CN113378180A - Vulnerability detection method and device, computer equipment and readable storage medium - Google Patents
Vulnerability detection method and device, computer equipment and readable storage medium Download PDFInfo
- Publication number
- CN113378180A CN113378180A CN202110724656.8A CN202110724656A CN113378180A CN 113378180 A CN113378180 A CN 113378180A CN 202110724656 A CN202110724656 A CN 202110724656A CN 113378180 A CN113378180 A CN 113378180A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- vulnerability scanning
- task
- scanned
- tool
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the application relates to the technical field of data analysis, and provides a vulnerability detection method, which comprises the following steps: acquiring a vulnerability scanning task submitted by a user through a front end, wherein the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned; acquiring configuration information of a preset vulnerability scanning tool, and generating a Shell script according to the configuration information and the vulnerability scanning task; acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result; and classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results. The vulnerability scanning efficiency can be improved.
Description
Technical Field
The embodiment of the application relates to the technical field of artificial intelligence, in particular to a vulnerability detection method, a vulnerability detection device, computer equipment and a readable storage medium.
Background
In the development of information technology, information tools and software products are popularized in various enterprises, software products on the market at present have more or less security holes, and hacker technical levels are developed along with the popularization of the information tools and the software products, so that threats can be brought to enterprise users using the software products with the security holes, and the security holes can bring about loss risks and hidden dangers to the enterprise users in different situations.
For the above situation, some open-source security testing tools, for example, burpesite, exist in the market, but the inventors found that, when an existing security testing tool performs vulnerability scanning, a user needs to perform cumbersome configuration before the vulnerability scanning can be performed, so that the vulnerability scanning efficiency is very low.
Disclosure of Invention
In view of the above, an object of the embodiments of the present application is to provide a vulnerability detection method, apparatus, computer device and computer readable storage medium, which are used to solve the problem that the existing vulnerability scanning method is very inefficient.
In order to achieve the above object, an embodiment of the present application provides a vulnerability detection method, including:
acquiring a vulnerability scanning task submitted by a user through a front end, wherein the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned;
acquiring configuration information of a preset vulnerability scanning tool, and generating a Shell script according to the configuration information and the vulnerability scanning task;
acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result;
and classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results.
Optionally, the calling the vulnerability scanning tool through the Shell script to scan the object to be scanned, and obtaining a vulnerability scanning result includes:
and when the vulnerability scanning tool is called by the Shell script and fails, starting a preset web automation tool, so that the vulnerability scanning tool is called by the web automation tool to scan the object to be scanned, and obtaining a vulnerability scanning result.
Optionally, the vulnerability scanning tool is a Burpesite tool, the Shell script calls the vulnerability scanning tool to scan the object to be scanned, and obtaining a vulnerability scanning result includes:
and calling the Burpesite tool through an application program interface of the Burpesite tool packaged in the Shell script to scan the object to be scanned, so as to obtain a vulnerability scanning result.
Optionally, the vulnerability scanning task further includes a runtime, and the method further includes:
generating a timing scheduling task according to the running time through a task scheduler;
the acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result comprises the following steps:
receiving a timing scheduling task execution operation instruction triggered by the task scheduler, and executing the following operations according to the timing scheduling task execution operation instruction:
and acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result.
Optionally, the method further comprises:
and configuring the operation authority of the user, wherein the operation authority comprises whether the user has the authority to submit the vulnerability scanning task.
Optionally, the method further comprises:
and storing the execution record information generated when the timing scheduling task is executed into a database, wherein the execution record information comprises task identification information and task configuration information.
Optionally, the method further comprises:
and generating a visual vulnerability category map according to the vulnerability category classification result, and returning the vulnerability category map to the front end for displaying.
In order to achieve the above object, an embodiment of the present application further provides a vulnerability detection apparatus, where the vulnerability detection apparatus includes:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a vulnerability scanning task submitted by a user through a front end, and the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned;
the generation module is used for acquiring configuration information of a preset vulnerability scanning tool and generating a Shell script according to the configuration information and the vulnerability scanning task;
the scanning module is used for acquiring the object to be scanned according to the address information and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned so as to obtain a vulnerability scanning result;
and the classification module is used for classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results.
In order to achieve the above object, an embodiment of the present application further provides a computer device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the steps of the vulnerability detection method as described above when executing the computer program.
To achieve the above object, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, where the computer program is executable by at least one processor, so as to cause the at least one processor to execute the steps of the vulnerability detection method described above.
According to the vulnerability detection method, the vulnerability detection device, the computer equipment and the computer readable storage medium, a vulnerability scanning task submitted by a user through a front end is obtained, wherein the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned; acquiring configuration information of a preset vulnerability scanning tool, and generating a Shell script according to the configuration information and the vulnerability scanning task; acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result; and classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results. According to the vulnerability scanning method, the Shell script can be generated according to the configuration information and the vulnerability scanning task, the Shell script can realize automatic configuration of the vulnerability scanning tool and automatic calling of the vulnerability scanning tool, a user does not need to manually configure and call the vulnerability scanning tool, so that the configuration time can be saved, the vulnerability scanning efficiency is improved, automatic configuration of the vulnerability scanning tool is realized in a Shell script mode, the cost for learning and configuring the vulnerability scanning tool by the user can be saved, and the vulnerability scanning operation is simpler and more convenient.
Drawings
Fig. 1 is a schematic step flow diagram of an embodiment of a vulnerability detection method according to the present application.
Fig. 2 is a schematic view of program modules of a vulnerability detection apparatus according to an embodiment of the present application.
Fig. 3 is a schematic hardware structure diagram of a computer device according to an embodiment of the present application.
The implementation, functional features and advantages of the objectives of the present application will be further explained with reference to the accompanying drawings.
Detailed Description
The advantages of the present application are further illustrated below with reference to the accompanying drawings and specific embodiments.
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The terminology used in the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In the description of the present application, it should be understood that the numerical references before the steps do not identify the order of performing the steps, but merely serve to facilitate the description of the present application and to distinguish each step, and therefore should not be construed as limiting the present application.
Referring to fig. 1, a flowchart of a vulnerability detection method according to a first embodiment of the present application is shown. It is to be understood that the flow charts in the embodiments of the present method do not limit the order in which the steps are performed. The following description will exemplarily refer to a vulnerability detection apparatus (hereinafter, referred to as "detection apparatus") as an execution subject, and the detection apparatus may be applied to a computer device, which may be a mobile phone, a tablet personal computer (tablet personal computer), a laptop computer (laptop computer), a server, or other devices having a data transmission function. The method comprises the following specific steps:
step S10, acquiring a vulnerability scanning task submitted by a user through a front end, wherein the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned.
Specifically, the object to be scanned may be a website that needs to be scanned or a file that needs to be scanned, and the like, which is not limited in this embodiment. The address information is information used to locate a storage location of the object to be scanned, and specifically, the address information may be a URL (Uniform Resource Locator) of the object to be scanned.
In this embodiment, a user may submit the vulnerability scanning task through a visual vulnerability scanning task submission interface provided at the front end. As an example, when submitting a vulnerability scanning task, a user may input an object to be scanned in a field of an "object to be scanned" in a visual interface, where the input vulnerability scanning object is, for example: and a website A. The user may also input the address of the object to be scanned in the "address information of the object to be scanned" field in the visual interface, for example, the input address information is: www.xxx.xxx are provided. In an embodiment, in order to more efficiently process the vulnerability scanning task at the backend, the user may also send a "run-time setting" field in the visual interface to set the processing time of the task to be scanned, for example, the run-time is: 03:00, for the task, the back end will process the task at 3 am, so that the processing efficiency of the task can be improved. In one embodiment, in order that a user who submits a task or an administrator user can know the status of the task in time, the user may further input whether to email the processing status of the task in an "email notification" field in the visual interface, for example, the input information is: and if the mail notification is needed, after the back end processes the task, the processing result of the task is sent to the user in a mail mode. In an embodiment, in order to facilitate further analysis of the scanning result obtained by the executed vulnerability scanning task, so that the user can obtain the scanning result more clearly, the user may further input whether the obtained vulnerability scanning result needs to be analyzed in a "vulnerability analysis" field in the visual interface, for example, the information input by the user is: and if the vulnerability scanning result needs to be analyzed, counting various types of vulnerabilities contained in the scanning result after the vulnerability scanning result is obtained at the back end, and generating a visual vulnerability category map from the counting result.
In this embodiment, after receiving a vulnerability scanning task submitted by a user through a front end, the vulnerability scanning task may be stored in a task scheduling system, so that the processing of each vulnerability scanning task may be scheduled and distributed by the task scheduling system in the following, thereby improving the processing efficiency of the task.
In an exemplary embodiment, to facilitate management of the user, in this embodiment, the method further includes:
and configuring the operation authority of the user, wherein the operation authority comprises whether the user has the authority to submit the vulnerability scanning task.
In this embodiment, the operation permissions of the users may be configured in advance, where the operation permissions may include whether the users have permissions to submit the vulnerability scanning task. As an example, if a user has the right to submit the vulnerability scanning task, the vulnerability scanning task submitted by the user is stored only after the user provides the vulnerability scanning task through the front end; if the user does not have the authority to submit the vulnerability scanning task, when the user submits the task, a prompt message can be sent to remind the user that the user does not have the authority to submit the vulnerability scanning task, for example, a prompt message that you do not have the authority to submit the vulnerability scanning task and please contact an administrator xx is sent.
In an embodiment, the operation authority may further include information on whether the user can query the vulnerability scanning task, whether the user can operate the vulnerability scanning system, whether the user can delete the vulnerability scanning task, whether the user can modify or delete other users, and the like.
It can be understood that before configuring the operation authority of the user, an account and a password for logging in the system need to be configured for the user, and then the corresponding operation authority needs to be configured for the user.
And step S11, acquiring configuration information of a preset vulnerability scanning tool, and generating a Shell script according to the configuration information and the vulnerability scanning task.
Specifically, the configuration information is data that needs to be configured in advance to run the vulnerability scanning tool.
When the Shell script is generated, a template Shell script can be generated according to configuration information, the template Shell script can be used for realizing automatic configuration of a vulnerability scanning tool, after the template Shell script is generated, a code for automatically executing a vulnerability scanning task is added in the template Shell script, an object to be scanned contained in the vulnerability scanning task and address information of the object to be scanned are added in a corresponding position in the code, and therefore the Shell script is generated.
It should be noted that the corresponding position refers to a position for placing the default object to be scanned and the default address information of the object to be scanned.
And step S12, acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result.
Specifically, after the URL address of the object to be scanned is obtained, the object to be scanned may be obtained according to the URL address, and after the object to be scanned is obtained, the Shell script calls the vulnerability scanning tool to scan the object to be scanned, so as to obtain a vulnerability scanning result.
The Shell script is similar to batch processing under Windows/Dos, and is a program file which is conveniently executed at one time by putting various commands into a file in advance, and is mainly convenient for an administrator to set or manage. But it is more powerful than batch processing under Windows and more efficient than programs compiled with other programming programs, using commands under Linux/Unix.
The Shell script is a program written by utilizing the functions of the Shell, the program uses a plain text file, the grammar and the instructions of some shells are written in the program, and then the functions of regular representation, pipeline commands, data stream redirection and the like are used for achieving the processing purpose required by people. In this embodiment, the Shell script is used for calling a vulnerability scanning tool to execute a vulnerability scanning task, and an API (application program interface) for calling the vulnerability scanning tool and configuration information that needs to be set when the vulnerability scanning tool is started are packaged in the Shell script.
In this embodiment, the vulnerability scanning tool may be a burpesite tool, where the burpesite tool is a tool for testing Web security, and may help a user to comprehensively scan potential vulnerabilities in a terminal device through the tool.
In an exemplary embodiment, when the vulnerability scanning tool is a burpesite tool, calling the vulnerability scanning tool through the Shell script to scan the object to be scanned, and obtaining the vulnerability scanning result may include:
and calling the Burpesite tool through an application program interface of the Burpesite tool packaged in the Shell script to scan the object to be scanned to obtain a vulnerability scanning result, specifically, setting preset proxy monitoring through a preset class library in the tool and performing content packet capturing, and then analyzing the packet capturing content to obtain the vulnerability scanning result.
In this embodiment, through the application program interface of the burpesite tool encapsulated in the Shell script, the burpesite tool can be called through the application program interface to scan the object to be scanned, and the burpesite tool does not need to be encapsulated in the system in advance, so that the object to be scanned can be conveniently scanned by using the burpesite tool.
In an exemplary embodiment, when the vulnerability scanning task submitted by the user further includes the running time of the vulnerability scanning task, in order to perform scanning operation on the vulnerability scanning task at the running time set by the user, in this embodiment, after the vulnerability scanning task submitted by the user is received, a task scheduler may generate a timing scheduling task according to the running time. The task scheduler may be implemented by using various existing task scheduling frameworks, for example, the task scheduler is a Quartz task scheduler. The timing scheduling task is a task which is set according to the running time and is executed according to the running time. For example, if the running time is 02:00, the scheduled task is a task that needs to be executed at 02: 00.
The acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result comprises the following steps:
receiving a timing scheduling task execution operation instruction triggered by the task scheduler, and executing the following operations according to the timing scheduling task execution operation instruction:
and acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result.
In this embodiment, when the current system time is the running time, the task scheduler may automatically trigger a timing scheduling task to execute an operation instruction, and after receiving the operation instruction, may execute the scheduling task according to the operation instruction, specifically, may obtain the object to be scanned according to the address information, and call the vulnerability scanning tool through the Shell script to scan the object to be scanned, so as to obtain a vulnerability scanning result. And executing the vulnerability scanning task submitted by the user by executing the operation.
In an exemplary embodiment, in order to avoid that the vulnerability scanning task cannot be executed due to the fact that the system encounters some abnormal conditions, in this embodiment, when the vulnerability scanning tool is invoked by the Shell script and fails, a preset web automation tool may be started, so that the vulnerability scanning tool is invoked by the web automation tool to scan the object to be scanned, and a vulnerability scanning result is obtained.
The Web automation tool is used for automatically testing the Web application program, and can simulate user operation to call the vulnerability scanning tool to scan the object to be scanned.
In this embodiment, the Web automation tool may be a Selenium tool, which is a tool for Web application testing. The Selenium tool runs directly in the browser at test time, just as a real user is operating. In other embodiments of the present application, the web automation tool may also be a qtp (uft), RFT, watir tool, etc., which is not limited in this embodiment.
As an example, when parameters such as an object to be scanned and address information of the object to be scanned in the vulnerability scanning task do not meet the application program interface standard of the vulnerability scanning tool, the vulnerability scanning tool may be invoked by the Shell script in a failure manner.
And step S13, classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results.
Specifically, the vulnerabilities exist in different categories, including, for example, sensitive information leakage, XSS vulnerability attack, unauthorized access, SQL injection, plaintext transmission, background leakage vulnerability, design bug/logic error, upload vulnerability, CSRF cross-site request forgery, and the like. Therefore, in this embodiment, after the scanning is performed and the scanning result is obtained, the scanning result may be classified according to the category of the vulnerability, so as to obtain a vulnerability category classification result.
In an exemplary embodiment, after the vulnerability classification result is obtained, in order to facilitate a user to know the vulnerability classification more intuitively, a visual vulnerability classification graph can be generated according to the vulnerability classification result, and the vulnerability classification graph is returned to the front end for display.
The vulnerability category map may be a line graph, a bar graph, a pie graph, or the like, which is not limited in this embodiment.
In an exemplary embodiment, after the vulnerability classification result is obtained, the vulnerability classification result can be notified to the user through an email, a short message and the like, so that the user can know the vulnerability condition contained in the object to be scanned in time.
According to the method and the device, a vulnerability scanning task submitted by a user through a front end is obtained, wherein the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned; acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result; and classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results. According to the vulnerability scanning method, the vulnerability scanning tool is called in a Shell script mode, and a user does not need to manually configure the vulnerability scanning tool, so that configuration time can be saved, and vulnerability scanning efficiency is improved.
In an exemplary embodiment, the method further comprises:
and storing the execution record information generated when the timing scheduling task is executed into a database, wherein the execution record information comprises task identification information and task configuration information.
Specifically, the task identification information is information for uniquely distinguishing different vulnerability scanning tasks, and the task identification information may be a task ID. The task configuration information is information for configuring the vulnerability scanning tool.
In this embodiment, after the timing scheduling task is executed, in order to facilitate other users to submit the same vulnerability scanning task, the vulnerability scanning task may be quickly executed, and task identification information and task configuration information generated when the timing scheduling task is executed for the first time may be stored in the database. Therefore, when the vulnerability scanning task needs to be executed again, the task identification information of the task can be directly obtained from the database, so that the configuration information of the vulnerability scanning tool associated with the task can be further obtained according to the task identification information, and when the vulnerability scanning task is processed by adopting the vulnerability scanning tool, the vulnerability scanning tool can be directly configured according to the configuration information without adopting an artificial mode for configuring the vulnerability scanning tool by a user, so that the configuration time can be saved, and the vulnerability scanning efficiency is improved.
Referring to fig. 2, a schematic diagram of program modules of a vulnerability detection apparatus 200 (hereinafter referred to as "detection apparatus" 200) according to an embodiment of the present application is shown. The detection apparatus 200 may be applied to a computer device, which may be a mobile phone, a tablet personal computer (tablet personal computer), a laptop computer (laptop computer), a server, or other devices having a data transmission function. In this embodiment, the detection apparatus 200 may include or be divided into one or more program modules, and the one or more program modules are stored in a storage medium and executed by one or more processors to complete the present application and implement the vulnerability detection method. The program module referred to in the embodiments of the present application refers to a series of computer program instruction segments capable of performing specific functions, and is more suitable for describing the execution process of the vulnerability detection method in the storage medium than the program itself. In this embodiment, the vulnerability detection apparatus 200 includes an obtaining module 201, a scanning module 202 and a classifying module 203. The following description will specifically describe the functions of the program modules of the present embodiment:
the acquisition module 201 is configured to acquire a vulnerability scanning task submitted by a user through a front end, where the vulnerability scanning task includes an object to be scanned and address information of the object to be scanned.
Specifically, the object to be scanned may be a website that needs to be scanned or a file that needs to be scanned, and the like, which is not limited in this embodiment. The address information is information used to locate a storage location of the object to be scanned, and specifically, the address information may be a URL (Uniform Resource Locator) of the object to be scanned.
In this embodiment, a user may submit the vulnerability scanning task through a visual vulnerability scanning task submission interface provided at the front end. As an example, when submitting a vulnerability scanning task, a user may input an object to be scanned in a field of an "object to be scanned" in a visual interface, where the input vulnerability scanning object is, for example: and a website A. The user may also input the address of the object to be scanned in the "address information of the object to be scanned" field in the visual interface, for example, the input address information is: www.xxx.xxx are provided. In an embodiment, in order to more efficiently process the vulnerability scanning task at the backend, the user may also send a "run-time setting" field in the visual interface to set the processing time of the task to be scanned, for example, the run-time is: 03:00, for the task, the back end will process the task at 3 am, so that the processing efficiency of the task can be improved. In one embodiment, in order that a user who submits a task or an administrator user can know the status of the task in time, the user may further input whether to email the processing status of the task in an "email notification" field in the visual interface, for example, the input information is: and if the mail notification is needed, after the back end processes the task, the processing result of the task is sent to the user in a mail mode. In an embodiment, in order to facilitate further analysis of the scanning result obtained by the executed vulnerability scanning task, so that the user can obtain the scanning result more clearly, the user may further input whether the obtained vulnerability scanning result needs to be analyzed in a "vulnerability analysis" field in the visual interface, for example, the information input by the user is: and if the vulnerability scanning result needs to be analyzed, counting various types of vulnerabilities contained in the scanning result after the vulnerability scanning result is obtained at the back end, and generating a visual vulnerability category map from the counting result.
In this embodiment, after receiving a vulnerability scanning task submitted by a user through a front end, the vulnerability scanning task may be stored in a task scheduling system, so that the processing of each vulnerability scanning task may be scheduled and distributed by the task scheduling system in the following, thereby improving the processing efficiency of the task.
In an exemplary embodiment, in order to facilitate management of a user, in this embodiment, the vulnerability detection apparatus 200 further includes a configuration module.
The configuration module is used for configuring the operation authority of the user, wherein the operation authority comprises whether the user has the authority to submit the vulnerability scanning task.
In this embodiment, the operation permissions of the users may be configured in advance, where the operation permissions may include whether the users have permissions to submit the vulnerability scanning task. As an example, if a user has the right to submit the vulnerability scanning task, the vulnerability scanning task submitted by the user is stored only after the user provides the vulnerability scanning task through the front end; if the user does not have the authority to submit the vulnerability scanning task, when the user submits the task, a prompt message can be sent to remind the user that the user does not have the authority to submit the vulnerability scanning task, for example, a prompt message that you do not have the authority to submit the vulnerability scanning task and please contact an administrator xx is sent.
In an embodiment, the operation authority may further include information on whether the user can query the vulnerability scanning task, whether the user can operate the vulnerability scanning system, whether the user can delete the vulnerability scanning task, whether the user can modify or delete other users, and the like.
It can be understood that before configuring the operation authority of the user, an account and a password for logging in the system need to be configured for the user, and then the corresponding operation authority needs to be configured for the user.
The generating module 202 is configured to obtain configuration information of a preset vulnerability scanning tool, and generate a Shell script according to the configuration information and the vulnerability scanning task.
Specifically, the configuration information is data that needs to be configured in advance to run the vulnerability scanning tool.
When the Shell script is generated, a template Shell script can be generated according to configuration information, the template Shell script can be used for realizing automatic configuration of a vulnerability scanning tool, after the template Shell script is generated, a code for automatically executing a vulnerability scanning task is added in the template Shell script, an object to be scanned contained in the vulnerability scanning task and address information of the object to be scanned are added in a corresponding position in the code, and therefore the Shell script is generated.
It should be noted that the corresponding position refers to a position for placing the default object to be scanned and the default address information of the object to be scanned.
And the scanning module 203 is configured to obtain the object to be scanned according to the address information, and call the vulnerability scanning tool through the Shell script to scan the object to be scanned, so as to obtain a vulnerability scanning result.
Specifically, after the URL address of the object to be scanned is obtained, the object to be scanned may be obtained according to the URL address, and after the object to be scanned is obtained, the Shell script calls the vulnerability scanning tool to scan the object to be scanned, so as to obtain a vulnerability scanning result.
The Shell script is similar to batch processing under Windows/Dos, and is a program file which is conveniently executed at one time by putting various commands into a file in advance, and is mainly convenient for an administrator to set or manage. But it is more powerful than batch processing under Windows and more efficient than programs compiled with other programming programs, using commands under Linux/Unix.
The Shell script is a program written by utilizing the functions of the Shell, the program uses a plain text file, the grammar and the instructions of some shells are written in the program, and then the functions of regular representation, pipeline commands, data stream redirection and the like are used for achieving the processing purpose required by people. In this embodiment, the Shell script is used for calling a vulnerability scanning tool to execute a vulnerability scanning task, and an API (application program interface) for calling the vulnerability scanning tool and configuration information that needs to be set when the vulnerability scanning tool is started are packaged in the Shell script.
In this embodiment, the vulnerability scanning tool may be a burpesite tool, where the burpesite tool is a tool for testing Web security, and may help a user to comprehensively scan potential vulnerabilities in a terminal device through the tool.
In an exemplary embodiment, when the vulnerability scanning tool is a burpesite tool, calling the vulnerability scanning tool through the Shell script to scan the object to be scanned, and obtaining the vulnerability scanning result may include:
and calling the Burpesite tool through an application program interface of the Burpesite tool packaged in the Shell script to scan the object to be scanned to obtain a vulnerability scanning result, specifically, setting preset proxy monitoring through a preset class library in the tool and performing content packet capturing, and then analyzing the packet capturing content to obtain a vulnerability scanning result.
In this embodiment, through the application program interface of the burpesite tool encapsulated in the Shell script, the burpesite tool can be called through the application program interface to scan the object to be scanned, and the burpesite tool does not need to be encapsulated in the system in advance, so that the object to be scanned can be conveniently scanned by using the burpesite tool.
In an exemplary embodiment, when the vulnerability scanning task submitted by the user further includes the running time of the vulnerability scanning task, in order to perform scanning operation on the vulnerability scanning task at the running time set by the user, in this embodiment, after the vulnerability scanning task submitted by the user is received, a task scheduler may generate a timing scheduling task according to the running time. The task scheduler may be implemented by using various existing task scheduling frameworks, for example, the task scheduler is a Quartz task scheduler. The timing scheduling task is a task which is set according to the running time and is executed according to the running time. For example, if the running time is 02:00, the scheduled task is a task that needs to be executed at 02: 00.
The acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result comprises the following steps:
receiving a timing scheduling task execution operation instruction triggered by the task scheduler, and executing the following operations according to the timing scheduling task execution operation instruction:
and acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result.
In this embodiment, when the current system time is the running time, the task scheduler may automatically trigger a timing scheduling task to execute an operation instruction, and after receiving the operation instruction, may execute the scheduling task according to the operation instruction, specifically, may obtain the object to be scanned according to the address information, and call the vulnerability scanning tool through the Shell script to scan the object to be scanned, so as to obtain a vulnerability scanning result. And executing the vulnerability scanning task submitted by the user by executing the operation.
In an exemplary embodiment, in order to avoid that the vulnerability scanning task cannot be executed due to the fact that the system encounters some abnormal conditions, in this embodiment, when the vulnerability scanning tool is invoked by the Shell script and fails, a preset web automation tool may be started, so that the vulnerability scanning tool is invoked by the web automation tool to scan the object to be scanned, and a vulnerability scanning result is obtained.
The Web automation tool is used for automatically testing the Web application program, and can simulate user operation to call the vulnerability scanning tool to scan the object to be scanned.
In this embodiment, the Web automation tool may be a Selenium tool, which is a tool for Web application testing. The Selenium tool runs directly in the browser at test time, just as a real user is operating. In other embodiments of the present application, the web automation tool may also be a qtp (uft), RFT, watir tool, etc., which is not limited in this embodiment.
As an example, when parameters such as an object to be scanned and address information of the object to be scanned in the vulnerability scanning task do not meet the application program interface standard of the vulnerability scanning tool, the vulnerability scanning tool may be invoked by the Shell script in a failure manner.
The classification module 204 is configured to classify a plurality of vulnerabilities included in the vulnerability scanning result according to vulnerability categories, so as to obtain vulnerability category classification results.
Specifically, the vulnerabilities exist in different categories, including, for example, sensitive information leakage, XSS vulnerability attack, unauthorized access, SQL injection, plaintext transmission, background leakage vulnerability, design bug/logic error, upload vulnerability, CSRF cross-site request forgery, and the like. Therefore, in this embodiment, after the scanning is performed and the scanning result is obtained, the scanning result may be classified according to the category of the vulnerability, so as to obtain a vulnerability category classification result.
In an exemplary embodiment, after the vulnerability classification result is obtained, in order to facilitate a user to know the vulnerability classification more intuitively, a visual vulnerability classification graph can be generated according to the vulnerability classification result, and the vulnerability classification graph is returned to the front end for display.
The vulnerability category map may be a line graph, a bar graph, a pie graph, or the like, which is not limited in this embodiment.
In an exemplary embodiment, after the vulnerability classification result is obtained, the vulnerability classification result can be notified to the user through an email, a short message and the like, so that the user can know the vulnerability condition contained in the object to be scanned in time.
According to the method and the device, a vulnerability scanning task submitted by a user through a front end is obtained, wherein the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned; acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result; and classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results. According to the vulnerability scanning method, the vulnerability scanning tool is called in a Shell script mode, and a user does not need to manually configure the vulnerability scanning tool, so that configuration time can be saved, and vulnerability scanning efficiency is improved.
In an exemplary embodiment, the vulnerability detection apparatus 200 further includes a saving module.
The storage module is configured to store execution record information generated when the timing scheduling task is executed into a database, where the execution record information includes task identification information and task configuration information.
Specifically, the task identification information is information for uniquely distinguishing different vulnerability scanning tasks, and the task identification information may be a task ID. The task configuration information is information for configuring the vulnerability scanning tool.
In this embodiment, after the timing scheduling task is executed, in order to facilitate other users to submit the same vulnerability scanning task, the vulnerability scanning task may be quickly executed, and task identification information and task configuration information generated when the timing scheduling task is executed for the first time may be stored in the database. Therefore, when the vulnerability scanning task needs to be executed again, the task identification information of the task can be directly obtained from the database, so that the configuration information of the vulnerability scanning tool associated with the task can be further obtained according to the task identification information, and when the vulnerability scanning task is processed by adopting the vulnerability scanning tool, the vulnerability scanning tool can be directly configured according to the configuration information without adopting an artificial mode for configuring the vulnerability scanning tool by a user, so that the configuration time can be saved, and the vulnerability scanning efficiency is improved.
Fig. 3 is a schematic diagram of a hardware architecture of a computer device 300 according to an embodiment of the present application. In the present embodiment, the computer device 300 is a device capable of automatically performing numerical calculation and/or information processing according to an instruction set or stored in advance. As shown, the computer apparatus 300 includes, but is not limited to, at least a memory 301, a processor 302, and a network interface 303, which may be communicatively coupled to each other via a device bus. Wherein:
in this embodiment, the memory 301 includes at least one type of computer-readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a Programmable Read Only Memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 301 may be an internal storage unit of the computer device 300, such as a hard disk or a memory of the computer device 300. In other embodiments, the memory 301 may also be an external storage device of the computer device 300, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 300. Of course, the memory 301 may also include both internal and external storage devices for the computer device 300. In this embodiment, the memory 301 is generally used for storing the operating device installed in the computer device 300 and various application software, such as the program code of the vulnerability detection apparatus 200. In addition, the memory 301 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 302 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 302 generally serves to control the overall operation of the computer device 300. In this embodiment, the processor 302 is configured to run a program code stored in the memory 301 or process data, for example, run the vulnerability detection apparatus 200, so as to implement the vulnerability detection method in the above embodiments.
The network interface 303 may comprise a wireless network interface or a wired network interface, and the network interface 303 is generally used for establishing a communication connection between the computer apparatus 300 and other electronic devices. For example, the network interface 303 is used to connect the computer device 300 to an external terminal through a network, establish a data transmission channel and a communication connection between the computer device 300 and the external terminal, and the like. The network may be a wireless or wired network such as an Intranet (Intranet), the Internet (Internet), a Global System of Mobile communication (GSM), Wideband Code Division Multiple Access (WCDMA), 4G network, 5G network, Bluetooth (Bluetooth), Wi-Fi, and the like.
It is noted that fig. 3 only shows the computer device 300 with components 301 and 303, but it is to be understood that not all of the shown components are required to be implemented, and that more or less components may be implemented instead.
In this embodiment, the vulnerability detection apparatus 200 stored in the memory 301 may also be divided into one or more program modules, and the one or more program modules are stored in the memory 301 and executed by one or more processors (in this embodiment, the processor 302) to complete the vulnerability detection method of the present application.
The present embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which when executed by a processor implements corresponding functions. The computer readable storage medium of the embodiment is used for storing the vulnerability detection apparatus 200, so as to implement the vulnerability detection method of the present application when being executed by a processor.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.
Claims (10)
1. A vulnerability detection method is characterized by comprising the following steps:
acquiring a vulnerability scanning task submitted by a user through a front end, wherein the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned;
acquiring configuration information of a preset vulnerability scanning tool, and generating a Shell script according to the configuration information and the vulnerability scanning task;
acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result;
and classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results.
2. The vulnerability detection method according to claim 1, wherein the calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result comprises:
and when the vulnerability scanning tool is called by the Shell script and fails, starting a preset web automation tool, so that the vulnerability scanning tool is called by the web automation tool to scan the object to be scanned, and obtaining a vulnerability scanning result.
3. The vulnerability detection method according to claim 1, wherein the vulnerability scanning tool is a Burpesite tool, and the obtaining of the vulnerability scanning result by calling the vulnerability scanning tool through the Shell script to scan the object to be scanned comprises:
and calling the Burpesite tool through an application program interface of the Burpesite tool packaged in the Shell script to scan the object to be scanned, so as to obtain a vulnerability scanning result.
4. The vulnerability detection method of claim 1, wherein the vulnerability scanning task further comprises a runtime, the method further comprising:
generating a timing scheduling task according to the running time through a task scheduler;
the acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result comprises the following steps:
receiving a timing scheduling task execution operation instruction triggered by the task scheduler, and executing the following operations according to the timing scheduling task execution operation instruction:
and acquiring the object to be scanned according to the address information, and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned to obtain a vulnerability scanning result.
5. The vulnerability detection method of claim 1, wherein the method further comprises:
and configuring the operation authority of the user, wherein the operation authority comprises whether the user has the authority to submit the vulnerability scanning task.
6. The vulnerability detection method of claim 4, wherein the method further comprises:
and storing the execution record information generated when the timing scheduling task is executed into a database, wherein the execution record information comprises task identification information and task configuration information.
7. The vulnerability detection method of any of claims 1 to 6, the method further comprising:
and generating a visual vulnerability category map according to the vulnerability category classification result, and returning the vulnerability category map to the front end for displaying.
8. A vulnerability detection apparatus, comprising:
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a vulnerability scanning task submitted by a user through a front end, and the vulnerability scanning task comprises an object to be scanned and address information of the object to be scanned;
the generation module is used for acquiring configuration information of a preset vulnerability scanning tool and generating a Shell script according to the configuration information and the vulnerability scanning task;
the scanning module is used for acquiring the object to be scanned according to the address information and calling the vulnerability scanning tool through the Shell script to scan the object to be scanned so as to obtain a vulnerability scanning result;
and the classification module is used for classifying a plurality of vulnerabilities contained in the vulnerability scanning result according to vulnerability categories to obtain vulnerability category classification results.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the vulnerability detection method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, having stored thereon a computer program which is executable by at least one processor to cause the at least one processor to perform the steps of the vulnerability detection method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110724656.8A CN113378180A (en) | 2021-06-29 | 2021-06-29 | Vulnerability detection method and device, computer equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110724656.8A CN113378180A (en) | 2021-06-29 | 2021-06-29 | Vulnerability detection method and device, computer equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113378180A true CN113378180A (en) | 2021-09-10 |
Family
ID=77579743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110724656.8A Pending CN113378180A (en) | 2021-06-29 | 2021-06-29 | Vulnerability detection method and device, computer equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113378180A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826756A (en) * | 2022-05-10 | 2022-07-29 | 深信服科技股份有限公司 | WEB vulnerability detection method and related components |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140196029A1 (en) * | 2013-01-10 | 2014-07-10 | VCE Company LLC | Scripting language executor service for applications |
| CN105117262A (en) * | 2015-09-11 | 2015-12-02 | 北京京东尚科信息技术有限公司 | Automated task execution method |
| CN106980518A (en) * | 2017-03-23 | 2017-07-25 | 成都锐成芯微科技股份有限公司 | The method that technological design files in batch is checked |
| CN109284147A (en) * | 2018-09-06 | 2019-01-29 | 平安科技(深圳)有限公司 | A kind of plug-in unit adaptation method and device |
| CN112565298A (en) * | 2020-12-25 | 2021-03-26 | 北京知道创宇信息技术股份有限公司 | Vulnerability scanning method and device and electronic equipment |
-
2021
- 2021-06-29 CN CN202110724656.8A patent/CN113378180A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140196029A1 (en) * | 2013-01-10 | 2014-07-10 | VCE Company LLC | Scripting language executor service for applications |
| CN105117262A (en) * | 2015-09-11 | 2015-12-02 | 北京京东尚科信息技术有限公司 | Automated task execution method |
| CN106980518A (en) * | 2017-03-23 | 2017-07-25 | 成都锐成芯微科技股份有限公司 | The method that technological design files in batch is checked |
| CN109284147A (en) * | 2018-09-06 | 2019-01-29 | 平安科技(深圳)有限公司 | A kind of plug-in unit adaptation method and device |
| CN112565298A (en) * | 2020-12-25 | 2021-03-26 | 北京知道创宇信息技术股份有限公司 | Vulnerability scanning method and device and electronic equipment |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114826756A (en) * | 2022-05-10 | 2022-07-29 | 深信服科技股份有限公司 | WEB vulnerability detection method and related components |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10409711B2 (en) | Automatically running tests against WEB APIs based on specifications | |
| US9158918B2 (en) | Method and apparatus for determining malicious program | |
| CN110929264B (en) | Vulnerability detection method and device, electronic equipment and readable storage medium | |
| US20150371040A1 (en) | Method, Device And System For Processing Notification Bar Message | |
| CN112039900B (en) | Network security risk detection method, system, computer device and storage medium | |
| CN108664793B (en) | Method and device for detecting vulnerability | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN110866258B (en) | Rapid vulnerability positioning method, electronic device and storage medium | |
| CN111835756B (en) | APP privacy compliance detection method and device, computer equipment and storage medium | |
| CN110059007B (en) | System vulnerability scanning method and device, computer equipment and storage medium | |
| KR20110128632A (en) | Method and device for detecting malicious action of application program for smartphone | |
| CN111198797B (en) | Operation monitoring method and device and operation analysis method and device | |
| CN111241565A (en) | File control method and device, electronic equipment and storage medium | |
| CN112035354A (en) | Method, device and equipment for positioning risk code and storage medium | |
| CN109460653B (en) | Rule engine based verification method, verification device, storage medium and apparatus | |
| CN112579453A (en) | Task testing method, device, equipment and storage medium | |
| CN112953896A (en) | Playback method and device of log message | |
| CN110727595B (en) | Application login interface identification method, intelligent terminal and storage medium | |
| CN108121606B (en) | Method and device for generating coded data based on joint debugging interface | |
| CN113378180A (en) | Vulnerability detection method and device, computer equipment and readable storage medium | |
| CN112558982B (en) | Code detection method and device and computer equipment | |
| WO2019127043A1 (en) | Terminal device control method and terminal device | |
| CN113362173A (en) | Anti-duplication mechanism verification method, anti-duplication mechanism verification system, electronic equipment and storage medium | |
| CN113162937A (en) | Application safety automatic detection method, system, electronic equipment and storage medium | |
| WO2018140167A1 (en) | Safe data access through any data channel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |