CN109120643B - Penetration testing method and device - Google Patents
Penetration testing method and device Download PDFInfo
- Publication number
- CN109120643B CN109120643B CN201811185195.6A CN201811185195A CN109120643B CN 109120643 B CN109120643 B CN 109120643B CN 201811185195 A CN201811185195 A CN 201811185195A CN 109120643 B CN109120643 B CN 109120643B
- Authority
- CN
- China
- Prior art keywords
- attack
- plug
- available
- penetration
- attack surface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The embodiment of the application provides a penetration testing method and a device, a testing terminal generates an attack chain, the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in unit; loading available attack plug-ins in an attack chain; sequentially operating the available attack plug-ins in each attack face to be used according to the priority of each attack face to be used in the attack chain until the penetration target specified by the user is reached; and displaying the obtained penetration test result. Through the design, the automatic penetration test can be realized, and the time and the labor cost required by the penetration test are shortened.
Description
Technical Field
The application relates to the technical field of network security, in particular to a penetration testing method and device.
Background
With the development of internet technology, the application of networks is more and more extensive, and the networks are more and more important. At present, a better method for guaranteeing network security is penetration testing, namely, professional network security personnel are allowed to perform security testing evaluation.
However, in the related art, the penetration test process is not continuous, whether the test after an attack point is completed is successfully verified by manual work, if the test is successful, a deeper attack level can be verified, and if the test is unsuccessful, the penetration test needs to be performed by returning to consider other methods. Therefore, the penetration test in the related art has the defects that the implementation steps are too fragmented and the labor cost is too high.
Disclosure of Invention
In view of the above, an objective of the present application is to provide a permeation method and apparatus, so as to connect all links in the permeation process in series to realize an automatic permeation test.
In order to achieve the above purpose, the embodiment of the present application adopts the following technical solutions:
in a first aspect, an embodiment of the present application provides a penetration testing method, which is applied to a test terminal, and the method includes:
generating an attack chain, wherein the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in;
loading the available attack plug-ins;
sequentially operating the available attack plug-ins in the attack surfaces to be used according to the priority of the attack surfaces to be used in the attack chain until the penetration target specified by a user is reached;
and displaying the obtained penetration test result.
Optionally, in the penetration testing method, sequentially running the available attack plug-ins in each to-be-used attack surface according to the priority of each to-be-used attack surface in the attack chain until reaching a penetration target specified by a user includes:
for any attack face to be used in the attack chain, parallelly operating all available attack plug-ins in the attack face to be used, and adding the operation results of all available attack plug-ins to the operation result set of the attack face to be used;
if the attack surface to be used is consistent with the target attack surface and the operation result set of the attack surface to be used comprises the result of successful operation, determining that the penetration target specified by the user is reached;
and the target attack surface is an attack surface appointed by a user.
Optionally, in the penetration testing method, sequentially running the available attack plug-ins in each to-be-used attack surface according to the priority of each to-be-used attack surface in the attack chain until reaching a penetration target specified by a user, further includes:
and if the attack surface to be used is inconsistent with the target attack surface and the operation result set of the attack surface to be used comprises the result of successful operation, taking the operation result set of the attack surface to be used as the input of the attack surface to be used with the next priority and operating each available attack plugin in the attack surface to be used with the next priority.
Optionally, in the penetration test method, the step of taking the running result set of the attack surface to be used as an input of the attack surface to be used of the next priority, and running each available attack plugin in the attack surface to be used of the next priority includes:
for each available attack plug-in unit in the attack surface to be used with the next priority, searching parameters required by operation from the input operation result set by the available attack plug-in unit;
if not, returning the result of operation failure.
Optionally, in the penetration testing method, generating an attack chain includes:
obtaining a target penetration range to be tested;
selecting the attack surface belonging to the target penetration range as the attack surface to be used according to the configuration file of each attack surface;
selecting an attack plug-in corresponding to the attack surface to be used as the available attack plug-in according to the configuration file of each attack plug-in;
and dividing the available attack plug-ins belonging to the same attack surface to be used into one node to obtain more than one node, and linking the more than one node into the attack chain.
In a second aspect, an embodiment of the present application further provides an infiltration testing apparatus, which is applied to a testing terminal, and the apparatus includes:
the attack chain integration module is used for generating an attack chain, wherein the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in;
the loading module is used for loading the available attack plug-in;
the penetration testing module is used for sequentially operating the available attack plug-ins in the attack surfaces to be used according to the priority of the attack surfaces to be used in the attack chain until reaching a penetration target designated by a user;
and the display module is used for displaying the obtained penetration test result.
Optionally, in the above apparatus, the penetration testing module comprises:
the first testing submodule is used for parallelly operating each available attack plugin in the attack face to be used aiming at any attack face to be used in the attack chain and adding the operation result of each available attack plugin to the operation result set of the attack face to be used; if the attack surface to be used is consistent with the target attack surface and the operation result set of the attack surface to be used comprises the result of successful operation, determining that the penetration target specified by the user is reached;
and the target attack surface is an attack surface appointed by a user.
Optionally, in the above apparatus, the penetration testing module further comprises:
and the second testing submodule is used for taking the running result set of the attack surface to be used as the input of the attack surface to be used with the next priority and running each available attack plugin in the attack surface to be used with the next priority when the attack surface to be used tested by the first testing submodule is inconsistent with the target attack surface and the running result set of the attack surface to be used comprises a successful running result.
Optionally, in the above apparatus, the second testing submodule is specifically configured to:
for each available attack plug-in unit in the attack surface to be used with the next priority, searching parameters required by operation from the input operation result set by the available attack plug-in unit; if not, returning the result of operation failure.
Optionally, in the above apparatus, the attack chain integration module includes:
the acquisition submodule is used for acquiring a target penetration range to be tested;
the attack surface screening submodule is used for selecting the attack surfaces belonging to the target penetration range as the attack surfaces to be used according to the configuration files of all the attack surfaces;
the attack plug-in screening submodule is used for selecting the attack plug-in corresponding to the attack surface to be used as the available attack plug-in according to the configuration file of each attack plug-in;
and the link submodule is used for dividing the available attack plug-ins belonging to the same attack surface to be used into one node to obtain more than one node and linking the more than one node into the attack chain.
In a third aspect, embodiments of the present application further provide a test terminal, where the test terminal includes a processor and a machine-readable storage medium, where the machine-readable storage medium has stored thereon machine-executable instructions, and when executed, the machine-executable instructions cause the processor to implement the method provided in the first aspect of the embodiments of the present application.
Compared with the prior art, the embodiment of the application has the following beneficial effects:
according to the penetration testing method and device provided by the embodiment of the application, the testing terminal generates the attack chain, the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in unit; loading an available attack plug-in; sequentially operating the available attack plug-ins in each attack face to be used according to the priority of each attack face to be used in the attack chain until the penetration target specified by the user is reached; and displaying the obtained penetration test result. Through the design, the automatic penetration test can be realized, and the time and the labor cost required by the penetration test are shortened.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic block diagram of a test terminal according to an embodiment of the present disclosure;
fig. 2 is a schematic flow chart of a penetration testing method according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram illustrating the sub-steps of step S21 shown in FIG. 2;
FIG. 4 is a schematic diagram illustrating the sub-steps of step S23 shown in FIG. 2;
fig. 5 is a functional block diagram of an infiltration testing apparatus according to an embodiment of the present disclosure;
FIG. 6 is a sub-module diagram of the attack chain integration module shown in FIG. 5;
fig. 7 is a sub-module schematic diagram of the penetration test module shown in fig. 5.
Icon: 100-a test terminal; 110-a processor; 120-a machine-readable storage medium; 130-system bus; 140-a communication unit; 150-a display unit; 200-a penetration test apparatus; 210-attack chain integration module; 211-an acquisition submodule; 212-attack face screening submodule; 213-attack plug-in screening submodule; 214-link sub-module; 220-loading the module; 230-penetration test module; 231-a first test submodule; 232-a second test submodule; 240-display module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Fig. 1 is a block diagram of a test terminal 100 according to an embodiment of the present disclosure. The test terminal 100 includes a processor 110 and a machine-readable storage medium 120.
The processor 110 and the machine-readable storage medium 120 may communicate, among other things, via a system bus 130. Also, the machine-readable storage medium 120 stores machine-executable instructions, and the processor 110 may perform the penetration testing method described below by reading and executing the machine-executable instructions in the machine-readable storage medium 120 corresponding to the penetration testing logic.
The machine-readable storage medium 120 referred to herein may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and the like. For example, the machine-readable storage medium 120 may be: a RAM (random Access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
It should be understood that in the present embodiment, the structure shown in fig. 1 is merely illustrative. The test terminal 100 may also include more or fewer components than shown in FIG. 1, or may have a completely different configuration than shown in FIG. 1. For example, the test terminal 100 may further include a communication unit 140 and a display unit 150, and the communication unit 140 and the display unit 150 may also communicate with the processor 110 and the machine-readable storage medium 120 described above through the system bus 130. The components shown in fig. 1 may be implemented in software, hardware, or a combination thereof, and the present embodiment is not limited thereto.
Fig. 2 is a flowchart illustrating a penetration testing method provided in this embodiment, which can be applied to the testing terminal 100 shown in fig. 1. The individual steps involved in the method are described in detail below.
Step S21, generating an attack chain, wherein the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in.
In the present embodiment, step S21 may include the sub-steps shown in fig. 3.
And step S31, acquiring a target penetration range to be tested.
In practical applications, when the first party commits the second party to perform the penetration test, a specific penetration test range is usually given, and the specific penetration test range is the target penetration range in the embodiment, and may be input by a user at the start of the test.
Optionally, when the user inputs the target penetration range, the information of the device under test and the penetration target may also be input to the test terminal 100, and accordingly, the test terminal 100 may also obtain the information of the device under test and the penetration target input by the user. The device under test usually refers to a certain machine designated by a user or a device corresponding to a domain name and an IP address designated by the user, and the test terminal 100 can test the device under test according to a generated attack chain in a subsequent process by acquiring information of the device under test. Penetration target generally refers to an attack surface that a user wishes to reach, such as acquiring sensitive information, getshell, acquiring management rights of a target host (device under test), acquiring domain control rights, and the like. In addition, each attack face may be further divided into a plurality of subdivided attack faces, which may be parallel faces or intersecting faces. For example, the getshell attack surface may be divided into three parallel surfaces of a web side, a Windows side and a Linux side, and the web side may be further divided into intersecting surfaces of file uploading, command execution, SQL injection and the like.
In this embodiment, the attack surface refers to some vulnerability sets that can achieve the same attack effect. Each attack surface includes multiple attack points, one attack point being some single exploitable vulnerability.
It should be understood that the attack surface described herein is merely an example, and may be dynamically expanded according to requirements in practical applications.
In this embodiment, each attack plane has a corresponding configuration file, and the naming, related attributes and configuration of the attack plane are recorded in the configuration file.
And step S32, selecting the attack surface belonging to the target penetration range as the attack surface to be used according to the configuration file of each attack surface.
And aiming at each attack surface, determining the penetration range of the attack surface according to the relevant attributes recorded in the configuration file of the attack surface.
And step S33, selecting the attack plug-in corresponding to the attack surface to be used as the available attack plug-in according to the configuration file of each attack plug-in.
In the present embodiment, a plurality of attack plugins, each having an input and an output, are run in the test terminal 100. The attack plugins of different attack types have different inputs, and the outputs of the attack plugins can keep the same data structure so as to conveniently and uniformly display the output results.
For example, the FTP weak password attack plug-in inputs the port result of the FTP service identified by the service identification plug-in and outputs the result of the FTP weak password structure or operation failure; for another example, the IIS6 authorizes the attack plug-in, inputs the webshell address and the web server type and version uploaded by the attack plug-in for the webshell, and outputs the authorized administrator username and password information.
In the embodiment, after receiving the input information, each attack plugin extracts required parameters from the input information according to the configuration file of the plugin and judges the availability of the extracted parameters. It is worth noting here that each attack plug-in has a corresponding configuration file, and the configuration file records the attack surface corresponding to the attack plug-in.
Step S34, dividing the available attack plug-ins belonging to the same attack surface to be used into a node to obtain more than one node, and linking the more than one node into the attack chain.
In implementation, the order of the corresponding nodes may be determined according to the priority of the attack surface to be used. For example, the node corresponding to the attack plane to be used with the highest priority may be a start node of the attack chain, and correspondingly, the start node includes each available attack plugin in the attack plane to be used with the highest priority.
And step S22, loading the available attack plug-in.
In this embodiment, after the attack chain is generated, the screened available attack plug-ins (i.e., the available attack plug-ins in the attack chain) may be loaded, where the loading order of the available attack plug-ins is not limited in this embodiment.
And step S23, sequentially operating the available attack plug-ins in the attack surfaces to be used according to the priority of the attack surfaces to be used in the attack chain until the penetration target specified by the user is reached.
In detail, in the present embodiment, step S23 may be implemented by the sub-steps shown in fig. 4.
Step S41, for any to-be-used attack surface in the attack chain, running each available attack plugin in the to-be-used attack surface, and adding the running result of each available attack plugin to the running result set of the to-be-used attack surface.
And the configuration file of each attack plug-in also records the dependency relationship between the attack plug-in and other attack plug-ins. For example, taking an attack plugin X as an example, a front plugin and a back plugin of the attack plugin X may be recorded in a configuration file of the attack plugin X, where the front plugin refers to the attack plugin which must attack to be validated before the attack plugin X is run, and the back plugin refers to the attack plugin which can be run only after the attack plugin X is validated.
Therefore, in a specific example, when the available attack plugins in a certain to-be-used attack plane are run, the running sequence of the available attack plugins can be determined according to the dependency relationship among the available attack plugins.
In detail, in the process of running each available attack plugin in a certain attack plane to be used, after running each available attack plugin, whether the attack effect corresponding to the attack plane to be used is achieved can be judged, and if not, other available attack plugins in the attack plane to be used are continuously run; if so, the available attack plug-ins in the to-be-used attack plane of the next priority are started to run.
And step S42, judging whether the attack surface to be used is consistent with a target attack surface, wherein the target attack surface is an attack surface appointed by a user. If yes, go to step S43; if not, step S44 is executed.
In implementation, a user may specify an attack plane desired to be reached on the test terminal 100, and the attack plane specified by the user is the target attack plane. Because the configuration file of each attack surface records the name of the attack surface, whether the name in the configuration file of the attack surface to be used is the same as the name of the target attack surface or not can be determined, and if the name in the configuration file of the attack surface to be used is the same as the name of the target attack surface, the attack surface to be used is determined to be consistent with the target attack surface; and if the target attack surface is different from the attack surface to be used, determining that the attack surface to be used is inconsistent with the target attack surface.
Of course, other unique identifiers of the attack surfaces may also be used for comparison to implement step S42, which is not limited in this embodiment.
And step S43, if the operation result set of the attack surface to be used comprises the result of successful operation, determining that the penetration target specified by the user is reached.
In other words, when the attack surface to be used is consistent with the target attack surface and the running result set of the attack surface to be used includes the successfully-run structure, it can be determined that the penetration target specified by the user is reached.
In practice, if it is determined that the user-specified penetration target is reached, step S24 described below may be performed.
Step S44, if the operation result set of the attack surface to be used includes a result of successful operation, taking the operation result set of the attack surface to be used as an input of the attack surface to be used of the next priority, and operating each available attack plugin in the attack surface to be used of the next priority.
In other words, if the to-be-used attack surface is inconsistent with the target attack surface and the running result set of the to-be-used attack surface includes a running success result, the to-be-used attack surface of the next priority is switched to, that is, the available attack plug-ins in the to-be-used attack surface of the next priority are continuously run. It should be noted that, if all the operation result sets of the attack planes to be used are the results of operation failure, the attack plane to be used of the next priority cannot be switched to.
In implementation, the available attack plug-ins in the attack surface to be used of the next priority search for parameters required by operation from the input operation result set according to respective configuration files, if the parameters cannot be searched, the operation is stopped, and operation state information representing 'failure' and the reason of operation failure are returned.
In the implementation process, the test terminal 100 may monitor each available attack plug-in real time, and may specifically be implemented by a flow control module. If the flow control module monitors that any available attack plug-in unit is stuck, the operation of the attack plug-in unit is automatically ended, the operation state indicating the stuck state is returned, and the result is output. The output result may be a partial result output before the attack plugin stops running, or may be a null value.
In addition, the flow control module can also be used for realizing scheduling and control of the available attack plug-ins, for example, the output result of one available attack plug-in is input into the available attack plug-in of the next priority.
And step S24, displaying the obtained penetration test result.
In this embodiment, the manner of presenting the results of the permeation test may be varied.
For example, the presentation may be performed directly through the test terminal 100. For another example, the penetration test result may be stored in a database such as MongoDB, MySQL, or stored as a text document in a format such as xml, json, or the like, for a user to query. For another example, the penetration test result may be sent to a specific communication address, for example, to a specific telephone number in a short message form, or to a specific email address in an email form.
Referring to fig. 5, fig. 5 is a block diagram of functional modules of an infiltration testing apparatus 200 according to an embodiment of the present disclosure, where the infiltration testing apparatus 200 includes at least one functional module that can be stored in a machine-readable storage medium 120 in a software form. Functionally partitioned, the penetration testing apparatus 200 may include an attack chain integration module 210, a loading module 220, a penetration testing module 230, and a presentation module 240.
The attack chain integration module 210 is configured to generate an attack chain, where the attack chain includes more than one to-be-used attack surface, and the to-be-used attack surface includes more than one available attack plugin.
In this embodiment, the attack chain integration module 210 may execute step S21 shown in fig. 2, and the detailed description of the attack chain integration module 210 may specifically refer to the detailed description of step S21.
In this embodiment, as shown in fig. 6, the attack chain integration module 210 may include an acquisition sub-module 211, an attack face screening sub-module 212, an attack plug-in screening sub-module 213, and a linking sub-module 214.
The obtaining sub-module 211 is configured to obtain a target permeation range to be tested.
The attack surface screening submodule 212 is configured to select an attack surface belonging to the target penetration range as the attack surface to be used according to the configuration file of each attack surface.
The link sub-module 214 is configured to divide the available attack plug-ins belonging to the same attack plane to be used into one node, obtain more than one node, and link the more than one node into the attack chain.
The loading module 220 is used for loading the available attack plug-ins.
In this embodiment, the loading module 220 may execute step S22 shown in fig. 2, and the detailed description of step S22 may be referred to for the description of the loading module 220.
The penetration testing module 230 is configured to sequentially run the available attack plug-ins in each to-be-used attack surface according to the priority of each to-be-used attack surface in the attack chain until reaching a penetration target specified by a user.
In this embodiment, the penetration testing module 230 may perform step S23 shown in fig. 2, and the detailed description of the penetration testing module 230 may specifically refer to the detailed description of step S23.
In detail, as shown in fig. 7, in the present embodiment, the penetration test module 230 may include a first test module and a second test module.
The first testing module is used for running each available attack plugin in the attack plane to be used aiming at any attack plane to be used in the attack chain and adding the running result of each available attack plugin to the running result set of the attack plane to be used; and if the attack surface to be used is consistent with the target attack surface and the running result set of the attack surface to be used is summarized and comprises the result of successful running, determining that the penetration target specified by the user is reached.
The target attack surface refers to an attack surface specified by a user, and is usually an attack surface that the user wishes to reach.
The second testing submodule 232 is configured to, when the attack face to be used tested by the first testing submodule 231 is inconsistent with the target attack face and the operation result set of the attack face to be used includes a result of successful operation, take the operation result set of the attack face to be used as an input of the attack face to be used of the next priority, and operate each available attack plugin in the attack face to be used of the next priority.
Optionally, in this embodiment, the second testing sub-module 232 may specifically be configured to, for each available attack plugin in the attack plane to be used of the next priority, search, by the available attack plugin, parameters required for operation from the input operation result set; if not, returning the result of operation failure.
The display module 240 is configured to display the obtained penetration test result.
In this embodiment, the display module 240 may perform step S24 shown in fig. 2, and the detailed description of step S24 may be referred to for the description of the display module 240.
To sum up, according to the penetration testing method and device provided by the embodiment of the application, the test terminal generates the attack chain, the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in unit; loading an available attack plug-in; sequentially operating the available attack plug-ins in each attack face to be used according to the priority of each attack face to be used in the attack chain until the penetration target specified by the user is reached; and displaying the obtained penetration test result. Through the design, the automatic penetration test can be realized, and the time and the labor cost required by the penetration test are shortened.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A penetration testing method is applied to a test terminal, and comprises the following steps:
generating an attack chain, wherein the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in;
loading the available attack plug-ins;
sequentially operating the available attack plug-ins in the attack surfaces to be used according to the priority of the attack surfaces to be used in the attack chain until the penetration target specified by a user is reached;
displaying the obtained penetration test result;
the sequentially operating the available attack plug-ins in the attack surfaces to be used according to the priorities of the attack surfaces to be used in the attack chain until reaching the penetration target designated by the user comprises:
for any attack face to be used in the attack chain, running each available attack plug-in unit in the attack face to be used, and adding the running result of each available attack plug-in unit into the running result set of the attack face to be used;
if the attack surface to be used is consistent with the target attack surface and the operation result set of the attack surface to be used comprises the result of successful operation, determining that the penetration target specified by the user is reached;
and the target attack surface is an attack surface appointed by a user.
2. The method of claim 1, wherein the available attack plug-ins in each of the to-be-used attack planes are sequentially run according to the priority of each of the to-be-used attack planes in the attack chain until a penetration target specified by a user is reached, further comprising:
and if the attack surface to be used is inconsistent with the target attack surface and the running result set of the attack surface to be used comprises a running success result, taking the running result set of the attack surface to be used as the input of the attack surface to be used with the next priority, and running each available attack plugin in the attack surface to be used with the next priority.
3. The method of claim 2, wherein taking the running result set of the to-be-used attack surface as an input of a next-priority to-be-used attack surface, and running each available attack plugin in the next-priority to-be-used attack surface comprises:
for each available attack plug-in unit in the attack surface to be used with the next priority, searching parameters required by operation from the input operation result set by the available attack plug-in unit;
if not, returning the result of operation failure.
4. The method according to any of claims 1-3, wherein generating an attack chain comprises:
obtaining a target penetration range to be tested;
selecting the attack surface belonging to the target penetration range as the attack surface to be used according to the configuration file of each attack surface;
selecting an attack plug-in corresponding to the attack surface to be used as the available attack plug-in according to the configuration file of each attack plug-in;
and dividing the available attack plug-ins belonging to the same attack surface to be used into one node to obtain more than one node, and linking the more than one node into the attack chain.
5. An infiltration testing apparatus, for use in a test terminal, the apparatus comprising:
the attack chain integration module is used for generating an attack chain, wherein the attack chain comprises more than one attack surface to be used, and the attack surface to be used comprises more than one available attack plug-in;
the loading module is used for loading the available attack plug-in;
the penetration testing module is used for sequentially operating the available attack plug-ins in the attack surfaces to be used according to the priority of the attack surfaces to be used in the attack chain until reaching a penetration target designated by a user;
the display module is used for displaying the obtained penetration test result;
the penetration test module includes:
the first testing submodule is used for parallelly operating each available attack plugin in the attack face to be used aiming at any attack face to be used in the attack chain and adding the operation result of each available attack plugin to the operation result set of the attack face to be used; if the attack surface to be used is consistent with the target attack surface and the operation result set of the attack surface to be used comprises the result of successful operation, determining that the penetration target specified by the user is reached;
and the target attack surface is an attack surface appointed by a user.
6. The apparatus of claim 5, wherein the penetration testing module further comprises:
and the second testing submodule is used for taking the running result set of the attack surface to be used as the input of the attack surface to be used with the next priority and running each available attack plugin in the attack surface to be used with the next priority when the attack surface to be used tested by the first testing submodule is inconsistent with the target attack surface and the running result set of the attack surface to be used comprises a successful running result.
7. The apparatus of claim 6, wherein the second test submodule is specifically configured to:
for each available attack plug-in unit in the attack surface to be used with the next priority, searching parameters required by operation from the input operation result set by the available attack plug-in unit; if not, returning the result of operation failure.
8. The apparatus of any of claims 5-7, wherein the attack chain integration module comprises:
the acquisition submodule is used for acquiring a target penetration range to be tested;
the attack surface screening submodule is used for selecting the attack surfaces belonging to the target penetration range as the attack surfaces to be used according to the configuration files of all the attack surfaces;
the attack plug-in screening submodule is used for selecting the attack plug-in corresponding to the attack surface to be used as the available attack plug-in according to the configuration file of each attack plug-in;
and the link submodule is used for dividing the available attack plug-ins belonging to the same attack surface to be used into one node to obtain more than one node and linking the more than one node into the attack chain.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811185195.6A CN109120643B (en) | 2018-10-11 | 2018-10-11 | Penetration testing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811185195.6A CN109120643B (en) | 2018-10-11 | 2018-10-11 | Penetration testing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109120643A CN109120643A (en) | 2019-01-01 |
| CN109120643B true CN109120643B (en) | 2020-11-20 |
Family
ID=64857970
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811185195.6A Active CN109120643B (en) | 2018-10-11 | 2018-10-11 | Penetration testing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109120643B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110881024B (en) * | 2019-08-14 | 2022-12-16 | 奇安信科技集团股份有限公司 | Vulnerability detection method and device, storage medium and electronic device |
| CN110933041B (en) * | 2019-11-06 | 2021-11-16 | 西安四叶草信息技术有限公司 | Penetration testing method and related device |
| CN110851841B (en) * | 2019-11-26 | 2022-05-17 | 西安四叶草信息技术有限公司 | Penetration test method, device and storage medium |
| CN112637178B (en) * | 2020-12-18 | 2022-09-20 | 成都知道创宇信息技术有限公司 | Attack similarity calculation method and device, electronic equipment and readable storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN103699475A (en) * | 2012-09-27 | 2014-04-02 | 西门子公司 | Method, device and system for optimizing test samples in fuzzy test |
| CN104200167A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Automatic penetration testing method and system |
| CN105827642A (en) * | 2016-05-16 | 2016-08-03 | 深圳市安络科技有限公司 | Automatic penetration testing method and system |
| CN105871885A (en) * | 2016-05-11 | 2016-08-17 | 南京航空航天大学 | Network penetration testing method |
| CN107426227A (en) * | 2017-08-02 | 2017-12-01 | 江苏省邮电规划设计院有限责任公司 | One kind automation safe penetration method of testing |
| CN107707561A (en) * | 2017-11-01 | 2018-02-16 | 北京知道创宇信息技术有限公司 | penetration testing method and device |
-
2018
- 2018-10-11 CN CN201811185195.6A patent/CN109120643B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101808093A (en) * | 2010-03-15 | 2010-08-18 | 北京安天电子设备有限公司 | System and method for automatically detecting WEB security |
| CN103699475A (en) * | 2012-09-27 | 2014-04-02 | 西门子公司 | Method, device and system for optimizing test samples in fuzzy test |
| CN103532793A (en) * | 2013-10-28 | 2014-01-22 | 中国航天科工集团第二研究院七〇六所 | Automatic penetration testing method for information system security |
| CN104200167A (en) * | 2014-08-05 | 2014-12-10 | 杭州安恒信息技术有限公司 | Automatic penetration testing method and system |
| CN105871885A (en) * | 2016-05-11 | 2016-08-17 | 南京航空航天大学 | Network penetration testing method |
| CN105827642A (en) * | 2016-05-16 | 2016-08-03 | 深圳市安络科技有限公司 | Automatic penetration testing method and system |
| CN107426227A (en) * | 2017-08-02 | 2017-12-01 | 江苏省邮电规划设计院有限责任公司 | One kind automation safe penetration method of testing |
| CN107707561A (en) * | 2017-11-01 | 2018-02-16 | 北京知道创宇信息技术有限公司 | penetration testing method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109120643A (en) | 2019-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109120643B (en) | Penetration testing method and device | |
| US10474977B2 (en) | Cognitive learning workflow execution | |
| US9350749B2 (en) | Application attack monitoring | |
| US10984360B2 (en) | Cognitive learning workflow execution | |
| CN108369677B (en) | Apparatus and method for service loading based on automated supervision of task completion | |
| US10719365B2 (en) | Cognitive learning workflow execution | |
| US10719795B2 (en) | Cognitive learning workflow execution | |
| CN107622008B (en) | Traversal method and device for application page | |
| US20200225936A1 (en) | Software discovery using exclusion | |
| CN110022315B (en) | Weight management method, device and equipment in block chain type account book | |
| CN105471581A (en) | Identity verification method and device | |
| CN111191250B (en) | Verification method and device, verification device, server and terminal | |
| US10346290B2 (en) | Automatic creation of touring tests | |
| US20190129746A1 (en) | Cognitive learning workflow execution | |
| US20210042631A1 (en) | Techniques for Cyber-Attack Event Log Fabrication | |
| US20160321069A1 (en) | Effective feature location in large legacy systems | |
| Septian et al. | Automated test case generation from UML activity diagram and sequence diagram using depth first search algorithm | |
| US10901746B2 (en) | Automatic anomaly detection in computer processing pipelines | |
| US9342686B2 (en) | Systems and methods for updating scanning rules | |
| CN110874318B (en) | Software testing method and device and computer readable storage medium | |
| US11200152B2 (en) | Identifying diagnosis commands from comments in an issue tracking system | |
| US9626727B2 (en) | Integrating metadata from applications used for social networking into a customer relationship management (CRM) system | |
| CN110297625B (en) | Application processing method and device | |
| US11790258B2 (en) | Generation of a bayesian network | |
| US20170315822A1 (en) | Identifying a common action flow |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd. Address before: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |