CN110290129A - A kind of method and device of Web Hole Detection - Google Patents
A kind of method and device of Web Hole Detection Download PDFInfo
- Publication number
- CN110290129A CN110290129A CN201910537906.XA CN201910537906A CN110290129A CN 110290129 A CN110290129 A CN 110290129A CN 201910537906 A CN201910537906 A CN 201910537906A CN 110290129 A CN110290129 A CN 110290129A
- Authority
- CN
- China
- Prior art keywords
- url
- file
- preset
- instruction
- loophole
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 43
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000002347 injection Methods 0.000 claims description 5
- 239000007924 injection Substances 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000001914 filtration Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 230000008676 import Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
This application discloses a kind of method and devices of Web Hole Detection, this method comprises: receiving the first instruction of user's input, run preset script file based on first instruction, determine IP legal in preset IP file;Based on the second instruction control network connection end scanning software Nmap operation in the script file, determines and the uniform resource position mark URL of each port of Web service is provided corresponding to the legal IP;The URL is filtered based on preset URL white list, and URL file is generated based on filtered URL;It instructs control network vulnerability scanning software AWVS to call the URL file based on third preset in the script file, and Hole Detection is carried out to URL each in the URL file, generate examining report.Solves the lower technical problem of the efficiency of Web Hole Detection in the prior art.
Description
Technical field
This application involves financial technology (Fintech) technical field more particularly to a kind of methods and dress of Web Hole Detection
It sets.
Background technique
With the rapid development of computer technology, more and more network technologies are applied to financial field, for example, quick branch
It pays, Electronic Transfer etc., traditional financial industry gradually changes to financial technology (Fintech).In order to guarantee financial technology (Fintech)
The safety and reliability in field, to network security technology, more stringent requirements are proposed, especially the loophole in network security
Detection.
Loophole in network security is primarily referred to as: data in the hardware of network system, software or system can because accidental or
Malicious attack and wreck, change or reveal, lead to the network system of network service outages, especially bank and other financial mechanism
System, for example, common loophole includes: application software loophole, system vulnerability or server loophole etc..Currently, due to hardware side
The promotion of face safe coefficient, operating system, the network equipment or database cause loophole more and more uncommon, and the whole world is wide
The network hole of domain net (World Wide Web, Web) application program is more and more.Usually pass through network vulnerability scanning software
(Acunetix Web Vulnarability Scanner, AWVS) detects Web loophole.
Currently, detecting Web loophole by AWVS software, generally requires user and retrieval host is gone to provide the port of Web, and
Same Resource Locator (Uniform Resource Locator, URL) corresponding to the port of Web will be provided manually to be input to
In AWVS software, so that AWVS software carries out Hole Detection to the URL of input.The port institute of Web is provided by being manually entered
Corresponding URL causes to take a long time, and the efficiency of Web Hole Detection is lower.
Summary of the invention
The application provides a kind of method and device of Web Hole Detection, to solve Web Hole Detection in the prior art
The lower technical problem of efficiency.
In a first aspect, the embodiment of the present application provides a kind of method of Web Hole Detection, this method comprises:
The first instruction for receiving user's input runs preset script file based on first instruction, determines preset
Legal IP in IP file;
Based on the second instruction control network connection end scanning software Nmap operation in the script file, it is described legal to determine
IP corresponding to offer Web service each port uniform resource position mark URL;
The URL is filtered based on preset URL white list, and URL file is generated based on filtered URL;
Control network vulnerability scanning software AWVS is instructed to call the URL text based on third preset in the script file
Part, and Hole Detection is carried out to URL each in the URL file, generate examining report.
In scheme provided by the embodiment of the present application, firstly, determining then IP legal in preset IP list passes through
Nmap software, which determines, provides the URL of the port of Web service corresponding to legal IP, further according to preset URL white list pair
The URL that Nmap software is determined is filtered, and generates URL file based on filtered URL, finally, control AWVS calls institute
URL file is stated, and Hole Detection is carried out to URL each in the URL file.Therefore, scheme provided by the embodiment of the present application
In, it is on the one hand determined by Nmap software and the URL of the port of Web service is provided corresponding to legal IP, user is avoided to examine
Rope holiday provides Web service port, causes to detect the problem of omitting to section ports;On the other hand it is based on preset URL
The URL that white list determines Nmap software is filtered, and the file that the filtered URL of AWVS software transfer is generated not only is kept away
Exempt from AWVS to detect white list URL, additionally it is possible to which batch imports URL, the problem for avoiding Web Hole Detection efficiency lower.
Optionally it is determined that IP legal in preset IP file, comprising:
Each IP in the IP file is converted to the form of regular expression;
Judge whether regular expression corresponding to any IP matches with preset IP regular expression;
If matching, any IP are legal.
Optionally, before based on filtered URL generation URL file, further includes:
Judge not including protocol type with the presence or absence of any URL in the filtered URL;
If it exists, then protocol type is added in the initial position of any URL, appointed so that AWVS identification is described
One URL.
In scheme provided by the embodiments of the present application, by detecting in filtered URL with the presence or absence of not comprising protocol type
URL, and if it exists, then add protocol type in the URL, avoid since part URL is there is no protocol type, cause AWVS without
Method identifies part URL, detects the problem of omitting to part URL.
Optionally, Hole Detection is carried out to URL each in the URL file, including at least detects a kind of following loophole:
It detects in each URL with the presence or absence of across script attack XSS loophole;Or
It detects in each URL and attacks loophole with the presence or absence of SQL injection;Or
It detects in each URL and forges SSRF loophole with the presence or absence of server-side request.
Optionally, before generation examining report, further includes:
If detecting, there are at least one loopholes by any URL in the URL file, judge at least one described loophole
With the presence or absence of preset permission loophole;
If it exists, then ignore preset permission loophole at least one described loophole.
Optionally, the method, further includes:
The examining report is fed back in the form of mail;Or
The examining report is fed back in the form of speech.
Second aspect, the embodiment of the present application provide a kind of device of Web Hole Detection, which includes:
Determination unit runs preset script text based on first instruction for receiving the first instruction of user's input
Part determines IP legal in preset IP file;
Control unit, for based on the second instruction control network connection end scanning software Nmap fortune in the script file
Row determines and provides the uniform resource position mark URL of each port of Web service corresponding to the legal IP;
Filter element, for being filtered based on preset URL white list to the URL, and it is raw based on filtered URL
At URL file;
Detection unit, for calling institute based on third instruction control network vulnerability scanning software AWVS in the script file
URL file is stated, and Hole Detection is carried out to URL each in the URL file, generates examining report.
Optionally, described device, further includes: judging unit;
The judging unit is used for: each IP in the IP file is converted to the form of regular expression;
Judge whether regular expression corresponding to any IP matches with preset IP regular expression;
If matching, any IP are legal.
Optionally, the judging unit, is also used to:
Judge not including protocol type with the presence or absence of any URL in the filtered URL;
Any URL does not include protocol type if it exists, then adds protocol type in the initial position of any URL, with
So that the AWVS identifies any URL.
Optionally, the detection unit is specifically used at least detecting a kind of following loophole:
It detects in each URL with the presence or absence of across script attack XSS loophole;Or
It detects in each URL and attacks loophole with the presence or absence of SQL injection;Or
It detects in each URL and forges SSRF loophole with the presence or absence of server-side request.
Optionally, the judging unit, is also used to:
If detecting, there are at least one loopholes by any URL in the URL file, judge at least one described loophole
With the presence or absence of preset permission loophole;
If it exists, then ignore preset permission loophole at least one described loophole.
Optionally, described device, further includes: feedback unit;
The feedback unit is used for: the examining report is fed back in the form of mail;Or
The examining report is fed back in the form of speech.
The third aspect, the embodiment of the present application provide a kind of device of Web Hole Detection, the device, comprising:
Memory, for storing instruction performed by least one processor;
Processor, for executing method described in the instruction execution first aspect stored in memory.
Fourth aspect, the embodiment of the present application provide a kind of computer readable storage medium, the computer-readable storage medium
Matter is stored with computer instruction, when the computer instruction is run on computers, so that computer executes first aspect institute
The method stated.
Detailed description of the invention
Fig. 1 is a kind of method flow diagram of Web Hole Detection provided by the embodiment of the present application;
Fig. 2 is a kind of structural schematic diagram of the device of Web Hole Detection provided by the embodiment of the present application;
Fig. 3 is a kind of structural schematic diagram of the device of Web Hole Detection provided by the embodiment of the present application;
Fig. 4 is a kind of structural schematic diagram of the device of Web Hole Detection provided by the embodiment of the present application;
Fig. 5 is a kind of structural schematic diagram of computer equipment provided by the embodiment of the present application.
Specific embodiment
In scheme provided by the embodiments of the present application, described embodiment is only some embodiments of the present application, rather than
Whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making creative work premise
Under all other embodiment obtained, shall fall in the protection scope of this application.
In order to better understand the above technical scheme, below by attached drawing and specific embodiment to technical scheme
It is described in detail, it should be understood that the specific features in the embodiment of the present application and embodiment are to the detailed of technical scheme
Thin explanation, rather than the restriction to technical scheme, in the absence of conflict, the embodiment of the present application and embodiment
In technical characteristic can be combined with each other.
It is done further below in conjunction with method of the Figure of description to a kind of Web Hole Detection provided by the embodiment of the present application
Detailed description, this method specific implementation may comprise steps of (method flow is as shown in Figure 1):
Embodiment one
Step 101, the first instruction for receiving user's input runs preset script file based on first instruction, really
Legal IP in fixed preset IP file.
Specifically, pre-saving IP file in the database of computer equipment, wherein IP file is waited for comprising at least one
The IP of the host of detection, IP file can be the form of IP list, be also possible to other forms.Computer equipment receives user
First instruction of input.Computer equipment is based on the first instruction unpack and executes the instruction in preset script file, wherein foot
This document can be a kind of object-oriented, literal translation formula computer programming language python, a kind of literal translation formula script file language
JavaScript or C Plus Plus etc., herein and with no restrictions.It should be understood that computer equipment can be server or computer etc.,
Calculating equipment can be applied to the technical fields such as finance, e-commerce, aerospace or biotechnology, not limit herein
System.
Computer equipment is called preset in database in perform script file processes based on the instruction in script file
IP file, and the IP in preset IP file is read, then, it is determined that IP legal in preset IP file.Wherein it is determined that default
IP file in there are many legal IP modes, be illustrated in a kind of preferable mode as an example below.
Determine IP legal in preset IP file, comprising:
Each IP in the IP file is converted to the form of regular expression;
Judge whether regular expression corresponding to any IP matches with preset IP regular expression;
If matching, any IP are legal.
Common IP includes: ipv4 and two kinds of ipv6, in order to facilitate understanding in above-mentioned determining IP file legal IP process,
It is illustrated by taking ipv4 as an example below.
For example, the address ipv4 is divided into 4 sections, the range of each number of segment value is 0~255, and 0~255 numberical range is divided into 3 again
Section, is 250~255,200~249,0~199 respectively.If script file is python language, with [01]? d d indicate numerical value
Range 0~199, with 2 [0-4] d indicate numberical range 200~249, with 25 [0-5] indicate numberical range 250~255, then often
Regular expression corresponding to numerical value in one section of 0~255 range are as follows: [01]? d d? | 2 [0-4] d | 25 [0-5], it is preset
Match the regular expression of the address ipv4 are as follows: pattern='^ ([01]? d d? | 2 [0-4] d | 25 [0-5]) ([01]?
D d? | 2 [0-4] d | 25 [0-5]) ([01]? d d? | 2 [0-4] d | 25 [0-5]) ([01]? d d? | 2 [0-4] d |
25[0-5])$'。
If in IP file including 3 IP address, respectively 192.168.0.0,196.168.1.3 and 256.198.6.1,
This 3 IP address are respectively converted into the regular expression of python language, due in 192.168.0.0 and 196.168.1.3
Each section of numerical value is in 0~255 range, and therefore, each section of numerical value institute is right in 192.168.0.0 and 196.168.1.3
Does is the regular expression answered [01]? d d? | 2 [0-4] d | corresponding to 25 [0-5], 192.168.0.0 and 196.168.1.3
Regular expression are as follows: pattern='^ ([01]? d d? | 2 [0-4] d | 25 [0-5]) ([01]? d d? | 2 [0-4] d
| 25 [0-5]) ([01]? d d? | 2 [0-4] d | 25 [0-5]) ([01]? d d? | 2 [0-4] d | 25 [0-5]) $ ', with
Preset regular expression is identical, and 192.168.0.0 and the two IP address of 196.168.1.3 are legal address.And
256.198.6.1 the numerical value of middle first segment is 256 value range more than 250~255, therefore, first segment in 256.198.6.1
Numerical value corresponding to regular expression be not [01]? d d? | 2 [0-4] d | 25 [0-5], therefore corresponding to 256.198.6.1
Regular expression and preset regular expression be not identical, and 256.198.6.1 is illegal.
Step 102, it based on the second instruction control network connection end scanning software Nmap operation in the script file, determines
The uniform resource position mark URL of each port of Web service is provided corresponding to the legal IP.
Specifically, computer equipment controls Nmap after determining legal IP, based on the second instruction in script file
Software operation, and the URL of each port of offer Web service corresponding to the control legal IP of Nmap software scans.Computer
Equipment determines there are many modes for providing the URL of each port of Web service corresponding to the legal IP, below with preferable
A kind of mode for be illustrated.
IP includes at least one IP if legal, and computer equipment controls Nmap software respectively to each IP at least one IP
Corresponding all of the port is scanned respectively, and determines to provide the port of Web service in the corresponding all of the port of each IP, so
URL corresponding to each port that Web service is provided is determined afterwards.
For example, the legal IP that computer equipment is determined is 123.125.115.110, computer equipment perform script text
#nmap nxadmin.com#nmap 123.125.115.110 is instructed in part, and control Nmap software is to IP address
123.125.115.110 the corresponding all of the port of host be scanned respectively, however, it is determined that the host pair of 123.125.115.110
The port 80,81,443 answered provides Web service, it is determined that provides the URL of the port of Web service are as follows: 123.125.115.110:
80,123.125.115.110:81 and 123.125.115.110:443.
Step 103, the URL is filtered based on preset URL white list, and URL is generated based on filtered URL
File.
URL white list is stored in advance in computer equipment database, wherein URL white list can be user and be based in fact
The demand on border is customized, is also possible to computer equipment according to the access times of IP each in preset time to determine, example
Such as, any IP access times are not more than preset threshold within a preset time, then generate white name based on URL corresponding to any IP
It is single, herein and with no restrictions.Computer equipment controls Nmap software scans port, and determines offer corresponding to legal IP
After the URL of each port of Web service, the URL is filtered based on preset URL white list, and is based on after filtering
URL generate URL file.
Specifically, the URL for each port for providing Web service determined is carried out with preset URL white list respectively
It compares, if the URL of either port can find corresponding URL in preset URL white list, ignores either port
URL, and URL file is generated based on URL corresponding to the port in addition to either port, wherein URL file output format can be with
It is object numbered musical notation format (JavaScript Object Notation, JSON), is also possible to extensible markup language
(Extensible Markup Language, XML), herein with no restrictions.
For example, preset URL white list include: 123.125.115.110:80,192.165.1.1:8081 and
198.162.20.4:81 the URL of the port for the offer Web service that computer equipment is determined are as follows: 123.125.115.110:
80,123.125.115.110:44 and 127.0.0.1:81.Computer equipment is based on preset URL white list and provides Web
The URL of the port of service can determine that 123.125.115.110:80 is URL present in preset URL white list, then ignore
123.125.115.110:80 and generating URL file based on 123.125.115.110:44 and 127.0.0.1:81.
Step 104, the URL is called based on third instruction control network vulnerability scanning software AWVS in the script file
File, and Hole Detection is carried out to URL each in the URL file, generate examining report.
Computer equipment continues to execute script file after generating URL file, and based on third instruction in script file
It controls AWVS and calls URL file, and Hole Detection is carried out to URL each in URL file respectively, generate examining report.Specifically.
Hole Detection is carried out to URL each in the URL file, including at least detects a kind of following loophole:
It detects in each URL with the presence or absence of across script attack XSS loophole;Or
It detects in each URL and attacks loophole with the presence or absence of SQL injection;Or
It detects in each URL and forges SSRF loophole with the presence or absence of server-side request.
In scheme provided by the embodiment of the present application, firstly, determining then IP legal in preset IP list passes through
Nmap software, which determines, provides the URL of the port of Web service corresponding to legal IP, further according to preset URL white list pair
The URL that Nmap software is determined is filtered, and generates URL file based on filtered URL, finally, control AWVS calls institute
URL file is stated, and Hole Detection is carried out to URL each in the URL file.Therefore, scheme provided by the embodiment of the present application
In, it is on the one hand determined by Nmap software and the URL of the port of Web service is provided corresponding to legal IP, user is avoided to examine
Rope holiday provides Web service port, causes to detect the problem of omitting to section ports;On the other hand it is based on preset URL
The URL that white list determines Nmap software is filtered, and the file that the filtered URL of AWVS software transfer is generated not only is kept away
Exempt from AWVS to detect white list URL, additionally it is possible to which batch imports URL, the problem for avoiding Web Hole Detection efficiency lower.
Further, in order to avoid in URL file part URL be unable to be identified by AWVS due to lacking protocol type.?
It is based in the step 103 of the embodiment of the present application before filtered URL generation URL file, further includes:
Judge not including protocol type with the presence or absence of any URL in the filtered URL;
If it exists, then protocol type is added in the initial position of any URL, appointed so that AWVS identification is described
One URL.
Specifically, must can be identified by AWVS comprising protocol type in each URL, for example, protocol type is
Http: // or https: //.Computer equipment obtains Nmap software by preset URL white list and provides the end of Web service
After the url filtering of mouth, each URL after filtering is detected, is judged whether comprising protocol type in each URL, if
Not comprising protocol type, then protocol type is added in the initial position of the URL.
For example, being if computer equipment detects in filtered URL that there are the URL of a not no protocol type
123.125.115.110:80 then adding protocol type in the initial position of 123.125.115.110:80, become http: //
123.125.115.110:80 or https: // 123.125.115.110:80.
In scheme provided by the embodiments of the present application, by detecting in filtered URL with the presence or absence of not comprising protocol type
URL, and if it exists, then add protocol type in the URL, avoid since part URL is there is no protocol type, cause AWVS without
Method identifies part URL, detects the problem of omitting to part URL.
Further, in the step 104 of the embodiment of the present application before generation examining report, further includes:
If detecting, there are at least one loopholes by any URL in the URL file, judge at least one described loophole
With the presence or absence of preset permission loophole;
If it exists, then ignore preset permission loophole at least one described loophole.
Specifically, store the loophole allowed there are the URL of loophole and URL and permission in the database of computer equipment
Between mapping relations, in URL file each URL carry out Hole Detection after, if detecting any URL in URL file
There are at least one loopholes, then judge whether any URL is the URL allowed there are loophole, if so, further judging any URL
With the presence or absence of the loophole allowed at least one corresponding loophole, and if it exists, then ignoring at least one loophole allows to exist
Loophole.
Further, the embodiment of the present application is after step 104, further includes:
The examining report is fed back in the form of mail;Or
The examining report is fed back in the form of speech.
Specifically, the examining report of generation to be saved as to the file of preset format, for example, preset format includes: that can expand
Markup language (eXtensible Markup Language, XML), portable document (Portable Document Format,
PDF) or text document (TXT) etc., then, the examining report of generation is fed back into user, wherein will test report feedback
To user mode there are many, be illustrated in two kinds of preferable modes as an example below.
After saving the examining report of generation, it is automatically raw to will test report based on the instruction in script file for mode 1
At mail, wherein the format of mail can be plain text mail, the mail with attachment or html mail etc., not do herein
Limitation, then it is based on Simple Mail Transfer protocol (Simple Mail Transfer Protocol, SMIP) that the mail of generation is anti-
Feed user.
Mode 2 after saving the examining report of generation, reads the content in examining report, and with the shape of voice broadcast
Formula feeds back to user.
Embodiment two
The embodiment of the present application provides a kind of device of Web Hole Detection, and referring to fig. 2, which includes:
Determination unit 201 runs preset script based on first instruction for receiving the first instruction of user's input
File determines IP legal in preset IP file;
Control unit 202, for based on the second instruction control network connection end scanning software Nmap in the script file
Operation determines and provides the uniform resource position mark URL of each port of Web service corresponding to the legal IP;
Filter element 203, for being filtered based on preset URL white list to the URL, and based on filtered
URL generates URL file;
Detection unit 204, for based on third instruction control network vulnerability scanning software AWVS tune in the script file
Hole Detection is carried out with the URL file, and to URL each in the URL file, generates examining report.
Optionally, referring to Fig. 3, described device, further includes: judging unit 205;
The judging unit 205 is used for: each IP in the IP file is converted to the form of regular expression;Judgement is appointed
Whether regular expression corresponding to one IP matches with preset IP regular expression;If matching, any IP are legal.
Optionally, the judging unit 205, is also used to:
Judge not including protocol type with the presence or absence of any URL in the filtered URL;
Any URL does not include protocol type if it exists, then adds protocol type in the initial position of any URL, with
So that the AWVS identifies any URL.
Optionally, the detection unit 204 is specifically used at least detecting a kind of following loophole:
It detects in each URL with the presence or absence of across script attack XSS loophole;Or
It detects in each URL and attacks loophole with the presence or absence of SQL injection;Or
It detects in each URL and forges SSRF loophole with the presence or absence of server-side request.
Optionally, the judging unit 205, is also used to:
If detecting, there are at least one loopholes by any URL in the URL file, judge at least one described loophole
With the presence or absence of preset permission loophole;
If it exists, then ignore preset permission loophole at least one described loophole.
Optionally, referring to fig. 4, described device, further includes: feedback unit 206;
The feedback unit 206 is used for: the examining report is fed back in the form of mail;Or
The examining report is fed back in the form of speech.
Embodiment three
The embodiment of the present application provides a kind of computer equipment, referring to Fig. 5, the device, comprising:
Memory 501, for storing instruction performed by least one processor;
Processor 502, for executing method described in the instruction execution embodiment one stored in memory.
Example IV
The embodiment of the present application provides a kind of computer readable storage medium, and the computer-readable recording medium storage has meter
Calculation machine instruction, when the computer instruction is run on computers, so that computer executes method described in embodiment one.
It should be understood by those skilled in the art that, embodiments herein can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the application
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the application, which can be used in one or more,
The shape for the computer program product implemented in usable storage medium (including but not limited to magnetic disk storage and optical memory etc.)
Formula.
The application is referring to method, the process of equipment (system) and computer program product according to the embodiment of the present application
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Obviously, those skilled in the art can carry out various modification and variations without departing from the essence of the application to the application
Mind and range.In this way, if these modifications and variations of the application belong to the range of the claim of this application and its equivalent technologies
Within, then the application is also intended to include these modifications and variations.
Claims (10)
1. a kind of method of Web Hole Detection characterized by comprising
The first instruction for receiving user's input runs preset script file based on first instruction, determines preset IP text
Legal IP in part;
Based on the second instruction control network connection end scanning software Nmap operation in the script file, the legal IP is determined
The uniform resource position mark URL of each port of corresponding offer Web service;
The URL is filtered based on preset URL white list, and URL file is generated based on filtered URL;
The URL file is called based on third instruction control network vulnerability scanning software AWVS in the script file, and to institute
It states each URL in URL file and carries out Hole Detection, generate examining report.
2. the method as described in claim 1, which is characterized in that determine IP legal in preset IP file, comprising:
Each IP in the IP file is converted to the form of regular expression;
Judge whether regular expression corresponding to any IP matches with preset IP regular expression;
If matching, any IP are legal.
3. the method as described in claim 1, which is characterized in that before filtered URL generation URL file, further includes:
Judge not including protocol type with the presence or absence of any URL in the filtered URL;
If it exists, then protocol type is added in the initial position of any URL, so that AWVS identification is described any
URL。
4. the method as described in claim 1, which is characterized in that carry out Hole Detection, packet to URL each in the URL file
It includes and at least detects a kind of following loophole:
It detects in each URL with the presence or absence of across script attack XSS loophole;Or
It detects in each URL and attacks loophole with the presence or absence of SQL injection;Or
It detects in each URL and forges SSRF loophole with the presence or absence of server-side request.
5. method according to any of claims 1-4, which is characterized in that before generation examining report, further includes:
If detecting in the URL file any URL there are at least one loophole, judge at least one described loophole whether
There are preset permission loopholes;
If it exists, then ignore preset permission loophole at least one described loophole.
6. method as claimed in claim 5, which is characterized in that the method, further includes:
The examining report is fed back in the form of mail;Or
The examining report is fed back in the form of speech.
7. a kind of device of Web Hole Detection characterized by comprising
Determination unit runs preset script file based on first instruction, really for receiving the first instruction of user's input
Legal IP in fixed preset IP file;
Control unit, for being connected to the network end scanning software Nmap operation based on the second instruction control in the script file, really
The uniform resource position mark URL of each port of offer Web service corresponding to the fixed legal IP;
Filter element for being filtered based on preset URL white list to the URL, and is generated based on filtered URL
URL file;
Detection unit, for based on described in third instruction control network vulnerability scanning software AWVS calling in the script file
URL file, and Hole Detection is carried out to URL each in the URL file, generate examining report.
8. device as claimed in claim 7, which is characterized in that described device further includes judgment module;
The judgment module, for each IP in the IP file to be converted to the form of regular expression;Judge any IP institute
Whether corresponding regular expression matches with preset IP regular expression;If matching, any IP are legal.
9. a kind of computer equipment characterized by comprising
Memory, for storing instruction performed by least one processor;
Processor, for executing the instruction execution as the method according to claim 1 to 6 stored in memory.
10. a kind of computer readable storage medium, which is characterized in that the computer-readable recording medium storage has computer to refer to
It enables, when the computer instruction is run on computers, so that computer executes side as claimed in any one of claims 1 to 6
Method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910537906.XA CN110290129A (en) | 2019-06-20 | 2019-06-20 | A kind of method and device of Web Hole Detection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910537906.XA CN110290129A (en) | 2019-06-20 | 2019-06-20 | A kind of method and device of Web Hole Detection |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110290129A true CN110290129A (en) | 2019-09-27 |
Family
ID=68005144
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910537906.XA Pending CN110290129A (en) | 2019-06-20 | 2019-06-20 | A kind of method and device of Web Hole Detection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110290129A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988311A (en) * | 2020-08-18 | 2020-11-24 | 华中科技大学 | Method for detecting NMAP network scanning attack behavior in public network environment |
CN112906006A (en) * | 2021-02-09 | 2021-06-04 | 建信金融科技有限责任公司 | Software development management method and platform |
CN115314244A (en) * | 2022-06-27 | 2022-11-08 | 深圳开源互联网安全技术有限公司 | White list safety protection method, device, equipment and readable storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103400077A (en) * | 2013-08-01 | 2013-11-20 | 广州大学 | Penetration testing method based on BackTrack |
CN103475746A (en) * | 2013-08-09 | 2013-12-25 | 杭州华三通信技术有限公司 | Terminal service method and apparatus |
CN104767747A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Click jacking safety detection method and device |
CN107395651A (en) * | 2017-09-07 | 2017-11-24 | 赛尔网络有限公司 | Service system and information processing method |
CN109067789A (en) * | 2018-09-25 | 2018-12-21 | 郑州云海信息技术有限公司 | Web vulnerability scanning method, system based on linux system |
CN109525478A (en) * | 2018-12-17 | 2019-03-26 | 杭州迪普科技股份有限公司 | A kind of SSL VPN connection method and device |
-
2019
- 2019-06-20 CN CN201910537906.XA patent/CN110290129A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103400077A (en) * | 2013-08-01 | 2013-11-20 | 广州大学 | Penetration testing method based on BackTrack |
CN103475746A (en) * | 2013-08-09 | 2013-12-25 | 杭州华三通信技术有限公司 | Terminal service method and apparatus |
CN104767747A (en) * | 2015-03-30 | 2015-07-08 | 微梦创科网络科技(中国)有限公司 | Click jacking safety detection method and device |
CN107395651A (en) * | 2017-09-07 | 2017-11-24 | 赛尔网络有限公司 | Service system and information processing method |
CN109067789A (en) * | 2018-09-25 | 2018-12-21 | 郑州云海信息技术有限公司 | Web vulnerability scanning method, system based on linux system |
CN109525478A (en) * | 2018-12-17 | 2019-03-26 | 杭州迪普科技股份有限公司 | A kind of SSL VPN connection method and device |
Non-Patent Citations (1)
Title |
---|
百度经验: "AWVS的使用方法介绍", pages 1 - 5, Retrieved from the Internet <URL:http://jingyan.baidu.com/article/c843ea0bd493da77931e4ae0.html> * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111988311A (en) * | 2020-08-18 | 2020-11-24 | 华中科技大学 | Method for detecting NMAP network scanning attack behavior in public network environment |
CN111988311B (en) * | 2020-08-18 | 2021-07-27 | 华中科技大学 | Method for detecting NMAP network scanning attack behavior in public network environment |
CN112906006A (en) * | 2021-02-09 | 2021-06-04 | 建信金融科技有限责任公司 | Software development management method and platform |
CN112906006B (en) * | 2021-02-09 | 2023-06-09 | 建信金融科技有限责任公司 | Software development management method and platform |
CN115314244A (en) * | 2022-06-27 | 2022-11-08 | 深圳开源互联网安全技术有限公司 | White list safety protection method, device, equipment and readable storage medium |
CN115314244B (en) * | 2022-06-27 | 2023-10-10 | 深圳开源互联网安全技术有限公司 | White list safety protection method, device, equipment and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8220048B2 (en) | Network intrusion detector with combined protocol analyses, normalization and matching | |
CN110290129A (en) | A kind of method and device of Web Hole Detection | |
US20200097654A1 (en) | Identifying whether an application is malicious | |
CN102955914B (en) | The detection method of one source file security breaches and pick-up unit | |
US9015102B2 (en) | Match engine for detection of multi-pattern rules | |
US10630671B2 (en) | Dynamic web services server | |
US8387017B2 (en) | Black box testing optimization using information from white box testing | |
US20070113282A1 (en) | Systems and methods for detecting and disabling malicious script code | |
US20090129288A1 (en) | Network traffic identification by waveform analysis | |
CN108664793B (en) | Method and device for detecting vulnerability | |
CN111835777B (en) | Abnormal flow detection method, device, equipment and medium | |
CN109376078A (en) | Test method, terminal device and the medium of mobile application | |
US20130298233A1 (en) | Web page falsification detection apparatus and storage medium | |
CN108769070A (en) | One kind is gone beyond one's commission leak detection method and device | |
CN109510738B (en) | Communication link test method and device | |
WO2022267343A1 (en) | Vulnerability detection method and device, and readable storage medium | |
KR100670209B1 (en) | Device of analyzing web application source code based on parameter status tracing and method thereof | |
US20080155024A1 (en) | Methods And Systems For Providing For Responding To Messages Without Non-Accepted Elements Of Accepted MIME Types Based On Specifications In A Message Header | |
CN112751900B (en) | Network request processing method and device | |
US20100205411A1 (en) | Handling complex regex patterns storage-efficiently using the local result processor | |
KR20190028597A (en) | Matching method of high speed snort rule and yara rule based on fpga | |
CN115906102A (en) | Vulnerability mining method and device for application program | |
Cheng et al. | Automatic inference of taint sources to discover vulnerabilities in soho router firmware | |
CN110768957B (en) | Network security cooperative processing method, system and storage medium | |
Altmeier et al. | Adidos–adaptive and intelligent fully-automatic detection of denial-of-service weaknesses in web services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |