CN113254334B - Information investigation and penetration test method based on workflow - Google Patents
Information investigation and penetration test method based on workflow Download PDFInfo
- Publication number
- CN113254334B CN113254334B CN202110538286.9A CN202110538286A CN113254334B CN 113254334 B CN113254334 B CN 113254334B CN 202110538286 A CN202110538286 A CN 202110538286A CN 113254334 B CN113254334 B CN 113254334B
- Authority
- CN
- China
- Prior art keywords
- plug
- penetration
- vulnerability
- url
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Quality & Reliability (AREA)
- Computing Systems (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides an information investigation and penetration test method based on a workflow, and relates to the technical field of computer software information. The method is based on the working flow, and realizes the detection, filtration and duplicate removal of the domain name, IP port, URL and fingerprint of a test target through an information detection pipeline and a penetration test pipeline, and also performs the information detection and penetration test on various loopholes. The information investigation pipeline is used for investigating information of an input target, acquiring and storing IP, URL, port and fingerprint information based on a plurality of plug-ins through the input IP and URL for calling the penetration test pipeline; the penetration testing pipeline is connected with the information investigation pipeline, and performs penetration testing on various loopholes by using IP, URL, ports and fingerprints acquired by the investigation pipeline based on different plug-ins, and outputs a testing report while storing tested loophole information. The method can detect and collect the information of the test target in a short time, automatically develop the leak penetration and improve the penetration test efficiency.
Description
Technical Field
The invention relates to the technical field of computer software information, in particular to an information investigation and penetration test method based on workflow.
Background
The penetration test is an important software test work, and penetration test personnel need use relevant instrument and software to test when carrying out the penetration test, but the instrument that penetration test personnel used is mostly scattered, does not become the system, when testing, often needs to use a plurality of instruments simultaneously, not only can occupy a large amount of computer resources like this, and penetration test work's efficiency is also not high.
The 'automatic penetration testing framework' with the application number of 'CN 202010493526.3' realizes the evolution of penetration testing work to the direction of automation, standardization and actual combat. By combining the workflow, the pipeline and the plug-in, the automatic execution of the penetration test is realized, the automatic penetration test on a large-scale network is possible, the penetration test content and method are standardized by the framework, the influence of personnel capacity factors is avoided, and the penetration test standardization is realized. However, the framework is only a bottom layer work foundation for supporting the automatic information investigation and penetration test, and in order to truly automate the development of the information investigation and penetration test, a plurality of plug-in units are required to be injected into the framework, and the plug-ins are organically combined by using pipelines and workflows to construct an optimal practice method for the automatic information investigation and penetration test.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a workflow-based information investigation and penetration testing method aiming at the defects of the prior art, the aim of automatically completing investigation and penetration of all works through one workflow is fulfilled, and the problem of difficult information investigation and penetration testing of large-batch network segments and URLs is solved.
In order to solve the technical problems, the technical scheme adopted by the invention is as follows: the information detection and penetration test method based on the workflow is used for detecting, filtering and removing the duplicate of a domain name, an IP (Internet protocol) port, a URL (Uniform resource locator) and a fingerprint of a test target based on the workflow, and performing information detection and penetration test on known bugs, weak password bugs, deserialization bugs, injection bugs, unauthorized bugs and overflow bugs.
Preferably, the workflow comprises a test target input, an information investigation pipeline and a penetration test pipeline; the test target inputs assets for inputting the test target, wherein the assets of the test target are IP, domain names or URLs; the information investigation pipeline is used for investigating information of an input target, acquiring and storing IP, URL, port and fingerprint information based on a plurality of plug-ins through the input IP and URL, and is used for calling the penetration test pipeline; the penetration testing pipeline is connected with the information investigation pipeline, and performs penetration testing on known bugs, weak password bugs, deserialization bugs, injection bugs, unauthorized bugs and overflow bugs by using IP, URL, ports and fingerprints acquired by the investigation pipeline based on different plug-ins, and outputs a testing report while storing tested bug information.
Preferably, the information investigation pipeline comprises an investigation input conversion plug-in, a domain name extraction plug-in, a domain name expansion plug-in, an IP extraction plug-in, an IP back investigation domain name plug-in, a URL crawler plug-in, a URL back investigation IP plug-in, an IP expansion plug-in, an IP port scanning plug-in and a fingerprint identification plug-in;
the investigation input conversion plug-in is used for converting the input information of the test target and uniformly converting the input information into IP and domain name in standard format;
the domain name extraction plug-in is connected with the investigation input conversion plug-in and is used for extracting a standard format domain name;
the IP extraction plug-in is connected with the investigation input conversion plug-in and is used for extracting the standard format IP;
the IP extension plug-in is connected with the IP extraction plug-in and the URL reverse check IP plug-in, the IPs are sequenced, and the lacking IPs are filled according to the C section;
the IP reverse-checking domain name plug-in is connected with the IP expansion plug-in, and performs domain name reverse checking on each IP to acquire a reverse-checking domain name;
the domain name extension plug-in is connected with the domain name extraction plug-in and the IP reverse-checking domain name plug-in, and violent guessing solution of sub domain names is carried out aiming at each domain name;
the URL reverse-check IP plug-in is connected with the domain name extension plug-in, and performs IP reverse check on each URL to obtain a reverse-check IP;
The IP port scanning plug-in is connected with the IP expansion plug-in, and the scanning of the ports and the services in batches is carried out on the IP collected by the crawler to obtain an IP port;
the URL crawler plug-in is connected with the domain name expansion plug-in and the IP port scanning plug-in, and a URL is obtained by crawling according to the domain name and the IP port information;
the fingerprint identification plug-in is connected with the IP port scanning plug-in and the URL crawler plug-in, carries out fingerprint identification on the IP port and the URL, preliminarily judges the service type and the protocol of the IP port, the deployment architecture and the language of the URL, and acquires a fingerprint.
Preferably, the penetration test pipeline comprises a known leak prejudging plug-in, a weak password leak blasting plug-in, an anti-serialization leak penetration plug-in, an injection leak penetration plug-in, an unauthorized leak penetration plug-in and an overflow leak penetration plug-in which are all connected with the information detection pipeline;
the known vulnerability pre-judging plug-in utilizes IP, URL, ports and fingerprints obtained by the information detection pipeline to automatically eliminate the known vulnerability for one time, a known vulnerability library is arranged in the plug-in, whether the IP ports have the known vulnerability or not is pre-judged by utilizing vulnerability testing load, and a pre-judged vulnerability result is stored;
the weak password blasting plug-in is internally provided with default passwords and common weak passwords of an operating system, a database, a middleware, network equipment and safety equipment, performs weak password blasting on services and URLs by using an IP port, a URL and a fingerprint acquired by an information investigation pipeline, and stores blasting results;
The anti-serialization vulnerability penetration plug-in is internally provided with a Php anti-serialization vulnerability, a Java anti-serialization vulnerability and a Shiro anti-serialization vulnerability, carries out anti-serialization vulnerability penetration on an IP port, a URL and a fingerprint which are obtained by an information investigation pipeline by utilizing vulnerability testing load, and stores a penetration result;
the injection vulnerability penetration plug-in is internally provided with a Sql injection vulnerability, an Xml injection vulnerability, a code injection vulnerability, a Cookie injection vulnerability and a Xss injection vulnerability, performs injection vulnerability penetration on an IP port, a URL and a fingerprint which are acquired by an information investigation pipeline by utilizing vulnerability testing load, and stores a penetration result;
the unauthorized vulnerability penetration plug-in is internally provided with a horizontal unauthorized vulnerability and a vertical unauthorized vulnerability, performs unauthorized vulnerability penetration on an IP port, a URL (uniform resource locator) and a fingerprint which are acquired by an information detection pipeline by utilizing vulnerability test loads, and stores penetration results;
and the overflow leak penetration plug-in is internally provided with a buffer overflow leak, the leak testing load is utilized to perform overflow leak penetration on the IP port, the URL and the fingerprint which are obtained by the information investigation pipeline, and a penetration result is stored.
Preferably, the permeation test conduit further comprises a permeation report output insert; the penetration report output plug-in is connected with the information detection pipeline and is also connected with a known leak pre-judging plug-in, a weak password leak blasting plug-in, an anti-serialization leak penetration plug-in, an injection leak penetration plug-in and an unauthorized leak penetration plug-in the penetration test pipeline, the detection result and the penetration result of the information detection pipeline are combined in an arranging mode, and a penetration test report is output.
The information flow and the control flow of the information investigation pipeline and the penetration test pipeline in the method of the invention seamlessly circulate, and based on a workflow engine which is in an invention patent 'an automatic penetration test framework' with the application number of 'CN 202010493526.3' and enters into a substantive examination stage, the massive concurrence and the automatic development of investigation and penetration are realized.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in: the information detection and penetration testing method based on the workflow integrates two pipelines of information detection and penetration testing, combines detection input conversion plug-ins, domain name extraction plug-ins, domain name extension plug-ins, IP extraction plug-ins, IP reverse-check domain name plug-ins, URL crawler plug-ins, URL reverse-check IP plug-ins, IP extension plug-ins, IP port scanning plug-ins, fingerprint identification plug-ins, known vulnerability prejudgment plug-ins, weak password vulnerability bursting plug-ins, deserialization vulnerability penetration plug-ins, injection vulnerability penetration plug-ins, unauthorized vulnerability penetration plug-ins, overflow vulnerability penetration plug-ins and penetration report output plug-ins together, can detect and collect complete information of a testing target in a short time only by inputting the testing target, automatically develops the penetration of the penetration, and improves the penetration testing efficiency.
Drawings
Fig. 1 is a schematic structural diagram of a workflow for information detection and penetration testing according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an information detection pipeline according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a penetration test pipeline according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
In this embodiment, a workflow-based information detection and penetration test method is implemented based on the workflow shown in fig. 1, and performs detection, filtering, and deduplication on a domain name, an IP port, a URL, and a fingerprint of a test target, and performs information detection and penetration test on a known vulnerability, a weak password vulnerability, an deserialization vulnerability, an injection vulnerability, an unauthorized vulnerability, and an overflow vulnerability.
The working stream comprises a test target input, an information investigation pipeline and a penetration test pipeline; the test target inputs assets for inputting the test target, wherein the assets of the test target are IP, domain names or URLs; the information investigation pipeline is used for investigating information of an input target, acquiring and storing IP, URL, port and fingerprint information based on a plurality of plug-ins through the input IP and URL, and is used for calling the penetration test pipeline; the penetration testing pipeline is connected with the information investigation pipeline, and performs penetration testing on known bugs, weak password bugs, deserialization bugs, injection bugs, unauthorized bugs and overflow bugs by using IP, URL, ports and fingerprints acquired by the investigation pipeline based on different plug-ins, and outputs a testing report while storing tested bug information.
According to the patent application of 'an automatic penetration testing framework' with the application number of 'CN 202010493526.3', a plug-in is an application program interface which is compiled according to a certain specification and is used for processing a specific task, and the operation of the plug-in needs to depend on a function library or data provided by a platform, so that the plug-in can only operate under the platform specified by a program and cannot be operated independently from the specified platform;
a pipe is a communication mechanism for communication between plug-ins, and is represented in the form that the output of each previous plug-in is directly used as the input of the next plug-in;
the workflow refers to the automation of the penetration test business process in a computer application environment, and is the abstraction and generalization of business rules and workflows among pipelines.
The information investigation pipeline is shown in fig. 2 and comprises an investigation input conversion plug-in, a domain name extraction plug-in, a domain name expansion plug-in, an IP extraction plug-in, an IP reverse investigation domain name plug-in, a URL crawler plug-in, a URL reverse investigation IP plug-in, an IP expansion plug-in, an IP port scanning plug-in and a fingerprint identification plug-in;
the investigation input conversion plug-in is used for converting input information of a test target and uniformly converting the input information into IP and domain name in a standard format;
The domain name extraction plug-in is connected with the investigation input conversion plug-in and is used for extracting a standard format domain name;
the IP extraction plug-in is connected with the investigation input conversion plug-in and is used for extracting the standard format IP;
the IP extension plug-in is connected with the IP extraction plug-in and the URL reverse check IP plug-in, the IPs are sequenced, and the lacking IPs are filled according to the C section;
the IP reverse-checking domain name plug-in is connected with the IP expansion plug-in, and performs domain name reverse checking on each IP to acquire a reverse-checking domain name;
the domain name extension plug-in is connected with the domain name extraction plug-in and the IP reverse-checking domain name plug-in, and violent guessing solution of sub domain names is carried out aiming at each domain name;
the URL reverse-check IP plug-in is connected with the domain name extension plug-in, and performs IP reverse check on each URL to obtain a reverse-check IP;
the IP port scanning plug-in is connected with the IP expansion plug-in, and scans the ports and services of the IP collected by the crawler in batches to obtain the IP ports;
the URL crawler plug-in is connected with the domain name expansion plug-in and the IP port scanning plug-in, and a URL is obtained by crawling according to the domain name and the IP port information;
the fingerprint identification plug-in is connected with the IP port scanning plug-in and the URL crawler plug-in, performs fingerprint identification on the IP port and the URL, preliminarily judges the service type and protocol of the IP port and the deployment architecture and language of the URL, and acquires a fingerprint.
In summary, the information investigation pipeline is used to implement the following functions:
(1) inputting a test IP or URL, and respectively extracting an input domain name and an input IP;
(2) performing domain name extraction and domain name expansion on an input URL, providing a domain name expansion result to a URL crawler tool for URL crawling, and providing a domain name expansion result to a URL reverse-investigation IP plug-in unit for investigating a related IP address;
(3) the input IP address and the URL reverse-check IP address are extracted and collected, IP expansion is uniformly carried out, an IP expansion result is provided for an IP port scanning plug-in unit to carry out IP port scanning, and meanwhile, the IP expansion result is also provided for an IP reverse-check domain name plug-in unit to carry out domain name query;
(4) the IP port scanning plug-in is used for carrying out IP and port scanning, the scanning result is sent to the fingerprint identification plug-in for fingerprint feature identification and storage, and meanwhile, the IP and port result is provided for the URL crawler plug-in to crawl related URLs;
(5) and crawling the URL by using the URL crawler plug-in, and sending a crawling result to the fingerprint identification plug-in for fingerprint feature identification and storage.
The penetration test pipeline is shown in fig. 3 and comprises a known leak prejudgment plug-in, a weak password leak blasting plug-in, an anti-serialization leak penetration plug-in, an injection leak penetration plug-in, an unauthorized leak penetration plug-in, an overflow leak penetration plug-in and a penetration report output plug-in which are all connected with the information investigation pipeline;
The known vulnerability pre-judging plug-in utilizes IP, URL, ports and fingerprints obtained by the information detection pipeline to automatically eliminate the known vulnerability for one time, a known vulnerability library is arranged in the plug-in, whether the IP ports have the known vulnerability or not is pre-judged by utilizing vulnerability testing load, and a pre-judged vulnerability result is stored;
the weak password blasting plug-in is internally provided with default passwords and common weak passwords of an operating system, a database, middleware, network equipment and security equipment, such as 123456, admin123, admin888, 111111 and the like; performing weak password blasting on the service and the URL by using the IP port, the URL and the fingerprint acquired by the information investigation pipeline, and storing blasting results;
the anti-serialization vulnerability penetration plug-in is internally provided with a Php anti-serialization vulnerability, a Java anti-serialization vulnerability and a Shiro anti-serialization vulnerability, carries out anti-serialization vulnerability penetration on an IP port, a URL and a fingerprint which are obtained by an information investigation pipeline by utilizing vulnerability testing load, and stores a penetration result;
the injection vulnerability penetration plug-in is internally provided with a Sql injection vulnerability, an Xml injection vulnerability, a code injection vulnerability, a Cookie injection vulnerability and a Xss injection vulnerability, performs injection vulnerability penetration on an IP port, a URL and a fingerprint which are acquired by an information investigation pipeline by utilizing vulnerability testing load, and stores a penetration result;
The unauthorized vulnerability penetration plug-in is internally provided with a horizontal unauthorized vulnerability and a vertical unauthorized vulnerability, performs unauthorized vulnerability penetration on an IP port, a URL (uniform resource locator) and a fingerprint which are obtained by an information detection pipeline by utilizing vulnerability testing loads, and stores penetration results;
the overflow leak penetration plug-in is internally provided with a buffer overflow leak, the leak testing load is utilized to perform overflow leak penetration on an IP port, a URL (uniform resource locator) and a fingerprint which are obtained by an information investigation pipeline, and a penetration result is stored;
the penetration report output plug-in is connected with the information detection pipeline and is also connected with a known leak pre-judging plug-in, a weak password leak blasting plug-in, an anti-serialization leak penetration plug-in, an injection leak penetration plug-in and an unauthorized leak penetration plug-in the penetration test pipeline, the detection result and the penetration result of the information detection pipeline are combined in an arranging mode, and a penetration test report is output.
To sum up, the permeation testing conduit is used to achieve the following functions:
(1) based on IP, URL, port and fingerprint information output by the information investigation pipeline, utilizing a vulnerability prejudgment plug-in, a weak password blasting plug-in, an anti-serialization vulnerability penetration plug-in, an injection vulnerability penetration plug-in, an unauthorized vulnerability penetration plug-in and an overflow vulnerability penetration plug-in to develop vulnerability penetration and store corresponding vulnerabilities;
(2) And extracting IP, URL, port, fingerprint and vulnerability information by using a report output plug-in, and outputting a test report automatically after comprehensive analysis.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit of the corresponding technical solutions and scope of the present invention as defined in the appended claims.
Claims (3)
1. An information investigation and penetration test method based on workflow is characterized in that: detecting, filtering and removing the duplicate of the domain name, IP port, URL and fingerprint of a test target based on the workflow, and performing information detection and penetration test on known bugs, weak password bugs, deserialization bugs, injection bugs, unauthorized bugs and overflow bugs;
the working stream comprises a test target input, an information investigation pipeline and a penetration test pipeline; the test target inputs assets for inputting the test target, wherein the assets of the test target are IP, domain names or URLs; the information investigation pipeline is used for investigating information of an input target, acquiring and storing IP, URL, port and fingerprint information based on a plurality of plug-ins through the input IP and URL, and is used for calling the penetration test pipeline; the penetration testing pipeline is connected with the information investigation pipeline, and performs penetration testing on known bugs, weak password bugs, deserialization bugs, injection bugs, unauthorized bugs and overflow bugs by using IP, URL, ports and fingerprints acquired by the investigation pipeline based on different plug-ins, and outputs a testing report while storing tested bug information;
The information investigation pipeline comprises an investigation input conversion plug-in, a domain name extraction plug-in, a domain name expansion plug-in, an IP extraction plug-in, an IP back investigation domain name plug-in, a URL crawler plug-in, a URL back investigation IP plug-in, an IP expansion plug-in, an IP port scanning plug-in and a fingerprint identification plug-in;
the investigation input conversion plug-in is used for converting the input information of the test target and uniformly converting the input information into IP and domain name in standard format;
the domain name extraction plug-in is connected with the investigation input conversion plug-in and is used for extracting a standard format domain name;
the IP extraction plug-in is connected with the investigation input conversion plug-in and is used for extracting the standard format IP;
the IP extension plug-in is connected with the IP extraction plug-in and the URL reverse check IP plug-in, the IPs are sequenced, and the lacking IPs are filled according to the C section;
the IP reverse-checking domain name plug-in is connected with the IP expansion plug-in, and performs domain name reverse checking on each IP to acquire a reverse-checking domain name;
the domain name extension plug-in is connected with the domain name extraction plug-in and the IP reverse-checking domain name plug-in, and violent guessing solution of sub domain names is carried out aiming at each domain name;
the URL reverse-check IP plug-in is connected with the domain name extension plug-in, and performs IP reverse check on each URL to obtain a reverse-check IP;
The IP port scanning plug-in is connected with the IP expansion plug-in, and the scanning of the ports and the services in batches is carried out on the IP collected by the crawler to obtain an IP port;
the URL crawler plug-in is connected with the domain name expansion plug-in and the IP port scanning plug-in, and a URL is obtained by crawling according to the domain name and the IP port information;
the fingerprint identification plug-in is connected with the IP port scanning plug-in and the URL crawler plug-in, performs fingerprint identification on the IP port and the URL, preliminarily judges the service type and protocol of the IP port and the deployment architecture and language of the URL, and acquires a fingerprint.
2. The workflow-based information investigation and penetration testing method of claim 1, wherein: the penetration test pipeline comprises a known leak pre-judgment plug-in, a weak password leak blasting plug-in, an anti-serialization leak penetration plug-in, an injection leak penetration plug-in, an unauthorized leak penetration plug-in and an overflow leak penetration plug-in which are all connected with the information detection pipeline;
the known vulnerability pre-judging plug-in utilizes IP, URL, ports and fingerprints obtained by the information detection pipeline to automatically eliminate the known vulnerability for one time, a known vulnerability library is arranged in the plug-in, whether the IP ports have the known vulnerability or not is pre-judged by utilizing vulnerability testing load, and a pre-judged vulnerability result is stored;
The weak password blasting plug-in is internally provided with default passwords and common weak passwords of an operating system, a database, a middleware, network equipment and safety equipment, performs weak password blasting on services and URLs by using an IP port, a URL and a fingerprint acquired by an information investigation pipeline, and stores blasting results;
the anti-serialization vulnerability penetration plug-in is internally provided with a Php anti-serialization vulnerability, a Java anti-serialization vulnerability and a Shiro anti-serialization vulnerability, carries out anti-serialization vulnerability penetration on an IP port, a URL and a fingerprint which are obtained by an information investigation pipeline by utilizing vulnerability testing load, and stores a penetration result;
the injection vulnerability penetration plug-in is internally provided with a Sql injection vulnerability, an Xml injection vulnerability, a code injection vulnerability, a Cookie injection vulnerability and a Xss injection vulnerability, performs injection vulnerability penetration on an IP port, a URL and a fingerprint which are acquired by an information investigation pipeline by utilizing vulnerability testing load, and stores a penetration result;
the unauthorized vulnerability penetration plug-in is internally provided with a horizontal unauthorized vulnerability and a vertical unauthorized vulnerability, performs unauthorized vulnerability penetration on an IP port, a URL (uniform resource locator) and a fingerprint which are acquired by an information detection pipeline by utilizing vulnerability test loads, and stores penetration results;
and the built-in buffer area of the overflow leak penetration plug-in unit overflows leaks, the leak testing load is utilized to carry out overflow leak penetration on the IP port, the URL and the fingerprint acquired by the information investigation pipeline, and a penetration result is stored.
3. The workflow-based information investigation and penetration testing method of claim 2, wherein: the penetration test pipeline further comprises a penetration report output plug-in; the penetration report output plug-in is connected with the information detection pipeline and is also connected with a known leak pre-judging plug-in, a weak password leak blasting plug-in, an anti-serialization leak penetration plug-in, an injection leak penetration plug-in and an unauthorized leak penetration plug-in the penetration test pipeline, the detection result and the penetration result of the information detection pipeline are combined in an arranging mode, and a penetration test report is output.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110538286.9A CN113254334B (en) | 2021-05-18 | 2021-05-18 | Information investigation and penetration test method based on workflow |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110538286.9A CN113254334B (en) | 2021-05-18 | 2021-05-18 | Information investigation and penetration test method based on workflow |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113254334A CN113254334A (en) | 2021-08-13 |
| CN113254334B true CN113254334B (en) | 2022-07-29 |
Family
ID=77182319
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110538286.9A Active CN113254334B (en) | 2021-05-18 | 2021-05-18 | Information investigation and penetration test method based on workflow |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113254334B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117112873B (en) * | 2023-10-25 | 2024-01-26 | 北京华云安信息技术有限公司 | API blasting method, device, equipment and storage medium based on code injection |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234525A (en) * | 2018-03-30 | 2018-06-29 | 阜阳职业技术学院 | A kind of information leakage preventing theft protection management system in computer network security |
| CN111967018A (en) * | 2020-07-30 | 2020-11-20 | 国网福建省电力有限公司 | Method for automatically detecting Tomcat known vulnerability |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104009881B (en) * | 2013-02-27 | 2017-12-19 | 广东电网公司信息中心 | A kind of method and device of system penetration testing |
| EP3711279A1 (en) * | 2017-11-15 | 2020-09-23 | XM Cyber Ltd. | Selectively choosing between actual-attack and simulation/evaluation for validating a vulnerability of a network node during execution of a penetration testing campaign |
| CN111488588B (en) * | 2020-04-17 | 2023-08-11 | 北京墨云科技有限公司 | Automatic penetration test method based on AI |
| CN111666572B (en) * | 2020-06-03 | 2023-07-04 | 北方实验室(沈阳)股份有限公司 | Automatic change infiltration test frame system |
| CN112667522B (en) * | 2021-01-19 | 2023-11-07 | 深圳融安网络科技有限公司 | Penetration test method, penetration test device, terminal equipment and computer readable storage medium |
-
2021
- 2021-05-18 CN CN202110538286.9A patent/CN113254334B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108234525A (en) * | 2018-03-30 | 2018-06-29 | 阜阳职业技术学院 | A kind of information leakage preventing theft protection management system in computer network security |
| CN111967018A (en) * | 2020-07-30 | 2020-11-20 | 国网福建省电力有限公司 | Method for automatically detecting Tomcat known vulnerability |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113254334A (en) | 2021-08-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109325351B (en) | Security hole automatic verification system based on public testing platform | |
| CN101242279B (en) | Automatic penetration testing system and method for WEB system | |
| CN102468985B (en) | The method and system of penetration testing is carried out for Network Security Device | |
| CN103577324B (en) | Static detection method for privacy information disclosure in mobile applications | |
| CN109145579A (en) | Intelligent network joins automobile information secure authentication testing method and system | |
| CN108595952A (en) | A kind of detection method and system of electric power mobile application software loophole | |
| CN106982194A (en) | Vulnerability scanning method and device | |
| CN106126417A (en) | Interactive application safety detecting method and system thereof | |
| CN104751056A (en) | Vulnerability verification system and method based on attack library | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN111625837B (en) | Method, device and server for identifying system loopholes | |
| CN113254334B (en) | Information investigation and penetration test method based on workflow | |
| Zaccarelli et al. | Stream2segment: An open‐source tool for downloading, processing, and visualizing massive event‐based seismic waveform datasets | |
| CN113139192A (en) | Third-party library security risk analysis method and system based on knowledge graph | |
| CN111930621A (en) | DNS automation performance testing method, device, equipment and readable storage medium | |
| Yan et al. | A comprehensive evaluation of android icc resolution techniques | |
| CN114091028B (en) | Android application information leakage detection method based on data flow | |
| CN115168847A (en) | Application patch generation method and device, computer equipment and readable storage medium | |
| Marandi et al. | Implementing and Automating Security Scanning to a DevSecOps CI/CD Pipeline | |
| Meng et al. | An approach to merge results of multiple static analysis tools (short paper) | |
| CN111898133A (en) | Penetration testing device and method based on automation | |
| CN112487433A (en) | Vulnerability detection method and device and storage medium | |
| Jiang et al. | Analysis of procedure splitability | |
| CN111813691B (en) | Test problem investigation method, device, electronic equipment and medium | |
| CN114218073A (en) | Interface testing method, device, server and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |