system based on GHDB | |
KR20170089129A (en) | Incidents information management module comprised in incidents information intelligence analysis system | |
US20140244684A1 (en) | System and method of processing database queries | |
KR101832295B1 (en) | Incidents information intelligence analysis system | |
Zhang et al. | Hunting for invisibility: Characterizing and detecting malicious web infrastructures through server visibility analysis | |
US20140237091A1 (en) | Method and System of Network Discovery | |
CN114500122B (en) | Specific network behavior analysis method and system based on multi-source data fusion | |
Kumar et al. | A Novel Approach to Enhance DNS Cache Performance in Web Browser using SPV Algorithm | |
Guo et al. | Active probing-based schemes and data analytics for investigating malicious fast-flux web-cloaking based domains | |
Wang et al. | An empirical study: automated subdomain takeover threat detection | |
Fabian | Secure name services for the Internet of Things | |
Aggarwal et al. | The design and development of an undercover multipurpose anti-spoofing kit (unmask) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |