CN113422759B - Vulnerability scanning method, electronic device and storage medium - Google Patents
Vulnerability scanning method, electronic device and storage medium Download PDFInfo
- Publication number
- CN113422759B CN113422759B CN202110647963.0A CN202110647963A CN113422759B CN 113422759 B CN113422759 B CN 113422759B CN 202110647963 A CN202110647963 A CN 202110647963A CN 113422759 B CN113422759 B CN 113422759B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- scanning
- information
- target
- asset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The application relates to a vulnerability scanning method, an electronic device and a storage medium, wherein asset information to be scanned is acquired, wherein the asset information comprises address information of an access target carrying a target vulnerability; acquiring a vulnerability scanning configuration file, wherein the vulnerability scanning configuration file comprises at least one item of scanning strategy information for detecting a target vulnerability; scanning asset information to be scanned in a preset scanning engine based on a vulnerability scanning configuration file to obtain a first scanning result, wherein the first scanning result comprises vulnerability information of a target vulnerability; the method has the advantages that the hole leakage information is detected in the first scanning result, whether the target hole exists or not is judged according to the hole leakage information, the hole leakage scanning result is determined, the problems that the deployment efficiency of the scanning strategy is low and the accuracy of the scanning result is low are solved, and the deployment efficiency of the scanning strategy and the accuracy of the scanning result are improved.
Description
Technical Field
The present application relates to the field of vulnerability scanning technologies, and in particular, to a vulnerability scanning method, an electronic device, and a storage medium.
Background
The 0day vulnerability is defined as a vulnerability detected for the first time, and the Nday vulnerability is defined as a vulnerability in a publishing stage (detected vulnerability). Some 0day bugs may transform into Nday bugs if not fixed in time, nday bugs tend to be more harmful, and over time, the harmfulness and the range of harmfulness may increase greatly, which may cause an unforeseen harm to assets that ignore the Nday bugs.
The method comprises the steps that the Nday vulnerability scanning is a continuous process, in the related technology, a uniform and effective Nday vulnerability scanning tool does not exist, the existing Nday vulnerability scanning is realized through a small tool, a WEB vulnerability scanning engine and a host vulnerability scanning engine, and the small tool cannot dynamically associate vulnerabilities with user assets; the cost consumed by the WEB vulnerability scanning engine and the host vulnerability scanning engine is huge, and when the Nday vulnerability is scanned, the asset information is crawled, so that vulnerability scanning resources are wasted.
Meanwhile, in the related art, a scanning engine needs to embed a scanning strategy into the scanning engine to complete scanning of a corresponding vulnerability, and when a new vulnerability is generated, the scanning strategy needs to be uploaded and updated one by one for each scanning node.
In addition, after the conventional vulnerability scanning method obtains the scanning result, the scanning result needs to be manually rechecked to determine whether the vulnerability really exists.
Aiming at the problems of low deployment efficiency of scanning strategies and low accuracy of scanning results in the related art, no effective solution is provided at present.
Disclosure of Invention
The embodiment provides a vulnerability scanning method, an electronic device and a storage medium, so as to solve the problems of low deployment efficiency of a scanning strategy and low accuracy of a scanning result in the related art.
In a first aspect, in this embodiment, a vulnerability scanning method is provided, including:
acquiring asset information to be scanned, wherein the asset information comprises address information of an access target carrying a target vulnerability;
acquiring a vulnerability scanning configuration file, wherein the vulnerability scanning configuration file comprises at least one item of scanning strategy information for detecting the target vulnerability;
scanning the asset information to be scanned in a preset scanning engine based on the vulnerability scanning configuration file to obtain a first scanning result, wherein the first scanning result comprises vulnerability information of the target vulnerability;
and detecting the vulnerability information in the first scanning result, judging whether the target vulnerability exists according to the vulnerability information, and determining a vulnerability scanning result.
In some embodiments, before obtaining the vulnerability scanning configuration file, the method further comprises:
and acquiring scanning strategy information corresponding to the target vulnerability, and configuring by taking at least one item of scanning strategy information as a unit to obtain the vulnerability scanning configuration file.
In some embodiments, the vulnerability scanning configuration file also carries asset type information; in a preset scanning engine, scanning the asset information to be scanned based on the vulnerability scanning configuration file, and obtaining a first scanning result comprises:
acquiring the asset type information, and detecting first asset information corresponding to the asset type information in the asset information to be scanned, wherein the asset type information comprises one of the following: WEB asset type information, host asset type information;
generating an HTTP request message according to the first asset information and the scanning strategy information;
and sending the HTTP request message to the access target corresponding to the address information, and determining the first scanning result according to the acquired HTTP response message responding to the HTTP request message.
In some embodiments, determining the first scanning result according to the obtained HTTP response message responding to the HTTP request message includes:
detecting whether a target vulnerability exists in the HTTP response message according to the scanning strategy information;
acquiring vulnerability information corresponding to the target vulnerability under the condition that the target vulnerability is detected, and generating the first scanning result according to the vulnerability information and the asset information, wherein the asset information at least comprises the address information;
and under the condition that the target vulnerability cannot be detected, determining that the first scanning result comprises the asset information to be scanned without vulnerability.
In some embodiments, the obtaining vulnerability information of the target vulnerability includes:
analyzing the HTTP response message to obtain HTTP response content;
extracting a target script from the HTTP response content, and obtaining a page after executing the target script, wherein the page comprises a corresponding page popup window when the target vulnerability is triggered;
intercepting the page popup window in the page to obtain a page screenshot;
and determining position information corresponding to the target vulnerability according to the page screenshot, and taking the page screenshot and the position information as the vulnerability information corresponding to the target vulnerability.
In some embodiments, the detecting the vulnerability information in the first scanning result, and determining whether the target vulnerability exists according to the vulnerability information includes:
acquiring the vulnerability information, and detecting the page screenshot in the vulnerability information;
under the condition that the page screenshot is detected, determining that the vulnerability scanning result comprises that the asset information to be scanned has a vulnerability;
and under the condition that the page screenshot is not detected, really detecting the vulnerability scanning result by mistake, wherein the vulnerability scanning result comprises vulnerability false detection.
In some embodiments, after determining that the vulnerability scanning result includes that the asset information to be scanned has a vulnerability, the method further includes:
and acquiring a preset knowledge base corresponding to the target vulnerability, and sending the preset knowledge base to the access target corresponding to the asset information, wherein the preset knowledge base carries vulnerability information of the target vulnerability, influence to be caused by the target vulnerability and first detection time of the target vulnerability.
In some embodiments, the vulnerability scanning configuration file further carries a preset network protocol, and sending the HTTP request packet to the access target corresponding to the address information includes: and detecting the preset network protocol in the vulnerability scanning configuration file, and sending the HTTP request message to the access target according to the detected preset network protocol.
In a second aspect, an electronic device is provided in this embodiment, and includes a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the computer program to perform the vulnerability scanning method according to the first aspect.
In a third aspect, in this embodiment, a computer-readable storage medium is provided, on which a computer program is stored, and in some embodiments, the computer program implements the steps of the vulnerability scanning method according to the first aspect when executed by a processor.
Compared with the related art, the vulnerability scanning method, the electronic device and the storage medium provided in the embodiment acquire asset information to be scanned, wherein the asset information includes address information of an access target carrying a target vulnerability; acquiring a vulnerability scanning configuration file, wherein the vulnerability scanning configuration file comprises at least one item of scanning strategy information for detecting a target vulnerability; scanning asset information to be scanned in a preset scanning engine based on a vulnerability scanning configuration file to obtain a first scanning result, wherein the first scanning result comprises vulnerability information of a target vulnerability; the method comprises the steps of detecting hole leakage information in a first scanning result, judging whether a target hole exists according to the hole leakage information, and determining a hole leakage scanning result, so that the problems of low deployment efficiency of scanning strategies and low accuracy of scanning results in the related technology are solved, and the low deployment efficiency of the scanning strategies and the accuracy of the scanning results are improved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
fig. 1 is a block diagram of a hardware structure of a terminal of the vulnerability scanning method according to the embodiment;
FIG. 2 is a flowchart of a vulnerability scanning method of the embodiment;
fig. 3 is a block diagram of a vulnerability scanning apparatus according to an embodiment of the present application;
FIG. 4 is a schematic structural diagram of a vulnerability scanning configuration in a preferred embodiment of the present application;
fig. 5 is a flowchart illustrating the use of vulnerability scanning configuration according to an embodiment of the present application.
Detailed Description
For a clearer understanding of the objects, aspects and advantages of the present application, reference is made to the following description and accompanying drawings.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of describing the invention (including a reference to the context of the specification and claims) are to be construed to cover both the singular and the plural, as well as the singular and plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference throughout this application to "connected," "coupled," and the like is not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes an association relationship of associated objects, meaning that three relationships may exist, for example, "A and/or B" may mean: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". Reference in the present application to the terms "first," "second," "third," etc., merely distinguish between similar objects and do not denote a particular order or importance to the objects.
The method embodiments provided in the present embodiment may be executed in a terminal, a computer, or a similar computing device. For example, the vulnerability scanning method is executed on a terminal, and fig. 1 is a block diagram of a hardware structure of the terminal of the vulnerability scanning method according to the embodiment. As shown in fig. 1, the terminal may include one or more processors 102 (only one shown in fig. 1) and a memory 104 for storing data, wherein the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA. The terminal may also include a transmission device 106 for communication functions and an input-output device 108. It will be understood by those of ordinary skill in the art that the structure shown in fig. 1 is merely an illustration and is not intended to limit the structure of the terminal described above. For example, the terminal may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 may be used to store a computer program, for example, a software program and a module of application software, such as a computer program corresponding to the vulnerability scanning method in the present embodiment, and the processor 102 executes various functional applications and data processing by running the computer program stored in the memory 104, so as to implement the method described above. The memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used to receive or transmit data via a network. The network described above includes a wireless network provided by a communication provider of the terminal. In one example, the transmission device 106 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used to communicate with the internet via wireless.
In this embodiment, a vulnerability scanning method is provided, and fig. 2 is a flowchart of the vulnerability scanning method of this embodiment, and as shown in fig. 2, the flowchart includes the following steps:
step S201, asset information to be scanned is obtained, wherein the asset information comprises address information of an access target carrying a target vulnerability.
In this embodiment, the asset refers to a World Wide WEB (WEB) asset or a host asset owned by a user, and the Address information of the access target refers to Address information including one or a combination of multiple types of IP (Internet Protocol Address), a domain name, a port, and a Protocol.
In this embodiment, for WEB asset vulnerability scanning, asset information appears in the form of a protocol + domain name or a protocol + IP + port, and for host asset vulnerability scanning, asset information appears in the form of a domain name or an IP. Such as web: http:// www.baidu.com.cn, http://127.0.0.1:8080, a host: 127.0.0.1, www.baidu.com.cn.
In this embodiment, the target vulnerability includes an Nday vulnerability, and the asset corresponding to the asset information to be scanned may have the target vulnerability.
Step S202, acquiring a vulnerability scanning configuration file, wherein the vulnerability scanning configuration file comprises at least one item of scanning strategy information for detecting a target vulnerability.
In this embodiment, the vulnerability scanning configuration file is not built in the preset scanning engine, but when vulnerability scanning is required to be performed on some assets, the vulnerability scanning configuration file and asset information are sent to the preset scanning engine.
In this embodiment, the scanning policy information defines a packet sending logic and a packet receiving logic of a preset scanning engine in a vulnerability scanning process, where the packet sending logic is a logic for sending an HTTP request message to a target object, and the packet receiving logic is a logic for receiving a returned HTTP response message from the target object.
The scanning strategy information of the embodiment is directed to detected vulnerabilities (Nday vulnerabilities), each profile contains one or more scanning strategies, and the profiles are independent of each other. When a scanning strategy of a certain detected vulnerability needs to be updated, only the vulnerability scanning configuration file corresponding to the scanning strategy information is needed to be updated, and all vulnerability scanning configuration files do not need to be updated.
In this embodiment, the format of the vulnerability scanning configuration file includes a yml file format to improve readability of the vulnerability scanning configuration file, where the yml file format is a format for expressing data serialization.
Step S203, scanning asset information to be scanned based on a vulnerability scanning configuration file in a preset scanning engine to obtain a first scanning result, wherein the first scanning result comprises vulnerability information of a target vulnerability.
In this embodiment, when some assets need to be subjected to vulnerability scanning, the vulnerability scanning configuration file and asset information are sent to the preset scanning engine, and the preset scanning engine reads the scanning strategy information of the vulnerability scanning configuration file and executes a specific vulnerability scanning task.
It should be noted that, generally, a scan engine in the related art performs link crawling first, and then performs vulnerability scanning on the links, but the scan engine cannot acquire all sub-domain names under the user assets, and vulnerabilities may exist under the sub-domain names, and crawling is necessary to acquire the sub-domain names, but crawling causes problems of low scanning efficiency and high resource consumption. In the embodiment, vulnerability scanning is performed according to the given asset information to be scanned, and link crawling is not required.
Step S204, detecting hole leakage information in the first scanning result, judging whether a target hole exists according to the hole leakage information, and determining a hole leakage scanning result.
In this embodiment, the vulnerability information is characteristic information capable of embodying a vulnerability, and when a first scanning result obtained by vulnerability scanning policy detection may have a false positive, the vulnerability information is detected in the first scanning result to verify whether a target vulnerability exists, so as to reduce the false positive.
Through the steps S201 to S204, asset information to be scanned is acquired, wherein the asset information includes address information of an access target carrying a target vulnerability; acquiring a vulnerability scanning configuration file, wherein the vulnerability scanning configuration file comprises at least one item of scanning strategy information for detecting a target vulnerability; scanning asset information to be scanned in a preset scanning engine based on a vulnerability scanning configuration file to obtain a first scanning result, wherein the first scanning result comprises vulnerability information of a target vulnerability; the leak information is detected in the first scanning result, whether the target leak exists is judged according to the leak information, the leak scanning result is determined, independent and dynamic configuration of scanning strategy information and light weight and quick response of a scanning engine are achieved, the problem that the cost of scanning strategy deployment and maintenance is high is solved, the cost of scanning strategy deployment and maintenance is reduced, the operation of manually re-checking the scanning result to determine whether the leak really exists is saved, and the accuracy of leak scanning is improved.
In some embodiments, before obtaining the vulnerability scanning configuration file, the following steps are further implemented:
step 1, scanning strategy information corresponding to a target vulnerability is obtained.
And 2, configuring by taking at least one item of scanning strategy information as a unit to obtain a vulnerability scanning configuration file.
In this embodiment, scanning policy information is set for a detected vulnerability (Nday vulnerability), and one or more items of scanning policy information are written into vulnerability scanning configuration files, each configuration file contains one or more items of scanning policies, and the configuration files are independent of each other. When a scanning strategy of a detected bug needs to be updated, only the bug scanning configuration file corresponding to the scanning strategy information needs to be updated, and all bug scanning configuration files do not need to be updated.
Scanning strategy information corresponding to the target vulnerability is obtained in the steps; and configuring by taking at least one item of scanning strategy information as a unit to obtain a vulnerability scanning configuration file, thereby realizing the dynamic configuration of the vulnerability scanning strategy.
In some embodiments, the vulnerability scanning configuration file also carries asset type information; in a preset scanning engine, scanning asset information to be scanned based on a vulnerability scanning configuration file, and obtaining a first scanning result is realized through the following steps:
step 1, acquiring asset type information, and detecting first asset information corresponding to the asset type information in asset information to be scanned, wherein the asset type information comprises one of the following: WEB asset type information, host asset type information.
And 2, generating an HTTP request message according to the first asset information and the scanning strategy information.
And 3, sending the HTTP request message to an access target corresponding to the address information, and determining a first scanning result according to the acquired HTTP response message responding to the HTTP request message.
In this embodiment, when configuring the scanning policy, the asset type information is written into a specific field of the configuration file, and the scanning engine obtains the asset type information by reading the specific field of the configuration file, and distinguishes the scanning policy by using the asset type information as a category, and allocates the scanning policy to the corresponding asset.
In this embodiment, the asset type information includes WEB asset type information and host asset type information, and if the asset type information carried in a certain configuration file is WEB asset type information, the scanning policy included in the configuration file is allocated to the WEB asset, and if the asset type information carried in a certain configuration file is host asset type information, the scanning policy included in the configuration file is allocated to the host asset.
In this embodiment, the process of matching the asset information and the scanning policy is a policy routing process, and the scanning engine automatically executes policy routing according to the above principle after receiving the plurality of assets and the plurality of scanning policies, thereby implementing intelligent distribution scanning of the plurality of policies and the plurality of assets.
In this embodiment, a dependency package related to an aviator expression may be introduced into a scanning engine, and the aviator expression engine is generated to quickly read a scanning policy in a configuration file.
The dependency package introduced by the initiator expression engine occupies little space, is flexible in configuration, supports the user-defined function, and consumes little machine resources during operation.
In this embodiment, the HTTP request packet refers to a complete packet assembled by the scanning engine after reading the packet sending logic of the configuration file, and the HTTP request packet is sent to the corresponding asset according to the preset network protocol by reading the preset network protocol carried by the configuration file, where the protocols supported by the packet include, but are not limited to, GET protocol, POST protocol, PUT protocol, DELETE protocol, TCP protocol, and UDP protocol. The method comprises the steps of sending an HTTP request message to an asset (the asset appears in a url link form) possibly having an Nday vulnerability, obtaining an HTTP response message, and determining whether the asset has the Nday vulnerability after taking the HTTP response message, so that a vulnerability scanning result is obtained.
Through the acquisition of the asset type information in the steps, first asset information corresponding to the asset type information is detected in the asset information to be scanned, wherein the asset type information comprises one of the following: WEB asset type information, host asset type information; generating an HTTP request message according to the first asset information and the scanning strategy information; and sending the HTTP request message to an access target corresponding to the address information, and determining a first scanning result according to the acquired HTTP response message responding to the HTTP request message, thereby realizing automatic routing of the asset information to be scanned and the scanning strategy information and intelligent distribution scanning of multi-strategy and multi-asset.
In some embodiments, determining the first scanning result according to the obtained HTTP response message in response to the HTTP request message is implemented by:
step 1, detecting whether a target vulnerability exists in an HTTP response message according to scanning strategy information.
And 2, acquiring vulnerability information corresponding to the target vulnerability under the condition that the target vulnerability is detected, and generating a first scanning result according to the vulnerability information and the asset information, wherein the asset information at least comprises address information.
And 3, under the condition that the target vulnerability cannot be detected, determining that the first scanning result comprises the asset information to be scanned without vulnerability.
In this embodiment, the scanning policy information includes, but is not limited to, a vulnerability test packet, a vulnerability detection rule, and a dns resolution rule, where the vulnerability test packet defines a logic for testing a vulnerability, the vulnerability detection rule defines a logic for detecting a vulnerability, and the dns resolution rule defines a logic for resolving an address corresponding to a domain name from an HTTP response packet. A vulnerability test packet can be used for testing whether a target vulnerability exists in the assets to be scanned, under the condition that the target vulnerability exists, a vulnerability detection rule is used for detecting the target vulnerability, a dns analysis rule is used for analyzing an address corresponding to a domain name, vulnerability information and asset information are collected, and a first scanning result is generated.
Detecting whether a target vulnerability exists in the HTTP response message according to the scanning strategy information in the steps; acquiring vulnerability information corresponding to a target vulnerability under the condition that the target vulnerability is detected, and generating a first scanning result according to the vulnerability information and asset information; and under the condition that the target vulnerability cannot be detected, determining that the first scanning result comprises the asset information to be scanned without vulnerability, and realizing vulnerability scanning.
In some embodiments, obtaining vulnerability information of a target vulnerability is achieved by:
step 1, analyzing an HTTP response message to obtain HTTP response content;
step 2, extracting a target script from the HTTP response content, and obtaining a page after executing the target script, wherein the page comprises a corresponding page popup window when the target vulnerability is triggered;
step 3, intercepting a corresponding page popup window when the target vulnerability is triggered in the page to obtain a page screenshot;
and 4, determining position information corresponding to the target vulnerability according to the page screenshot, and taking the page screenshot and the position information as vulnerability information corresponding to the target vulnerability.
For example, for an XSS (cross site scripting) vulnerability, a popup typically appears on a browser page after the vulnerability is triggered, and this feature information can prove that the XSS vulnerability really exists. The screenshot function can be realized by using a screenshot program.
Analyzing the HTTP response message in the steps to obtain HTTP response content; extracting a target script from the HTTP response content, and obtaining a page after executing the target script, wherein the page comprises a corresponding page popup window when the target vulnerability is triggered; intercepting a corresponding page popup window when a target vulnerability is triggered in a page to obtain a page screenshot; and determining position information corresponding to the target vulnerability according to the page screenshot, and using the page screenshot and the position information as vulnerability information corresponding to the target vulnerability, thereby realizing the vulnerability re-inspection function.
In some embodiments, a phantomjs rendering mode can be further adopted to accurately position the position of the vulnerability. Phantomjs is a programmable headless browser.
In some embodiments, hole leakage information is detected in the first scanning result, whether a target hole exists is judged according to the hole leakage information, and the hole leakage scanning result is determined by the following steps:
step 1, acquiring vulnerability information, and detecting a page screenshot in the vulnerability information;
step 2, under the condition that the page screenshot is detected, determining that the vulnerability scanning result comprises the vulnerability existing in the asset information to be scanned;
and 3, under the condition that the page screenshot is not detected, really detecting the vulnerability scanning result by mistake.
And the page popup is subjected to screenshot through a screenshot program built in the scanning engine, and the scanning result does not need to be manually rechecked to determine whether the vulnerability really exists. By verifying whether the vulnerability really exists or not, the vulnerability scanning accuracy can be improved.
Acquiring vulnerability information through the steps, and detecting a page screenshot in the vulnerability information; under the condition that the page screenshot is detected, determining that the vulnerability scanning result comprises that the asset information to be scanned has a vulnerability; under the condition that the page screenshot is not detected, the vulnerability scanning result comprises vulnerability false detection, and vulnerability scanning accuracy is improved.
In some embodiments, after determining that the vulnerability scanning result includes that the asset information to be scanned has a vulnerability, the method further includes:
the method comprises the steps of obtaining a preset knowledge base corresponding to a target vulnerability, and sending the preset knowledge base to an access target corresponding to asset information, wherein the preset knowledge base carries vulnerability information of the target vulnerability, influence to be caused by the target vulnerability and first detection time of the target vulnerability.
In the embodiment, the preset knowledge base is sent to the user corresponding to the asset information, so that the user can repair the vulnerability in time according to the vulnerability scanning result, and the loss caused by the vulnerability is reduced.
The preset knowledge base corresponding to the target vulnerability is obtained, and the preset knowledge base is sent to the access target corresponding to the asset information, wherein the preset knowledge base carries vulnerability information of the target vulnerability, the influence of the target vulnerability to be caused, and the first detection time of the target vulnerability, so that the effect of timely informing a user that the vulnerability needs to be repaired in time is achieved, and the loss caused by the vulnerability is reduced.
In some embodiments, the vulnerability scanning configuration file further carries a preset network protocol, and the sending of the HTTP request packet to the access target corresponding to the address information is implemented by the following steps:
and detecting a preset network protocol in the vulnerability scanning configuration file, and sending the HTTP request message to an access target according to the detected preset network protocol.
And sending an HTTP request message to the corresponding asset according to the preset network protocol by reading the preset network protocol carried by the configuration file, wherein the protocol supported by the message comprises but is not limited to GET protocol, POST protocol, PUT protocol, DELETE protocol, TCP protocol and UDP protocol.
Through the steps, the preset network protocol is detected in the vulnerability scanning configuration file, and the HTTP request message is sent to the access target according to the detected preset network protocol, so that the compatibility of vulnerability scanning to different network protocols is improved.
With reference to the vulnerability scanning method of the foregoing embodiment, a vulnerability scanning apparatus is further provided in this embodiment, and fig. 3 is a block diagram of a vulnerability scanning apparatus according to an embodiment of the present application, and as shown in fig. 3, the apparatus includes:
the first obtaining module 31 is configured to obtain asset information to be scanned, where the asset information includes address information of an access target that carries a target vulnerability;
a second obtaining module 32, configured to obtain a vulnerability scanning configuration file, where the vulnerability scanning configuration file includes at least one item of scanning policy information for detecting a target vulnerability;
the scanning module 33 is coupled to the first obtaining module 31 and the second obtaining module 32, and configured to scan, in a preset scanning engine, asset information to be scanned based on a vulnerability scanning configuration file to obtain a first scanning result, where the first scanning result includes vulnerability information of a target vulnerability;
and the detection module 34, coupled to the scanning module 33, is configured to detect hole-leaking information in the first scanning result, determine whether a target hole exists according to the hole-leaking information, and determine a hole-scanning result.
In some of these embodiments, the apparatus further comprises: and the third acquisition module is used for acquiring scanning strategy information corresponding to the target vulnerability and configuring the scanning strategy information by taking at least one item of scanning strategy information as a unit to obtain a vulnerability scanning configuration file.
In some of these embodiments, the scanning module 33 includes:
the device comprises a first acquisition unit, a second acquisition unit and a scanning unit, wherein the first acquisition unit is used for acquiring asset type information and detecting first asset information corresponding to the asset type information in the asset information to be scanned, and the asset type information comprises one of the following items: WEB asset type information, host asset type information;
the generating unit is used for generating an HTTP request message according to the first asset information and the scanning strategy information;
and the first determining unit is used for sending the HTTP request message to an access target corresponding to the address information and determining a first scanning result according to the acquired HTTP response message responding to the HTTP request message.
In some of these embodiments, the scanning module 33 includes:
the detection unit is used for detecting whether a target vulnerability exists in the HTTP response message according to the scanning strategy information;
the device comprises a generating unit, a processing unit and a processing unit, wherein the generating unit is used for acquiring vulnerability information corresponding to a target vulnerability under the condition that the target vulnerability is detected, and generating a first scanning result according to the vulnerability information and asset information, wherein the asset information at least comprises address information;
and the second determining unit is used for determining that the first scanning result comprises the asset information to be scanned without loopholes under the condition that the target loopholes cannot be detected.
In some of these embodiments, the second obtaining module 32 includes:
the analysis unit is used for analyzing the HTTP response message to obtain HTTP response content;
the extraction unit is used for extracting the target script from the HTTP response content and obtaining a page after the target script is executed, wherein the page comprises a corresponding page popup window when the target vulnerability is triggered;
the intercepting unit is used for intercepting a page popup in a page to obtain a page screenshot;
and the third determining unit is used for determining the position information corresponding to the target vulnerability according to the page screenshot, and taking the page screenshot and the position information as vulnerability information corresponding to the target vulnerability.
In some of these embodiments, the detection module 34 includes:
the second acquisition unit is used for acquiring the vulnerability information and detecting a page screenshot in the vulnerability information;
the fourth determining unit is used for determining that the vulnerability scanning result comprises that the asset information to be scanned has a vulnerability under the condition that the page screenshot is detected; and under the condition that the page screenshot is not detected, the actual vulnerability scanning result comprises vulnerability false detection.
In some of these embodiments, the apparatus further comprises:
and the third acquisition module is used for acquiring a preset knowledge base corresponding to the target vulnerability and sending the preset knowledge base to the access target corresponding to the asset information, wherein the preset knowledge base carries vulnerability information of the target vulnerability, the influence to be caused by the target vulnerability and the first detection time of the target vulnerability.
In some of these embodiments, the scanning module 33 includes: and the sending unit is used for detecting a preset network protocol in the vulnerability scanning configuration file and sending the HTTP request message to the access target according to the detected preset network protocol.
The above modules may be functional modules or program modules, and may be implemented by software or hardware. For a module implemented by hardware, the modules may be located in the same processor; or the modules can be respectively positioned in different processors in any combination.
Fig. 4 is a schematic structural diagram of vulnerability scanning configuration in the preferred embodiment of the present application, and as shown in fig. 4, the scanning engine includes a policy configuration module 41, a policy routing module 42, a packet sending module 43, a verification module 44, and an alarm module 45, which are coupled in sequence.
The policy configuration module 41 supports the configuration of scanning policy information of an Nday vulnerability in independent yml files, one yml file corresponds to one or more pieces of scanning policy information, after the yml files are configured, a lightweight aviator expression engine is built in a scanning engine, the definition of global variables and a specific logic execution method are supported, the content of the yml files can be quickly and efficiently read in the whole scanning policy information execution process, and therefore whether the vulnerability is correctly scanned or not is determined according to specific configuration content.
The policy routing module 42 supports Nday vulnerability scanning of WEB assets and host assets, a user only needs to send specific asset information to be scanned and yml files to a scanning engine, the policy routing module 42 performs corresponding policy routing processing, and pushes the corresponding asset information to be scanned and scanning policy information to a specified packet sending module 43, so that multi-policy and multi-asset intelligent distribution scanning is realized.
The package sending module 43 supports WEB assets and host assets, is based on java language, can be well compatible with a lightweight aviator expression engine to obtain package sending strategy configuration in the yml file in real time, is compatible with package sending and response capturing under various different protocols, simultaneously supports vulnerability scanning under a high concurrency scene and supports an embedded python execution tool, the package sending module 43 can read the configuration of the yml file, and only needs to execute specific verification logic and a verification method according to the configuration to obtain a scanning result of the vulnerability.
And the verification module 44 supports automatic verification of the vulnerability and outputs a verification result aiming at the partial scanning strategy.
The warning module 45 supports warning and repair suggestion pushing of the vulnerabilities, and a user can respond in time according to the vulnerability warnings and repair Nday vulnerabilities of corresponding assets, so that early discovery and early repair are achieved.
The scanning engine may be deployed on a machine of a user, fig. 5 is a flowchart illustrating a usage of vulnerability scanning configuration according to an embodiment of the present application, and as shown in fig. 5, the flowchart includes the following steps:
step S51, configures the yml file of the scanning policy information.
Uploading a corresponding yml file to a scanning engine, wherein the yml file is configured specific package sending logic and package receiving logic for scanning the bugs, the specific package sending logic and the specific package receiving logic comprise corresponding bug test packet data, bug detection rules and dns analysis rules, and the yml file can accompany the whole scanning process of the scanning engine.
In step S52, the command line pull-up program is executed.
The package sending module is developed based on java language, supports a user to operate on a mainstream platform, and the user only needs to upload asset information to be scanned and scanning strategy information to a specified directory of a scanning engine, and then quickly pulls up the whole program through a command line, so that the scanning engine can automatically execute.
Step S53, policy routing.
Matching assets and scanning strategies, and executing the step S54 if detecting that the configuration file carries WEB asset type information; if the configuration file is detected to carry the host asset type information, step S55 is executed.
And in the process of executing a specific strategy, the scanning engine can quickly read the configuration fields in the yml file in real time through the lightweight initiator expression engine to execute specific operation logic, and test package sending and response result obtaining and verification are carried out according to the scanning strategy information. Meanwhile, the scanning engine supports packet sending of various protocols, wherein the protocol comprises a GET protocol, a POST protocol, a PUT protocol, a DELETE protocol, a TCP protocol and a UDP protocol, the specific packet sending protocol is determined according to a field corresponding to the yml file, a default python tool is used for carrying out the packet sending strategy, the tool also improves the execution entrance of response, and the detection of the scanning strategy can be well compatible.
And S54, pushing to a WEB scanning strategy packet sender.
And step S55, pushing the information to a host scanning strategy packet sender.
And step S56, returning a vulnerability scanning result.
And step S57, automatically verifying the vulnerability. If the existence of the bug is verified, executing step S58; otherwise, the flow ends.
In the last step, although a vulnerability scanning result is obtained by configuring the yml file and automatically executing the corresponding scanning strategy packet sender, the situation of false alarm can exist, so the scanning engine also supports the automatic vulnerability verification function, wherein the automatic verifier can obtain a test packet sending response corresponding to the vulnerability, and the analyzer can analyze the test response packet, accurately position the position of the vulnerability by a built-in screenshot and a phantomjs rendering means, and verify the real existence of the vulnerability.
And step S58, alarming.
And (4) pushing a knowledge base (vulnerability information, vulnerability influence and outbreak time) corresponding to the vulnerability to the user in time through an alarm service.
By the scanning engine of the preferred embodiment, quick response and detection can be performed on the Nday vulnerability, the vulnerability can be repaired in time according to the detection report, and loss caused by the vulnerability is reduced.
In summary, the vulnerability scanning method and the vulnerability scanning engine of the embodiment can perform policy fast iteration and deployment for specific detected vulnerabilities, and penetration testing personnel can perform package sending test on specific websites or hosts only by configuring corresponding scanning policies, so as to quickly obtain vulnerability scanning results; the method supports the policy routing function, and can select different package sending tools for vulnerability detection aiming at different types of policies; supporting the quick detection of Nday vulnerability of a host and WEB types; a knowledge base of specific vulnerabilities can be provided; supporting the calling of other mainstream third-party vulnerability detection tools; the discovery capability of the user on the Nday vulnerability is improved, and the complex network security problem faced by the user currently and in the future is effectively solved.
There is also provided in this embodiment an electronic device comprising a memory having a computer program stored therein and a processor configured to execute the computer program to perform the steps of any of the method embodiments described above.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, asset information to be scanned is obtained, wherein the asset information comprises address information of an access target carrying a target vulnerability.
S2, acquiring a vulnerability scanning configuration file, wherein the vulnerability scanning configuration file comprises at least one item of scanning strategy information for detecting the target vulnerability.
And S3, scanning the asset information to be scanned based on the vulnerability scanning configuration file in a preset scanning engine to obtain a first scanning result, wherein the first scanning result comprises vulnerability information of the target vulnerability.
And S4, detecting leak information in the first scanning result, judging whether a target leak exists according to the leak information, and determining a leak scanning result.
It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementations, and details are not described again in this embodiment.
In addition, in combination with the vulnerability scanning method provided in the foregoing embodiment, a storage medium may also be provided to implement the vulnerability scanning method in this embodiment. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements any of the vulnerability scanning methods in the above embodiments.
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be derived by a person skilled in the art from the examples provided herein without inventive step, shall fall within the scope of protection of the present application.
It is obvious that the drawings are only examples or embodiments of the present application, and it is obvious to those skilled in the art that the present application can be applied to other similar cases according to the drawings without creative efforts. Moreover, it should be appreciated that in the development of any such actual implementation, as in any engineering or design project, numerous implementation-specific decisions must be made to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another.
Reference throughout this application to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly or implicitly understood by one of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
The above-mentioned embodiments only express several implementation modes of the present application, and the description thereof is specific and detailed, but not construed as limiting the scope of the patent protection. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (9)
1. A vulnerability scanning method is characterized by comprising the following steps:
acquiring asset information to be scanned, wherein the asset information comprises address information of an access target carrying a target vulnerability;
acquiring a vulnerability scanning configuration file, wherein the vulnerability scanning configuration file comprises at least one item of scanning strategy information for detecting the target vulnerability;
scanning the asset information to be scanned in a preset scanning engine based on the vulnerability scanning configuration file to obtain a first scanning result, wherein the first scanning result comprises vulnerability information of the target vulnerability;
detecting the vulnerability information in the first scanning result, judging whether the target vulnerability exists according to the vulnerability information, and determining a vulnerability scanning result;
wherein the scanning policy information includes: the preset scanning engine sends an HTTP request message to the logic of the access target in the vulnerability scanning process, and receives an HTTP response message responding to the HTTP request message from the access target;
after the vulnerability scanning configuration file is obtained, the method further comprises the following steps: adding the vulnerability scanning configuration file and the asset information to be scanned into the preset scanning engine;
logic that receives an HTTP response message from the access target in response to the HTTP request message comprises: detecting whether a target vulnerability exists in the HTTP response message according to the scanning strategy information; analyzing the HTTP response message to obtain HTTP response content; extracting a target script from the HTTP response content, and obtaining a page after executing the target script, wherein the page comprises a corresponding page popup window when the target vulnerability is triggered; intercepting the page popup window in the page to obtain a page screenshot; and determining position information corresponding to the target vulnerability according to the page screenshot, and taking the page screenshot and the position information as the vulnerability information corresponding to the target vulnerability.
2. The vulnerability scanning method of claim 1, wherein prior to obtaining a vulnerability scanning configuration file, the method further comprises:
and acquiring scanning strategy information corresponding to the target vulnerability, and configuring by taking at least one item of the scanning strategy information as a unit to obtain the vulnerability scanning configuration file.
3. The vulnerability scanning method of claim 1, wherein the vulnerability scanning configuration file also carries asset type information; in a preset scanning engine, scanning the asset information to be scanned based on the vulnerability scanning configuration file, and obtaining a first scanning result comprises:
acquiring the asset type information, and detecting first asset information corresponding to the asset type information in the asset information to be scanned, wherein the asset type information comprises one of the following: WEB asset type information, host asset type information;
generating the HTTP request message according to the first asset information and the scanning strategy information;
and sending the HTTP request message to the access target corresponding to the address information, and determining the first scanning result according to the acquired HTTP response message responding to the HTTP request message.
4. The vulnerability scanning method of claim 3, wherein determining the first scanning result according to the obtained HTTP response message responding to the HTTP request message comprises:
detecting whether a target vulnerability exists in the HTTP response message according to the scanning strategy information;
acquiring vulnerability information corresponding to the target vulnerability under the condition that the target vulnerability is detected, and generating the first scanning result according to the vulnerability information and the asset information, wherein the asset information at least comprises the address information;
and under the condition that the target vulnerability cannot be detected, determining that the first scanning result comprises the asset information to be scanned without vulnerability.
5. The vulnerability scanning method according to claim 1, wherein the vulnerability information is detected in the first scanning result, and whether the target vulnerability exists is judged according to the vulnerability information, and determining the vulnerability scanning result comprises:
acquiring the vulnerability information, and detecting the page screenshot in the vulnerability information;
under the condition that the page screenshot is detected, determining that the vulnerability scanning result comprises that the asset information to be scanned has a vulnerability;
and under the condition that the page screenshot is not detected, really detecting the vulnerability scanning result by mistake, wherein the vulnerability scanning result comprises vulnerability false detection.
6. The vulnerability scanning method of claim 5, wherein after determining that the vulnerability scanning result includes that the asset information to be scanned has a vulnerability, the method further comprises:
and acquiring a preset knowledge base corresponding to the target vulnerability, and sending the preset knowledge base to the access target corresponding to the asset information, wherein the preset knowledge base carries vulnerability information of the target vulnerability, influence to be caused by the target vulnerability and first detection time of the target vulnerability.
7. The vulnerability scanning method according to claim 3, wherein the vulnerability scanning configuration file further carries a preset network protocol, and sending the HTTP request message to the access target corresponding to the address information comprises: and detecting the preset network protocol in the vulnerability scanning configuration file, and sending the HTTP request message to the access target according to the detected preset network protocol.
8. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and the processor is configured to execute the computer program to perform the vulnerability scanning method of any of claims 1 to 7.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the vulnerability scanning method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110647963.0A CN113422759B (en) | 2021-06-10 | 2021-06-10 | Vulnerability scanning method, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110647963.0A CN113422759B (en) | 2021-06-10 | 2021-06-10 | Vulnerability scanning method, electronic device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113422759A CN113422759A (en) | 2021-09-21 |
| CN113422759B true CN113422759B (en) | 2023-04-18 |
Family
ID=77788322
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110647963.0A Active CN113422759B (en) | 2021-06-10 | 2021-06-10 | Vulnerability scanning method, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113422759B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143075A (en) * | 2021-11-29 | 2022-03-04 | 国网北京市电力公司 | Security vulnerability early warning method and device and electronic equipment |
| CN113961942A (en) * | 2021-12-23 | 2022-01-21 | 北京华顺信安科技有限公司 | Vulnerability verification method and device based on fingerprint identification |
| CN116915460B (en) * | 2023-07-14 | 2024-03-08 | 北京立思辰安科技术有限公司 | Acquisition system of final vulnerability scanning equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103942497A (en) * | 2013-09-11 | 2014-07-23 | 杭州安恒信息技术有限公司 | Forensics type website vulnerability scanning method and system |
| CN107332805A (en) * | 2016-04-29 | 2017-11-07 | 阿里巴巴集团控股有限公司 | Detect the methods, devices and systems of leak |
| CN109508547A (en) * | 2018-11-16 | 2019-03-22 | 北京城市网邻信息技术有限公司 | A kind of localization method of vulnerability of application program, device, storage medium and terminal |
| WO2020233022A1 (en) * | 2019-05-21 | 2020-11-26 | 平安科技(深圳)有限公司 | Vulnerability detection method and apparatus, computer device, and storage medium |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070027929A1 (en) * | 2005-08-01 | 2007-02-01 | Whelan Gary J | System, method, and/or computer program product for a file system interface |
| US9674258B2 (en) * | 2012-02-23 | 2017-06-06 | Yottaa Inc. | System and method for context specific website optimization |
| US8756698B2 (en) * | 2012-08-10 | 2014-06-17 | Nopsec Inc. | Method and system for managing computer system vulnerabilities |
| CN104980309B (en) * | 2014-04-11 | 2018-04-20 | 北京奇安信科技有限公司 | website security detection method and device |
| CN107392031A (en) * | 2017-08-04 | 2017-11-24 | 杭州安恒信息技术有限公司 | The scan method and device of leak |
| CN110401634A (en) * | 2019-06-24 | 2019-11-01 | 北京墨云科技有限公司 | A kind of web application hole detection regulation engine implementation method and terminal |
| CN111447224A (en) * | 2020-03-26 | 2020-07-24 | 江苏亨通工控安全研究院有限公司 | Web vulnerability scanning method and vulnerability scanner |
| CN112257070A (en) * | 2020-10-22 | 2021-01-22 | 全球能源互联网研究院有限公司 | Vulnerability troubleshooting method and system based on asset scene attributes |
| CN112637159A (en) * | 2020-12-14 | 2021-04-09 | 杭州安恒信息技术股份有限公司 | Network asset scanning method, device and equipment based on active detection technology |
-
2021
- 2021-06-10 CN CN202110647963.0A patent/CN113422759B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103942497A (en) * | 2013-09-11 | 2014-07-23 | 杭州安恒信息技术有限公司 | Forensics type website vulnerability scanning method and system |
| CN107332805A (en) * | 2016-04-29 | 2017-11-07 | 阿里巴巴集团控股有限公司 | Detect the methods, devices and systems of leak |
| CN109508547A (en) * | 2018-11-16 | 2019-03-22 | 北京城市网邻信息技术有限公司 | A kind of localization method of vulnerability of application program, device, storage medium and terminal |
| WO2020233022A1 (en) * | 2019-05-21 | 2020-11-26 | 平安科技(深圳)有限公司 | Vulnerability detection method and apparatus, computer device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113422759A (en) | 2021-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113422759B (en) | Vulnerability scanning method, electronic device and storage medium | |
| CN108183916B (en) | Network attack detection method and device based on log analysis | |
| CN106101145B (en) | A kind of website vulnerability detection method and device | |
| CN109347882B (en) | Webpage Trojan horse monitoring method, device, equipment and storage medium | |
| CN111783096B (en) | Method and device for detecting security hole | |
| CN109063486B (en) | Safety penetration testing method and system based on PLC equipment fingerprint identification | |
| US20160285909A1 (en) | Cloud checking and killing method, device and system for combating anti-antivirus test | |
| CN105302707B (en) | The leak detection method and device of application program | |
| CN111756697B (en) | API safety detection method and device, storage medium and computer equipment | |
| CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
| CN111901326B (en) | Multi-device intrusion detection method, device, system and storage medium | |
| CN103701816A (en) | Scanning method and scanning device of server executing DOS (Denial Of service) | |
| CN105577799A (en) | Method and device for detecting fault of database cluster | |
| CN110765333A (en) | Method and device for collecting website information, storage medium and electronic device | |
| CN113114680A (en) | Detection method and detection device for file uploading vulnerability | |
| CN113810381B (en) | Crawler detection method, web application cloud firewall device and storage medium | |
| CN110768949B (en) | Vulnerability detection method and device, storage medium and electronic device | |
| CN109474567B (en) | DDOS attack tracing method and device, storage medium and electronic equipment | |
| JP5613000B2 (en) | Application characteristic analysis apparatus and program | |
| CN113051571B (en) | Method and device for detecting false alarm vulnerability and computer equipment | |
| WO2020192179A1 (en) | Security detection method, device and system based on ios application | |
| CN116599747A (en) | Network and information security service system | |
| CN114091030A (en) | Method and device for automatically verifying system vulnerability, electronic device and storage medium | |
| CN109039813B (en) | Method, system and equipment for detecting internet access | |
| KR102001814B1 (en) | A method and apparatus for detecting malicious scripts based on mobile device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |