CN111931182A - Automatic security vulnerability scanning system and method - Google Patents
Automatic security vulnerability scanning system and method Download PDFInfo
- Publication number
- CN111931182A CN111931182A CN202010666239.8A CN202010666239A CN111931182A CN 111931182 A CN111931182 A CN 111931182A CN 202010666239 A CN202010666239 A CN 202010666239A CN 111931182 A CN111931182 A CN 111931182A
- Authority
- CN
- China
- Prior art keywords
- service
- port
- vulnerability scanning
- module
- security vulnerability
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000012790 confirmation Methods 0.000 claims abstract description 25
- 230000006698 induction Effects 0.000 claims abstract description 17
- 238000001514 detection method Methods 0.000 claims description 21
- 230000004044 response Effects 0.000 claims description 17
- 238000004891 communication Methods 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 7
- 238000000513 principal component analysis Methods 0.000 claims description 6
- 230000009467 reduction Effects 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 230000002457 bidirectional effect Effects 0.000 claims description 3
- 230000001939 inductive effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims 1
- 239000000523 sample Substances 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an automatic security vulnerability scanning system and a method, wherein the system comprises a port and service information confirmation module, a service and version comparison library module and a plug-in calling module; the port and service information confirmation module is used for responding and distributing user requests, detecting whether the system is on line or not, confirming the type of the operating system, detecting the state of the port and determining the service version. And the service and version comparison library module is connected with the port and service information confirmation module by sending the pile driver to open the service, sends the induction packet to a network where the service is located, collects multidimensional data generated by the induction packet, and reduces the dimension of the multidimensional data to be used as a service identifier. And the plug-in calling module calls the needed vulnerability scanning plug-in through the keywords of the service. Based on the system, a scanning method is also provided. The invention reduces the labor cost, improves the coverage rate of the loopholes and reduces the safety risk of the system. The system security vulnerability of a single system or even the whole local area network can be automatically scanned.
Description
Technical Field
The invention belongs to the technical field of server vulnerability scanning, and particularly relates to an automatic security vulnerability scanning system and method.
Background
The operating system communicates with the outside world through ports, ranging from 1 to 65535, each of which is a unique service. In the current network architecture, only two protocols, namely TCP (Transmission control protocol) and UDP (user Datagram protocol), exist in the transport layer, so that all services only rely on the two protocols for information exchange. Thus, discovery of services can be performed by scanning for both protocols. Services include the implementation of various functions, such as Redis, a key-value based database, which can be used for memory and can be run persistently. Redis typically runs on a 6379 port, using the tcp protocol. These services lead to the existence of various vulnerabilities either for design reasons or because of persistent non-updatable. For example, Redis is bound to 0.0.0.0:6379 by default, which exposes Redis services to the public network, and if authentication is not turned on, any user may be caused to unauthorized access to Redis and read data of Redis if the target server can be accessed. An attacker can successfully write a public key into a Redis server by using a Redis related method under the condition of unauthorized access to the Redis, and further can directly log in a target server by using a corresponding private key.
At present, the mainstream scanning tool obtains port information and corresponding service information of a system, including characteristic information of a port, a transport layer protocol, a service version and a service, by actively scanning a port of the system, and then establishes a scanning task manually. For example, the Nessus needs to know some information about the system before scanning, including which ports and the port transport layer protocol types, and then a scanning task is manually established to select a corresponding scanning plug-in to perform accurate vulnerability scanning. At present, in a mainstream scanning tool, a core scanning plug-in is private, and the outside cannot acquire a source code. In addition. When a scanning task is established, the mainstream scanning tool cannot accurately scan vulnerability information of all services in the system only according to the address of the server and necessary login information. Because there are four major factors that limit fully automated service discovery: whether the server is online, the type of operating system, port discovery for the two transport protocols tcp and udp, and version detection of the service. For the detection of these four major aspects, the mainstream scanning system has no fully automatic solution. In an intranet environment in which a large number of hosts are nested, after a detected target address, an operating service, a port, a version number and an operating system type need to be manually determined, tasks for the detection also need to be manually established, and high labor cost is consumed.
Disclosure of Invention
In order to solve the technical problems, the invention provides an automatic security vulnerability scanning system and method, which are better matched with the characteristics of a service and can automatically scan the system security vulnerabilities of a single system or even the whole local area network.
In order to achieve the purpose, the invention adopts the following technical scheme:
an automatic security vulnerability scanning system comprises a port and service information confirmation module, a service and version comparison library module and a plug-in calling module;
the port and service information confirmation module is used for responding and distributing user requests, detecting whether the system is on line or not, confirming the type of an operating system, detecting the state of a port and determining a service version;
the service and version comparison library module is connected with the port and service information confirmation module by sending a pile driver to open the service, sends an induction packet to a network where the service is located, collects multidimensional data generated by the induction packet, and reduces the dimension of the multidimensional data to be used as a service identifier;
and the plug-in calling module calls the needed vulnerability scanning plug-in through the service keywords to realize vulnerability scanning.
Furthermore, the automatic security vulnerability scanning system also comprises an interface operation module;
the interface operation module is used for providing an operation inlet; the operation entry comprises WEB, RESTful interface and command line.
Further, the port and service information confirmation module comprises a service layer and a drive layer;
the service layer is used for responding and distributing user requests and carrying out load balancing processing;
the drive layer is used for determining whether a server is on line or not in a ping instruction or response message combination detection mode, determining the type of an operating system through the detection reaction of the operating system on sequence generation, ICMP echo, TCP display congestion notification and TCP and UDP, confirming the state of a port through ICMP response packets and detecting the system version in a TCP or UDP port inquiry mode.
Further, the confirming of the port status by the ICMP response packet includes determining an open port by designating a specific port probe or a full port probe.
Further, the process of determining the service identifier by the service and version comparison library module is as follows:
sending the pile driver to an NAT server where the service is located, and connecting the service in a bidirectional way with the port and the service information confirmation module;
sending an induction packet to a network where the service is located, and inducing the service to send multidimensional data of a communication protocol;
and sequentially arranging and combining the collected multidimensional data, and then performing PCA (principal component analysis) dimension reduction to obtain one-dimensional data serving as an identification characteristic value of the service.
Further, the communication protocols include UDP, TCP, HTTP and HTTPs; and any communication protocol carries control words of a transmission layer, data words of a network layer and connection words of a link layer.
An automatic security vulnerability scanning method is realized based on an automatic security vulnerability scanning system, and comprises the following steps:
s1: confirming port and service information on the premise that the server is on line;
s2: connecting a pile driver with the service, the port and the service information, sending an induction packet to a network where the service is located, collecting multidimensional data generated by the induction packet, and performing dimensionality reduction on the multidimensional data to serve as a service identifier;
s3: calling the needed vulnerability scanning plug-in is realized by calling the keywords of the service so as to realize vulnerability scanning.
Further, step S1 includes:
determining that the server is on line by a ping instruction or a combined detection mode of sending response messages; determining the type of an operating system through the detection reaction of the operating system to sequence generation, ICMP playback, TCP display congestion notification and TCP and UDP; confirming the opened port through an ICMP response packet; the system version is detected by means of TCP or UDP port inquiry.
Further, the keywords of the service include a field name, a version number, and a field description of the service.
The effect provided in the summary of the invention is only the effect of the embodiment, not all the effects of the invention, and one of the above technical solutions has the following advantages or beneficial effects:
the invention provides an automatic security vulnerability scanning system and a method, wherein the system comprises a port and service information confirmation module, a service and version comparison library module and a plug-in calling module; the port and service information confirmation module is used for responding and distributing user requests, detecting whether the system is on line or not, confirming the type of the operating system, detecting the state of the port and determining the service version. And the service and version comparison library module is connected with the port and service information confirmation module by sending the pile driver to open the service, sends an induction packet to a network where the service is located, collects multidimensional data generated by the induction packet, and reduces the dimension of the multidimensional data to be used as a service identifier. And the plug-in calling module calls the needed vulnerability scanning plug-in through the service keywords to realize vulnerability scanning. Based on the automatic security vulnerability scanning system provided by the invention, an automatic security vulnerability scanning method is also provided. The invention can detect whether the target machine is on line or not, the port opening condition, the information of the detection operation service type and version information, the detection operation system and the equipment type and the like, which complement each other, and completely cover the earlier stage work of vulnerability scanning.
The new method for acquiring the service characteristic information can better and more quickly match the characteristics of the service, eliminate the interference caused by NAT service, VPN and port forwarding, acquire a high-quality service characteristic value and establish a service version and a service characteristic comparison library. The method comprises the steps of extracting characteristic information aiming at services which are mainstream in the industry, and making a comparison library by using standard service names and versions and the extracted characteristic information, so that when the services of ports cannot be determined by using the traditional technology, specific services can be determined through the comparison library.
The invention uses a full-automatic mode to detect the vulnerability of the service in the system, can greatly reduce the labor cost, can improve the coverage rate of the vulnerability and reduce the safety risk of the system. The system security vulnerability of a single system or even the whole local area network can be automatically scanned.
Drawings
Fig. 1 is a schematic diagram of an automated security vulnerability scanning system according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram of a port and service information confirmation module in an automated security vulnerability scanning system according to embodiment 1 of the present invention;
fig. 3 is a flowchart of an automated security vulnerability scanning method according to embodiment 1 of the present invention.
Detailed Description
In order to clearly explain the technical features of the present invention, the following detailed description of the present invention is provided with reference to the accompanying drawings. The following disclosure provides many different embodiments, or examples, for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in the various examples. This repetition is for the purpose of simplicity and clarity and does not in itself dictate a relationship between the various embodiments and/or configurations discussed. It should be noted that the components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and procedures are omitted so as to not unnecessarily limit the invention.
Example 1
The embodiment 1 of the invention discloses an automatic security vulnerability scanning system, and as shown in fig. 1, a schematic diagram of the automatic security vulnerability scanning system in the embodiment 1 of the invention is provided. The system comprises a port and service information confirmation module, a service and version comparison library module and a plug-in calling module.
The port and service information confirmation module is used for responding and distributing user requests, detecting whether the system is on line or not, confirming the type of an operating system, detecting the state of a port and determining the service version. Fig. 2 is a schematic diagram of a port and service information confirmation module in an automated security vulnerability scanning system according to embodiment 1 of the present invention.
The port and service information confirmation module comprises a service layer and a drive layer. The service layer is used for responding and distributing user requests, carrying out load balancing processing and ensuring reliable and effective response of the port and the service information confirmation module.
The driving layer is used for determining whether the server is on line or not in a ping instruction or response message sending combined detection mode, determining the type of the operating system through the detection reaction of the operating system on sequence generation, ICMP echo, TCP display congestion notification and TCP and UDP, confirming the state of a port through ICMP response packets, and detecting the system version in a TCP or UDP port inquiry mode.
If the specific address of the server is known, whether the server is on line can be determined in a ping mode, but if the network firewall organizes an ICMP packet and the ping mode fails, multiple combined detection can be carried out by combining TCP SYN/ACK, UDP and ICMP ECHO/TIMESTAMP/NETMASK messages, and the server can be determined to be on line as long as one mode is responded. If the specific server address is not known, the driving layer detects all host addresses through the local area network mask covering, and can detect in parallel.
Determining the type of target system facilitates vulnerability scanning and detection for a particular system, the present invention performs five different tests, each test consisting of one or more data packets, and the response of the target system to each data packet facilitates determining the type of operating system. The system type is detected by using five ways: sequence generation, ICMP echo, TCP show congestion notification, TCP and UDP. The operating system will react differently to these five probes and from these reactions and the look-up table, the tool can determine the type of operating system.
The present invention uses ICMP response packets to validate port status. We separate the ports into six states, open, closed, filtered, unfiltered, unopened and unopened. The present invention only focuses on open ports, and when a port is in an unfiltered and unclosed state, substantial TCP and UDP connections will be made to confirm whether the port is open.
Wherein, the open port is: the application is receiving a TCP connection or UDP message at that port.
The closed port is also accessible to the tool, which accepts the probe message of the present invention and responds, but no application is listening on it. Such ports are typically left out of service, may be temporarily restarted or taken out of service, may be accessed after a period of time, and may require subsequent scan determinations.
The filtered port cannot determine whether the port is open or not because the packet filtering prevents the detection message from reaching the port. A particular probe packet is discarded and no response packet is returned, possibly due to a filtering packet mechanism of a professional firewall, router, or switch.
The unfiltered state means that the port is accessible, but the present invention cannot determine whether it is open or closed. Alternatively, a detection method may determine whether to turn on or off.
When it is not certain whether a port is open or filtered, the present invention defines the port as an unclosed port. Such as UDP messages, some services do not respond to UDP probe messages even if they are online.
The present invention cannot determine whether a port is closed or filtered as defined as an unopened port.
After the present invention discovers TCP or UDP ports with some other type of scanning method, the version probe will query these ports to determine what service is running. If the service version information cannot be determined, the tool will return the 16-ary feature information of the TCP/IP network stack: connection word information of the transport layer, the network layer and the data link layer.
And the service and version comparison library module is connected with the port and service information confirmation module by sending the pile driver to open the service, sends the induction packet to a network where the service is located, collects multidimensional data generated by the induction packet, and reduces the dimension of the multidimensional data to be used as a service identifier.
When service authentication and version discovery are carried out, sometimes, the port cannot determine specific services and versions because the service developer intentionally closes the feedback of identification information of the services. However, since the feature information of the service can be obtained, the invention proposes to establish a service feature comparison library, and for the service which can only be determined by the feature, the service can be determined by searching the comparison library. The service to feature comparison table is given in table 1 below:
name of field | Description of field | Examples of the present invention |
Service name | Name of service standard | Redis |
Service version number | Version number of service | 4.0.2 |
Characteristic value | Feature information returned by the tool | 16 system data |
The service may be uniquely determined by the service name, operating system, version number, and identifying characteristics of the TCP/IP network stack. At present, all other feature acquisition information is determined by an IP address and a port number, but the IP and the port number cannot uniquely determine specific information of a certain service by using a NAT server, a port forwarding function and a VPN technology.
Aiming at the condition that the service is in the NAT, the process of determining the service identifier by the service and version comparison library module provided by the invention comprises the following steps: sending the pile driver to an NAT server where the service is located, and connecting the service in a bidirectional way with the port and the service information confirmation module; sending an induction packet to a network where the service is located, and inducing the service to send multidimensional data of a communication protocol; communication protocols include UDP, TCP, HTTP and HTTPs; and any communication protocol carries control words of a transmission layer, data words of a network layer and connection words of a link layer. And sequentially arranging and combining the collected multidimensional data, and then performing PCA (principal component analysis) dimension reduction to obtain one-dimensional data serving as an identification characteristic value of the service.
The service and version comparison library module provided by the invention can quickly determine the characteristic information of the service, actively detect and is suitable for a scanning system. And the taken identification information is data of a TCP/IP network stack, so that the interference caused by NAT service, VPN, port forwarding and the like can be effectively avoided. The establishment of the comparison library needs manual participation, and after the characteristic information of the service is obtained, if the comparison library does not have the service version information, the service version information needs manual confirmation, and then the service version information is filled into the comparison library.
After the service version information is confirmed, the vulnerability scanning can be completed only by calling the plug-in corresponding to the service. Because the plug-ins of all the large mainstream scanners are private and cannot be freely used, the invention provides a plug-in calling module to call the needed vulnerability scanning plug-ins through the keywords of the service so as to realize vulnerability scanning. Wherein the keywords of the service include the name, version number and system operation information of the server. These three fields may guarantee the uniqueness of the service. The fields required for the automation call plug-in are given in table 2 below.
Name field | Description of field | Format |
Service name | Name of service standard | Redis |
Version number | Service unique version number | 4.0.2 |
Operating system | Operating system uniform names | Linux |
With the fields, after the service is found, the system automatically matches the required plug-ins to realize automatic vulnerability scanning.
The automatic security vulnerability scanning system provided by the invention further comprises an interface operation module; the interface operation module is used for providing an operation inlet; the operation entry comprises WEB, RESTful interface and command line.
Based on the automatic security vulnerability scanning system provided by the invention, an automatic security vulnerability scanning method is also provided, and a flow chart of the automatic security vulnerability scanning method is provided as shown in fig. 3.
In step 1, if the specific address of the server is known, whether the server is online or not can be determined by ping, but if the network firewall organizes ICMP packets, the ping mode fails, multiple combined detection can be performed by combining TCP SYN/ACK, UDP and ICMP ECHO/TIMESTAMP/NETMASK messages, and if one mode is responded, the server can be determined to be online.
If the specific server address is not known, the driving layer detects all host addresses through the local area network mask covering, and can detect in parallel.
In step 2, the operating system type is determined by the operating system's probe reaction to sequence generation, ICMP echo, TCP display congestion notification, TCP and UDP.
In step 3, the ICMP response packet confirms the port status, and can specify a specific port, for example, 22 ports, or can probe all ports (1-65535, tcp, udp) to access the open port. A port that is either filter open or filter closed may be considered a system that has closed outside access using a firewall due to security issues due to network firewall or router limitations, and such a port may be considered closed. The automatic service proposed by the present invention focuses on open ports.
In step 4, a one-to-one service and version determination is made for the port detected in step 3. And detecting the service of each port and the corresponding port by using the version detection function of the tool. If the service version information cannot be confirmed, the service version information is obtained and confirmed in a comparison library of the system, and if the service version information does not exist in the comparison library, the comparison library is supplemented after manual confirmation is reminded.
In step 5, calling the corresponding plug-in to perform vulnerability scanning according to the service name, the version number and the operating system information.
According to the automatic security vulnerability scanning system and method provided by the invention, the vulnerability of the service in the system is detected in a full-automatic mode, so that the labor cost can be greatly reduced, the coverage rate of the vulnerability can be improved, and the security risk of the system can be reduced. And system security vulnerabilities of a single system or even the entire local area network can be automatically scanned.
Although the embodiments of the present invention have been described with reference to the accompanying drawings, the scope of the present invention is not limited thereto. Various modifications and alterations will occur to those skilled in the art based on the foregoing description. And are neither required nor exhaustive of all embodiments. On the basis of the technical scheme of the invention, various modifications or changes which can be made by a person skilled in the art without creative efforts are still within the protection scope of the invention.
Claims (9)
1. An automatic security vulnerability scanning system is characterized by comprising a port and service information confirmation module, a service and version comparison library module and a plug-in calling module;
the port and service information confirmation module is used for responding and distributing user requests, detecting whether the system is on line or not, confirming the type of an operating system, detecting the state of a port and determining a service version;
the service and version comparison library module is connected with the port and service information confirmation module by sending a pile driver to open the service, sends an induction packet to a network where the service is located, collects multidimensional data generated by the induction packet, and reduces the dimension of the multidimensional data to be used as a service identifier;
and the plug-in calling module calls the needed vulnerability scanning plug-in through the service keywords to realize vulnerability scanning.
2. The automated security vulnerability scanning system of claim 1, further comprising an interface operation module;
the interface operation module is used for providing an operation inlet; the operation entry comprises WEB, RESTful interface and command line.
3. The automated security vulnerability scanning system of claim 1, wherein the port and service information validation module comprises a service layer and a driver layer;
the service layer is used for responding and distributing user requests and carrying out load balancing processing;
the drive layer is used for determining whether a server is on line or not in a ping instruction or response message combination detection mode, determining the type of an operating system through the detection reaction of the operating system on sequence generation, ICMP echo, TCP display congestion notification and TCP and UDP, confirming the state of a port through ICMP response packets and detecting the system version in a TCP or UDP port inquiry mode.
4. An automated security vulnerability scanning system according to claim 3, wherein the confirming port status by ICMP response packet comprises determining open ports by specifying specific port probing or full port probing.
5. The automated security vulnerability scanning system of claim 1, wherein the process of the service and version comparison library module determining the service identification is:
sending the pile driver to an NAT server where the service is located, and connecting the service in a bidirectional way with the port and the service information confirmation module;
sending an induction packet to a network where the service is located, and inducing the service to send multidimensional data of a communication protocol;
and sequentially arranging and combining the collected multidimensional data, and then performing PCA (principal component analysis) dimension reduction to obtain one-dimensional data serving as an identification characteristic value of the service.
6. An automated security vulnerability scanning system according to claim 5, wherein the communication protocols comprise UDP, TCP, HTTP and HTTPS; and any communication protocol carries control words of a transmission layer, data words of a network layer and connection words of a link layer.
7. An automated security vulnerability scanning method implemented based on the automated security vulnerability scanning system of any one of claims 1 to 6, characterized by comprising the steps of:
s1: confirming port and service information on the premise that the server is on line;
s2: connecting a pile driver with the service, the port and the service information, sending an induction packet to a network where the service is located, collecting multidimensional data generated by the induction packet, and performing dimensionality reduction on the multidimensional data to serve as a service identifier;
s3: calling the needed vulnerability scanning plug-in is realized by calling the keywords of the service so as to realize vulnerability scanning.
8. The method for automated security vulnerability scanning according to claim 7, wherein the step S1 comprises:
determining that the server is on line by a ping instruction or a combined detection mode of sending response messages; determining the type of an operating system through the detection reaction of the operating system to sequence generation, ICMP playback, TCP display congestion notification and TCP and UDP; confirming the opened port through an ICMP response packet; the system version is detected by means of TCP or UDP port inquiry.
9. The automated security vulnerability scanning method of claim 7, wherein the keywords of the service comprise field name, version number and field description of the service.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010666239.8A CN111931182B (en) | 2020-07-10 | 2020-07-10 | Automatic security vulnerability scanning system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010666239.8A CN111931182B (en) | 2020-07-10 | 2020-07-10 | Automatic security vulnerability scanning system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111931182A true CN111931182A (en) | 2020-11-13 |
CN111931182B CN111931182B (en) | 2022-06-21 |
Family
ID=73312382
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010666239.8A Active CN111931182B (en) | 2020-07-10 | 2020-07-10 | Automatic security vulnerability scanning system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111931182B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112527579A (en) * | 2020-12-07 | 2021-03-19 | 东莞市嘉田电子科技有限公司 | Identification device and identification method capable of identifying computer server |
CN114928586A (en) * | 2022-02-09 | 2022-08-19 | 浙江远望信息股份有限公司 | NAT equipment discovery method based on active scanning |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108011893A (en) * | 2017-12-26 | 2018-05-08 | 广东电网有限责任公司信息中心 | A kind of asset management system based on networked asset information gathering |
CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
-
2020
- 2020-07-10 CN CN202010666239.8A patent/CN111931182B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108011893A (en) * | 2017-12-26 | 2018-05-08 | 广东电网有限责任公司信息中心 | A kind of asset management system based on networked asset information gathering |
CN108183895A (en) * | 2017-12-26 | 2018-06-19 | 广东电网有限责任公司信息中心 | A kind of networked asset information acquisition system |
CN108712396A (en) * | 2018-04-27 | 2018-10-26 | 广东省信息安全测评中心 | Networked asset management and loophole governing system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112527579A (en) * | 2020-12-07 | 2021-03-19 | 东莞市嘉田电子科技有限公司 | Identification device and identification method capable of identifying computer server |
CN114928586A (en) * | 2022-02-09 | 2022-08-19 | 浙江远望信息股份有限公司 | NAT equipment discovery method based on active scanning |
Also Published As
Publication number | Publication date |
---|---|
CN111931182B (en) | 2022-06-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110113345B (en) | Automatic asset discovery method based on flow of Internet of things | |
US20070297349A1 (en) | Method and System for Collecting Information Relating to a Communication Network | |
US20080019367A1 (en) | Communication Device, Communication Setting Method, Communication Setting Program And Recording Medium On Which Is Recorded A Communication Setting Program | |
US7606884B2 (en) | SNMP firewall for network identification | |
EP1695486B1 (en) | Method and system for collecting information relating to a communication network | |
US20070101154A1 (en) | Methods, systems, and computer program products for associating an originator of a network packet with the network packet using biometric information | |
CN111931182B (en) | Automatic security vulnerability scanning system and method | |
US9473346B2 (en) | System and method for network path validation | |
CN113572645B (en) | Method, device, storage medium and processor for generating network topology | |
CN109088790A (en) | A kind of scanning of multi engine exposed assets and management system | |
CN114301676B (en) | Nondestructive asset detection method and device for power monitoring system and storage medium | |
US20080181215A1 (en) | System for remotely distinguishing an operating system | |
US8064454B2 (en) | Protocol incompatibility detection | |
CN115190042B (en) | Network target range target access state detection system and method | |
CN115022281B (en) | NAT penetration method, client and system | |
CN114629725A (en) | User domain dumb terminal management method, device, system and storage medium | |
JP3648520B2 (en) | Network communication monitoring / control method, monitoring / control apparatus using the same, and computer-readable recording medium recording network communication monitoring / control program | |
KR102318686B1 (en) | Improved method for sequrity employing network | |
US20040230830A1 (en) | Receiver, connection controller, transmitter, method, and program | |
US20040228357A1 (en) | Receiver, connection controller, transmitter, method, and program | |
JP4319609B2 (en) | Attack path analysis device, attack path analysis method and program | |
CN115022280B (en) | NAT detection method, client and system | |
US20220360990A1 (en) | 4g / 5g core network deep packet inspection system | |
CN113259208B (en) | Operating system fingerprint information security detection method and device based on SMB protocol | |
US20070248105A1 (en) | Data Communication System, Program, and Storage Medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |