CN113918954A - Automated vulnerability scanning integration method, device, equipment and storage medium - Google Patents
Automated vulnerability scanning integration method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113918954A CN113918954A CN202111076498.6A CN202111076498A CN113918954A CN 113918954 A CN113918954 A CN 113918954A CN 202111076498 A CN202111076498 A CN 202111076498A CN 113918954 A CN113918954 A CN 113918954A
- Authority
- CN
- China
- Prior art keywords
- scanning
- vulnerability scanning
- vulnerability
- asset information
- asset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000010354 integration Effects 0.000 title claims abstract description 19
- 238000003860 storage Methods 0.000 title claims abstract description 8
- 230000004083 survival effect Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 5
- 230000008676 import Effects 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The invention relates to the technical field of vulnerability scanning, in particular to an automatic vulnerability scanning integration method, a device, equipment and a storage medium, wherein the automatic vulnerability scanning integration method comprises the steps of determining asset information needing to be scanned and establishing a vulnerability scanning task, wherein the asset information comprises an asset name, an IP address and asset description; and carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, calling the vulnerability scanning configuration to carry out vulnerability scanning on the asset information, and outputting a scanning result. According to the method, security personnel only need to import asset information and carry out simple vulnerability scanning configuration selection according to conditions, and automatically carry out vulnerability scanning after vulnerability scanning configuration is completed, so that automatic vulnerability scanning of huge asset information in an enterprise is realized, vulnerability scanning time of the security personnel in the enterprise is effectively reduced, and vulnerability scanning efficiency is improved.
Description
Technical Field
The invention relates to the technical field of vulnerability scanning, in particular to an automatic vulnerability scanning integration method, device, equipment and storage medium.
Background
With the continuous development and the advanced application of information technology, various industries introduce various advanced information technologies into production and management. Massive data are generated while the information technology is continuously and deeply applied, the massive data become core production elements, and the data bring various security risks while the flowing realization value is created, so that the massive data become an important target of network attack. At the same time, the number of information assets carrying such massive data is also enormous.
In recent years, hacker attack techniques are varied, and attack forms are diversified. Although organizations and individuals of large network security develop tools for information asset vulnerabilities, unified scanning of huge assets of enterprises is cumbersome and complex, and requires investment of certain personnel and working time.
Disclosure of Invention
The invention provides an automatic vulnerability scanning integration method, device, equipment and storage medium, which relate to the technical field of vulnerability scanning, overcome the defects of the prior art and effectively solve the problems of complex scanning process and low automation degree in the asset vulnerability scanning process.
One of the technical schemes of the invention is realized by the following measures: an automated vulnerability scanning integration method, comprising:
determining asset information needing to be scanned, and establishing a vulnerability scanning task, wherein the asset information comprises an asset name, an IP address and asset description;
and carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, calling the vulnerability scanning configuration to carry out vulnerability scanning on the asset information, and outputting a scanning result.
The following is further optimization or/and improvement of the technical scheme of the invention:
the above vulnerability scanning configuration for the vulnerability scanning task includes:
selecting a vulnerability scanning task;
determining the vulnerability type to be scanned based on the vulnerability scanning task;
searching and determining a vulnerability scanning plug-in at a corresponding point based on the vulnerability type to be scanned;
and carrying out scanning condition configuration based on the vulnerability scanning task, wherein the scanning condition comprises a proxy server address, a network card, scanning port parameters, thread quantity, a scanning mode and scanning time.
And selecting the needed vulnerability poc set when determining the asset information needing to be scanned, and scanning the vulnerability poc set while calling vulnerability scanning configuration to perform vulnerability scanning on the asset information.
The above-mentioned vulnerability scanning configuration of transferring carries out the vulnerability scanning to asset information, including:
detecting asset information, wherein the detection content comprises the survival condition, the port opening condition and the operating system version of the asset information;
and calling vulnerability scanning configuration to carry out vulnerability scanning on the asset information, and outputting vulnerability scanning results.
And after the scanning result is output, an asset survival report, a port opening report and a vulnerability report are produced.
The second technical scheme of the invention is realized by the following measures: an automated vulnerability scanning integration apparatus, comprising:
the asset information collection layer is used for importing asset information, wherein the asset information comprises an asset name, an IP address and asset description;
the vulnerability scanning layer is used for determining asset information to be scanned, establishing a vulnerability scanning task, carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, calling the vulnerability scanning configuration to carry out vulnerability scanning on the asset information and outputting a scanning result;
and scanning a result processing layer, and making an asset survival report, a port opening report and a vulnerability report.
The following is further optimization or/and improvement of the technical scheme of the invention:
the vulnerability scanning layer comprises:
the scanning asset range determining unit is used for determining asset information to be scanned and establishing a vulnerability scanning task;
the scanning configuration unit is used for carrying out vulnerability scanning configuration aiming at the vulnerability scanning task;
the POC collection unit is used for storing and managing POCs of various types of vulnerabilities, wherein the stored and managed POCs comprise paths, vulnerability names, classification labels, operation parameters, disclosure time and description;
and the scanning execution unit calls vulnerability scanning configuration to carry out vulnerability scanning on the asset information and outputs a scanning result.
According to the method, security personnel only need to import asset information and carry out simple vulnerability scanning configuration selection according to conditions, and automatically carry out vulnerability scanning after vulnerability scanning configuration is completed, so that automatic vulnerability scanning of huge asset information in an enterprise is realized, vulnerability scanning time of the security personnel in the enterprise is effectively reduced, and vulnerability scanning efficiency is improved.
Drawings
FIG. 1 is a process flow diagram of example 1 of the present invention.
FIG. 2 is a schematic structural view of an apparatus according to embodiment 3 of the present invention.
Detailed Description
The present invention is not limited by the following examples, and specific embodiments may be determined according to the technical solutions and practical situations of the present invention.
The invention is further described with reference to the following examples and figures:
example 1: as shown in fig. 1, an embodiment of the present invention discloses an automated vulnerability scanning integration method, which includes:
step S101, determining asset information needing to be scanned, and establishing a vulnerability scanning task, wherein the asset information comprises an asset name, an IP address and asset description;
and S102, carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, calling the vulnerability scanning configuration to carry out vulnerability scanning on the asset information, and outputting a scanning result. The vulnerability scanning configuration aiming at the vulnerability scanning task can be automatically completed, and can also be selected and configured by security personnel through a human-computer interaction interface, the configuration process is only simple to select, and the requirements on the security personnel are reduced.
The invention discloses an automatic vulnerability scanning integration method, which is characterized in that security personnel only need to import asset information and carry out simple vulnerability scanning configuration selection according to conditions, and automatically carry out vulnerability scanning after completing vulnerability scanning configuration, thereby realizing automatic vulnerability scanning of huge asset information in an enterprise, effectively reducing vulnerability scanning time of security personnel in the enterprise and improving vulnerability scanning efficiency.
Example 2: the embodiment of the invention discloses an automatic vulnerability scanning integration method, which comprises the following steps:
step S201, determining asset information needing to be scanned, and establishing a vulnerability scanning task, wherein the asset information comprises an asset name, an IP address and asset description;
step S202, vulnerability scanning configuration is carried out aiming at the vulnerability scanning task, vulnerability scanning is carried out on asset information by calling the vulnerability scanning configuration, and a scanning result is output;
step S203, after the scanning result is output, an asset survival report, a port opening report and a vulnerability report are produced.
Here, vulnerability scanning configuration is performed for a vulnerability scanning task, including:
1. selecting a vulnerability scanning task; the vulnerability scanning tasks established in the step S201 may be multiple, if the plurality of vulnerability scanning tasks are in a queue form, the vulnerability scanning tasks are selected according to the queue order, and if the plurality of vulnerability scanning tasks have no priority order, one or more vulnerability scanning tasks can be simultaneously selected at random;
2. determining the vulnerability type to be scanned based on the vulnerability scanning task;
3. searching and determining a vulnerability scanning plug-in at a corresponding point based on the vulnerability type to be scanned; the vulnerability scanning plug-ins are pre-stored, and a plurality of vulnerability scanning plug-ins are updated, supplemented and deleted at irregular time;
4. configuring scanning conditions based on the vulnerability scanning task, wherein the scanning conditions comprise a proxy server address, a network card, scanning port parameters, thread quantity, a scanning mode and scanning time; the address of the proxy server, the network card, the scanning port parameter and the thread number are set for scanning, and the scanning mode and the scanning time are set in advanced, wherein the scanning mode comprises random scanning, sequential scanning and depth scanning.
Here, invoking vulnerability scanning configuration to perform vulnerability scanning on asset information includes:
1. detecting asset information, wherein the detection content comprises the survival condition, the port opening condition and the operating system version of the asset information;
2. and calling vulnerability scanning configuration to carry out vulnerability scanning on the asset information, and outputting vulnerability scanning results.
In the process, the vulnerability poc set is further arranged, the vulnerability set needing to be scanned is further selected when the asset information needing to be scanned is determined, so that vulnerability scanning is carried out on the asset information by calling vulnerability scanning configuration, the vulnerability poc set is scanned, and vulnerability scanning of the asset information is verified through the scanning result of the vulnerability poc set.
Example 3: as shown in fig. 2, an embodiment of the present invention discloses an automated vulnerability scanning integrated apparatus, which includes:
the asset information collection layer is used for importing asset information, wherein the asset information comprises an asset name, an IP address and asset description; the asset information can be imported by using an excel file, and meanwhile, an asset information database, which can be a MYSQL database, is arranged on the asset information collection layer and stores the brought-in asset information.
And the vulnerability scanning layer is used for determining asset information to be scanned, establishing a vulnerability scanning task, carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, calling the vulnerability scanning configuration to carry out vulnerability scanning on the asset information and outputting a scanning result.
The method specifically comprises the following steps:
the scanning asset range determining unit is used for determining asset information to be scanned and establishing a vulnerability scanning task;
the scanning configuration unit is used for carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, the configuration comprises scanning setting and advanced setting, the scanning setting comprises a proxy server address, a network card, scanning port parameters and thread quantity, the advanced setting comprises a scanning mode and scanning time, and the scanning mode comprises random scanning, sequential scanning and depth scanning; various vulnerability scanning plug-ins are also stored in the scanning configuration unit and are used for calling during vulnerability scanning;
the POC collection unit is used for storing and managing POCs of various types of vulnerabilities, wherein the stored and managed POCs comprise paths, vulnerability names, classification labels, operation parameters, disclosure time and description; the POC is a vulnerability of a certain type collected from the Internet or independently developed, and all POCs are uniformly stored in a certain directory;
the scanning execution unit is used for calling vulnerability scanning configuration to carry out vulnerability scanning on the asset information and outputting a scanning result; here, the selected POC set is also scanned while vulnerability scanning is performed on the asset information.
And scanning a result processing layer, and making an asset survival report, a port opening report and a vulnerability report. The method specifically comprises an asset survival reporting unit, a port opening reporting unit and a vulnerability reporting unit.
Embodiment 4 is a storage medium having a computer program stored thereon, the computer program being readable by a computer and configured to execute a method for identifying a weak link in a power grid based on extreme ice damage when the computer program is run.
The storage medium may include, but is not limited to: u disk, read-only memory, removable hard disk, magnetic or optical disk, etc. various media capable of storing computer programs.
Embodiment 5, the electronic device includes a processor and a memory, where the memory stores a computer program, and the computer program is loaded and executed by the processor to implement the method for identifying the weak link of the power grid based on the extreme ice disaster.
The electronic equipment further comprises transmission equipment and input and output equipment, wherein the transmission equipment and the input and output equipment are both connected with the processor.
The above technical features constitute the best embodiment of the present invention, which has strong adaptability and best implementation effect, and unnecessary technical features can be increased or decreased according to actual needs to meet the requirements of different situations.
Claims (10)
1. An automated vulnerability scanning integration method, comprising:
determining asset information needing to be scanned, and establishing a vulnerability scanning task, wherein the asset information comprises an asset name, an IP address and asset description;
and carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, calling the vulnerability scanning configuration to carry out vulnerability scanning on the asset information, and outputting a scanning result.
2. The automated vulnerability scanning integration method according to claim 1, wherein the vulnerability scanning configuration for vulnerability scanning tasks comprises:
selecting a vulnerability scanning task;
determining the vulnerability type to be scanned based on the vulnerability scanning task;
searching and determining a vulnerability scanning plug-in at a corresponding point based on the vulnerability type to be scanned;
and carrying out scanning condition configuration based on the vulnerability scanning task, wherein the scanning condition comprises a proxy server address, a network card, scanning port parameters, thread quantity, a scanning mode and scanning time.
3. The automated vulnerability scanning integration method according to claim 1 or 2, characterized by further comprising a vulnerability poc set, selecting the needed vulnerability poc set when determining asset information needed to be scanned, and scanning the vulnerability poc set while executing vulnerability scanning on the asset information by calling vulnerability scanning configuration.
4. The automated vulnerability scanning integration method of claim 1 or 2, wherein the invoking vulnerability scanning configuration for vulnerability scanning asset information comprises:
detecting asset information, wherein the detection content comprises the survival condition, the port opening condition and the operating system version of the asset information;
and calling vulnerability scanning configuration to carry out vulnerability scanning on the asset information, and outputting vulnerability scanning results.
5. The automated vulnerability scanning integration method of claim 3, wherein the invoking vulnerability scanning configuration to vulnerability scan asset information comprises:
detecting asset information, wherein the detection content comprises the survival condition, the port opening condition and the operating system version of the asset information;
and calling vulnerability scanning configuration to carry out vulnerability scanning on the asset information and outputting a scanning result, wherein the scanning result comprises an asset detection result and a vulnerability scanning result.
6. The automated vulnerability scanning integration method according to any one of claims 1 to 5, characterized in that after the scanning result is output, an asset survival report, a port opening report and a vulnerability report are made.
7. An automated vulnerability scanning integrated device, comprising:
the asset information collection layer is used for importing asset information, wherein the asset information comprises an asset name, an IP address and asset description;
the vulnerability scanning layer is used for determining asset information to be scanned, establishing a vulnerability scanning task, carrying out vulnerability scanning configuration aiming at the vulnerability scanning task, calling the vulnerability scanning configuration to carry out vulnerability scanning on the asset information and outputting a scanning result;
and scanning a result processing layer, and making an asset survival report, a port opening report and a vulnerability report.
8. The automated vulnerability scanning integrated device of any one of claim 7, wherein the vulnerability scanning layer comprises:
the scanning asset range determining unit is used for determining asset information to be scanned and establishing a vulnerability scanning task;
the scanning configuration unit is used for carrying out vulnerability scanning configuration aiming at the vulnerability scanning task;
the POC collection unit is used for storing and managing POCs of various types of vulnerabilities, wherein the stored and managed POCs comprise paths, vulnerability names, classification labels, operation parameters, disclosure time and description;
and the scanning execution unit calls vulnerability scanning configuration to carry out vulnerability scanning on the asset information and outputs a scanning result.
9. A storage medium having stored thereon a computer program readable by a computer, the computer program being arranged to, when executed, perform an automated vulnerability scanning integration method according to any one of claims 1 to 6.
10. An electronic device comprising a processor and a memory, the memory having stored therein a computer program that is loaded and executed by the processor to implement the automated vulnerability scanning integration method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111076498.6A CN113918954A (en) | 2021-09-14 | 2021-09-14 | Automated vulnerability scanning integration method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111076498.6A CN113918954A (en) | 2021-09-14 | 2021-09-14 | Automated vulnerability scanning integration method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113918954A true CN113918954A (en) | 2022-01-11 |
Family
ID=79234745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111076498.6A Pending CN113918954A (en) | 2021-09-14 | 2021-09-14 | Automated vulnerability scanning integration method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113918954A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242426A (en) * | 2022-06-01 | 2022-10-25 | 国网浙江省电力有限公司宁波供电公司 | Power distribution terminal concurrent plug-in detection method and detection system |
| CN116578996A (en) * | 2023-07-14 | 2023-08-11 | 北京立思辰安科技术有限公司 | Data processing system for acquiring final vulnerability scanning equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118003A (en) * | 2012-12-27 | 2013-05-22 | 北京神州绿盟信息安全科技股份有限公司 | Risk scanning method, device and system based on assets |
| US20150150072A1 (en) * | 2013-11-25 | 2015-05-28 | Level 3 Communications, Llc | System and method for a security asset manager |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
| CN112257070A (en) * | 2020-10-22 | 2021-01-22 | 全球能源互联网研究院有限公司 | Vulnerability troubleshooting method and system based on asset scene attributes |
| CN113158195A (en) * | 2021-04-09 | 2021-07-23 | 上海碳泽信息科技有限公司 | Distributed vulnerability scanning method and system based on POC script |
-
2021
- 2021-09-14 CN CN202111076498.6A patent/CN113918954A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118003A (en) * | 2012-12-27 | 2013-05-22 | 北京神州绿盟信息安全科技股份有限公司 | Risk scanning method, device and system based on assets |
| US20150150072A1 (en) * | 2013-11-25 | 2015-05-28 | Level 3 Communications, Llc | System and method for a security asset manager |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
| CN112257070A (en) * | 2020-10-22 | 2021-01-22 | 全球能源互联网研究院有限公司 | Vulnerability troubleshooting method and system based on asset scene attributes |
| CN113158195A (en) * | 2021-04-09 | 2021-07-23 | 上海碳泽信息科技有限公司 | Distributed vulnerability scanning method and system based on POC script |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242426A (en) * | 2022-06-01 | 2022-10-25 | 国网浙江省电力有限公司宁波供电公司 | Power distribution terminal concurrent plug-in detection method and detection system |
| CN116578996A (en) * | 2023-07-14 | 2023-08-11 | 北京立思辰安科技术有限公司 | Data processing system for acquiring final vulnerability scanning equipment |
| CN116578996B (en) * | 2023-07-14 | 2023-09-08 | 北京立思辰安科技术有限公司 | Data processing system for acquiring final vulnerability scanning equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10579803B1 (en) | System and method for management of application vulnerabilities | |
| CN113918954A (en) | Automated vulnerability scanning integration method, device, equipment and storage medium | |
| CN110287696B (en) | Detection method, device and equipment for rebound shell process | |
| CN107908680A (en) | Management method, electronic device and the computer-readable recording medium of wechat public platform | |
| CN108845940A (en) | A kind of enterprise information system automated function test method and system | |
| CN115438984A (en) | AI-based big data processing method and server | |
| CN116644250B (en) | Page detection method, page detection device, computer equipment and storage medium | |
| CN113641742A (en) | Data extraction method, device, equipment and storage medium | |
| CN116483707A (en) | Test method, test device, test apparatus, test program, and test program | |
| US20080033995A1 (en) | Identifying events that correspond to a modified version of a process | |
| CN111309986A (en) | Big data acquisition and sharing system | |
| CN116151631A (en) | Service decision processing system, service decision processing method and device | |
| CN113468446A (en) | Method, system and equipment for supporting identification of third-party two-dimensional code data | |
| CN112631222B (en) | Processing method and system of Internet industrial control system and computing equipment | |
| CN117112668B (en) | ETL-based RPA flow management method and system | |
| CN113762827B (en) | Inventory difference hedging processing method and device | |
| CN112819554B (en) | Service processing method and device based on page operation and computer equipment | |
| CN117034210B (en) | Event image generation method and device, storage medium and electronic equipment | |
| CN117492822B (en) | Change contrast method, device, electronic equipment and storage medium | |
| US11520688B1 (en) | Systems and methods for automated test data microservices | |
| CN117670240A (en) | Method and device for managing tasks to be handled, readable storage medium and electronic equipment | |
| CN115689135A (en) | Role allocation method and device, computer equipment and storage medium | |
| CN116150359A (en) | Micro-service dividing method and device, electronic equipment and readable medium | |
| CN115687286A (en) | Incremental big data calculation method and system based on impala | |
| CN114418488A (en) | Inventory information processing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |