CN112632559A - Vulnerability automatic verification method, device, equipment and storage medium - Google Patents
Vulnerability automatic verification method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112632559A CN112632559A CN202011548817.4A CN202011548817A CN112632559A CN 112632559 A CN112632559 A CN 112632559A CN 202011548817 A CN202011548817 A CN 202011548817A CN 112632559 A CN112632559 A CN 112632559A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- scanning
- information
- task
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Test And Diagnosis Of Digital Computers (AREA)
Abstract
The application provides a vulnerability automatic verification method, a device, equipment and a storage medium, wherein the vulnerability automatic verification method comprises the following steps: acquiring equipment information of at least two kinds of scanning equipment; creating vulnerability scanning tasks according to the device information of the at least two scanning devices, and issuing the vulnerability scanning tasks to the at least two scanning devices so that the at least two scanning devices execute the vulnerability scanning tasks; obtaining scanning results of the at least two types of scanning equipment for the vulnerability scanning task; generating scanning information of at least one target vulnerability according to the scanning result; and comparing the scanning information of the target vulnerability with a vulnerability database in sequence to judge whether the target vulnerability exists in the vulnerability database, and if so, updating the verification state of the target vulnerability. The vulnerability verification method and the vulnerability verification system have better vulnerability verification efficiency and can reduce vulnerability miss-scanning probability.
Description
Technical Field
The present application relates to the field of computer security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for automatically verifying a vulnerability.
Background
At present, the existing vulnerability verification method only supports single equipment scanning verification, and further can possibly cause that individual vulnerabilities cannot be found in time and potential risks of being attacked exist in assets, on the other hand, the existing vulnerability verification method can only manually issue tasks to scanning equipment, and further has the defect of inconvenient operation, especially cannot support parallel task execution under the condition of more assets, and is long in verification time and the like.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method, an apparatus, a device, and a storage medium for automatically verifying a vulnerability, so as to improve vulnerability verification efficiency and reduce vulnerability scanning missing probability.
To this end, a first aspect of the present application provides an automatic vulnerability verification method, where the method includes:
acquiring equipment information of at least two kinds of scanning equipment;
creating vulnerability scanning tasks according to the device information of the at least two scanning devices, and issuing the vulnerability scanning tasks to the at least two scanning devices so that the at least two scanning devices execute the vulnerability scanning tasks;
obtaining scanning results of the at least two types of scanning equipment for the vulnerability scanning task;
generating scanning information of at least one target vulnerability according to the scanning result;
and comparing the scanning information of the target vulnerability with a vulnerability database in sequence to judge whether the target vulnerability exists in the vulnerability database, and if so, updating the verification state of the target vulnerability.
In the first aspect of the application, the vulnerability scanning task can be created and automatically issued by obtaining the device information of at least two scanning devices, so that the vulnerability scanning task can be issued to different devices simultaneously, vulnerability collection is maximized, the problem that certain vulnerabilities cannot be found on specific devices and cannot be verified due to different vulnerability data collected by different devices is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
In the first aspect of the present application, as an optional implementation manner, the device information of the scanned device includes an IP address, a user name, and a password;
and creating a vulnerability scanning task according to the device information of the at least two types of scanning devices, including:
acquiring task timing information;
and creating the vulnerability scanning task at regular time according to the task timing information, the IP address, the user name and the password.
In this optional embodiment, the vulnerability scanning task can be created at regular time according to the task timing information, the IP address, the user name, and the password, so as to further reduce the degree of manual participation, and further improve vulnerability verification efficiency.
In the first aspect of the present application, as an optional implementation manner, after creating a vulnerability scanning task according to the device information of the at least two scanning devices and issuing the vulnerability scanning task to the at least two scanning devices, before obtaining the scanning results of the at least two scanning devices for the vulnerability scanning task, the method further includes:
and creating at least one polling thread through a thread pool, wherein the polling thread is used for acquiring one scanning result returned by the scanning equipment and generating scanning information of the at least one target vulnerability according to one scanning result of the scanning equipment.
In this optional embodiment, a polling thread for polling a scanning result can be automatically created by using a thread pool technology, where the thread pool is in a blocked state when the number of polling threads reaches a certain number, and the polling scanning result is automatically resumed after an idle thread exists, so that the risk of system resource exhaustion caused by frequent application/destruction of resources and resource scheduling is effectively controlled.
In the first aspect of the present application, as an optional implementation manner, the generating, according to the scanning result, scanning information of at least one target vulnerability includes:
and when the scanning result comprises the scanning results of at least two target vulnerabilities, generating a plurality of subtasks according to the scanning results, and executing the plurality of subtasks by the polling thread in sequence to generate the scanning information of the at least one target vulnerability.
In this optional embodiment, the processing of the scan result is split into several sub-tasks, so that the time required for processing the scan result can be further shortened.
In the first aspect of the present application, as an optional implementation, the method further includes:
when at least two polling threads exist, judging whether the plurality of subtasks in the first polling thread are completely executed or not;
and when the plurality of subtasks in the first polling thread are completely executed, judging whether the plurality of subtasks in the second polling thread are completely executed or not, and if not, enabling the first polling thread to execute the unfinished subtasks in the second polling thread.
In this optional embodiment, the first polling thread in the idle state executes the uncompleted subtasks in the second polling thread, so that the utilization rate of the threads and the processing efficiency of the scanning result can be further improved.
In the first aspect of the present application, as an optional implementation, the method further includes:
and acquiring the uncompleted subtasks in the second polling thread from the tail part of the task queue in the second polling thread.
In this optional embodiment, the incomplete subtasks in the second polling thread are obtained from the tail of the task queue in the second polling thread, so that contention between the first polling thread and the second polling thread can be reduced.
In the first aspect of the present application, as an optional implementation manner, the generating, according to the scanning result, scanning information of at least one target vulnerability includes:
extracting host ip, vulnerability name, vulnerability type, vulnerability number and vulnerability detailed description information from the scanning result;
generating scanning information of the at least one target vulnerability according to the host ip, the vulnerability name, the vulnerability type, the vulnerability number and the vulnerability detailed description information, wherein the scanning information of the at least one target vulnerability is stored in a Map data structure, the vulnerability name and the vulnerability number are keys of the Map data structure, and the host ip, the vulnerability type and the vulnerability detailed description information are values of the Map data structure.
In this optional embodiment, the scanning information of the at least one target vulnerability can be obtained according to the host ip, the vulnerability name, the vulnerability type, the vulnerability number and the vulnerability detailed description information.
The second aspect of the present application discloses a vulnerability automatic verification device, the device includes:
the first acquisition module is used for acquiring the equipment information of at least two types of scanning equipment;
the task creating module is used for creating vulnerability scanning tasks according to the device information of the at least two scanning devices and sending the vulnerability scanning tasks to the at least two scanning devices so that the at least two scanning devices execute the vulnerability scanning tasks;
the second acquisition module is used for acquiring the scanning results of the at least two types of scanning equipment for the vulnerability scanning task;
the generating module is used for generating scanning information of at least one target vulnerability according to the scanning result;
and the comparison module is used for sequentially comparing the scanning information of the target vulnerability with a vulnerability database so as to judge whether the target vulnerability exists in the vulnerability database, and if so, updating the verification state of the target vulnerability.
The device of the second aspect of the application can establish the vulnerability scanning task and automatically issue the vulnerability scanning task by acquiring the device information of at least two scanning devices, so that the vulnerability scanning task can be simultaneously issued to different devices, vulnerability collection is maximized, the problem that vulnerability data collected by different devices are different, certain vulnerabilities caused by the fact that the vulnerabilities cannot be found on specific devices and cannot be verified is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
A third aspect of the present application discloses an automatic vulnerability verification apparatus, which includes:
a processor; and
a memory configured to store machine-readable instructions, which when executed by the processor, cause the processor to perform the automatic vulnerability verification method of the first aspect of the present application.
The equipment of the third aspect of the application can establish the vulnerability scanning task and automatically issue the vulnerability scanning task by acquiring the equipment information of at least two kinds of scanning equipment, so that the vulnerability scanning task can be simultaneously issued to different equipment, vulnerability collection is maximized, the problem that vulnerability data collected by different equipment are different, certain vulnerabilities caused by the fact that the vulnerabilities cannot be found on specific equipment and cannot be verified is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
A fourth aspect of the present application discloses a storage medium, where a computer program is stored, and the computer program is executed by a processor to perform the automatic vulnerability verification method of the first aspect of the present application.
The storage medium of the fourth aspect of the present application can create the bug scanning task and automatically issue the bug scanning task by obtaining the device information of at least two types of scanning devices, so that the bug scanning task can be issued to different devices at the same time, the bug collection is maximized, the problem that the bug data collected by different devices are different, and thus some bugs cannot be found on specific devices and cannot be verified is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of an automatic vulnerability verification method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of a process for a polling thread to obtain a subtask of another polling thread according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an automatic vulnerability verification apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an automatic vulnerability verification method provided in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Example one
Referring to fig. 1, fig. 1 is a schematic flow chart illustrating an automatic vulnerability verification method according to an embodiment of the present disclosure. As shown in fig. 1, the automatic vulnerability verification method according to the embodiment of the present application includes the steps of:
101. acquiring equipment information of at least two kinds of scanning equipment;
102. creating vulnerability scanning tasks according to the device information of at least two types of scanning devices, and issuing the vulnerability scanning tasks to the at least two types of scanning devices so that the at least two types of scanning devices execute the vulnerability scanning tasks;
103. obtaining scanning results of at least two kinds of scanning equipment aiming at vulnerability scanning tasks;
104. generating scanning information of at least one target vulnerability according to the scanning result;
105. and comparing the scanning information of the target vulnerability with the vulnerability database in sequence to judge whether the target vulnerability exists in the vulnerability database, and if so, updating the verification state of the target vulnerability.
In the embodiment of the application, when the vulnerability scanning task is created, a task ID is matched with the vulnerability scanning task, and the relevant information of the vulnerability scanning task can be stored in the database through the task ID so as to be used subsequently.
In the embodiment of the application, after the vulnerability scanning task is created, the task ID of the vulnerability scanning task and the equipment identifier of the scanning equipment can be associated and stored in the database, and then the vulnerability scanning task needing to be distributed to the scanning equipment can be determined according to the equipment identifier of the scanning equipment when the vulnerability scanning task is issued.
In this embodiment, the scanning device may be a computer manufactured by different manufacturers, where software and hardware loaded on the scanning device manufactured by different manufacturers may be different.
In the embodiment of the application, if the vulnerability database includes the scanning information of the target vulnerability, the ID of the target vulnerability is recorded and the scanning information of the target vulnerability is put into the LIST set in the non-treatment state, and if the vulnerability database does not include the scanning information of the target vulnerability, the scanning information of the target vulnerability is put into the LIST set in the treatment state, so that the vulnerability database can be updated according to the LIST set in the non-treatment state and the LIST set in the treatment state to update the verification state of the target vulnerability.
According to the vulnerability scanning method and device, the vulnerability scanning task can be created and automatically issued by obtaining the device information of at least two kinds of scanning devices, so that the vulnerability scanning task can be issued to different devices simultaneously, vulnerability collection is maximized, the problem that certain vulnerabilities caused by different vulnerability data collected by different devices cannot be found on specific devices and cannot be verified is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
In the embodiment of the present application, as an optional implementation manner, the device information of the scanned device includes an IP address, a user name, and a password;
and, step 102: creating vulnerability scanning tasks according to device information of at least two types of scanning devices, wherein the vulnerability scanning tasks comprise:
acquiring task timing information;
and creating a vulnerability scanning task at regular time according to the task timing information, the IP address, the user name and the password.
In the optional embodiment, the vulnerability scanning task can be created at regular time according to the task timing information, the IP address, the user name and the password, so that the manual participation degree is further reduced, and the vulnerability verification efficiency is further improved.
In this optional embodiment, further optionally, a vulnerability scanning task is created at regular time by using a Quartz timing task framework, where task timing information, an IP address, a user name, and a password are input to the Quartz timing task framework.
In this alternative embodiment, the task timing information may be entered by the user in the operator interface. Further, the method of the embodiment of the present application further includes: if the format of the task timing information initially input by the user is the first format, the task timing information is represented in the second format, for example, assuming that the task timing information initially input by the user is 2020-11-1708:40:00, the task timing information is converted into "0408? ", wherein" 0408? "can be identified by the Quartz timed task framework. It should be noted that, please refer to the prior art for detailed description of the Quartz timing task framework, which is not limited in the embodiments of the present application.
In this embodiment of the present application, as an optional implementation manner, after creating a vulnerability scanning task according to device information of at least two types of scanning devices in step 102 and issuing the vulnerability scanning task to the at least two types of scanning devices, step 103: before obtaining the scanning results of at least two scanning devices for the vulnerability scanning task, the method of the embodiment of the application further comprises the following steps:
and creating at least one polling thread through the thread pool, wherein the polling thread is used for acquiring a scanning result returned by the scanning equipment and generating scanning information of at least one target vulnerability according to the scanning result of the scanning equipment.
In this optional embodiment, a program that produces the vulnerability scanning task may be regarded as a producer, and the thread pool is a consumer of the vulnerability scanning task, where the vulnerability scanning task is uniformly maintained in the thread pool and executed by the thread pool according to a preset policy. Further, after the thread pool takes the vulnerability scanning task, the polling thread can be created to execute the vulnerability scanning task, and meanwhile, the thread pool can manage the polling thread according to the execution stage of the vulnerability scanning task, for example, the polling thread is recycled, the polling thread is in a dormant state, the dormant time of the polling thread is controlled, and the like. It should be noted that, please refer to the prior art for other descriptions of the thread pool, which is not described in detail in the embodiments of the present application.
In this alternative embodiment, the polling thread calls the status interface of the scanner position scanning device at intervals to determine whether the interface returns a scan result.
In this optional embodiment, a polling thread for polling a scanning result can be automatically created by using a thread pool technology, where the thread pool is in a blocked state when the number of polling threads reaches a certain number, and the polling scanning result is automatically resumed after an idle thread exists, so that the risk of system resource exhaustion caused by frequent application/destruction of resources and resource scheduling is effectively controlled.
In the embodiment of the present application, as an optional implementation manner, step 104: generating scanning information of at least one target vulnerability according to the scanning result comprises the substeps of:
and when the scanning result comprises the scanning results of at least two target vulnerabilities, generating a plurality of subtasks according to the scanning results, and executing the plurality of subtasks by the polling thread in sequence to generate the scanning information of at least one target vulnerability.
In this optional embodiment, the processing of the scan result is split into several subtasks, so that the time required for processing the scan result can be further shortened.
In this optional embodiment, further optionally, a Fork/Join framework is used to generate a plurality of subtasks according to the scanning result, wherein for a detailed description of the Fork/Join framework, please refer to the prior art, which is not described in detail in this embodiment.
In this embodiment, as an optional implementation manner, the method in this embodiment further includes:
when at least two polling threads exist, judging whether a plurality of subtasks in the first polling thread are completely executed or not;
and when the plurality of subtasks in the first polling thread are completely executed, judging whether the plurality of subtasks in the second polling thread are completely executed or not, and if not, enabling the first polling thread to execute the unfinished subtasks in the second polling thread.
In this optional embodiment, the first polling thread in the idle state executes the uncompleted subtasks in the second polling thread, so that the utilization rate of the threads and the processing efficiency of the scanning result can be further improved.
In this embodiment, as an optional implementation manner, the method in this embodiment further includes:
and acquiring the uncompleted subtasks in the second polling thread from the tail part of the task queue in the second polling thread.
In this alternative embodiment, it should be noted that, as shown in fig. 2, the subtasks in the polling threads are stored in the double-ended queue, so that the first polling thread can tail-acquire the outstanding subtasks in the second polling thread from the task queue in the second polling thread. As shown in FIG. 2, after thread 1 has completed executing tasks 1-4, task 4 at the end is retrieved from thread 2 for execution.
In this optional embodiment, the incomplete subtasks in the second polling thread are obtained from the tail of the task queue in the second polling thread, so that contention between the first polling thread and the second polling thread can be reduced.
In the embodiment of the present application, as an optional implementation manner, step 104: generating scanning information of at least one target vulnerability according to the scanning result, comprising:
extracting host ip, bug name, bug type, bug number and bug detailed description information from the scanning result;
and generating scanning information of at least one target vulnerability according to the host ip, the vulnerability name, the vulnerability type, the vulnerability number and the vulnerability detailed description information, wherein the scanning information of the at least one target vulnerability is stored in a Map data structure, the vulnerability name and the vulnerability number are keys of the Map data structure, and the host ip, the vulnerability type and the vulnerability detailed description information are values of the Map data structure.
In this optional embodiment, the scanning information of at least one target vulnerability can be obtained according to the host ip, the vulnerability name, the vulnerability type, the vulnerability number and the vulnerability detailed description information.
Example two
Referring to fig. 3, fig. 3 is a schematic structural diagram of an automatic vulnerability verification apparatus disclosed in the embodiment of the present application. As shown in fig. 3, the apparatus of the embodiment of the present application includes:
a first obtaining module 201, configured to obtain device information of at least two types of scanning devices;
the task creating module 202 is configured to create a vulnerability scanning task according to the device information of the at least two types of scanning devices, and issue the vulnerability scanning task to the at least two types of scanning devices, so that the at least two types of scanning devices execute the vulnerability scanning task;
the second obtaining module 203 is configured to obtain scanning results of at least two types of scanning devices for the vulnerability scanning task;
a generating module 204, configured to generate scanning information of at least one target vulnerability according to a scanning result;
a comparison module 205, configured to compare the scanning information of the target vulnerability with the vulnerability database in sequence to determine whether the target vulnerability exists in the vulnerability database, and if so, update the verification state of the target vulnerability.
The device of the embodiment of the application can establish the vulnerability scanning task and automatically issue the vulnerability scanning task by acquiring the device information of at least two scanning devices, so that the vulnerability scanning task can be simultaneously issued to different devices, vulnerability acquisition is maximized, the problem that certain vulnerabilities caused by different vulnerability data acquired by different devices cannot be found on specific devices and cannot be verified is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
Please refer to the detailed description of the first embodiment of the present application for other detailed descriptions of the automatic vulnerability verification apparatus, which are not described in detail herein.
EXAMPLE III
Referring to fig. 4, fig. 4 is a schematic structural diagram of an automatic vulnerability verification apparatus disclosed in the embodiment of the present application. As shown in fig. 4, the apparatus of the embodiment of the present application includes:
a processor 301; and
the memory 302 is configured to store machine-readable instructions, which when executed by the processor, cause the processor to execute the automatic vulnerability verification method according to the first embodiment of the present application.
The device of the embodiment of the application can create the vulnerability scanning task and automatically issue the vulnerability scanning task by acquiring the device information of at least two scanning devices, so that the vulnerability scanning task can be simultaneously issued to different devices, vulnerability collection is maximized, the problem that certain vulnerabilities caused by different vulnerability data collected by different devices cannot be found on specific devices and cannot be verified is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
Example four
The embodiment of the application discloses a storage medium, wherein a computer program is stored in the storage medium, and the computer program is executed by a processor to execute the vulnerability automatic verification method in the embodiment of the application.
The storage medium of the embodiment of the application can create the vulnerability scanning task and automatically issue the vulnerability scanning task by acquiring the device information of at least two scanning devices, so that the vulnerability scanning task can be simultaneously issued to different devices, vulnerability collection is maximized, the problem that certain vulnerabilities caused by different vulnerability data collected by different devices cannot be found on specific devices and cannot be verified is effectively solved, and the potential safety hazard of a host is further improved. On the other hand, the vulnerability scanning task is issued to different devices at the same time, so that the whole vulnerability verification time can be shortened, and the vulnerability verification efficiency is improved.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
It should be noted that the functions, if implemented in the form of software functional modules and sold or used as independent products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. An automatic vulnerability verification method, characterized in that the method comprises:
acquiring equipment information of at least two kinds of scanning equipment;
creating vulnerability scanning tasks according to the device information of the at least two scanning devices, and issuing the vulnerability scanning tasks to the at least two scanning devices so that the at least two scanning devices execute the vulnerability scanning tasks;
obtaining scanning results of the at least two types of scanning equipment for the vulnerability scanning task;
generating scanning information of at least one target vulnerability according to the scanning result;
and comparing the scanning information of the target vulnerability with a vulnerability database in sequence to judge whether the target vulnerability exists in the vulnerability database, and if so, updating the verification state of the target vulnerability.
2. The method of claim 1, wherein the device information of the scanned device includes an IP address, a username, a password;
and creating a vulnerability scanning task according to the device information of the at least two types of scanning devices, including:
acquiring task timing information;
and creating the vulnerability scanning task at regular time according to the task timing information, the I P address, the user name and the password.
3. The method according to claim 1, wherein after the creating of the vulnerability scanning task according to the device information of the at least two types of scanning devices and the issuing of the vulnerability scanning task to the at least two types of scanning devices, and before the obtaining of the scanning results of the at least two types of scanning devices for the vulnerability scanning task, the method further comprises:
and creating at least one polling thread through a thread pool, wherein the polling thread is used for acquiring one scanning result returned by the scanning equipment and generating scanning information of the at least one target vulnerability according to one scanning result of the scanning equipment.
4. The method of claim 3, wherein the generating scanning information for at least one target vulnerability from the scanning results comprises:
and when the scanning result comprises the scanning results of at least two target vulnerabilities, generating a plurality of subtasks according to the scanning results, and executing the plurality of subtasks by the polling thread in sequence to generate the scanning information of the at least one target vulnerability.
5. The method of claim 4, wherein the method further comprises:
when at least two polling threads exist, judging whether the plurality of subtasks in the first polling thread are completely executed or not;
and when the plurality of subtasks in the first polling thread are completely executed, judging whether the plurality of subtasks in the second polling thread are completely executed or not, and if not, enabling the first polling thread to execute the unfinished subtasks in the second polling thread.
6. The method of claim 5, wherein the method further comprises:
and acquiring the uncompleted subtasks in the second polling thread from the tail part of the task queue in the second polling thread.
7. The method of claim 1, wherein generating the scanning information of the at least one target vulnerability from the scanning results comprises:
extracting host ip, vulnerability name, vulnerability type, vulnerability number and vulnerability detailed description information from the scanning result;
generating scanning information of the at least one target vulnerability according to the host ip, the vulnerability name, the vulnerability type, the vulnerability number and the vulnerability detailed description information, wherein the scanning information of the at least one target vulnerability is stored in a Map data structure, the vulnerability name and the vulnerability number are keys of the Map data structure, and the host ip, the vulnerability type and the vulnerability detailed description information are values of the Map data structure.
8. An automatic vulnerability verification apparatus, the apparatus comprising:
the first acquisition module is used for acquiring the equipment information of at least two types of scanning equipment;
the task creating module is used for creating vulnerability scanning tasks according to the device information of the at least two scanning devices and sending the vulnerability scanning tasks to the at least two scanning devices so that the at least two scanning devices execute the vulnerability scanning tasks;
the second acquisition module is used for acquiring the scanning results of the at least two types of scanning equipment for the vulnerability scanning task;
the generating module is used for generating scanning information of at least one target vulnerability according to the scanning result;
and the comparison module is used for sequentially comparing the scanning information of the target vulnerability with a vulnerability database so as to judge whether the target vulnerability exists in the vulnerability database, and if so, updating the verification state of the target vulnerability.
9. An automatic vulnerability verification device, the device comprising:
a processor; and
a memory configured to store machine readable instructions that, when executed by the processor, cause the processor to perform the vulnerability auto-verification method of any of claims 1-7.
10. A storage medium storing a computer program for executing the automatic vulnerability verification method according to any one of claims 1-7 by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011548817.4A CN112632559A (en) | 2020-12-24 | 2020-12-24 | Vulnerability automatic verification method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011548817.4A CN112632559A (en) | 2020-12-24 | 2020-12-24 | Vulnerability automatic verification method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112632559A true CN112632559A (en) | 2021-04-09 |
Family
ID=75324415
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011548817.4A Pending CN112632559A (en) | 2020-12-24 | 2020-12-24 | Vulnerability automatic verification method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112632559A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553563A (en) * | 2022-02-25 | 2022-05-27 | 北京华云安信息技术有限公司 | Verification method and device without echoing vulnerability, electronic equipment and readable storage medium |
Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030067913A1 (en) * | 2001-10-05 | 2003-04-10 | International Business Machines Corporation | Programmable storage network protocol handler architecture |
| CN103581193A (en) * | 2013-11-08 | 2014-02-12 | 星云融创(北京)信息技术有限公司 | Website vulnerability scanning method, device and system |
| CN103929429A (en) * | 2014-04-24 | 2014-07-16 | 北京邮电大学 | Network vulnerability scanning system and method based on RESTful Web service |
| US20140359187A1 (en) * | 2013-05-28 | 2014-12-04 | Fujitsu Limited | Control apparatus and control method |
| CN105142150A (en) * | 2015-08-28 | 2015-12-09 | 广东电网有限责任公司信息中心 | Wireless device loophole scanning method and system based on BS mode |
| CN105205399A (en) * | 2015-02-10 | 2015-12-30 | 中国移动通信集团广东有限公司 | Vulnerability scanning tool scheduling method and system |
| CN105791273A (en) * | 2016-02-24 | 2016-07-20 | 上海携程商务有限公司 | Web vulnerability scanning system |
| CN106973071A (en) * | 2017-05-24 | 2017-07-21 | 北京匡恩网络科技有限责任公司 | A kind of vulnerability scanning method and apparatus |
| CN107154940A (en) * | 2017-05-11 | 2017-09-12 | 济南大学 | A kind of Internet of Things vulnerability scanning system and scan method |
| CN107171979A (en) * | 2017-06-30 | 2017-09-15 | 广州市品高软件股份有限公司 | Vulnerability scanning method and system based on cloud computing and SDN |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
| CN107508830A (en) * | 2017-09-20 | 2017-12-22 | 杭州安恒信息技术有限公司 | A kind of method for reducing website vulnerability scanning and failing to report |
| CN108156181A (en) * | 2018-02-01 | 2018-06-12 | 杭州安恒信息技术股份有限公司 | A kind of vulnerability detection method and its vulnerability scanning system based on the association asynchronous IO of journey |
| CN109067789A (en) * | 2018-09-25 | 2018-12-21 | 郑州云海信息技术有限公司 | Web vulnerability scanning method, system based on linux system |
| CN109391636A (en) * | 2018-12-20 | 2019-02-26 | 广东电网有限责任公司 | A kind of loophole administering method and device based on hierarchical protection asset tree |
| CN109871696A (en) * | 2018-12-29 | 2019-06-11 | 重庆城市管理职业学院 | A kind of automatic collection and vulnerability scanning system and method, computer of vulnerability information |
| CN109981653A (en) * | 2019-03-28 | 2019-07-05 | 上海中通吉网络技术有限公司 | A kind of web vulnerability scanning method |
| CN110532780A (en) * | 2019-07-25 | 2019-12-03 | 安徽永顺信息科技有限公司 | A kind of vulnerability scanning system and its operation method based on vulnerability scan |
| CN110750793A (en) * | 2019-10-24 | 2020-02-04 | 杭州迪普科技股份有限公司 | Vulnerability scanning method and device |
| CN111027074A (en) * | 2019-12-05 | 2020-04-17 | 国网浙江省电力有限公司电力科学研究院 | Vulnerability automatic utilization method and system |
| CN111291384A (en) * | 2020-04-28 | 2020-06-16 | 杭州海康威视数字技术股份有限公司 | Vulnerability scanning method and device and electronic equipment |
| CN111353161A (en) * | 2020-03-11 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Vulnerability scanning method and device |
| CN111814155A (en) * | 2020-08-31 | 2020-10-23 | 北京安帝科技有限公司 | Vulnerability detection method, platform and device and computer readable medium |
-
2020
- 2020-12-24 CN CN202011548817.4A patent/CN112632559A/en active Pending
Patent Citations (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030067913A1 (en) * | 2001-10-05 | 2003-04-10 | International Business Machines Corporation | Programmable storage network protocol handler architecture |
| US20140359187A1 (en) * | 2013-05-28 | 2014-12-04 | Fujitsu Limited | Control apparatus and control method |
| CN103581193A (en) * | 2013-11-08 | 2014-02-12 | 星云融创(北京)信息技术有限公司 | Website vulnerability scanning method, device and system |
| CN103929429A (en) * | 2014-04-24 | 2014-07-16 | 北京邮电大学 | Network vulnerability scanning system and method based on RESTful Web service |
| CN105205399A (en) * | 2015-02-10 | 2015-12-30 | 中国移动通信集团广东有限公司 | Vulnerability scanning tool scheduling method and system |
| CN105142150A (en) * | 2015-08-28 | 2015-12-09 | 广东电网有限责任公司信息中心 | Wireless device loophole scanning method and system based on BS mode |
| CN105791273A (en) * | 2016-02-24 | 2016-07-20 | 上海携程商务有限公司 | Web vulnerability scanning system |
| CN107154940A (en) * | 2017-05-11 | 2017-09-12 | 济南大学 | A kind of Internet of Things vulnerability scanning system and scan method |
| CN106973071A (en) * | 2017-05-24 | 2017-07-21 | 北京匡恩网络科技有限责任公司 | A kind of vulnerability scanning method and apparatus |
| CN107273751A (en) * | 2017-06-21 | 2017-10-20 | 北京计算机技术及应用研究所 | Security breaches based on multi-mode matching find method online |
| CN107171979A (en) * | 2017-06-30 | 2017-09-15 | 广州市品高软件股份有限公司 | Vulnerability scanning method and system based on cloud computing and SDN |
| CN107508830A (en) * | 2017-09-20 | 2017-12-22 | 杭州安恒信息技术有限公司 | A kind of method for reducing website vulnerability scanning and failing to report |
| CN108156181A (en) * | 2018-02-01 | 2018-06-12 | 杭州安恒信息技术股份有限公司 | A kind of vulnerability detection method and its vulnerability scanning system based on the association asynchronous IO of journey |
| CN109067789A (en) * | 2018-09-25 | 2018-12-21 | 郑州云海信息技术有限公司 | Web vulnerability scanning method, system based on linux system |
| CN109391636A (en) * | 2018-12-20 | 2019-02-26 | 广东电网有限责任公司 | A kind of loophole administering method and device based on hierarchical protection asset tree |
| CN109871696A (en) * | 2018-12-29 | 2019-06-11 | 重庆城市管理职业学院 | A kind of automatic collection and vulnerability scanning system and method, computer of vulnerability information |
| CN109981653A (en) * | 2019-03-28 | 2019-07-05 | 上海中通吉网络技术有限公司 | A kind of web vulnerability scanning method |
| CN110532780A (en) * | 2019-07-25 | 2019-12-03 | 安徽永顺信息科技有限公司 | A kind of vulnerability scanning system and its operation method based on vulnerability scan |
| CN110750793A (en) * | 2019-10-24 | 2020-02-04 | 杭州迪普科技股份有限公司 | Vulnerability scanning method and device |
| CN111027074A (en) * | 2019-12-05 | 2020-04-17 | 国网浙江省电力有限公司电力科学研究院 | Vulnerability automatic utilization method and system |
| CN111353161A (en) * | 2020-03-11 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Vulnerability scanning method and device |
| CN111291384A (en) * | 2020-04-28 | 2020-06-16 | 杭州海康威视数字技术股份有限公司 | Vulnerability scanning method and device and electronic equipment |
| CN111814155A (en) * | 2020-08-31 | 2020-10-23 | 北京安帝科技有限公司 | Vulnerability detection method, platform and device and computer readable medium |
Non-Patent Citations (4)
| Title |
|---|
| 夏斌;许稼;彭石宝;彭应宁;: "一种机载SAR地面运动目标成像模块设计", 雷达科学与技术, no. 03 * |
| 孙剑;: "计算机安全漏洞动态检测技术", 信息与电脑(理论版), no. 03 * |
| 黄倩;: "基于光保护设备的跨平台数据采集服务的设计与实现", 现代电子技术, no. 07 * |
| 龚时,李冬梅,朱秀昌: "H.223复用协议的软件实现方案", 计算机应用研究, no. 06 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553563A (en) * | 2022-02-25 | 2022-05-27 | 北京华云安信息技术有限公司 | Verification method and device without echoing vulnerability, electronic equipment and readable storage medium |
| CN114553563B (en) * | 2022-02-25 | 2023-11-24 | 北京华云安信息技术有限公司 | Verification method and device without back display loopholes, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109582301B (en) | Service processing method, device, equipment and medium based on task scheduling system | |
| US8869111B2 (en) | Method and system for generating test cases for a software application | |
| CN108804215B (en) | Task processing method and device and electronic equipment | |
| CN111240812B (en) | Task execution method and device | |
| WO2021204013A1 (en) | Intelligent dispatching method, apparatus and device, and storage medium | |
| CN113157411B (en) | Celery-based reliable configurable task system and device | |
| CN106034113A (en) | Data processing method and data processing device | |
| CN102572896A (en) | Upgrading method and upgrading device for wireless communication system | |
| CN113220431A (en) | Cross-cloud distributed data task scheduling method, device and storage medium | |
| CN112632559A (en) | Vulnerability automatic verification method, device, equipment and storage medium | |
| CN112559525B (en) | Data checking system, method, device and server | |
| CN111680303A (en) | Vulnerability scanning method and device, storage medium and electronic equipment | |
| CN111625330A (en) | Cross-thread task processing method and device, server and storage medium | |
| CN115774881A (en) | Code auditing method, device, equipment and medium | |
| CN112367205B (en) | Processing method and scheduling system for HTTP scheduling request | |
| CN107247904B (en) | Safety baseline item synchronization method and device | |
| CN115766439A (en) | KVM device batch upgrading method and device and electronic device | |
| CN111061642B (en) | Full-automatic competition data processing system and method based on user data | |
| CN107832124B (en) | Method and device for processing task in file processing system | |
| CN114371866A (en) | Version reconfiguration test method, device and equipment of service system | |
| US20120185839A1 (en) | Program execution method, computer system, and program execution control program | |
| CN117909413A (en) | Data processing method, data processing device, computer readable storage medium and electronic equipment | |
| CN116319331A (en) | Method, device, medium and equipment for issuing DNS (Domain name System) resolution configuration information in batches | |
| CN114254027A (en) | Data processing method, device, equipment and storage medium | |
| CN112235392A (en) | Data pushing method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |