CN111431878A - Network security penetration testing system - Google Patents

Network security penetration testing system Download PDF

Info

Publication number
CN111431878A
CN111431878A CN202010183789.4A CN202010183789A CN111431878A CN 111431878 A CN111431878 A CN 111431878A CN 202010183789 A CN202010183789 A CN 202010183789A CN 111431878 A CN111431878 A CN 111431878A
Authority
CN
China
Prior art keywords
module
signal connection
virus
testing unit
testing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010183789.4A
Other languages
Chinese (zh)
Inventor
熊黎龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Falcon Network Security Technology Co ltd
Original Assignee
Wuhan Falcon Network Security Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Falcon Network Security Technology Co ltd filed Critical Wuhan Falcon Network Security Technology Co ltd
Priority to CN202010183789.4A priority Critical patent/CN111431878A/en
Publication of CN111431878A publication Critical patent/CN111431878A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

the invention relates to the technical field of network security, in particular to a network security penetration testing system which comprises a control center, wherein the control center is in signal connection with a virus testing unit, a script testing unit, an SQ attack testing unit and a DNS reflection testing unit, the virus testing unit, the script testing unit, a SQ L attack testing unit and the DNS reflection testing unit are in signal connection with a network system, the network system is in signal connection with a monitoring module, the monitoring module is in signal connection with a bug recording module, the bug recording module is in signal connection with a display module, the virus testing unit comprises a virus recording module, the virus recording module is in signal connection with a virus storage module, the virus storage module is in signal connection with a recording module, the recording module is in signal connection with an execution module, and the virus recording module, the virus storage module, the recording module and the execution module are in signal connection with the control center.

Description

Network security penetration testing system
Technical Field
The invention relates to the technical field of network security, in particular to a network security penetration testing system.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted. The security of the network is subjected to penetration testing to simulate the attack of a hacker, so that the vulnerability of the network is displayed to maintain the vulnerability.
Disclosure of Invention
The invention aims to solve the defects that various conditions cannot be simulated and more bugs cannot be found in the prior art, and provides a network security penetration testing system.
In order to achieve the purpose, the invention adopts the following technical scheme:
designing a network security penetration test system, which comprises a control center, wherein the control center is in signal connection with a virus test unit, a script test unit, an SQ L attack test unit and a DNS reflection test unit, the virus test unit, the script test unit, the SQ L attack test unit and the DNS reflection test unit are in signal connection with a network system, the network system is in signal connection with a monitoring module, the monitoring module is in signal connection with a vulnerability recording module, and the vulnerability recording module is in signal connection with a display module;
The script test unit comprises an updating module, a script storage module and an implanting module, wherein the updating module is in signal connection with the script storage module, the script storage module is in signal connection with the implanting module, and the updating module, the script storage module and the implanting module are in signal connection with the control center;
The virus testing unit comprises a virus input module, the virus input module is in signal connection with a virus storage module, the virus storage module is in signal connection with a recording module, the recording module is in signal connection with an execution module, and the virus input module, the virus storage module, the recording module and the execution module are in signal connection with the control center.
Preferably, the DNS reflection module includes a simulation module, the simulation module is in telecommunication connection with a transmission module, the transmission module is electrically connected with an amplification module, the request sent by the transmission module is amplified by the amplification module, the amplification module is in signal connection with the network system, and the simulation module, the transmission module and the amplification module are in signal connection with the control center.
Preferably, the monitoring module is electrically connected with a conversion unit, and the conversion unit is in signal connection with the display module.
Preferably, the conversion unit includes a tracking module, the tracking module is in signal connection with a conversion module, the conversion module is in signal connection with a graphic module, and the graphic module is in signal connection with the display module so as to perform graphic display.
preferably, the SQ L attack testing unit includes an output module, the input module is in signal connection with an insertion module, the insertion module is in signal connection with a submission module, the submission module is in signal connection with the network system, and the input module, the insertion module and the submission module are electrically connected with the control center.
Preferably, the vulnerability recording module is in signal connection with an inquiry module, the inquiry module is in signal connection with a database, the database is in signal connection with a download module, and the download module is in signal connection with the display module.
the network security penetration testing system has the advantages that various types of invasion are carried out on the network system through the virus testing unit, the script testing unit, the SQ L attack testing unit and the DNS reflection testing unit, the vulnerability of the network system is ensured to be found out, the vulnerability is convenient to repair, and therefore the network security is improved.
Drawings
FIG. 1 is a block diagram of a network security penetration testing system according to the present invention;
FIG. 2 is a system block diagram of a conversion unit of the network security penetration testing system according to the present invention;
Fig. 3 is a system block diagram of a DNS reflection testing unit of a network security penetration testing system according to the present invention;
fig. 4 is a system block diagram of a SQ L attack test unit of the network security penetration test system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Example 1
referring to fig. 1, the network security penetration testing system includes a control center, the control center is in signal connection with a virus testing unit, a script testing unit, an SQ L attack testing unit, and a DNS reflection testing unit, the virus testing unit, the script testing unit, the SQ L attack testing unit, and the DNS reflection testing unit are in signal connection with a network system, the network system is in signal connection with a monitoring module, the monitoring module is in signal connection with a bug recording module, the bug recording module is in signal connection with a display module, virus intrusion is simulated through the virus testing unit, a scenario condition is simulated through the script testing unit, a cheat server is simulated through the SQ L attack testing unit to execute a malicious SQ L command, a DNS attack is simulated through the DNS reflection testing unit, various intrusions are simulated, bugs in the network system are found out, and are recorded by the bug recording module, so that bugs in the network system are repaired, thereby enhancing network security;
The script testing unit comprises an updating module, a script storage module and an implanting module, wherein the updating module is in signal connection with the script storage module, the script storage module is in signal connection with the implanting module, the updating module, the script storage module and the implanting module are in signal connection with the control center, malicious script information is stored in the script storage module, the information is implanted into a network system through the implanting module, and when a browser browses the information, malicious scripts are executed to steal the information, so that malicious script attacks are simulated;
The virus testing unit comprises a virus input module, the virus input module is in signal connection with a virus storage module, the virus storage module is in signal connection with a recording module, the recording module is in signal connection with an execution module, the virus input module, the virus storage module, the recording module and the execution module are in signal connection with the control center, the recording module records information of the virus by storing the virus in the virus storage module, and the execution module puts the virus into a network system to simulate virus attack of a hacker.
Example 2
Referring to fig. 3, as another preferred embodiment of the present invention, the difference from embodiment 1 is that the DNS reflection module includes a simulation module, the simulation module is in telecommunication connection with a transmission module, the transmission module is electrically connected with an amplification module, the amplification module amplifies a request sent by the transmission module, the amplification module is in signal connection with the network system, the simulation module, the transmission module, and the amplification module are in signal connection with the control center, the simulation module simulates DNS attack, the DNS attack is performed by the simulation module, the DNS attack is transmitted by the transmission module, and then the DNS request is amplified by the amplification module, so that a large amount of DNS requests are transmitted to attack a host in the network system.
Example 3
Referring to fig. 2, as another preferred embodiment of the present invention, the difference from embodiment 1 is that the monitoring module is electrically connected to a conversion unit, the conversion unit is in signal connection with the display module, the conversion unit includes a tracking module, the tracking module is in signal connection with a conversion module, the conversion module is in signal connection with a graphical module, the graphical module is in signal connection with the display module so as to perform graphical display, each attack is monitored by the monitoring module so as to update the attack situation in real time, and the monitored data information is converted into a picture by the conversion unit so as to know more clearly how the firewall and antivirus software of the network system enter external intrusion, and simultaneously, the vulnerability is displayed.
Example 4
referring to fig. 4, as another preferred embodiment of the present invention, the difference from embodiment 1 is that the SQ L attack test unit includes an output module, the input module is in signal connection with an insertion module, the insertion module is in signal connection with a submission module, the submission module is in signal connection with the network system, the input module, the insertion module, and the submission module are electrically connected to the control center, the SQ L instruction is input through the input module, the insertion module is added to a network page request query string, and then the submission module submits the SQ L instruction, so as to simulate a malicious SQ L instruction.
Example 5
Referring to fig. 1, as another preferred embodiment of the present invention, the difference from embodiment 1 is that the vulnerability recording module is in signal connection with an inquiry module, the inquiry module is in signal connection with a database, the database is in signal connection with a download module, the download module is in signal connection with the display module, the vulnerability displayed during testing is recorded and stored by the vulnerability recording module, the inquiry module is used for inquiring in the database, and then the download module is used for downloading the information of the relevant repaired vulnerability in the database, so as to repair the vulnerability, thereby enhancing the security of the network system.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (6)

1. the network security penetration testing system comprises a control center and is characterized in that the control center is in signal connection with a virus testing unit, a script testing unit, an SQ L attack testing unit and a DNS reflection testing unit, the virus testing unit, the script testing unit, the SQ L attack testing unit and the DNS reflection testing unit are in signal connection with a network system, the network system is in signal connection with a monitoring module, the monitoring module is in signal connection with a vulnerability recording module, and the vulnerability recording module is in signal connection with a display module;
The script test unit comprises an updating module, a script storage module and an implanting module, wherein the updating module is in signal connection with the script storage module, the script storage module is in signal connection with the implanting module, and the updating module, the script storage module and the implanting module are in signal connection with the control center;
The virus testing unit comprises a virus input module, the virus input module is in signal connection with a virus storage module, the virus storage module is in signal connection with a recording module, the recording module is in signal connection with an execution module, and the virus input module, the virus storage module, the recording module and the execution module are in signal connection with the control center.
2. The system according to claim 1, wherein the DNS reflection module includes a simulation module, the simulation module is connected with a transmission module in a telecommunication manner, the transmission module is electrically connected with an amplification module, the request transmitted by the transmission module is amplified by the amplification module, the amplification module is in signal connection with the network system, and the simulation module, the transmission module and the amplification module are in signal connection with the control center.
3. The cybersecurity permeability testing system according to claim 1, wherein the monitoring module is electrically connected with a conversion unit, and the conversion unit is in signal connection with the display module.
4. The cybersecurity permeation testing system of claim 3, wherein the conversion unit comprises a trace module in signal connection with a conversion module in signal connection with a graphic module in signal connection with the display module for graphic display.
5. the network security penetration test system of claim 1, wherein the SQ attack test unit comprises an output module, an insertion module in signal connection with the input module, a submission module in signal connection with the insertion module, the submission module in signal connection with the network system, and the input module, the insertion module, and the submission module in electrical connection with the control center.
6. The cybersecurity permeability testing system according to claim 1, wherein the vulnerability logging module is in signal connection with an inquiry module, the inquiry module is in signal connection with a database, the database is in signal connection with a download module, and the download module is in signal connection with the display module.
CN202010183789.4A 2020-03-16 2020-03-16 Network security penetration testing system Pending CN111431878A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010183789.4A CN111431878A (en) 2020-03-16 2020-03-16 Network security penetration testing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010183789.4A CN111431878A (en) 2020-03-16 2020-03-16 Network security penetration testing system

Publications (1)

Publication Number Publication Date
CN111431878A true CN111431878A (en) 2020-07-17

Family

ID=71548209

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010183789.4A Pending CN111431878A (en) 2020-03-16 2020-03-16 Network security penetration testing system

Country Status (1)

Country Link
CN (1) CN111431878A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113221111A (en) * 2021-05-12 2021-08-06 上海安锵信息科技有限公司 Penetration testing system for network security

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105554022A (en) * 2016-01-12 2016-05-04 烟台南山学院 Automatic testing method of software
CN107426227A (en) * 2017-08-02 2017-12-01 江苏省邮电规划设计院有限责任公司 One kind automation safe penetration method of testing
CN108540491A (en) * 2018-04-27 2018-09-14 四川长虹电器股份有限公司 Semi-automatic Permeation Test System based on drive sweep and method
CN109309680A (en) * 2018-10-09 2019-02-05 山西警察学院 Network security detection method and guard system based on neural network algorithm
CN110209583A (en) * 2019-06-03 2019-09-06 中国银联股份有限公司 Safety detecting method, device, system, equipment and storage medium
CN110768951A (en) * 2019-08-14 2020-02-07 奇安信科技集团股份有限公司 Method and device for verifying system vulnerability, storage medium and electronic device
CN110851838A (en) * 2019-11-11 2020-02-28 广东电网有限责任公司 Cloud testing system and security testing method based on Internet

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105554022A (en) * 2016-01-12 2016-05-04 烟台南山学院 Automatic testing method of software
CN107426227A (en) * 2017-08-02 2017-12-01 江苏省邮电规划设计院有限责任公司 One kind automation safe penetration method of testing
CN108540491A (en) * 2018-04-27 2018-09-14 四川长虹电器股份有限公司 Semi-automatic Permeation Test System based on drive sweep and method
CN109309680A (en) * 2018-10-09 2019-02-05 山西警察学院 Network security detection method and guard system based on neural network algorithm
CN110209583A (en) * 2019-06-03 2019-09-06 中国银联股份有限公司 Safety detecting method, device, system, equipment and storage medium
CN110768951A (en) * 2019-08-14 2020-02-07 奇安信科技集团股份有限公司 Method and device for verifying system vulnerability, storage medium and electronic device
CN110851838A (en) * 2019-11-11 2020-02-28 广东电网有限责任公司 Cloud testing system and security testing method based on Internet

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113221111A (en) * 2021-05-12 2021-08-06 上海安锵信息科技有限公司 Penetration testing system for network security

Similar Documents

Publication Publication Date Title
US10243679B2 (en) Vulnerability detection
CN102546576B (en) A kind of web page horse hanging detects and means of defence, system and respective code extracting method
CN104995630B (en) Computing system and method for security test
US20220232033A1 (en) Method and system for generating stateful attacks
CN108830084B (en) Handheld terminal for realizing vulnerability scanning and protection reinforcement and protection method
US20160352771A1 (en) Automated penetration testing device, method and system
CN103996007A (en) Testing method and system for Android application permission leakage vulnerabilities
CN111353151B (en) Vulnerability detection method and device for network application
CN114065204A (en) File-free Trojan horse searching and killing method and device
CN110545269A (en) Access control method, device and storage medium
CN111431878A (en) Network security penetration testing system
US11714899B2 (en) Command injection identification
TWM592531U (en) Cyber attack analysis system
KR101874815B1 (en) Method for examining change of dns address and terminal apparatus for the same
CN112738068B (en) Network vulnerability scanning method and device
CN115361203A (en) Vulnerability analysis method based on distributed scanning engine
CN113221111A (en) Penetration testing system for network security
CN114640484A (en) Network security countermeasure method and device and electronic equipment
Morais et al. Generating attack scenarios for the system security validation
US11763004B1 (en) System and method for bootkit detection
CN112118241A (en) Audit penetration testing method, testing node server, management server and system
Chen et al. Design considerations for a honeypot for SQL injection Attacks
CN115632882B (en) Illegal network attack detection method, computer equipment and medium
CN111598268B (en) Power plant equipment detection method, system, equipment and computer storage medium
JP7491372B2 (en) Attack reproduction support device, attack reproduction support method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200717

RJ01 Rejection of invention patent application after publication