CN113438244B - Penetration testing method and device, computing equipment and storage medium - Google Patents
Penetration testing method and device, computing equipment and storage medium Download PDFInfo
- Publication number
- CN113438244B CN113438244B CN202110722412.6A CN202110722412A CN113438244B CN 113438244 B CN113438244 B CN 113438244B CN 202110722412 A CN202110722412 A CN 202110722412A CN 113438244 B CN113438244 B CN 113438244B
- Authority
- CN
- China
- Prior art keywords
- address
- target
- tested
- test
- minimum number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a penetration testing method, a penetration testing device, computing equipment and a storage medium, wherein the method comprises the following steps: determining the maximum access rate of a security protection strategy of a target to be tested, which is set aiming at the same IP address; determining a test access rate required to be reached for performing a penetration test on the target to be tested; determining the minimum number of IP addresses required for performing penetration test on the target to be tested according to the maximum access rate and the test access rate; and performing penetration test on the target to be tested by using not less than the minimum number of IP addresses according to the test access rate. This scheme can improve infiltration efficiency of software testing.
Description
Technical Field
The embodiment of the invention relates to the technical field of testing, in particular to a penetration testing method, a penetration testing device, computing equipment and a storage medium.
Background
With the rapid development of network technology, the security protection capability of network systems is gradually improved. But the network system with the safety protection equipment is attacked and trapped by hackers, which causes great loss to the property of users.
In order to enhance the protection capability of the network system, an infiltration testing technology can be adopted to evaluate the security protection capability of the network system so as to obtain the weak points of the network system in advance and make corresponding protection strategies for the weak points.
Disclosure of Invention
Based on the problem of low penetration test efficiency, the embodiment of the invention provides a penetration test method, a penetration test device, computing equipment and a storage medium, which can improve the penetration test efficiency.
In a first aspect, an embodiment of the present invention provides a penetration testing method, including:
determining the maximum access rate set by the security protection strategy of the target to be tested aiming at the same IP address;
determining a test access rate required to be reached for performing a penetration test on the target to be tested;
determining the minimum number of IP addresses required for performing penetration test on the target to be tested according to the maximum access rate and the test access rate;
and performing penetration test on the target to be tested by using the IP address not less than the minimum number according to the test access rate.
Preferably, the determining, according to the maximum access rate and the test access rate, the minimum number of IP addresses required for performing the penetration test on the target to be tested includes:
dividing the test access rate by the value of the maximum access rate to determine the minimum number.
Preferably, before the penetration testing of the target to be tested by using not less than the minimum number of IP addresses, the method further comprises:
and acquiring the proxy IP address not less than the minimum number so as to execute the penetration test on the target to be tested by using the proxy IP address not less than the minimum number.
Preferably, the obtaining no less than the minimum number of proxy IP addresses includes:
and crawling proxy IP addresses in a set website by using a crawler script edited in advance to obtain the proxy IP addresses not less than the minimum number.
Preferably, the performing penetration test on the target to be tested by using not less than the minimum number of IP addresses includes:
when the same IP address is used for penetration testing on the target to be tested for two adjacent times, at least other IP addresses with the target quantity are used between the same IP addresses for the two adjacent times to perform penetration testing on the target to be tested; wherein the target number is less than the minimum number by 1.
Preferably, the performing penetration test on the target to be tested by using not less than the minimum number of IP addresses includes:
randomly selecting one IP address from the IP addresses not less than the minimum number which are not marked to be used;
performing penetration test on the target to be tested by using the selected IP address, marking the used IP address with the waiting time of 0 after the IP address is tested, adding 1 to the waiting times of the IP addresses with the minimum number and other used IP addresses, and deleting the used marks of the IP addresses with the waiting times equal to the set times;
and returning to execute the random selection of one IP address from the IP addresses which are not less than the minimum number and are not marked to be used until the target to be tested is completed.
Preferably, after the penetration test is performed on the target to be tested by using the selected IP address, the method further includes: and determining whether the IP address is marked as a blacklist by the target to be tested, and if so, deleting the IP address from the IP addresses not less than the minimum number.
In a second aspect, an embodiment of the present invention further provides a penetration testing apparatus, including:
the maximum access rate determining unit is used for determining the maximum access rate set by the security protection strategy of the target to be tested aiming at the same IP address;
the test access rate determining unit is used for determining the test access rate required to be achieved by performing the penetration test on the target to be tested;
a minimum number determining unit, configured to determine, according to the maximum access rate and the test access rate, a minimum number of IP addresses required for performing a penetration test on the target to be tested;
and the penetration testing unit is used for performing penetration testing on the target to be tested by using the IP address not less than the minimum number according to the testing access rate.
In a third aspect, an embodiment of the present invention further provides a computing device, including a memory and a processor, where the memory stores a computer program, and the processor, when executing the computer program, implements the method described in any embodiment of this specification.
In a fourth aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed in a computer, the computer program causes the computer to execute the method described in any embodiment of the present specification.
The embodiment of the invention provides a penetration test method, a penetration test device, a computing device and a storage medium, which can meet the test access speed required by the penetration test of a target to be tested by determining the minimum number of IP addresses required by the penetration test of the target to be tested and performing the penetration test of the target to be tested by using the IP addresses not less than the minimum number, thereby improving the penetration test efficiency.
Drawings
In order to more clearly illustrate the embodiments or technical solutions of the present invention, the drawings used in the embodiments or technical solutions in the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a penetration testing method according to an embodiment of the present invention;
FIG. 2 is a diagram of a hardware architecture of a computing device provided by an embodiment of the invention;
FIG. 3 is a schematic diagram of an exemplary embodiment of an infiltration testing apparatus;
FIG. 4 is a block diagram of another permeation testing apparatus according to an embodiment of the present invention;
fig. 5 is a structural diagram of another permeation testing apparatus according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, it is obvious that the described embodiments are some, but not all embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.
The penetration test refers to a process of carrying out deep non-destructive detection on a network system from the perspective of an attacker by simulating a vulnerability discovery technology and an attack means used by a hacker to discover and excavate vulnerabilities existing in the network system. The core of the penetration test is to collect information to the maximum extent aiming at a network system so as to analyze and utilize the collected information for loophole and find out the weakest point of security protection in the network system.
In the related art, the penetration test of the network system is generally implemented by using a single IP address, for example, the penetration test of the network system is performed on a test device by using the IP address of the test device itself. Because the network system is provided with the safety protection equipment, the safety protection equipment is provided with a stronger safety protection strategy, and the maximum access rate is set for the same IP address. For example, the maximum access rate is once per second access. Then the test access rate needs to be no greater than the maximum access rate during the penetration test of the network system. If the test access rate is greater than the maximum access rate, for example, the test access rate is 5 accesses per second, the IP address is identified as a malicious access by the security protection device, and the IP address is marked as a black list to prohibit the IP address access, so that the penetration test process cannot be performed. Therefore, the penetration test in the related art is inefficient.
If the efficiency of penetration testing is to be improved, the testing access rate needs to be improved, and the security protection equipment cannot identify malicious access, so that the penetration testing can be performed by using a plurality of IP addresses.
Specific implementations of the above concepts are described below.
Referring to fig. 1, an embodiment of the present invention provides a penetration testing method, including:
Step 102, determining a test access rate required to be reached for performing a penetration test on the target to be tested.
And 104, determining the minimum number of IP addresses required for performing penetration test on the target to be tested according to the maximum access rate and the test access rate.
And 106, performing penetration test on the target to be tested by using the IP address not less than the minimum number according to the test access rate.
In the embodiment of the invention, the minimum number of the IP addresses required by the penetration test of the target to be tested is determined, and the penetration test of the target to be tested is carried out by using the IP addresses not less than the minimum number, so that the required test access speed can be met when the penetration test is carried out on the target to be tested, and the penetration test efficiency can be improved.
The manner in which the various steps shown in fig. 1 are performed is described below.
First, in step 100, the maximum access rate set by the security protection policy of the target to be tested for the same IP address is determined.
In the embodiment of the invention, the target to be tested is generally provided with the safety protection equipment, the safety protection equipment is provided with a stronger safety protection strategy, and the safety protection strategy sets the maximum access rate aiming at the same IP address. For example, once per second. If the access rate of the same IP address exceeds the maximum access rate, for example, the time interval between two adjacent accesses is 0.5 seconds, the security protection policy determines that the IP address is accessed maliciously, thereby blocking the IP address and prohibiting the IP address from being accessed again.
In an embodiment of the present invention, the determining manner of step 100 at least includes:
mode A: directly from the target to be tested.
Mode B: and accessing the target to be tested at different access rates by using the IP address to obtain the target by testing.
In the method a, since the maximum access rate is set by the security operation and maintenance personnel of the target to be tested, and the target to be tested is used as the party requesting to be tested, the maximum access rate set in the security protection policy can be directly provided for the testing party to use.
In the method B, one test IP address may be used, the test IP address is used to access the target to be tested at different access rates (the access rate varies from small to large), and the access rate when the test IP address is blocked by the target to be tested is used as the maximum access rate.
Next, description is made with respect to step 102 "determining a test access rate that needs to be achieved for performing a penetration test on the target to be tested" and step 104 "determining a minimum number of IP addresses that need to be required for performing a penetration test on the target to be tested" according to the maximum access rate and the test access rate.
Since the penetration test time is less intense, the greater the test access rate, the faster the test speed, and the less the penetration test duration. Thus, to increase the speed of the penetration test, a suitable test access rate may be selected, which may be greater than the maximum access rate. For example, the maximum access rate is one access per second for the same IP address, and the test access rate is 5 accesses per second.
In an embodiment of the present invention, when the minimum number of IP addresses required for performing the penetration test on the target to be tested is determined in step 104, the following two situations may be specifically used:
case a: the test access rate is less than or equal to the maximum access rate.
Case B: the test access rate is greater than the maximum access rate.
The determination of the minimum number is explained below for each of the above two cases.
When corresponding to case a, the minimum number may be 1, since the test access rate is less than the maximum access rate, or the test access rate is equal to the maximum access rate. I.e., a single IP address, can implement the penetration test process.
When the case B corresponds, since the test access rate is greater than the maximum access rate, the penetration test process cannot be implemented by a single IP address, and the minimum number of IP addresses required in this step 104 may be determined by dividing the test access rate by the maximum access rate.
In one embodiment of the present invention, if the value of the maximum access rate divided by the test access rate is an integer, the value of the test access rate divided by the maximum access rate may be directly determined as the minimum number. For example, if the maximum access rate is once per second and the test access rate is 5 accesses per second, then the value of the test access rate divided by the maximum access rate is 5, and the minimum number is 5.
In one embodiment of the invention, if the value of the maximum access rate divided by the test access rate is not an integer, then the value of the maximum access rate divided by the test access rate may be rounded, and the sum of the rounded value and 1 is taken as the minimum number. For example, if the maximum access rate is two accesses per second, and the test access rate is 5 accesses per second, then the value of the test access rate divided by the maximum access rate is 2.5, and the value of the rounding plus 1 is 3, then the minimum number is 3.
Determining the minimum number using the value of the test access rate divided by the maximum access rate may improve the accuracy of the determination of the minimum number.
Finally, in step 106, according to the test access rate, the penetration test is performed on the target to be tested by using the IP address not less than the minimum number.
To perform penetration testing on the target to be tested using the test access rate determined in step 102, no less than the minimum number of IP addresses needs to be obtained.
In one embodiment of the present invention, the target under test can be tested with no less than the minimum number of testing devices in step 106. For example, if the minimum number is 5, then at least 5 accurate test devices are required, each test device corresponds to one IP address, and then the prepared at least 5 test devices are used to perform penetration test on the target to be tested, so that the access rate-based security protection device can be avoided, and the IP address is prevented from being blocked by the target to be tested.
In an embodiment of the present invention, if the IP address of the testing device is blocked by the target to be tested, the penetration testing process on the target to be tested may be affected, and in order to prevent the IP address of the testing device from being blocked by the target to be tested, before this step 106, the method may further include: and acquiring the proxy IP address not less than the minimum number so as to perform penetration test on the target to be tested by using the proxy IP address not less than the minimum number.
The penetration test is carried out on the target to be tested by utilizing the proxy IP address, the penetration test process can be realized by using a small number of test devices, for example, the penetration test is carried out by using one test device, so that the penetration test cost can be reduced. In addition, the penetration test is carried out by using the proxy IP address, the IP address exposed to the target to be tested is the proxy IP address, and the IP address of the test equipment can not be exposed, so that the IP address of the test equipment can be prevented from being forbidden by the target to be tested.
In an embodiment of the present invention, the obtaining manner of the at least minimum number of proxy IP addresses may be manual obtaining or automatic obtaining. When automatically acquiring, specifically, the proxy IP address may be crawled in a set website by using a crawler script edited in advance, to obtain a proxy IP address not less than the minimum number. The agent IP address is automatically crawled in a crawler mode, so that not only is the manual time saved, but also the agent IP address can be quickly obtained, and the testing efficiency can be improved.
The crawler script can be written by using a scripting language such as Python, php and the like. The set website may be an agent website designated by a crawler script editor, or may be crawled over the entire network. The crawled proxy IP address has a corresponding port, and when the proxy IP address is used for accessing the website, the proxy server realizes the access of the proxy IP address through the port.
In an embodiment of the present invention, since the crawled proxy IP address may not be available, for example, a certain crawled proxy IP address can only access the website of a specified country, it is further required to verify whether the crawled proxy IP address is available, specifically: initiating access to a test website by using the crawled proxy IP address, and acquiring a status code returned by the test website; and judging whether the proxy IP address is a usable proxy IP address according to the status code.
The test website may be a website having the same characteristics as the penetration test target website, or a website selected from the penetration test target websites. For example, if the region where the penetration test target is located in china, a website in china may be used as the test website.
The status code is a 3-bit digital code used to indicate the hypertext transfer protocol response status of the web server. When an access request is initiated to a test website, the test website returns a status code to represent status information of the access request. For example, the status code is 202, which indicates that the test website has accepted the request but has not yet processed it; the status code is 403, which represents that the test website refuses the request; the status code is 500, indicating that the test site has encountered an error and cannot complete the request. Therefore, whether the proxy IP address is a usable proxy IP address can be judged according to the status code returned by the test website.
In one embodiment of the invention, free proxy IP addresses may also be crawled to further reduce the cost of penetration testing.
Whether the agent IP address which is crawled can be used or not is verified, so that the agent IP address which is used in the penetration test can be used, the normal operation of the penetration test can be ensured, and the penetration test efficiency is improved.
Before the penetration test is performed on the target to be tested by using the IP address not less than the minimum number in the step 106, the obtained IP address can be researched and judged by linking the threat information library so as to screen out the IP address not belonging to the blacklist mark, and the penetration test is performed by using the screened IP address, so that the normal operation of the penetration test process is ensured, and the penetration test efficiency is improved.
The essence of the penetration test is that the target to be tested is deeply detected from the perspective of an attacker to discover and dig the bugs existing in the network system of the target to be tested, and the safety protection equipment of the target to be tested cannot open the white list permission aiming at the IP address used for the penetration test, so that the accuracy of the penetration test result can be ensured.
Then, in this step 106, when the penetration test is performed on the target to be tested by using the same IP address twice, the penetration test is performed on the target to be tested by using at least a target number of other IP addresses between the same IP addresses twice; wherein the target number is 1 less than the minimum number.
For example, if the maximum access rate is once per second, and the test access rate is 5 times per second, then the minimum number is 5, and it is assumed that n (n is a positive integer) IP addresses are used, which are IP1, IP2, IP3, … …, and IPn, when the same IP address is used, for example, IP1, it is necessary to separate at least 4 other proxy IP addresses, that is, the target number is (minimum number-1), IP1, IP2, IP3, IP4, IP5, and IP1, at this time, the access rate of IP1 to the target to be tested is 1 time per second, and the maximum access rate set by the security protection policy for the target to be tested for the same IP address is satisfied.
In one embodiment of the present invention, the minimum interval duration for selecting the same IP address twice in a row may be defined, and the minimum interval duration is determined by the maximum access rate. For example, the maximum access rate is once per second, and the minimum interval duration is one second. Therefore, the safety protection device based on the access rate strategy can be avoided more accurately.
In an embodiment of the present invention, in order to meet the maximum access rate set by the security policy, when performing penetration test on the target to be tested by using not less than the minimum number of IP addresses, the manner of selecting an IP address from not less than the minimum number of IP addresses may include at least the following two manners:
the first mode is as follows: and selecting the IP addresses one by one according to a set sequence.
The second mode is as follows: randomly from among the IP addresses that are not marked.
The following describes the above two modes, respectively.
In the first way, all the acquired IP addresses may be sorted according to a set order, for example, the set order is IP1, IP2, IP3, … …, IPn, and then may be selected one by one according to the set order, and after IPn is selected and used, the selection may continue from IP 1. Therefore, when the same IP address is selected twice to carry out penetration test, the same IP address is separated by (n-1) other IP addresses. When n is a value not less than the minimum number, the safety protection device based on the access rate policy can be effectively avoided, and the IP address is prevented from being forbidden by the target to be tested.
In the second way, whether the IP address is already used may be recorded in a manner of a flag, which may specifically include:
s1: randomly selecting an IP address from the IP addresses which are not marked to be used in the minimum number;
s2: carrying out penetration test on a target to be tested by using the selected IP address, marking the used IP address with the waiting time of 0 after the IP address is tested, adding 1 to the waiting times of the IP address with no less than the minimum number marked with other used IP addresses, and deleting the used mark of the IP address with the waiting time equal to the set times; and returns to execute step S1 until the target to be tested is completed.
Wherein the set number of times is a value not less than (minimum number-1) and not more than (n-1).
Based on the above embodiment, the limiting of the minimum interval duration between two adjacent choices of the same IP address may include:
s3: randomly selecting an IP address from the unmarked used IP addresses;
s4: performing penetration test on a target to be tested by using the selected IP address, marking the used IP address and the use time point after the proxy IP address is tested, and deleting the used mark of the IP address of which the use time point reaches a set time length from the current time point; and returns to execute step S3 until the target to be tested is completed.
Wherein the set time length is not less than the minimum interval time length.
In this embodiment, by randomly selecting the unmarked used IP addresses, the security protection device can be prevented from discovering the usage rules of the IP addresses, and the IP addresses with certain usage rules are forbidden, thereby improving the penetration test efficiency.
In an embodiment of the present invention, after this step 106, the method may further include: and determining whether the IP address is marked as a blacklist by the target to be tested, and if so, deleting the IP address from the IP addresses not less than the minimum number. Therefore, the IP address added into the blacklist by the target to be tested can be prevented from being used again for penetration test in the subsequent process.
As shown in fig. 2 and 3, an embodiment of the present invention provides a penetration testing apparatus. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware aspect, as shown in fig. 2, for a hardware architecture diagram of a computing device in which an infiltration test apparatus according to an embodiment of the present invention is located, in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 2, the computing device in which the apparatus is located in the embodiment may also generally include other hardware, such as a forwarding chip responsible for processing a packet, and the like. Taking a software implementation as an example, as shown in fig. 3, as a logical apparatus, a CPU of a computing device in which the apparatus is located reads a corresponding computer program in a non-volatile memory into a memory to run. The embodiment provides a penetration test device, includes:
a maximum access rate determining unit 301, configured to determine a maximum access rate set by a security protection policy of a target to be tested for the same IP address;
a test access rate determining unit 302, configured to determine a test access rate required to achieve a penetration test on the target to be tested;
a minimum number determining unit 303, configured to determine, according to the maximum access rate and the test access rate, a minimum number of IP addresses required for performing a penetration test on the target to be tested;
and the penetration testing unit 304 is used for performing penetration testing on the target to be tested by using the IP address not less than the minimum number according to the test access rate.
In an embodiment of the present invention, the minimum number determining unit 303 is specifically configured to determine the minimum number by dividing the test access rate by the maximum access rate.
In an embodiment of the present invention, referring to fig. 4, the penetration testing apparatus may further include:
the proxy IP address obtaining unit 305 is configured to obtain no less than a minimum number of proxy IP addresses, so as to perform a penetration test on the target to be tested using the no less than minimum number of proxy IP addresses.
In an embodiment of the present invention, the proxy IP address obtaining unit 305 is specifically configured to crawl proxy IP addresses in a set website by using a crawler script edited in advance, so as to obtain no less than the minimum number of proxy IP addresses.
In an embodiment of the present invention, the penetration testing unit 304 is specifically configured to, when two adjacent times use the same IP address to perform penetration testing on the target to be tested, perform penetration testing on the target to be tested by using at least a target number of other IP addresses between the two adjacent times use the same IP address; wherein the target number is less than the minimum number by 1.
In an embodiment of the present invention, the penetration test unit 304 is specifically configured to randomly select an IP address from the IP addresses not marked as used in the minimum number of IP addresses; performing penetration test on the target to be tested by using the selected IP address, marking the used IP address with the waiting times of 0 after the IP address is tested, adding 1 to the waiting times of the IP address which is not less than the minimum number and is marked with other used IP addresses, and deleting the used mark of the IP address of which the waiting times is equal to the set times; and returning to execute the random selection of one IP address from the IP addresses which are not less than the minimum number and are not marked to be used until the target to be tested is completed.
In an embodiment of the present invention, referring to fig. 5, the penetration testing apparatus may further include:
an IP address processing unit 306, configured to determine whether the IP address is marked as a blacklist by the target to be tested, and if yes, delete the IP address from the IP addresses that are not less than the minimum number.
It is to be understood that the illustrated structure of the embodiment of the present invention does not constitute a specific limitation to a permeation testing apparatus. In other embodiments of the invention, an infiltration testing apparatus may include more or fewer components than shown, or some components may be combined, some components may be separated, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
For the information interaction, execution process and other contents between the modules in the above-mentioned apparatus, because the same concept is based on as the method embodiment of the present invention, specific contents can refer to the description in the method embodiment of the present invention, and are not described herein again.
The embodiment of the present invention further provides a computing device, which includes a memory and a processor, where the memory stores a computer program, and when the processor executes the computer program, the computing device implements a penetration testing method in any embodiment of the present invention.
Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, causes the processor to execute a penetration testing method in any embodiment of the present invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the embodiments described above.
The embodiments of the invention have at least the following beneficial effects:
1. in one embodiment of the invention, the minimum number of the IP addresses required for performing the penetration test on the target to be tested is determined, and the penetration test is performed on the target to be tested by using the IP addresses not less than the minimum number, so that the required test access speed can be met when the penetration test is performed on the target to be tested, and the penetration test efficiency can be improved.
2. In one embodiment of the invention, when the minimum number of IP addresses required for performing penetration test on the target to be tested is determined, the value obtained by dividing the test access rate by the maximum access rate is determined as the minimum number, so that the determination accuracy of the minimum number can be improved.
3. In an embodiment of the present invention, the penetration test is performed on the target to be tested by using the proxy IP address, and a penetration test process can be implemented by using a smaller number of test devices, for example, a penetration test is performed by using one test device, so that the penetration test cost can be reduced. In addition, the penetration test is carried out by using the proxy IP address, the IP address exposed to the target to be tested is the proxy IP address, and the IP address of the test equipment can not be exposed, so that the IP address of the test equipment can be prevented from being forbidden by the target to be tested.
4. In one embodiment of the invention, the pre-edited crawler script is used for crawling proxy IP addresses in the set website to obtain no less than the minimum number of proxy IP addresses. The agent IP address is automatically crawled in a crawler mode, so that not only is the manual time saved, but also the agent IP address can be quickly obtained, and the testing efficiency can be improved.
5. In one embodiment of the invention, whether the crawled proxy IP address can be used or not is verified, so that all the proxy IP addresses used in the penetration test can be used, the normal operation of the penetration test can be ensured, and the penetration test efficiency is improved.
6. In an embodiment of the invention, before the penetration test is performed on the target to be tested by using the IP address not less than the minimum number, the obtained IP address can be researched and judged by linking the threat information library so as to screen out the IP address not belonging to the blacklist mark, and the penetration test is performed by using the screened IP address, so that the normal operation of the penetration test process is ensured, and the penetration test efficiency is improved.
7. In one embodiment of the invention, the minimum interval duration of two adjacent choices of the same IP address is defined, and the minimum interval duration is determined by the maximum access rate. For example, the maximum access rate is once per second, and the minimum interval duration is one second. Therefore, the safety protection device based on the access rate strategy can be avoided more accurately.
8. In one embodiment of the invention, the random selection is performed in the unmarked used IP addresses, so that the safety protection equipment can be prevented from finding the use rule of the IP addresses, and the IP addresses with certain use rule are sealed, thereby improving the penetration test efficiency.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an …" does not exclude the presence of other similar elements in the process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A penetration test method, comprising:
determining the maximum access rate of a security protection strategy of a target to be tested, which is set aiming at the same IP address;
determining a test access rate required by the penetration test of the target to be tested;
determining the minimum number of IP addresses required for performing penetration test on the target to be tested according to the maximum access rate and the test access rate;
performing penetration test on the target to be tested by using the IP address not less than the minimum number according to the test access rate;
the determining the minimum number of IP addresses required for performing penetration test on the target to be tested according to the maximum access rate and the test access rate comprises:
dividing the test access rate by the value of the maximum access rate to determine the minimum number.
2. The method of claim 1, further comprising, prior to said penetration testing said object to be tested with no less than said minimum number of IP addresses:
and acquiring the agent IP address not less than the minimum number so as to execute the penetration test on the target to be tested by using the agent IP address not less than the minimum number.
3. The method of claim 2, wherein obtaining no less than the minimum number of proxy IP addresses comprises:
and crawling the proxy IP addresses in the set website by using the pre-edited crawler script to obtain the proxy IP addresses not less than the minimum number.
4. The method of any one of claims 1-3, wherein said penetration testing the target under test with no less than the minimum number of IP addresses comprises:
when the same IP address is used for penetration testing on the target to be tested for two adjacent times, at least other IP addresses with the target quantity are used between the same IP addresses for the two adjacent times to perform penetration testing on the target to be tested; wherein the target number is less than the minimum number by 1.
5. The method of claim 4, wherein said penetration testing said object to be tested with no less than said minimum number of IP addresses comprises:
randomly selecting one IP address from the IP addresses not less than the minimum number which are not marked to be used;
performing penetration test on the target to be tested by using the selected IP address, marking the used IP address with the waiting times of 0 after the IP address is tested, adding 1 to the waiting times of the IP address which is not less than the minimum number and is marked with other used IP addresses, and deleting the used mark of the IP address of which the waiting times is equal to the set times;
and returning to execute the random selection of one IP address from the IP addresses which are not less than the minimum number and are not marked to be used until the target to be tested is completed.
6. The method of claim 5, further comprising, after the penetration testing of the target under test using the selected IP address: and determining whether the IP address is marked as a blacklist by the target to be tested, and if so, deleting the IP address from the IP addresses not less than the minimum number.
7. An infiltration testing device, comprising:
the maximum access rate determining unit is used for determining the maximum access rate set by the security protection strategy of the target to be tested aiming at the same IP address;
the test access rate determining unit is used for determining the test access rate required to be achieved by performing the penetration test on the target to be tested;
a minimum number determining unit, configured to determine, according to the maximum access rate and the test access rate, a minimum number of IP addresses required for performing a penetration test on the target to be tested;
the penetration testing unit is used for performing penetration testing on the target to be tested by using the IP address not less than the minimum number according to the testing access rate;
the minimum number determination unit is specifically configured to determine the minimum number by dividing the test access rate by the maximum access rate.
8. A computing device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-6.
9. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110722412.6A CN113438244B (en) | 2021-06-28 | 2021-06-28 | Penetration testing method and device, computing equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110722412.6A CN113438244B (en) | 2021-06-28 | 2021-06-28 | Penetration testing method and device, computing equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113438244A CN113438244A (en) | 2021-09-24 |
| CN113438244B true CN113438244B (en) | 2022-08-19 |
Family
ID=77757351
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110722412.6A Active CN113438244B (en) | 2021-06-28 | 2021-06-28 | Penetration testing method and device, computing equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113438244B (en) |
Family Cites Families (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106992906B (en) * | 2016-01-21 | 2019-07-02 | 中国联合网络通信集团有限公司 | A kind of method of adjustment and system of access rate |
| CN106254368B (en) * | 2016-08-24 | 2019-09-06 | 杭州迪普科技股份有限公司 | The detection method and device of Web vulnerability scanning |
| US10284589B2 (en) * | 2016-10-31 | 2019-05-07 | Acentium Inc. | Methods and systems for ranking, filtering and patching detected vulnerabilities in a networked system |
| US9756061B1 (en) * | 2016-11-18 | 2017-09-05 | Extrahop Networks, Inc. | Detecting attacks using passive network monitoring |
| CN106973071A (en) * | 2017-05-24 | 2017-07-21 | 北京匡恩网络科技有限责任公司 | A kind of vulnerability scanning method and apparatus |
| CN109040052B (en) * | 2018-07-26 | 2021-06-15 | 平安科技(深圳)有限公司 | Information processing method, terminal and computer readable medium |
| CN109344624B (en) * | 2018-10-26 | 2022-02-18 | 深信服科技股份有限公司 | Penetration testing method, platform, equipment and storage medium based on cloud cooperation |
| CN109451089A (en) * | 2018-11-02 | 2019-03-08 | 北京天融信网络安全技术有限公司 | A kind of access method, device, computer equipment and computer storage medium |
| CN109561097B (en) * | 2018-12-17 | 2021-05-25 | 泰康保险集团股份有限公司 | Method, device, equipment and storage medium for detecting security vulnerability injection of structured query language |
| CN110677381B (en) * | 2019-08-14 | 2023-05-09 | 奇安信科技集团股份有限公司 | Penetration test method and device, storage medium and electronic device |
| CN110851753B (en) * | 2019-11-07 | 2023-09-26 | 亿企赢网络科技有限公司 | Website access method, device, equipment and storage medium |
| CN110851841B (en) * | 2019-11-26 | 2022-05-17 | 西安四叶草信息技术有限公司 | Penetration test method, device and storage medium |
| US11336555B2 (en) * | 2019-12-06 | 2022-05-17 | Jpmorgan Chase Bank, N.A. | Network segmentation effectiveness system and method |
| CN111600880A (en) * | 2020-05-14 | 2020-08-28 | 深信服科技股份有限公司 | Method, system, storage medium and terminal for detecting abnormal access behavior |
| CN111741030B (en) * | 2020-08-26 | 2020-12-04 | 北京赛宁网安科技有限公司 | Website security detection system and method combining Web automation and agent interception |
-
2021
- 2021-06-28 CN CN202110722412.6A patent/CN113438244B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113438244A (en) | 2021-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11405359B2 (en) | Network firewall for mitigating against persistent low volume attacks | |
| US8789171B2 (en) | Mining user behavior data for IP address space intelligence | |
| CN111818103B (en) | Traffic-based tracing attack path method in network target range | |
| US20100235917A1 (en) | System and method for detecting server vulnerability | |
| CN110602032A (en) | Attack identification method and device | |
| CN110880983A (en) | Penetration testing method and device based on scene, storage medium and electronic device | |
| CN113179280B (en) | Deception defense method and device based on malicious code external connection behaviors and electronic equipment | |
| CN112003864B (en) | Website security detection system and method based on full flow | |
| CN110768949B (en) | Vulnerability detection method and device, storage medium and electronic device | |
| Squarcina et al. | Can i take your subdomain? exploring {Same-Site} attacks in the modern web | |
| CN108989294A (en) | A kind of method and system for the malicious user accurately identifying website visiting | |
| CN110765333A (en) | Method and device for collecting website information, storage medium and electronic device | |
| CN113422777B (en) | Penetration testing method and device based on white list, computing equipment and storage medium | |
| CN110768950A (en) | Permeation instruction sending method and device, storage medium and electronic device | |
| CN113438244B (en) | Penetration testing method and device, computing equipment and storage medium | |
| CN109547427A (en) | Black list user's recognition methods, device, computer equipment and storage medium | |
| KR101042226B1 (en) | The method of counteracting distributed denial of service attack using network filter monitoring white list and dummy web server | |
| CN115001789B (en) | Method, device, equipment and medium for detecting collapse equipment | |
| CN115955333A (en) | C2 server identification method and device, electronic equipment and readable storage medium | |
| CN110535859B (en) | Network security emergency capacity determining method and device and electronic equipment | |
| CN114021123A (en) | Construction method, security check method, device and medium of behavior baseline library | |
| CN113709130A (en) | Risk identification method and device based on honeypot system | |
| CN107066878B (en) | A kind of mobile application security means of defence towards Android platform | |
| CN111541675A (en) | Network security protection method, device and equipment based on white list | |
| CN115632882B (en) | Illegal network attack detection method, computer equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |