CN111309311B - Vulnerability detection tool generation method, device, equipment and readable storage medium - Google Patents
Vulnerability detection tool generation method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN111309311B CN111309311B CN202010143934.6A CN202010143934A CN111309311B CN 111309311 B CN111309311 B CN 111309311B CN 202010143934 A CN202010143934 A CN 202010143934A CN 111309311 B CN111309311 B CN 111309311B
- Authority
- CN
- China
- Prior art keywords
- script
- target
- vulnerability
- detection tool
- vulnerability detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/30—Creation or generation of source code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method for generating a vulnerability detection tool, which comprises the following steps: acquiring and analyzing a generating instruction, and determining a target vulnerability designated by the generating instruction; obtaining a vulnerability script corresponding to a target vulnerability, and adding an entry code to the vulnerability script to obtain the target script; determining a script language corresponding to the target script, and converting the target script into a target format according to the script language to obtain a vulnerability detection tool; according to the method, a development vulnerability detection tool is not required to be written by adopting a targeted development method, and the vulnerability detection tool can be obtained by adding an entry code to the existing vulnerability script and further performing format conversion processing, so that the development time of the vulnerability detection tool is shortened; in addition, the invention also provides a vulnerability detection tool generation device, equipment and a computer readable storage medium, which also have the beneficial effects.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a method for generating a vulnerability detection tool, a device for generating a vulnerability detection tool, and a computer readable storage medium.
Background
With the rapid development of the internet, vulnerabilities of various operating systems and application software in the internet are increasing. For the exploded loopholes, the task of timely performing the loophole detection becomes unprecedented.
After a vulnerability is exploded out of the internet, whether the vulnerability exists in the target terminal is detected. And a vulnerability scanning system or a vulnerability detection tool is generally adopted to comprehensively evaluate the target terminal and detect whether the vulnerability exists. The vulnerability scanning system is developed by a professional security manufacturer, the system disk occupies large space, the installation and the deployment are not facilitated, the installation, the deployment and the use of the vulnerability scanning system are relatively complex, and certain network security technical requirements are provided for users, so that in actual situations, the number of terminals provided with the vulnerability scanning system is small, and a large number of common users cannot install or use the vulnerability scanning system. The vulnerability detection tool is specially developed for a certain vulnerability, and has the advantages of small occupied space, simple installation, low requirement on users and convenience for common users to use. In an actual scenario, once a specific vulnerability is exploded, a security manufacturer upgrades the vulnerability scanning system for the vulnerability to improve the security capability of the vulnerability scanning system. However, since the vulnerability detection tool needs to be developed in a targeted manner and the development work needs a long time, the vulnerability detection tool cannot be developed and put into application in time, so that a large number of common users are attacked by an attacker using the vulnerability.
Therefore, how to solve the problem that the existing special vulnerability detection method needs to be developed in a targeted manner and the development work needs a long time is a technical problem that needs to be solved by the technicians in the field.
Disclosure of Invention
Accordingly, the present invention is directed to a vulnerability detection tool generating method, a vulnerability detection tool generating device, a vulnerability detection tool generating apparatus, and a computer readable storage medium, which solve the problem that the existing special vulnerability detection method needs to be developed specifically and requires a long time for development work.
In order to solve the technical problems, the invention provides a method for generating a vulnerability detection tool, which comprises the following steps:
acquiring and analyzing a generating instruction, and determining a target vulnerability designated by the generating instruction;
obtaining a vulnerability script corresponding to the target vulnerability, and adding an entry code to the vulnerability script to obtain a target script;
and determining a scripting language corresponding to the target script, and converting the target script into a target format according to the scripting language to obtain the vulnerability detection tool.
Optionally, the converting the target script into a target format according to the scripting language, to obtain the vulnerability detection tool includes:
determining a conversion rule corresponding to the scripting language according to the scripting language;
performing information extraction processing on the target script by using an extraction rule in the conversion rule to obtain script information;
and performing executable file generation processing on the script information by using the generation rules in the conversion rules to obtain the vulnerability detection tool.
Optionally, the determining the scripting language corresponding to the target script includes:
acquiring script attributes corresponding to the target script, and determining file suffixes corresponding to the target script by utilizing the script attributes;
and determining the script language corresponding to the file suffix by using a preset corresponding relation.
Optionally, the converting the target script into a target format according to the scripting language, to obtain the vulnerability detection tool includes:
determining a corresponding conversion tool according to the script language;
and converting the target script into the target format by using the conversion tool to obtain the vulnerability detection tool.
The invention also provides a device for generating the vulnerability detection tool, which comprises the following steps:
the target vulnerability determining module is used for acquiring and analyzing a generating instruction and determining a target vulnerability designated by the generating instruction;
the script language determining module is used for acquiring a vulnerability script corresponding to the target vulnerability, and adding an entry code to the vulnerability script to obtain the target script;
and the tool generation module is used for determining a scripting language corresponding to the target script, and converting the target script into a target format according to the scripting language to obtain the vulnerability detection tool.
Optionally, the tool generation module includes:
the conversion rule determining unit is used for determining a conversion rule corresponding to the script language according to the script language;
the script information acquisition unit is used for carrying out information extraction processing on the target script by utilizing the extraction rule in the conversion rule to obtain script information;
and the first conversion unit is used for generating executable files for the script information by utilizing the generation rules in the conversion rules to obtain the vulnerability detection tool.
Optionally, the tool generation module includes:
a file suffix determining unit, configured to obtain a script attribute corresponding to the target script, and determine a file suffix corresponding to the target script using the script attribute;
and the script language determining unit is used for determining the script language corresponding to the file suffix by utilizing a preset corresponding relation.
Optionally, the tool generation module includes:
a conversion tool determining unit, configured to determine a corresponding conversion tool according to the scripting language;
and the second conversion unit is used for converting the target script into the target format by using the conversion tool to obtain the vulnerability detection tool.
The invention also provides a vulnerability detection tool generation device, which comprises a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the above-mentioned vulnerability detection tool generation method.
The invention also provides a computer readable storage medium for storing a computer program, wherein the computer program is executed by a processor to implement the method for generating the vulnerability detection tool.
According to the vulnerability detection tool generation method provided by the invention, the generation instruction is acquired and analyzed, and the target vulnerability specified by the generation instruction is determined. Obtaining a vulnerability script corresponding to the target vulnerability, and adding an entry code to the vulnerability script to obtain the target script. And determining a scripting language corresponding to the target script, and converting the target script into a target format according to the scripting language to obtain the vulnerability detection tool.
After the specified target vulnerability is determined, determining a vulnerability script corresponding to the target vulnerability, and adding an entry code to the vulnerability script to obtain the target script which can be converted. And after the scripting language corresponding to the target script is determined, converting the scripting language to obtain the vulnerability detection tool. According to the method, a development vulnerability detection tool does not need to be written by adopting a targeted development method, and the vulnerability detection tool can be obtained by adding an entry code to the existing vulnerability script and further performing format conversion processing. The development time of the vulnerability detection tool is reduced, so that a large number of common users can also avoid attacks initiated by attackers by utilizing the vulnerability, and the problems that the existing special vulnerability detection method needs targeted development and development work needs a long time are solved.
In addition, the invention also provides a vulnerability detection tool generation device, vulnerability detection tool generation equipment and a computer readable storage medium, which also have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for generating a vulnerability detection tool according to an embodiment of the present invention;
FIG. 2 is a flowchart of a specific format conversion method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a device for generating a vulnerability detection tool according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a vulnerability detection tool generating device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, fig. 1 is a flowchart of a method for generating a vulnerability detection tool according to an embodiment of the present invention. The method comprises the following steps:
s101: and acquiring and analyzing the generating instruction, and determining the target vulnerability specified by the generating instruction.
Specifically, all or part of the steps of the vulnerability detection tool generation method provided by the invention can be completed by a designated device or terminal, for example, can be completed by a designated Windows system computer. The generating instruction is used for designating the target loophole, after receiving the generating instruction, the generating instruction is analyzed so as to determine the target loophole, and a loophole detection tool used for detecting the target loophole is generated in the subsequent steps. The type of the target vulnerability may be a vulnerability of the Windows operating system, or may be a vulnerability of the Linux operating system, or may be another type of vulnerability. The embodiment is not limited to the specific content of the generation instruction. In order to specify the target vulnerability, the generating instruction may include vulnerability information, where the vulnerability information may specifically be a name of the target vulnerability or may be a sequence number of the target vulnerability. The target loopholes specified by the generating instruction can be determined according to the loophole information.
The present embodiment is not limited to the method for acquiring the generation instruction, and for example, the generation instruction input by the control person may be acquired, or the generation instruction sent by other devices or terminals may be acquired. When the generation instruction is acquired by acquiring the generation instruction input by the control person, the embodiment is not limited to a specific input method of the generation instruction, for example, the control person may manually input the generation instruction; or a preset rule can be set, a control person inputs or selects the target vulnerability, and a corresponding generation instruction is constructed according to the preset rule after clicking and determining.
S102: obtaining a vulnerability script corresponding to the target vulnerability, and adding an entry code to the vulnerability script to obtain the target script.
After the target loopholes are determined, the loophole scripts corresponding to the target loopholes are obtained. The embodiment is not limited to a specific method for acquiring the vulnerability script, for example, the vulnerability script may be acquired from a vulnerability library of a specified vulnerability scanning system, or may be sent by other devices or terminals, or may be uploaded by a control personnel. The vulnerability code is a script in a vulnerability database used by the vulnerability scanning system, and is used for the vulnerability scanning system to call and analyze so as to scan, and the vulnerability code is specifically an unexecutable vulnerability script, for example, a JS script, a Python script, or a Lua script. Since the vulnerability script is not executable, the vulnerability script cannot be used as a vulnerability detection tool, and in order to quickly obtain the vulnerability detection tool, the corresponding vulnerability detection tool can be obtained by performing format conversion processing on the vulnerability script.
Note that, since the vulnerability script is originally used for call analysis by the vulnerability scanning system, it cannot be directly converted into a format. After the vulnerability script is obtained, an entry code is added to the vulnerability script, and then a target script is obtained so as to perform format conversion processing. Specific forms of the entry codes the embodiment is not limited, and the forms and contents of the corresponding entry codes are different according to the different scripting languages of the vulnerability script. The target script is a script which can be subjected to format conversion, and a vulnerability detection tool corresponding to the target vulnerability can be obtained by utilizing the target script.
S103: and determining a scripting language corresponding to the target script, and converting the target script into a target format according to the scripting language to obtain the vulnerability detection tool.
The target scripts of different scripting languages have different writing rules, and in order to convert the target scripts into a target format, the scripting language corresponding to the target script needs to be determined before conversion. It should be noted that, the target format is an executable file format, and after the target script is converted into the executable file format, the vulnerability detection tool is obtained. The method for determining the scripting language corresponding to the target script is not limited, and the corresponding scripting language can be determined by the content of the target script, specifically, information such as grammar of codes in the target script can be detected and used for determining the corresponding scripting language.
Further, in order to accurately determine the scripting language, the embodiment preferably obtains the script attribute corresponding to the target script, and determines the file suffix corresponding to the target script by using the script attribute; and determining the script language corresponding to the file suffix by using the preset corresponding relation. It should be noted that, the script attribute is used to record the attribute of the target script, that is, the file attribute of the target script. The script attribute records a file suffix of the target script, and the file suffix can represent a file type of the target script. Because the types of the files corresponding to the target scripts generated by different script languages are different, a preset corresponding relation is set for recording the corresponding relation between various script languages and file suffixes, after the file suffixes corresponding to the target scripts are determined, the script language corresponding to the file suffixes can be determined by utilizing the preset corresponding relation, and the script language corresponding to the target scripts can be determined. For example, when the target script is named as a vul, a script attribute of the vul script may be obtained, and a file suffix corresponding to the vul, for example, py, is determined from the script attribute. When the file suffix is determined to be py, according to the preset corresponding relation, the target script can be determined to be written by the Python language, namely the corresponding script language is Python.
Further, after obtaining the vulnerability detection tool, a subsequent operation may be performed, such as sending the vulnerability detection tool to the target device; or may issue a generated notification; or the vulnerability detection tool may be detected to determine whether an error exists. The present embodiment is not limited to the specific contents of the subsequent operations.
After the specified target vulnerability is determined, the vulnerability script corresponding to the target vulnerability is determined, and the target script which can be converted is obtained by adding the entry code to the vulnerability script. And after the scripting language corresponding to the target script is determined, converting the scripting language to obtain the vulnerability detection tool. According to the method, a development vulnerability detection tool does not need to be written by adopting a targeted development method, and the vulnerability detection tool can be obtained by adding an entry code to the existing vulnerability script and further performing format conversion processing. The development time of the vulnerability detection tool is reduced, so that a large number of common users can also avoid attacks initiated by attackers by utilizing the vulnerability, and the problems that the existing special vulnerability detection method needs targeted development and development work needs a long time are solved.
Based on the above embodiment of the invention, a specific format conversion method will be described in the embodiment of the invention. Referring to fig. 2, fig. 2 is a flowchart of a specific format conversion method according to an embodiment of the present invention, including:
s201: and determining a conversion rule corresponding to the scripting language according to the scripting language.
It should be noted that, in the embodiment of the present invention, the conversion rule is used to convert the target script into the target format, i.e. the executable file format. Because the grammar rules of different scripting languages are different, the conversion rules corresponding to the different scripting languages are also different, and before converting the target script, the conversion rules corresponding to the scripting languages need to be determined. Specifically, conversion rules corresponding to various scripting languages can be stored locally, and after the scripting language corresponding to the target script is determined, the conversion rules corresponding to the scripting language are acquired by using index information.
S202: and carrying out information extraction processing on the target script by utilizing the extraction rule in the conversion rule to obtain script information.
In an embodiment of the present invention, the conversion rule includes an extraction rule and a generation rule. The extraction rule is used for extracting information from the target script to obtain script information; the generating rule is used for processing the script information to generate a vulnerability detection tool. Because the writing rules corresponding to different scripting languages are different, the extraction rules in different conversion rules are different. The generation rules in different conversion rules can be the same or different, for example, in order to ensure the generation reliability and prevent the fault of the vulnerability detection tool, different generation rules can be set for different scripting languages; or to ensure consistency, the same generation rules may be set for different scripting languages.
The script information is used for generating a vulnerability detection tool, and the specific content of the vulnerability detection tool is not limited in this embodiment, and the content of script information corresponding to different target scripts is different.
S203: and performing executable file generation processing on the script information by using the generation rules in the conversion rules to obtain a vulnerability detection tool.
After the script information is obtained, executable file generation processing is carried out on the script information by utilizing the generation rules in the conversion rules. The method has the advantages that the script information is processed according to the generation rule, so that the vulnerability detection tool can be obtained, a developer does not need to write the vulnerability detection tool manually, the development time of the vulnerability detection tool is shortened, a large number of common users can also avoid attacks initiated by attackers by utilizing vulnerabilities, and the problems that the existing special vulnerability detection method needs targeted development and development work needs a long time are solved.
Further, in order to improve the generation speed and the generation efficiency of the vulnerability detection tool, in this embodiment, it is preferable that a plurality of conversion tools are preset, and the scripting language corresponding to each conversion tool is different. When the step of converting the target script into the target format according to the scripting language to obtain the vulnerability detection tool is executed, a corresponding conversion tool can be determined according to the scripting language, and the conversion tool is utilized to convert the target script into the target format to obtain the vulnerability detection tool. Specifically, the conversion tool can be used for simultaneously completing two steps of script information extraction and executable file generation processing, so that the generation speed of the vulnerability detection tool is improved. For example, when the target script is vul.py, the corresponding scripting language is Python, so that the corresponding conversion tool is determined to be a pyinsler tool according to the scripting language, and thus the vulnerability detection tool can be obtained by performing format conversion processing on the target script by using the pyinsler tool.
The following describes a vulnerability detection tool generating device provided by an embodiment of the present invention, where the vulnerability detection tool generating device described below and the vulnerability detection tool generating method described above may be referred to correspondingly.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a device for generating a vulnerability detection tool according to an embodiment of the present invention, including:
the target vulnerability determination module 310 is configured to obtain and parse the generation instruction, and determine a target vulnerability specified by the generation instruction;
the target script acquisition module 320 is configured to acquire a vulnerability script corresponding to a target vulnerability, and add an entry code to the vulnerability script to obtain a target script;
the tool generating module 330 is configured to determine a scripting language corresponding to the target script, and convert the target script into a target format according to the scripting language, so as to obtain the vulnerability detection tool.
Optionally, the tool generation module 330 includes:
the conversion rule determining unit is used for determining a conversion rule corresponding to the script language according to the script language;
the script information acquisition unit is used for extracting information from the target script by utilizing the extraction rule in the conversion rule to obtain script information;
and the first conversion unit is used for performing executable file generation processing on the script information by utilizing the generation rules in the conversion rules to obtain the vulnerability detection tool.
Optionally, the tool generation module 330 includes:
the file suffix determining unit is used for acquiring script attributes corresponding to the target script and determining file suffixes corresponding to the target script by utilizing the script attributes;
and the script language determining unit is used for determining the script language corresponding to the file suffix by utilizing the preset corresponding relation.
Optionally, the tool generation module 330 includes:
a conversion tool determining unit for determining a corresponding conversion tool according to the scripting language;
and the second conversion unit is used for converting the target script into a target format by utilizing the conversion tool to obtain the vulnerability detection tool.
The following describes a vulnerability detection tool generating device provided by an embodiment of the present invention, where the vulnerability detection tool generating device described below and the vulnerability detection tool generating method described above may be referred to correspondingly.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a vulnerability detection tool generating device according to an embodiment of the present invention, where the vulnerability detection tool generating device includes a memory and a processor, and the vulnerability detection tool generating device includes:
a memory 410 for storing a computer program;
The following describes a computer readable storage medium provided in an embodiment of the present invention, where the computer readable storage medium described below and the method for generating a vulnerability detection tool described above may be referred to correspondingly.
The invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the steps of the method for generating the vulnerability detection tool when being executed by a processor.
The computer readable storage medium may include: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it is further noted that, in this document, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
The above description of the present invention provides a method for generating a vulnerability detection tool, a device for generating a vulnerability detection tool, and a computer readable storage medium, and specific examples are applied to illustrate the principles and embodiments of the present invention, and the above description of the examples is only used to help understand the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (10)
1. A vulnerability detection tool generation method, comprising:
acquiring and analyzing a generating instruction, and determining a target vulnerability designated by the generating instruction;
obtaining a vulnerability script corresponding to the target vulnerability, and adding an entry code to the vulnerability script to obtain a target script;
and determining a scripting language corresponding to the target script, and converting the target script into a target format according to the scripting language to obtain the vulnerability detection tool.
2. The method of generating a vulnerability detection tool according to claim 1, wherein the converting the target script into a target format according to the scripting language, to obtain the vulnerability detection tool, comprises:
determining a conversion rule corresponding to the scripting language according to the scripting language;
performing information extraction processing on the target script by using an extraction rule in the conversion rule to obtain script information;
and performing executable file generation processing on the script information by using the generation rules in the conversion rules to obtain the vulnerability detection tool.
3. The vulnerability detection tool generation method of claim 1, wherein the determining the scripting language corresponding to the target script comprises:
acquiring script attributes corresponding to the target script, and determining file suffixes corresponding to the target script by utilizing the script attributes;
and determining the script language corresponding to the file suffix by using a preset corresponding relation.
4. A vulnerability detection tool generation method according to any one of claims 1-3, wherein the converting the target script into a target format according to the scripting language, to obtain the vulnerability detection tool, comprises:
determining a corresponding conversion tool according to the script language;
and converting the target script into the target format by using the conversion tool to obtain the vulnerability detection tool.
5. A vulnerability detection tool generation apparatus, comprising:
the target vulnerability determining module is used for acquiring and analyzing a generating instruction and determining a target vulnerability designated by the generating instruction;
the target script acquisition module is used for acquiring a vulnerability script corresponding to the target vulnerability, and adding an entry code to the vulnerability script to obtain a target script;
and the tool generation module is used for determining a scripting language corresponding to the target script, and converting the target script into a target format according to the scripting language to obtain the vulnerability detection tool.
6. The vulnerability detection tool generation apparatus of claim 5, wherein the tool generation module comprises:
the conversion rule determining unit is used for determining a conversion rule corresponding to the script language according to the script language;
the script information acquisition unit is used for carrying out information extraction processing on the target script by utilizing the extraction rule in the conversion rule to obtain script information;
and the first conversion unit is used for generating executable files for the script information by utilizing the generation rules in the conversion rules to obtain the vulnerability detection tool.
7. The vulnerability detection tool generation apparatus of claim 5, wherein the tool generation module comprises:
a file suffix determining unit, configured to obtain a script attribute corresponding to the target script, and determine a file suffix corresponding to the target script using the script attribute;
and the script language determining unit is used for determining the script language corresponding to the file suffix by utilizing a preset corresponding relation.
8. The vulnerability detection tool generation apparatus of any one of claims 5 to 7, wherein the tool generation module comprises:
a conversion tool determining unit, configured to determine a corresponding conversion tool according to the scripting language;
and the second conversion unit is used for converting the target script into the target format by using the conversion tool to obtain the vulnerability detection tool.
9. A vulnerability detection tool generation apparatus comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is configured to execute the computer program to implement the vulnerability detection tool generation method of any one of claims 1-4.
10. A computer readable storage medium for storing a computer program, wherein the computer program when executed by a processor implements the vulnerability detection tool generation method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010143934.6A CN111309311B (en) | 2020-03-04 | 2020-03-04 | Vulnerability detection tool generation method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010143934.6A CN111309311B (en) | 2020-03-04 | 2020-03-04 | Vulnerability detection tool generation method, device, equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111309311A CN111309311A (en) | 2020-06-19 |
| CN111309311B true CN111309311B (en) | 2023-04-25 |
Family
ID=71160333
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010143934.6A Active CN111309311B (en) | 2020-03-04 | 2020-03-04 | Vulnerability detection tool generation method, device, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111309311B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117097513A (en) * | 2023-07-14 | 2023-11-21 | 博智安全科技股份有限公司 | Custom vulnerability detection and vulnerability exploitation system and method |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
| CN107145784A (en) * | 2017-05-04 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of method of vulnerability scanning, device and computer-readable medium |
| CN107454081A (en) * | 2017-08-07 | 2017-12-08 | 四川长虹电器股份有限公司 | The method for automatically generating POC scripts |
| CN108011898A (en) * | 2018-01-30 | 2018-05-08 | 上海壹账通金融科技有限公司 | Leak detection method, device, computer equipment and storage medium |
| CN108537042A (en) * | 2018-04-04 | 2018-09-14 | 上海有云信息技术有限公司 | Self-defined plug-in unit generation method, device, equipment and storage medium |
| CN108920963A (en) * | 2018-07-23 | 2018-11-30 | 国网浙江省电力有限公司电力科学研究院 | A kind of industrial control system automation Hole Detection plug-in unit generation method and system |
| CN109522723A (en) * | 2018-11-14 | 2019-03-26 | 平安科技(深圳)有限公司 | POC scenario generation method, device, electronic equipment and storage medium |
| CN110135169A (en) * | 2019-05-21 | 2019-08-16 | 江苏亨通工控安全研究院有限公司 | Leak detection method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070113282A1 (en) * | 2005-11-17 | 2007-05-17 | Ross Robert F | Systems and methods for detecting and disabling malicious script code |
| US10223533B2 (en) * | 2014-10-21 | 2019-03-05 | Veracode, Inc. | Systems and methods for analysis of cross-site scripting vulnerabilities |
-
2020
- 2020-03-04 CN CN202010143934.6A patent/CN111309311B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105991554A (en) * | 2015-02-04 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Vulnerability detection method and equipment |
| CN107145784A (en) * | 2017-05-04 | 2017-09-08 | 腾讯科技(深圳)有限公司 | A kind of method of vulnerability scanning, device and computer-readable medium |
| CN107454081A (en) * | 2017-08-07 | 2017-12-08 | 四川长虹电器股份有限公司 | The method for automatically generating POC scripts |
| CN108011898A (en) * | 2018-01-30 | 2018-05-08 | 上海壹账通金融科技有限公司 | Leak detection method, device, computer equipment and storage medium |
| CN108537042A (en) * | 2018-04-04 | 2018-09-14 | 上海有云信息技术有限公司 | Self-defined plug-in unit generation method, device, equipment and storage medium |
| CN108920963A (en) * | 2018-07-23 | 2018-11-30 | 国网浙江省电力有限公司电力科学研究院 | A kind of industrial control system automation Hole Detection plug-in unit generation method and system |
| CN109522723A (en) * | 2018-11-14 | 2019-03-26 | 平安科技(深圳)有限公司 | POC scenario generation method, device, electronic equipment and storage medium |
| CN110135169A (en) * | 2019-05-21 | 2019-08-16 | 江苏亨通工控安全研究院有限公司 | Leak detection method and device |
Non-Patent Citations (2)
| Title |
|---|
| 张嘉元 ; .一种基于匹配的Android系统漏洞检测方法.电信科学.2016,(05),全文. * |
| 王晓艳 ; 牟景华 ; .网络漏洞扫描器的设计.福建电脑.2007,(05),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111309311A (en) | 2020-06-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112019401B (en) | Internet of vehicles application safety testing method, device and system and electronic equipment | |
| US11422917B2 (en) | Deriving software application dependency trees for white-box testing | |
| CN112685029A (en) | Visual template generation method, device, equipment and storage medium | |
| CN113114680B (en) | Detection method and detection device for file uploading vulnerability | |
| US11449408B2 (en) | Method, device, and computer program product for obtaining diagnostic information | |
| CN112817853A (en) | Automatic test method, system and electronic equipment | |
| CN114328208A (en) | Code detection method and device, electronic equipment and storage medium | |
| CN114398673A (en) | Application compliance detection method and device, storage medium and electronic equipment | |
| KR101228902B1 (en) | Cloud Computing-Based System for Supporting Analysis of Malicious Code | |
| CN111309311B (en) | Vulnerability detection tool generation method, device, equipment and readable storage medium | |
| CN114036526A (en) | Vulnerability testing method and device, computer equipment and storage medium | |
| CN114035789A (en) | Log analysis template generation method, log analysis device and log analysis equipment | |
| CN116305131B (en) | Static confusion removing method and system for script | |
| CN116450533B (en) | Security detection method and device for application program, electronic equipment and medium | |
| CN115454856B (en) | Multi-application security detection method, device, medium and electronic equipment | |
| CN116361793A (en) | Code detection method, device, electronic equipment and storage medium | |
| CN112685072B (en) | Method, device, equipment and storage medium for generating communication address knowledge base | |
| CN112256564B (en) | Application program running method and device and electronic equipment | |
| CN113760291B (en) | Log output method and device | |
| CN110597724B (en) | Calling method and device of application security test component, server and storage medium | |
| CN110096281B (en) | Code analysis method, analysis server, storage medium and device | |
| CN113420302A (en) | Host vulnerability detection method and device | |
| CN111151008A (en) | Game operation data verification method, device, configuration background and medium | |
| CN117033318B (en) | Method and device for generating data to be tested, storage medium and electronic equipment | |
| JP7302223B2 (en) | Script detection device, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |