CN111580946A - Port scanning method, device, equipment and storage medium - Google Patents

Abstract

The disclosure relates to a port scanning method, a port scanning device and a storage medium, and belongs to the technical field of computers. The embodiment provides a port scanning method based on a priority queue, which is characterized in that a coarse-grained port scanning task is divided into a plurality of fine-grained subtasks, the subtasks are stored into the priority queue according to the priorities of the subtasks, and ports included by a plurality of servers are sequentially scanned according to the queue order of the priority queue. The priority queue stores a plurality of subtasks according to the sequence of the priority from high to low, so that the subtask with high priority is taken out from the priority queue first, the port corresponding to the subtask with high priority can be scanned preferentially, the port needing to be scanned preferentially can be scanned timely, and the scanning speed of the port needing to be scanned preferentially is improved.

Description

Port scanning method, device, equipment and storage medium

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a port scanning method, apparatus, device, and storage medium.

Background

A port may be understood as an outlet for a server to communicate with the outside world. A server may have one or more ports, and after the server opens a port, a client may access the port of the server to use the service provided by the server. In order to avoid potential safety hazards caused by port intrusion, the port of the server needs to be scanned, so that the safety of information stored by the server is guaranteed. Therefore, the port scanning technology has been widely applied in the scenes of asset discovery, vulnerability scanning and the like.

In the related technology, a server to be scanned is predetermined, a port number list to be scanned is set according to a port number of a port to be scanned on the server, and the ports corresponding to each port number are sequentially scanned from a first port number in the port number list according to the sequence of the port numbers from small to large until all the ports corresponding to the port number list are scanned.

Some ports in all ports corresponding to the port number list are often required to be scanned preferentially, and when the method is adopted, the ports required to be scanned preferentially cannot be scanned in time, so that the scanning speed of the ports required to be scanned preferentially is influenced.

Disclosure of Invention

The present disclosure provides a port scanning method, apparatus, device and storage medium, so as to at least solve the problem that a port requiring preferential scanning cannot be scanned in time in the related art. The technical scheme of the disclosure is as follows:

according to a first aspect of the embodiments of the present disclosure, there is provided a port scanning method, including:

acquiring a port scanning task, wherein the port scanning task is used for indicating to scan ports included in a plurality of servers;

splitting the port scanning task into a plurality of subtasks, wherein each subtask is used for indicating to scan ports included in part of the servers in the plurality of servers;

storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks, wherein the priority queue is used for storing the plurality of subtasks according to the sequence of the priorities from high to low;

and scanning the ports included by the plurality of servers in sequence according to the queue sequence of the priority queue.

Optionally, the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a user-defined scanning task, storing the subtask into the priority queue according to a first priority corresponding to the user-defined scanning task, wherein the user-defined scanning task is used for scanning a port corresponding to an IP address sent by a terminal, a port corresponding to a network segment sent by the terminal or a port corresponding to a port number sent by the terminal.

Optionally, the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a periodic scanning task, storing the subtask into the priority queue according to a second priority corresponding to the periodic scanning task, wherein the periodic scanning task is used for indicating that ports included in the plurality of servers are scanned once every preset time period.

Optionally, the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a full-port scanning task, storing the subtask into the priority queue according to a third priority corresponding to the full-port scanning task, wherein the full-port scanning task is used for indicating to scan all ports opened by at least one server in the plurality of servers.

Optionally, the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a high-risk port scanning task, storing the subtask into the priority queue according to a fourth priority corresponding to the high-risk port scanning task, wherein the high-risk port scanning task is used for indicating to scan a high-risk port in ports included in the plurality of servers.

Optionally, the sequentially scanning the ports included in the plurality of servers according to the queue order of the priority queue includes:

allocating target execution equipment to the port scanning task according to the bandwidth occupation condition of the execution equipment in the distributed system, wherein the bandwidth occupation condition of the target execution equipment meets the condition;

and scheduling the target execution equipment to sequentially scan the ports included by the plurality of servers according to the queue sequence of the priority queue.

Optionally, the port scanning task includes at least one of a port openness scanning task or a service identification scanning task, where the port openness scanning task is used to scan whether a port is an open port, and the service identification scanning task is used to scan a service provided by the open port.

Optionally, after the ports included in the plurality of servers are sequentially scanned according to the queue order of the priority queue, the method further includes:

inquiring default services provided by the opened ports according to the opened ports in the ports included by the plurality of servers;

and establishing an association relation between the scanning result of the opened port and the default service.

According to a second aspect of the embodiments of the present disclosure, there is provided a port scanning apparatus including:

an acquisition unit configured to execute an acquisition port scanning task for instructing to scan ports included in a plurality of servers;

a splitting unit configured to perform splitting the port scanning task into a plurality of subtasks, each subtask being used for instructing to scan ports included in a part of the servers in the plurality of servers;

the storing unit is configured to store the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks, and the priority queue is used for storing the plurality of subtasks from high to low in order of priority;

and the scanning unit is configured to sequentially scan the ports included by the plurality of servers according to the queue order of the priority queue.

Optionally, the storing unit is configured to execute, for each of the plurality of subtasks, if the subtask is a custom scanning task, storing the subtask into the priority queue according to a first priority corresponding to the custom scanning task, where the custom scanning task is used to scan a port corresponding to an IP address sent by a terminal, a port corresponding to a network segment sent by the terminal, or a port corresponding to a port number sent by the terminal.

Optionally, the storing unit is configured to execute, for each of the multiple subtasks, if the subtask is a periodic scanning task, according to a second priority corresponding to the periodic scanning task, store the subtask into the priority queue, where the periodic scanning task is used to instruct to scan ports included in the multiple servers once every preset time period.

Optionally, the storing unit is configured to execute, for each of the plurality of subtasks, if the subtask is a full-port scanning task, store the subtask into the priority queue according to a third priority corresponding to the full-port scanning task, where the full-port scanning task is used to instruct to scan all ports opened by at least one of the plurality of servers.

Optionally, the storing unit is configured to execute, for each of the plurality of subtasks, if the subtask is a high-risk port scanning task, store the subtask into the priority queue according to a fourth priority corresponding to the high-risk port scanning task, where the high-risk port scanning task is used to instruct to scan a high-risk port of ports included in the plurality of servers.

Optionally, the scanning unit is configured to allocate a target execution device to the port scanning task according to a bandwidth occupation situation of an execution device in a distributed system, where the bandwidth occupation situation of the target execution device satisfies a condition; and scheduling the target execution equipment to sequentially scan the ports included by the plurality of servers according to the queue sequence of the priority queue.

Optionally, the port scanning task includes at least one of a port openness scanning task or a service identification scanning task, where the port openness scanning task is used to scan whether a port is an open port, and the service identification scanning task is used to scan a service provided by the open port.

Optionally, the port scanning apparatus further includes:

a query unit configured to perform a query for a default service provided by an open port among ports included in the plurality of servers, according to the open port;

an establishing unit configured to perform establishing an association relationship between the scan result of the opened port and the default service.

According to a third aspect of the embodiments of the present disclosure, there is provided an electronic apparatus including:

one or more processors;

one or more memories for storing the processor-executable instructions;

wherein the one or more processors are configured to execute the instructions to implement the port scanning method described above.

According to a fourth aspect of the embodiments of the present disclosure, there is provided a storage medium, wherein instructions, when executed by a processor of an electronic device, enable the electronic device to perform the above-mentioned port scanning method.

According to a fifth aspect of embodiments of the present disclosure, there is provided a computer program product comprising one or more instructions that, when executed by a processor of an electronic device, enable the electronic device to perform the above-mentioned port scanning method.

The technical scheme provided by the embodiment of the disclosure at least brings the following beneficial effects:

the embodiment provides a port scanning method based on a priority queue, which is characterized in that a coarse-grained port scanning task is divided into a plurality of fine-grained subtasks, the subtasks are stored into the priority queue according to the priorities of the subtasks, and ports included by a plurality of servers are sequentially scanned according to the queue order of the priority queue. The priority queue stores a plurality of subtasks according to the sequence of the priority from high to low, so that the subtask with high priority is taken out from the priority queue first, the port corresponding to the subtask with high priority can be scanned preferentially, the port needing to be scanned preferentially can be scanned timely, and the scanning speed of the port needing to be scanned preferentially is improved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and, together with the description, serve to explain the principles of the disclosure and are not to be construed as limiting the disclosure.

FIG. 1 is a block diagram illustrating the structure of a port scanning system in accordance with an exemplary embodiment;

FIG. 2 is a flow chart illustrating a method of port scanning in accordance with an exemplary embodiment;

FIG. 3 is a flow chart illustrating a method of port scanning in accordance with an exemplary embodiment;

FIG. 4 is a flow chart illustrating a method of port scanning in accordance with an exemplary embodiment;

FIG. 5 is a block diagram illustrating a port scanning device in accordance with an exemplary embodiment;

FIG. 6 is a block diagram illustrating a terminal in accordance with an exemplary embodiment;

FIG. 7 is a block diagram illustrating a server in accordance with an example embodiment.

Detailed Description

In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings.

It should be noted that the terms "first," "second," and the like in the description and claims of the present disclosure and in the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the disclosure described herein are capable of operation in sequences other than those illustrated or otherwise described herein. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.

The user information to which the present disclosure relates may be information authorized by the user or sufficiently authorized by each party.

The port scanning method provided by the embodiment of the disclosure can be applied to the scene of scanning the port of the server in the field of information security, can be used for rapidly scanning company-level port assets, can support the setting of the priority of the custom target scanning, and can rapidly allocate resources required by the custom scanning and complete the scanning task on the premise of ensuring the port scanning accuracy. Specifically, in some current port scanning schemes, only indexes such as scanning accuracy and false alarm rate are generally considered, or only the improvement of operation and maintenance capacity is considered, but a distributed port scanning system which can simultaneously give consideration to enterprise-level asset periodic scanning, perform custom scanning according to requirements, and automatically allocate machine resources according to scanning task classification and classification is not provided. The method provided by some embodiments of the present disclosure can be used in enterprises with rapidly changing asset conditions and rapidly changing scanning requirements, and can simultaneously support a distributed port scanning system with periodic port asset scanning and customized port asset scanning according to requirements. The system can automatically allocate the machine resources of the distributed system according to the task state and classification. The system can ensure the minimum invasion of resources, effectively reduce the false alarm rate of port scanning and quickly return the scanning result.

Hereinafter, a hardware environment of the embodiments of the present disclosure is exemplified.

FIG. 1 is a block diagram illustrating the structure of a port scanning system in accordance with an exemplary embodiment. The port scanning system includes: a terminal 101, a port scanning background 102, a distributed system 103, and a plurality of servers 104. The port scanning system may be provided as a priority queue based distributed port scanning system.

The terminal 101 is connected to the port scanning background 102 through a wireless network or a wired network. The terminal 101 may be at least one of a smart phone, a game console, a desktop computer, a tablet computer, an e-book reader, an MP3(Moving Picture Experts Group Audio Layer III, motion Picture Experts compression standard Audio Layer 3) player, or an MP4(Moving Picture Experts Group Audio Layer IV, motion Picture Experts compression standard Audio Layer 4) player, and a laptop computer. The terminal 101 is installed and operated with an application program supporting port scanning. The application may be a secure operations platform or the like. Illustratively, the terminal 101 is a terminal used by a user, and a user account is registered in an application running in the terminal 101.

The port scanning backend 102 includes at least one of a server, a plurality of servers, a cloud computing platform, and a virtualization center. The port scanning background 102 is used to provide background services for applications that support port scanning functionality. Optionally, during the port scanning process, the port scanning background 102 and the terminal 101 may work together. For example, the port scanning background 102 undertakes primary work, and the terminal 101 undertakes secondary work; or, the port scanning background 102 undertakes the secondary work, and the terminal 101 undertakes the primary work; alternatively, the port scanning background 102 or the terminal 101 may respectively undertake the generation work separately. By way of example, port scanning backend 102 may perform the fig. 2 embodiment described below.

The port scanning background 102 is connected with the distributed system 103 through a wireless network or a wired network.

Distributed system 103 includes a plurality of execution devices (workers) 1031 and a database 1032. The plurality of execution devices 1031 in the distributed system 103 are distributed in a plurality of regions, respectively. The execution device 1031 is, for example, a host, a server, a personal computer, or the like. Optionally, at least two execution devices 1031 exist for providing different services, and/or at least two execution devices 1031 exist for providing the same service, for example, providing the same service in a load balancing manner, which is not limited in the embodiment of the present disclosure. The database 1102 is used to store data required for the execution device 1031 to execute the task or results obtained by executing the task. The data required for executing the task is, for example, a default service list of the port, and the result obtained by executing the task is, for example, a port scanning result. The database 1102 may provide the stored data to the execution device 1031 when needed.

The port scanning background 102 is connected to a plurality of servers 104 via a wireless network or a wired network.

Each server 104 of the plurality of servers 104 includes one or more ports to be scanned, and each server 104 is accessible via a corresponding Internet Protocol (IP) address. Multiple servers 104 may be deployed in the same network or in different networks. For example, a portion of the servers 104 are deployed in an intranet, and another portion of the servers 104 are deployed in an extranet. The servers 104 in the intranet can be accessed through the intranet IP address, and the servers 104 in the intranet can open the corresponding ports through the intranet IP address so as to provide the services corresponding to the ports. The servers 104 in the external network can be accessed through the external network IP address, and the servers 104 in the external network can open corresponding ports through the external network IP address so as to provide services corresponding to the ports.

Those skilled in the art will appreciate that the number of terminals 101, port scanning back-office 102, execution devices 1031, and servers 104 may be greater or fewer. For example, the number of the terminal 101, the port scanning background 102, the execution device 1031, and the server 104 may be only one, or the number of the terminal 101, the port scanning background 102, the execution device 1031, and the server 104 may be dozens or hundreds, or more, in which case the port scanning system further includes other terminals, other port scanning backgrounds, other execution devices, and other servers. The number and the type of the terminal, the port scanning background, the execution device and the server are not limited in the embodiment of the disclosure.

Fig. 2 is a flowchart illustrating a port scanning method, as shown in fig. 2, for use in an electronic device, according to an example embodiment, including the following steps.

In step S21, a port scan job is acquired, the port scan job being used to instruct to scan ports included in a plurality of servers.

In step S22, the port scanning task is split into a plurality of subtasks, each subtask being used to instruct to scan ports included in a part of the plurality of servers.

In step S23, the plurality of subtasks are stored in a priority queue for storing the plurality of subtasks in order of priority from high to low, based on the priorities of the plurality of subtasks.

In step S24, the ports included in the plurality of servers are sequentially scanned in the queue order of the priority queue.

The embodiment provides a port scanning method based on a priority queue, which is characterized in that a coarse-grained port scanning task is divided into a plurality of fine-grained subtasks, the subtasks are stored into the priority queue according to the priorities of the subtasks, and ports included by a plurality of servers are sequentially scanned according to the queue order of the priority queue. The priority queue stores a plurality of subtasks according to the sequence of the priority from high to low, so that the subtask with high priority is taken out from the priority queue first, the port corresponding to the subtask with high priority can be scanned preferentially, the port needing to be scanned preferentially can be scanned timely, and the scanning speed of the port needing to be scanned preferentially is improved.

Optionally, storing the plurality of subtasks in the priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a user-defined scanning task, storing the subtask into a priority queue according to a first priority corresponding to the user-defined scanning task, wherein the user-defined scanning task is used for scanning a port corresponding to an IP address sent by the terminal, a port corresponding to a network segment sent by the terminal or a port corresponding to a port number sent by the terminal.

Optionally, storing the plurality of subtasks in the priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a periodic scanning task, storing the subtask into a priority queue according to a second priority corresponding to the periodic scanning task, wherein the periodic scanning task is used for indicating that ports included in the plurality of servers are scanned once every preset time period.

Optionally, storing the plurality of subtasks in the priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a full-port scanning task, storing the subtask into a priority queue according to a third priority corresponding to the full-port scanning task, wherein the full-port scanning task is used for indicating to scan all ports opened by at least one server in the plurality of servers.

Optionally, storing the plurality of subtasks in the priority queue according to the priorities of the plurality of subtasks includes:

and for each subtask in the plurality of subtasks, if the subtask is a high-risk port scanning task, storing the subtask into a priority queue according to a fourth priority corresponding to the high-risk port scanning task, wherein the high-risk port scanning task is used for indicating to scan a high-risk port in ports included in the plurality of servers.

Optionally, sequentially scanning ports included in the plurality of servers according to the queue order of the priority queue includes:

allocating target execution equipment for the port scanning task according to the bandwidth occupation condition of the execution equipment in the distributed system, wherein the bandwidth occupation condition of the target execution equipment meets the condition;

and the scheduling target execution equipment sequentially scans the ports included by the plurality of servers according to the queue sequence of the priority queue.

Optionally, the port scanning task includes at least one of a port openness scanning task or a service identification scanning task, where the port openness scanning task is used to scan whether the port is an open port, and the service identification scanning task is used to scan a service provided by the open port.

Optionally, after the ports included in the plurality of servers are sequentially scanned according to the queue order of the priority queue, the method further includes:

inquiring default services provided by the opened ports according to the opened ports in the ports included by the plurality of servers;

and establishing an association relation between the scanning result of the opened port and the default service.

Fig. 3 is a flowchart illustrating a port scanning method according to an exemplary embodiment, where the port scanning method is used in a port scanning background and distributed system, as shown in fig. 3, and includes the following steps.

In step S30, the terminal sends a port scan task to the port scan background.

The port scanning task is used for instructing to scan ports included in the plurality of servers. For example, the port scan task is used to instruct to scan one or more ports of the server 1 and one or more ports of the server 2. The port scan task includes at least one of an IP address, a network segment, or a port number. And the port scanning task carrying the IP address is used for indicating to scan the port included by the server corresponding to the IP address. A network segment is also called an IP segment or an IP address segment. And the port scanning task carrying the network segment is used for indicating to scan the port included by the server corresponding to each IP address in the network segment. And the port scanning task carrying the port number is used for indicating to scan the port corresponding to the port number. For example, the port scan task includes IP address 1, IP address 2, through IP address N, where IP address 1 is used to access server 1, IP address 2 is used to access server 2, and IP address N is used to access server N. And the port scanning task comprises a port number a and a port number b, the port number a is the port number of the port a, and the port number b is the port number of the port b, and the port scanning task indicates the port a and the port b of the server 1, the port a and the port b of the server 2 to the port a and the port b of the server N for scanning.

The port scan task includes, but is not limited to, at least one of a custom scan task or a periodic scan task, and both types of tasks are explained below.

The user-defined scanning task is used for scanning a port corresponding to an IP address sent by the terminal, a port corresponding to a network segment sent by the terminal or a port corresponding to a port number sent by the terminal. The self-defining in the self-defining scanning task means that the scanning range can be set by the user self-defining, in other words, the scanning task is issued through the scanning range defined by the user self-defining. In one exemplary scenario, an external security operation platform is running on the terminal, and a user inputs a specific IP address or IP address field and a specific port number into the external security operation platform. And then, the external security operation platform issues a custom scanning task, wherein the custom scanning task comprises an IP address or an IP address field needing to be scanned and a port number of a port needing to be scanned.

The periodic scanning task is a port scanning task that is executed periodically. The periodic scanning task is used for instructing to scan the ports included by the plurality of servers once every preset time period. Optionally, the scanning range corresponding to the periodic scanning task is a preset scanning range. For example, the administrator sets an IP address field and at least one port number in advance, and the scanning range corresponding to the periodic scanning task is a port corresponding to each port number in the at least one port number on each IP address in the IP address field. The periodic scanning tasks comprise full port scanning tasks and high-risk port scanning tasks.

The full port scanning task is used for indicating all ports opened by at least one server in the plurality of servers to be scanned. The full port refers to all ports used by an IP layer Protocol, the IP layer Protocol is, for example, a Transmission Control Protocol (TCP) Protocol or a User Datagram Protocol (UDP) Protocol, and all ports are, for example, all ports between a first port and a 65535 th port. It should be understood that the full port scan task being a periodic scan task is only an optional way, and alternatively, the full port scan task is a custom scan task.

The high-risk port scanning task is used for indicating to scan the high-risk port in the ports included in the plurality of servers. The high-risk port is a port into which a server is easily invaded by a malicious program, and if the high-risk port has a problem, the risk of being attacked by a network is caused. For example, the high risk port is port number 22, 445, 3389, or the like. The port No. 22 is a port for providing Secure Shell (SSH) service, the port No. 445 is a port for Active Directory (AD) and Service Message Block (SMB) file sharing service on a windows (windows) system, and the port No. 3389 is a remote terminal control port on the windows system.

In step S31, the port scanning background receives the port scanning task from the terminal, and starts the port scanning task.

It should be understood that how the port scanning background acquires the port scanning task includes a variety of implementation manners, issuing the port scanning task by the terminal is only an example, and in some embodiments, the port scanning background acquires the port scanning task in other manners, for example, the port scanning task is acquired in a process of running a script file, and if the port scanning task is created every preset time period, the present embodiment does not limit the manner in which the port scanning background acquires the port scanning task.

In step S32, the port scanning background splits the port scanning task into multiple subtasks.

The port scanning background divides the port scanning task, so that the granularity of the port scanning task is refined from the whole task to each subtask. Wherein each subtask is used for instructing to scan the ports included in part of the servers in the plurality of servers. For example, the port scanning task is used to instruct the port scanning of 1000 servers, and the port scanning task is divided into 20 subtasks, each of which is used to instruct the port scanning of 50 servers. How to split the sub-tasks includes a plurality of implementation manners, in one possible implementation, the port scanning task is split into a plurality of sub-tasks according to the number of the IP addresses corresponding to the port scanning task, and each sub-task is used for indicating to scan the ports corresponding to part of the IP addresses. Optionally, each subtask scans up to 100 IP addresses.

Optionally, the port scanning background splits the custom scanning task and the periodic scanning task respectively under the condition that the port scanning task includes the custom scanning task and the periodic scanning task. For example, the port scanning background splits the custom scanning task into a plurality of custom scanning subtasks, each of which is used to instruct to scan a part of the ports in the custom scanning range. For another example, the port scanning background splits the periodic scanning task into a plurality of periodic scanning subtasks, where each periodic scanning subtask is used to instruct to scan a part of the ports every preset time period. As another example, the port scanning background splits the full port scanning task into multiple full port scanning subtasks. For another example, the port scanning background splits the high-risk port scanning task into multiple high-risk port scanning subtasks, where each high-risk port scanning subtask is used to instruct to scan a part of the high-risk ports.

In step S33, the port scanning background stores the multiple subtasks into the priority queue according to the priorities of the multiple subtasks.

The priority queue is used for storing a plurality of subtasks in order of priority from high to low. For example, the port scanning task includes N subtasks, and the head of the priority queue is the subtask with the highest priority among the N subtasks, where N is a positive integer. The port scanning background stores each subtask by using the priority queue, if the priority of the subtask is higher, the position of the subtask in the priority queue is closer to the front, the subtask is taken out earlier, and the subtask is executed earlier, so that the port corresponding to the subtask with the higher priority is scanned more timely. In this way, a priority queue based port scanning system is facilitated.

How to implement the queue order of the priority queue includes various implementations. For example, the subtask is added to the head of the priority queue first, and then the subtasks stored in the priority queue are reordered according to the order of the priorities from high to low. For another example, a position to be inserted by the subtask in the priority queue is determined according to the priority of the subtask and the priority of the subtask already stored in the priority queue, and the subtask is added to the position.

In some embodiments, the different types of port scan tasks have different priorities, such that the different types of port scan tasks are queued at different locations in the priority queue, as illustrated by ways one through four below.

In the first mode, for each subtask in a plurality of subtasks, the port scanning background determines the type of the subtask, and if the subtask is a user-defined scanning task, the port scanning background stores the subtask into a priority queue according to a first priority corresponding to the user-defined scanning task.

In order to distinguish and describe the priorities corresponding to the different types of port scanning tasks, the priorities corresponding to each type of port scanning task in this embodiment are respectively referred to as a first priority, a second priority, a third priority and a fourth priority. The high-low order of the first priority, the second priority, the third priority and the fourth priority can be set according to requirements. The first priority, the second priority, the third priority, and the fourth priority may be different from each other. Alternatively, the first priority, the second priority, the third priority, and the fourth priority may be partially the same and partially different.

Optionally, the first priority is the highest priority among the priorities of all the subtasks, in other words, the custom scan task is the highest priority scan task. Under the condition, if the subtask is the custom scanning task, the port scanning background stores the subtask into the head of the priority queue according to the first priority corresponding to the custom scanning task, so that the custom scanning task is executed with the highest priority, and the ports corresponding to the IP address, the network segment or the port number specified by the user are ensured to be scanned with the highest priority, so that the ports are scanned in time, and the custom requirements of the user are fully met.

And secondly, for each subtask in the plurality of subtasks, the port scanning background determines the type of the subtask, and if the subtask is a periodic scanning task, the port scanning background stores the subtask into the priority queue according to a second priority corresponding to the periodic scanning task.

Optionally, the second priority is lower than the first priority, in other words, the periodic scanning task is lower priority than the custom scanning task.

And thirdly, for each subtask in the plurality of subtasks, the port scanning background determines the type of the subtask, and if the subtask is a full-port scanning task, the port scanning background stores the subtask into a priority queue according to a third priority corresponding to the full-port scanning task.

Optionally, the third priority is lower than the first priority, in other words, the full port scan task is lower priority than the custom scan task. Optionally, the third priority is higher than the fourth priority, in other words, the full port scan task is higher priority than the critical port scan task.

And for each subtask in the plurality of subtasks, if the subtask is the high-risk port scanning task, the port scanning background stores the subtask into the priority queue according to a fourth priority corresponding to the high-risk port scanning task.

Optionally, the fourth priority is the lowest priority among the priorities of all the subtasks, in other words, the high-risk port scanning task is the scanning task with the lowest priority.

In summary, the port scanning background stores various subtasks of the port scanning task into the priority queue, so that the subtasks in the priority queue are sorted according to the priority of each task, the priority of the custom scanning task is the highest, the priority of the full-port scanning task is the second, and the priority of the high-risk port scanning task is the lowest.

In step S34, the port scanning background allocates a target execution device for the port scanning task according to the bandwidth occupation status of the execution devices in the distributed system.

In some embodiments, port scan tasks in the priority queue are performed using a distributed system. Specifically, the distributed system includes a plurality of execution devices (workers). The worker can be understood as a machine resource of a distributed system, the port scanning background can allocate a proper worker to the port scanning task in combination with the bandwidth occupation condition of each worker, so that the allocated worker can execute the tasks in the priority queue, and automatic allocation of the machine resource is realized.

In order to distinguish the description of the allocated worker from other workers, the allocated worker is referred to as a target execution device, and the target execution device may also be referred to as a distributed port scanning execution worker or a distributed scanning system execution worker. The control node determines the bandwidth occupation condition of the execution equipment in the distributed system, judges whether the bandwidth occupation condition of the execution equipment in the distributed system meets the condition or not, and determines the execution equipment with the bandwidth occupation condition meeting the condition in the distributed system according to the judgment result, wherein the execution equipment with the bandwidth occupation condition meeting the condition is the target execution equipment. For example, the occupied bandwidth of the target execution device is less than the threshold, and as another example, the idle extranet bandwidth of the target execution device is greater than the threshold.

How to determine the bandwidth occupancy of an executing device includes a number of implementations. In some embodiments, the control node determines the bandwidth occupation of the execution device according to the current task number of the execution device. Specifically, the bandwidth that each subtask can consume is a determined value, the extranet bandwidth of the machine is also a determined value, and the control node may calculate a product between the current task number and the bandwidth that one subtask can consume according to the current task number of the execution node and the bandwidth that one subtask can consume, and take the product as the bandwidth occupied by the execution device. Furthermore, a difference between the outer network bandwidth of the execution device and the occupied bandwidth may be calculated as the free outer network bandwidth of the execution device.

The target execution equipment is allocated by combining the bandwidth occupation condition of the execution equipment, so that the accuracy of the port scanning result is improved. Specifically, if the external network bandwidth of the execution device is already occupied and the scanning task is still continuously issued to the execution device, the scanning result is inaccurate because a large number of data packets of the task are discarded due to the fact that the external network bandwidth cannot be used to execute the task. In this way, since the bandwidth resource of the allocated target execution device is sufficient, this situation can be avoided, thereby improving the accuracy of the scanning result.

Optionally, when allocating an executing device to a port scanning task, not only the bandwidth occupation condition of the device but also the running state of the device is considered. For example, at least one idle execution device is determined in the distributed system, and then an execution device whose bandwidth occupation satisfies the condition is determined from the at least one idle execution device.

In step S35, the port scanning background sends a task scheduling instruction to the target execution device.

And after the port scanning background distributes the target execution equipment, generating a task scheduling instruction, and sending the task scheduling instruction to the target execution equipment, so that the target execution equipment is scheduled to scan the ports included by the plurality of servers in sequence according to the queue sequence of the priority queue.

In step S36, the target execution device sequentially scans the ports included in the plurality of servers in the queue order of the priority queue in response to the task scheduling instruction.

The queue order of the priority queue refers to the sequence from the head of the priority queue to the tail of the priority queue. Specifically, the target execution device first fetches the subtask arranged at the head of the queue (the subtask with the highest priority level) from the priority queue, and executes the subtask. And after the execution of the subtask arranged at the head of the queue is finished, the target execution equipment takes out the next subtask from the priority queue, and so on until the subtask arranged at the tail of the queue is taken out from the priority queue, and after the subtask is executed, all the subtasks stored in the priority queue are executed.

In some embodiments, the split port scanning task is two types, i.e., a port openness scanning task and a service identification scanning task, where the port openness scanning task is used to scan whether a port is an open port, and the service identification scanning task is used to scan whether the open port opens a corresponding service. For example, a port openness scanning task is executed first, whether each port is open or not is respectively judged, and after all ports to be scanned are found, a service identification scanning task is executed on the open ports.

In a possible implementation, a port scanning background firstly splits a port openness scanning task into a plurality of port openness scanning subtasks, each port openness scanning subtask is used for scanning whether ports included in a part of servers in the plurality of servers are open ports, the port scanning background stores the plurality of port openness scanning subtasks into a first priority queue according to priorities of the plurality of port openness scanning subtasks, and the first priority queue is used for storing the plurality of port openness scanning subtasks from high to low according to the priorities. And the target execution equipment scans whether the ports included by the plurality of servers are open or not in sequence according to the queue sequence of the first priority queue. For example, the target execution device takes out the port openness scanning subtask with the highest priority from the priority queue, and executes the port openness scanning subtask until the ports corresponding to all the port openness scanning subtasks in the priority queue are scanned completely. By executing the port openness scanning subtasks, the target execution device can judge whether an open port exists in ports included in the plurality of servers, if the open port exists, the target execution device creates a service identification scanning task according to the condition of the open port, the service identification scanning task is divided into a plurality of service identification scanning subtasks, the target execution device stores the plurality of service identification scanning subtasks into a second priority queue, and the second priority queue is used for storing the plurality of service identification scanning subtasks from high to low according to the priority. And then, the target execution device sequentially scans whether the open ports included in the plurality of servers open corresponding services according to the queue sequence of the second priority queue. For example, the target execution device takes out the service identification scanning subtask with the highest priority from the priority queue, and executes the service identification scanning subtask until all services corresponding to the service identification scanning subtask in the priority queue are identified. Optionally, the second priority queue and the first priority queue are different priority queues.

How to perform the port openness scanning subtask includes various implementations, which are exemplified by steps 1 to 4 below.

Step 1, the target execution device starts to perform port openness scanning.

Step 2, the target execution device sends an Internet Control Message Protocol (ICMP) request to the target IP address, the target execution device judges whether the host is alive, and if the host is alive, the step 3 is continuously executed.

And step 3, the target execution equipment sends a TCP synchronization sequence numbers (SYN) request to the target port.

And 4, if the target port replies a TCP SYN/Acknowledgement (ACK) response, the target execution equipment determines that the target port is opened.

How the service identification scan subtask is performed includes various implementations, which are exemplified by steps a to c below.

Step a, the target execution equipment sends various service identification requests to each port in sequence.

Step b, the target execution device receives the response message of the port, and judges which service the response message of the port conforms to, if the response message of the port conforms to the default response of the identification request of any service, the target execution device determines that the port opens the service. In a possible implementation, the service identification request sent by the target execution device is a semi-connected TCP request, and the target execution device determines the service by judging a type of banner (a character string identifier specific to the service in the data packet) that is advanced in the response message of the port. For example, if the response message received by the target execution device includes "SSH-2.0-OpenSSH _ 7.4", the target execution device determines that the service with the open port is an SSH service on the linux system.

And c, the target execution equipment repeats the step a and the step b until the service identification subtask finishes all open port scanning.

By optimizing the existing port scanning scheme, the port scanning task is divided into two types of port openness scanning and service identification scanning, and the port openness scanning and the service identification scanning are processed asynchronously, so that the false alarm rate of a port scanning result is greatly reduced, and the scanning time of company-level assets is greatly shortened. Specifically, if the target execution device directly performs service identification scanning, a large number of unopened ports may be sent with service detection packets, which may cause a situation of triggering a series of security alarms. In addition, the systems such as nids and waf can intercept or cheat, which causes the port scanning system to think that all scanning ports have corresponding services open, resulting in high false alarm rate of port scanning results. In the case of the extranet IP, any port of the extranet IP can be scanned for port openness and service identification. However, for the intranet IP, the intranet service is not stable enough to receive a large number of packets of service probe, and therefore, only port openness scanning is performed on the intranet IP. By splitting, the request amount of the data packet can be greatly reduced, and firstly, the condition of triggering the safety alarm can be reduced, so that the false alarm rate is reduced. Secondly, the whole port scanning time can be reduced. And after the two types of scanning are separated, the number of tasks of service identification scanning can be reduced through judging the conditions of the internal network and the external network, so that the scanning time is reduced.

Optionally, the queue order of the priority queue is not fixed, but can be dynamically changed with the temporarily inserted high-priority subtask, so as to scan the port corresponding to the temporarily inserted high-priority subtask first and scan the port corresponding to the saved low-priority subtask second. For example, the sub-tasks of the full-port scanning task are sequentially stored through the priority queue, then the terminal issues the custom scanning task, and since the first priority corresponding to the custom scanning task is higher than the third priority corresponding to the full-port scanning task, the terminal inserts the sub-tasks of the custom scanning task in front of all the sub-tasks of the full-port scanning task stored in the priority queue, so as to preferentially scan the port corresponding to the custom scanning task. In this way, a higher priority port scan task of high priority to complete the temporary insertion is achieved.

In step S37, the target execution device inquires of a default service provided by an open port among the ports included in the plurality of servers, according to the open port.

The target execution device determines an open port from ports included in the plurality of servers by executing a port scanning task (e.g., a port openness scanning task), and the server may query a default service provided by the open port according to a correspondence between the port and the default service. The default services provided by the port may be maintained in the form of a list of port default services.

Wherein a port may correspond to one or more default services. The default service provided by the port is, for example, a service opened by a server in the intranet, for example, the default service is a specific service which is not desired to be opened to the extranet. For example, the port with port number 8983 corresponds to a default service of Apache Solr (an open source search server). The default Service corresponding to the port with the port number 47001 is Windows Remote Management Service (WinRM).

In step S38, the target execution device establishes an association between the scan result of the opened port and the default service.

By performing S38, the target execution device may associate the open port condition of the server with a default service condition of the open port. The effects of this approach include: the service identification scanning can only identify information of part of services, the service identification scanning can possibly not identify certain specific services which are not expected to be opened to an external network, and the condition of report omission is caused, and after the default services are associated, the operation and maintenance and the service condition of the opposite end of security personnel can be simply investigated, so that the operation and maintenance capability of an extremely visible port is greatly improved.

In step S39, the target execution device saves the port scan result in the database.

For example, the database is a mysql database (relational database management system).

The embodiment provides a port scanning method based on a priority queue, which is characterized in that a coarse-grained port scanning task is divided into a plurality of fine-grained subtasks, the subtasks are stored into the priority queue according to the priorities of the subtasks, and ports included by a plurality of servers are sequentially scanned according to the queue order of the priority queue. The priority queue stores a plurality of subtasks according to the sequence of the priority from high to low, so that the subtask with high priority is taken out from the priority queue first, the port corresponding to the subtask with high priority can be scanned preferentially, the port needing to be scanned preferentially can be scanned timely, and the scanning speed of the port needing to be scanned preferentially is improved.

Fig. 4 is a flow chart illustrating a port scanning method according to an exemplary embodiment, which includes the following steps, as shown in fig. 4.

In step S41, the secure operation platform issues a port scanning task to the scanning background.

In step S42-1, the scanning background starts a custom scanning task.

In step S43-1, the background is scanned to split the scanning target, and a plurality of subtasks of the custom scanning task are obtained.

In step S42-2, the scanning background starts a periodic scanning session.

In step S43-2, the background is scanned to split the scanning target, resulting in a plurality of subtasks of the periodic scanning task.

In step S44, the scanning background puts the subtasks of each type into the priority queue for sorting.

In step S45, the distributed scanning system executes the worker to execute the subtask, and completes the port openness scan.

In step S46, the distributed scanning system executes the worker to determine whether an open port exists, if so, the distributed scanning system executes the worker to execute step S447, and if not, the task is ended.

In step S47, the distributed scanning system executes the worker to create a service identification scanning subtask according to the open port condition, and stores the service identification scanning subtask in the priority queue, and returns to step S44.

In step S48, the distributed scanning system executes the worker extraction service identification scanning subtask for scanning.

In step S49, the distributed scanning system executes the worker to match the default associated service information according to the open port condition.

In step S410, the distributed scanning system executes the worker to store the port scanning result in the backend database, and the task is ended.

The embodiment provides a port scanning method based on a priority queue, which is characterized in that a coarse-grained port scanning task is divided into a plurality of fine-grained subtasks, the subtasks are stored into the priority queue according to the priorities of the subtasks, and ports included by a plurality of servers are sequentially scanned according to the queue order of the priority queue. The priority queue stores a plurality of subtasks according to the sequence of the priority from high to low, so that the subtask with high priority is taken out from the priority queue first, the port corresponding to the subtask with high priority can be scanned preferentially, the port needing to be scanned preferentially can be scanned timely, and the scanning speed of the port needing to be scanned preferentially is improved.

FIG. 5 is a block diagram illustrating a port scanning device according to an exemplary embodiment. Referring to fig. 5, the apparatus includes an acquisition unit 501, a splitting unit 502, a storing unit 503, and a scanning unit 504.

An obtaining unit 501 configured to execute a task of obtaining port scanning, where the task of obtaining port scanning is used to instruct to scan ports included in a plurality of servers;

a splitting unit 502 configured to perform splitting the port scanning task into a plurality of subtasks, each subtask being used for instructing to scan ports included in a part of the plurality of servers;

a storing unit 503 configured to store the plurality of subtasks into a priority queue according to priorities of the plurality of subtasks, wherein the priority queue is used for storing the plurality of subtasks in an order from high to low;

a scanning unit 504 configured to perform sequential scanning of ports included in the plurality of servers in a queue order of the priority queue.

The embodiment provides a port scanning device based on a priority queue, which splits a coarse-grained port scanning task into a plurality of fine-grained subtasks, stores the plurality of subtasks into the priority queue according to the priorities of the plurality of subtasks, and sequentially scans ports included in a plurality of servers according to the queue order of the priority queue. The priority queue stores a plurality of subtasks according to the sequence of the priority from high to low, so that the subtask with high priority is taken out from the priority queue first, the port corresponding to the subtask with high priority can be scanned preferentially, the port needing to be scanned preferentially can be scanned timely, and the scanning speed of the port needing to be scanned preferentially is improved.

Optionally, the storing unit 503 is configured to execute, for each of the multiple subtasks, if the subtask is a custom scanning task, storing the subtask into the priority queue according to a first priority corresponding to the custom scanning task, where the custom scanning task is used to scan a port corresponding to an IP address sent by the terminal, a port corresponding to a network segment sent by the terminal, or a port corresponding to a port number sent by the terminal.

Optionally, the storing unit 503 is configured to execute, for each of the multiple subtasks, if the subtask is a periodic scanning task, storing the subtask into the priority queue according to a second priority corresponding to the periodic scanning task, where the periodic scanning task is used to instruct to scan ports included in the multiple servers once every preset time period.

Optionally, the storing unit 503 is configured to execute, for each of the plurality of subtasks, if the subtask is a full-port scanning task, store the subtask into the priority queue according to a third priority corresponding to the full-port scanning task, where the full-port scanning task is used to instruct to scan all ports opened by at least one server in the plurality of servers.

Optionally, the storing unit 503 is configured to execute, for each of the multiple subtasks, if the subtask is a high-risk port scanning task, store the subtask into the priority queue according to a fourth priority corresponding to the high-risk port scanning task, where the high-risk port scanning task is used to instruct to scan a high-risk port in ports included in the multiple servers.

Optionally, the scanning unit 504 is configured to allocate a target execution device to the port scanning task according to a bandwidth occupation situation of the execution device in the distributed system, where the bandwidth occupation situation of the target execution device satisfies a condition; and the scheduling target execution equipment sequentially scans the ports included by the plurality of servers according to the queue sequence of the priority queue.

Optionally, the port scanning task includes at least one of a port openness scanning task or a service identification scanning task, where the port openness scanning task is used to scan whether the port is an open port, and the service identification scanning task is used to scan a service provided by the open port.

Optionally, the port scanning device further comprises:

an inquiry unit configured to execute an inquiry of a default service provided by an open port among ports included in the plurality of servers, according to the open port;

and the establishing unit is configured to execute the association relationship between the scanning result of the opened port and the default service.

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

The electronic device in the above method embodiment may be implemented as a terminal or a server, for example, fig. 6 shows a block diagram of a terminal 600 provided in an exemplary embodiment of the present disclosure. The terminal 600 may be: a smart phone, a tablet computer, an MP3(Moving Picture Experts Group Audio Layer III, motion video Experts compression standard Audio Layer 3) player, an MP4(Moving Picture Experts Group Audio Layer IV, motion video Experts compression standard Audio Layer 4) player, a notebook computer or a desktop computer. The terminal 600 may also be referred to by other names such as user equipment, portable terminal, laptop terminal, desktop terminal, etc.

In general, the terminal 600 includes: one or more processors 601 and one or more memories 602.

The processor 601 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and so on. The processor 601 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The processor 601 may also include a main processor and a coprocessor, where the main processor is a processor for processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 601 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, processor 601 may also include an AI (Artificial Intelligence) processor for processing computational operations related to machine learning.

The memory 602 may include one or more computer-readable storage media, which may be non-transitory. The memory 602 may also include high-speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In some embodiments, a non-transitory computer readable storage medium in memory 602 is used to store at least one instruction for execution by processor 601 to implement the port scanning method provided by method embodiments in the present disclosure.

In some embodiments, the terminal 600 may further optionally include: a peripheral interface 603 and at least one peripheral. The processor 601, memory 602, and peripheral interface 603 may be connected by buses or signal lines. Various peripheral devices may be connected to the peripheral interface 603 via a bus, signal line, or circuit board. Specifically, the peripheral device includes: at least one of a radio frequency circuit 604, a touch screen display 605, a camera assembly 606, an audio circuit 607, a positioning component 608, and a power supply 609.

The peripheral interface 603 may be used to connect at least one peripheral related to I/O (Input/Output) to the processor 601 and the memory 602. In some embodiments, the processor 601, memory 602, and peripheral interface 603 are integrated on the same chip or circuit board; in some other embodiments, any one or two of the processor 601, the memory 602, and the peripheral interface 603 may be implemented on a separate chip or circuit board, which is not limited in this embodiment.

The Radio Frequency circuit 604 is used for receiving and transmitting RF (Radio Frequency) signals, also called electromagnetic signals. The radio frequency circuitry 604 communicates with communication networks and other communication devices via electromagnetic signals. The rf circuit 604 converts an electrical signal into an electromagnetic signal to transmit, or converts a received electromagnetic signal into an electrical signal. Optionally, the radio frequency circuit 604 comprises: an antenna system, an RF transceiver, one or more amplifiers, a tuner, an oscillator, a digital signal processor, a codec chipset, a subscriber identity module card, and so forth. The radio frequency circuitry 604 may communicate with other terminals via at least one wireless communication protocol. The wireless communication protocols include, but are not limited to: the world wide web, metropolitan area networks, intranets, generations of mobile communication networks (2G, 3G, 4G, and 5G), Wireless local area networks, and/or WiFi (Wireless Fidelity) networks. In some embodiments, the radio frequency circuit 604 may also include NFC (Near Field Communication) related circuits, which are not limited by this disclosure.

The display 605 is used to display a UI (User Interface). The UI may include graphics, text, icons, video, and any combination thereof. When the display screen 605 is a touch display screen, the display screen 605 also has the ability to capture touch signals on or over the surface of the display screen 605. The touch signal may be input to the processor 601 as a control signal for processing. At this point, the display 605 may also be used to provide virtual buttons and/or a virtual keyboard, also referred to as soft buttons and/or a soft keyboard. In some embodiments, the display 605 may be one, providing the front panel of the terminal 600; in other embodiments, the display 605 may be at least two, respectively disposed on different surfaces of the terminal 600 or in a folded design; in still other embodiments, the display 605 may be a flexible display disposed on a curved surface or on a folded surface of the terminal 600. Even more, the display 605 may be arranged in a non-rectangular irregular pattern, i.e., a shaped screen. The Display 605 may be made of LCD (liquid crystal Display), OLED (Organic Light-Emitting Diode), and the like.

The camera assembly 606 is used to capture images or video. Optionally, camera assembly 606 includes a front camera and a rear camera. Generally, a front camera is disposed at a front panel of the terminal, and a rear camera is disposed at a rear surface of the terminal. In some embodiments, the number of the rear cameras is at least two, and each rear camera is any one of a main camera, a depth-of-field camera, a wide-angle camera and a telephoto camera, so that the main camera and the depth-of-field camera are fused to realize a background blurring function, and the main camera and the wide-angle camera are fused to realize panoramic shooting and VR (Virtual Reality) shooting functions or other fusion shooting functions. In some embodiments, camera assembly 606 may also include a flash. The flash lamp can be a monochrome temperature flash lamp or a bicolor temperature flash lamp. The double-color-temperature flash lamp is a combination of a warm-light flash lamp and a cold-light flash lamp, and can be used for light compensation at different color temperatures.

Audio circuitry 607 may include a microphone and a speaker. The microphone is used for collecting sound waves of a user and the environment, converting the sound waves into electric signals, and inputting the electric signals to the processor 601 for processing or inputting the electric signals to the radio frequency circuit 604 to realize voice communication. For the purpose of stereo sound collection or noise reduction, a plurality of microphones may be provided at different portions of the terminal 600. The microphone may also be an array microphone or an omni-directional pick-up microphone. The speaker is used to convert electrical signals from the processor 601 or the radio frequency circuit 604 into sound waves. The loudspeaker can be a traditional film loudspeaker or a piezoelectric ceramic loudspeaker. When the speaker is a piezoelectric ceramic speaker, the speaker can be used for purposes such as converting an electric signal into a sound wave audible to a human being, or converting an electric signal into a sound wave inaudible to a human being to measure a distance. In some embodiments, audio circuitry 607 may also include a headphone jack.

The positioning component 608 is used to locate the current geographic location of the terminal 600 to implement navigation or LBS (location based Service). The positioning component 608 can be a positioning component based on the GPS (global positioning System) in the united states, the beidou System in china, or the galileo System in russia.

Power supply 609 is used to provide power to the various components in terminal 600. The power supply 609 may be ac, dc, disposable or rechargeable. When the power supply 609 includes a rechargeable battery, the rechargeable battery may be a wired rechargeable battery or a wireless rechargeable battery. The wired rechargeable battery is a battery charged through a wired line, and the wireless rechargeable battery is a battery charged through a wireless coil. The rechargeable battery may also be used to support fast charge technology.

In some embodiments, the terminal 600 also includes one or more sensors 610. The one or more sensors 610 include, but are not limited to: acceleration sensor 611, gyro sensor 612, pressure sensor 613, fingerprint sensor 614, optical sensor 615, and proximity sensor 616.

The acceleration sensor 611 may detect the magnitude of acceleration in three coordinate axes of the coordinate system established with the terminal 600. For example, the acceleration sensor 611 may be used to detect components of the gravitational acceleration in three coordinate axes. The processor 601 may control the touch screen display 605 to display the user interface in a landscape view or a portrait view according to the gravitational acceleration signal collected by the acceleration sensor 611. The acceleration sensor 611 may also be used for acquisition of motion data of a game or a user.

The gyro sensor 612 may detect a body direction and a rotation angle of the terminal 600, and the gyro sensor 612 and the acceleration sensor 611 may cooperate to acquire a 3D motion of the user on the terminal 600. The processor 601 may implement the following functions according to the data collected by the gyro sensor 612: motion sensing (such as changing the UI according to a user's tilting operation), image stabilization at the time of photographing, game control, and inertial navigation.

The pressure sensor 613 may be disposed on a side frame of the terminal 600 and/or on a lower layer of the touch display screen 605. When the pressure sensor 613 is disposed on the side frame of the terminal 600, a user's holding signal of the terminal 600 can be detected, and the processor 601 performs left-right hand recognition or shortcut operation according to the holding signal collected by the pressure sensor 613. When the pressure sensor 613 is disposed at the lower layer of the touch display screen 605, the processor 601 controls the operability control on the UI interface according to the pressure operation of the user on the touch display screen 605. The operability control comprises at least one of a button control, a scroll bar control, an icon control and a menu control.

The fingerprint sensor 614 is used for collecting a fingerprint of a user, and the processor 601 identifies the identity of the user according to the fingerprint collected by the fingerprint sensor 614, or the fingerprint sensor 614 identifies the identity of the user according to the collected fingerprint. Upon identifying that the user's identity is a trusted identity, the processor 601 authorizes the user to perform relevant sensitive operations including unlocking the screen, viewing encrypted information, downloading software, paying, and changing settings, etc. The fingerprint sensor 614 may be disposed on the front, back, or side of the terminal 600. When a physical button or vendor Logo is provided on the terminal 600, the fingerprint sensor 614 may be integrated with the physical button or vendor Logo.

The optical sensor 615 is used to collect the ambient light intensity. In one embodiment, processor 601 may control the display brightness of touch display 605 based on the ambient light intensity collected by optical sensor 615. Specifically, when the ambient light intensity is high, the display brightness of the touch display screen 605 is increased; when the ambient light intensity is low, the display brightness of the touch display screen 605 is turned down. In another embodiment, the processor 601 may also dynamically adjust the shooting parameters of the camera assembly 606 according to the ambient light intensity collected by the optical sensor 615.

A proximity sensor 616, also known as a distance sensor, is typically disposed on the front panel of the terminal 600. The proximity sensor 616 is used to collect the distance between the user and the front surface of the terminal 600. In one embodiment, when the proximity sensor 616 detects that the distance between the user and the front surface of the terminal 600 gradually decreases, the processor 601 controls the touch display 605 to switch from the bright screen state to the dark screen state; when the proximity sensor 616 detects that the distance between the user and the front surface of the terminal 600 gradually becomes larger, the processor 601 controls the touch display 605 to switch from the breath screen state to the bright screen state.

Those skilled in the art will appreciate that the configuration shown in fig. 6 is not intended to be limiting of terminal 600 and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components may be used.

The electronic device in the foregoing method embodiment may be implemented as a server, for example, fig. 7 is a schematic structural diagram of a server provided in the present disclosure, where the server 700 may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 701 and one or more memories 702, where at least one instruction is stored in the memory 702, and the at least one instruction is loaded and executed by the processor 701 to implement the port scanning method provided in the foregoing method embodiments. Of course, the server may further include a wired or wireless network interface, an input/output interface, and other components to facilitate input and output, and the server may further include other components for implementing the functions of the device, which are not described herein again.

In an exemplary embodiment, a storage medium comprising instructions, such as a memory comprising instructions, executable by a processor of an electronic device to perform the port scanning method described above is also provided. Alternatively, the storage medium may be a non-transitory computer readable storage medium, such as a Read-Only Memory (ROM), a Random Access Memory (RAM), a Compact Disc Read-Only Memory (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims (10)

1. A method for port scanning, comprising:

acquiring a port scanning task, wherein the port scanning task is used for indicating to scan ports included in a plurality of servers;

splitting the port scanning task into a plurality of subtasks, wherein each subtask is used for indicating to scan ports included in part of the servers in the plurality of servers;

storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks, wherein the priority queue is used for storing the plurality of subtasks according to the sequence of the priorities from high to low;

and scanning the ports included by the plurality of servers in sequence according to the queue sequence of the priority queue.

2. The port scanning method of claim 1, wherein the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks comprises:

and for each subtask in the plurality of subtasks, if the subtask is a user-defined scanning task, storing the subtask into the priority queue according to a first priority corresponding to the user-defined scanning task, wherein the user-defined scanning task is used for scanning a port corresponding to an Internet Protocol (IP) address sent by a terminal, a port corresponding to a network segment sent by the terminal or a port corresponding to a port number sent by the terminal.

3. The port scanning method of claim 1, wherein the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks comprises:

and for each subtask in the plurality of subtasks, if the subtask is a periodic scanning task, storing the subtask into the priority queue according to a second priority corresponding to the periodic scanning task, wherein the periodic scanning task is used for indicating that ports included in the plurality of servers are scanned once every preset time period.

4. The port scanning method of claim 1, wherein the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks comprises:

and for each subtask in the plurality of subtasks, if the subtask is a full-port scanning task, storing the subtask into the priority queue according to a third priority corresponding to the full-port scanning task, wherein the full-port scanning task is used for indicating to scan all ports opened by at least one server in the plurality of servers.

5. The port scanning method of claim 1, wherein the storing the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks comprises:

and for each subtask in the plurality of subtasks, if the subtask is a high-risk port scanning task, storing the subtask into the priority queue according to a fourth priority corresponding to the high-risk port scanning task, wherein the high-risk port scanning task is used for indicating to scan a high-risk port in ports included in the plurality of servers.

6. The port scanning method according to claim 1, wherein said sequentially scanning the ports included in the plurality of servers according to the queue order of the priority queue comprises:

allocating target execution equipment to the port scanning task according to the bandwidth occupation condition of the execution equipment in the distributed system, wherein the bandwidth occupation condition of the target execution equipment meets the condition;

and scheduling the target execution equipment to sequentially scan the ports included by the plurality of servers according to the queue sequence of the priority queue.

7. The port scanning method according to claim 1, wherein the port scanning task includes at least one of a port openness scanning task or a service identification scanning task, the port openness scanning task is used to scan whether a port is an open port, and the service identification scanning task is used to scan a service provided by the open port.

8. A port scanning device, comprising:

an acquisition unit configured to execute an acquisition port scanning task for instructing to scan ports included in a plurality of servers;

a splitting unit configured to perform splitting the port scanning task into a plurality of subtasks, each subtask being used for instructing to scan ports included in a part of the servers in the plurality of servers;

the storing unit is configured to store the plurality of subtasks into a priority queue according to the priorities of the plurality of subtasks, and the priority queue is used for storing the plurality of subtasks from high to low in order of priority;

and the scanning unit is configured to sequentially scan the ports included by the plurality of servers according to the queue order of the priority queue.

9. An electronic device, comprising:

one or more processors;

one or more memories for storing the one or more processor-executable instructions;

wherein the one or more processors are configured to execute the instructions to implement the port scanning method of any of claims 1 to 7.

10. A storage medium, wherein instructions in the storage medium, when executed by a processor of an electronic device, enable the electronic device to perform a port scanning method as claimed in any one of claims 1 to 7.

Images