CN114238979A - Vulnerability detection method, device, equipment and computer readable storage medium - Google Patents

Vulnerability detection method, device, equipment and computer readable storage medium Download PDF

Info

Publication number
CN114238979A
CN114238979A CN202111342266.0A CN202111342266A CN114238979A CN 114238979 A CN114238979 A CN 114238979A CN 202111342266 A CN202111342266 A CN 202111342266A CN 114238979 A CN114238979 A CN 114238979A
Authority
CN
China
Prior art keywords
vulnerability
basic information
vulnerability scanning
target basic
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111342266.0A
Other languages
Chinese (zh)
Inventor
陈希
刘玉权
殷铁军
苏浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhongtong Uniform Chuangfa Science And Technology Co ltd
Original Assignee
Zhongtong Uniform Chuangfa Science And Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhongtong Uniform Chuangfa Science And Technology Co ltd filed Critical Zhongtong Uniform Chuangfa Science And Technology Co ltd
Priority to CN202111342266.0A priority Critical patent/CN114238979A/en
Publication of CN114238979A publication Critical patent/CN114238979A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Embodiments of the present disclosure provide a vulnerability detection method, apparatus, device and computer-readable storage medium. The method comprises the following steps: receiving a vulnerability scanning task instruction by vulnerability scanning service; acquiring target basic information of a tested host computer, which is acquired in advance by a basic information collection service; and carrying out vulnerability scanning on the target basic information according to the vulnerability scanning task instruction so as to obtain vulnerability result data. In this way, vulnerability scanning time can be saved, the overall performance of the vulnerability scanning engine is improved, user experience is enhanced, and vulnerability scanning can be suitable for large-scale application.

Description

Vulnerability detection method, device, equipment and computer readable storage medium
Technical Field
Embodiments of the present disclosure relate generally to the field of detection technology, and more particularly, to vulnerability detection methods, apparatuses, devices, and computer-readable storage media.
Background
At present, when a vulnerability scanning engine scans vulnerabilities, a vulnerability detection and attack simulation scanning work is performed only after basic target basic information needs to be collected temporarily according to a scanning task, so that a large amount of scanning time is consumed for collecting the basic target information, vulnerability scanning performance is low, user experience is poor, and the vulnerability scanning engine is not suitable for large-scale application. Therefore, how to improve the overall performance of the vulnerability scanning engine to enhance the user experience makes vulnerability scanning suitable for large-scale application a difficult problem in the industry.
Disclosure of Invention
According to an embodiment of the present disclosure, a vulnerability detection scheme is provided.
In a first aspect of the disclosure, a vulnerability detection method is provided. The method comprises the following steps:
receiving a vulnerability scanning task instruction by vulnerability scanning service;
acquiring target basic information of a tested host computer, which is acquired in advance by a basic information collection service;
and carrying out vulnerability scanning on the target basic information according to the vulnerability scanning task instruction so as to obtain vulnerability result data.
The above-described aspects and any possible implementations further provide an implementation in which the basic information collection service collects the target basic information by:
detecting one or more tested hosts according to a pre-configured detection task instruction and a detection strategy to obtain target basic information corresponding to each tested host, wherein:
the target basis information includes at least one of:
survival information, operating system information, and service information.
The above aspects, and any possible implementations, further provide an implementation,
the basic information collection service carries out format conversion on target basic information corresponding to each tested host;
and the basic information collection service loads the format-converted target basic information corresponding to each tested host into a relational database.
The above-described aspects and any possible implementations further provide an implementation, and the method further includes:
and the vulnerability scanning service loads the target basic information after format conversion corresponding to each tested host from the relational database to a Redis memory database.
As for the above-mentioned aspects and any possible implementation manner, there is further provided an implementation manner, where performing vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data, including:
determining survival information as a target tested host which is still alive at present from one or more tested hosts;
and carrying out vulnerability scanning on the target basic information of the target tested host according to the vulnerability scanning task instruction so as to obtain vulnerability result data.
As described in the above aspect and any possible implementation manner, there is further provided an implementation manner that performs vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data, including:
determining a corresponding vulnerability scanning tool according to the content type of the target basic information;
and calling the vulnerability scanning tool to scan and/or simulate attacks on the target basic information based on the vulnerability scanning task instruction, and collecting vulnerability result data generated by the vulnerability scanning tool.
As described in the above aspect and any possible implementation manner, there is further provided an implementation manner that performs vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data, including:
determining whether the target basic information is complete according to the vulnerability scanning task instruction;
if the target basic information is complete, directly carrying out vulnerability scanning on the target basic information to obtain vulnerability result data;
if the target basic information is not complete, calling a corresponding information collection plug-in according to the lacking information to collect information, and after the lacking information is collected, scanning the vulnerability according to the lacking information and the target basic information to obtain vulnerability result data.
In a second aspect of the disclosure, a vulnerability detection apparatus is provided. The device includes:
the receiving module is used for receiving the vulnerability scanning task instruction through the vulnerability scanning service;
the acquisition module is used for acquiring target basic information of the tested host computer, which is acquired in advance by the basic information collection service;
and the vulnerability scanning module is used for carrying out vulnerability scanning on the target basic information according to the vulnerability scanning task instruction so as to obtain vulnerability result data.
In a third aspect of the disclosure, an electronic device is provided. The electronic device includes: a memory having a computer program stored thereon and a processor implementing the method as described above when executing the program.
In a fourth aspect of the present disclosure, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the method as according to the first and/or second aspect of the present disclosure.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present disclosure will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
fig. 1 shows a flow diagram of a vulnerability detection method according to an embodiment of the present disclosure;
FIG. 2 illustrates a block diagram of a vulnerability detection apparatus according to an embodiment of the present disclosure;
FIG. 3 shows a block diagram of a vulnerability detection apparatus according to another embodiment of the present disclosure;
FIG. 4 illustrates a block diagram of an exemplary electronic device capable of implementing embodiments of the present disclosure.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present disclosure more clear, the technical solutions of the embodiments of the present disclosure will be described clearly and completely with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are some, but not all embodiments of the present disclosure. All other embodiments, which can be derived by a person skilled in the art from the embodiments disclosed herein without making any creative effort, shall fall within the protection scope of the present disclosure.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
According to the vulnerability scanning method and device, the target basic information of the tested host is collected in advance through the basic information collection service, so that the vulnerability scanning service can directly carry out vulnerability scanning work on the target basic information when receiving a vulnerability scanning task instruction, and then vulnerability result data is obtained quickly, so that vulnerability scanning time is saved, the overall performance of a vulnerability scanning engine is improved, user experience is enhanced, and vulnerability scanning can be suitable for large-scale application.
Fig. 1 shows a flow chart of a vulnerability detection method 100 according to an embodiment of the present disclosure. The method 100 may include:
step 110, the vulnerability scanning service receives a vulnerability scanning task instruction;
step 120, acquiring target basic information of the tested host computer, which is acquired in advance by a basic information collection service;
the vulnerability scanning service and the basic information collection service are two different processes in the execution main body and can respectively and independently run. The target base information is usually the necessary information for vulnerability scanning.
And step 130, performing vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data.
After the vulnerability scanning service receives the vulnerability scanning task instruction, the vulnerability scanning operation can be directly carried out on the target basic information by acquiring the target basic information of the tested host computer which is acquired in advance by the basic information collecting service, and then vulnerability result data can be quickly obtained.
In one embodiment, the base information collection service collects the target base information by:
detecting one or more tested hosts according to a pre-configured detection task instruction and a detection strategy to obtain target basic information corresponding to each tested host, wherein:
the target basis information includes at least one of:
survival information, operating system information, and service information.
By performing survival detection, operating system detection and service detection on one or more tested hosts, basic information of each tested host can be obtained, so that vulnerability scanning work can be quickly completed by using the basic information, and certainly, the more the detected basic information is, the more perfect the vulnerability scanning work is.
The survival information is used for representing whether the tested host is alive or not, and the tested host which can ping is regarded as the survival host.
The operating system information is used to characterize the operating system installed on the tested host, such as the version of the operating system.
The service information is used for representing information of various applications installed on the tested host, such as installation packages, versions and the like of the applications.
The basic information collecting service may periodically scan for target basic information and update.
The detection task instruction is used for indicating which information needs to be detected, and the detection strategy is used for indicating detection time, whether parallel detection is performed or not, detection sequence and the like. The target basic information includes, but is not limited to, the above information, and may also be code detection information and the like.
In one embodiment, the basic information collection service performs format conversion on target basic information corresponding to each tested host;
and the basic information collection service loads the format-converted target basic information corresponding to each tested host into a relational database.
The basic information collection service can ensure that the target basic information can be identified by a scanning engine under the vulnerability scanning service by performing format conversion on the target basic information corresponding to each tested host, namely ensuring that the scanning engine can be loaded into a relational database for storage depending on the target basic information so as to be convenient for the subsequent vulnerability scanning service call.
In one embodiment, the method further comprises:
and the vulnerability scanning service loads the target basic information after format conversion corresponding to each tested host from the relational database to a Redis memory database.
Because the data reading speed in the relational database is low and the data reading speed of the Redis memory database is high, the vulnerability scanning service loads the target basic information after format conversion from the relational database into the Redis memory database, necessary basic information support is provided for a vulnerability scanning engine under the vulnerability scanning service, and when vulnerability scanning is performed later, data can be quickly called from the Redis memory database, then script plug-ins are scheduled, and vulnerability scanning and simulated attack are quickly completed.
In an embodiment, the performing vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data includes:
determining survival information as a target tested host which is still alive at present from one or more tested hosts;
and carrying out vulnerability scanning on the target basic information of the target tested host according to the vulnerability scanning task instruction so as to obtain vulnerability result data.
Because the tested host which does not survive has no significance of vulnerability detection, the tested host which only survives can be ensured to be effectively detected by determining the survival information from one or more tested hosts as the tested host which is still alive at present, so that accurate and effective vulnerability result data is obtained, and invalid detection is avoided.
In one embodiment, performing vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data includes:
determining a corresponding vulnerability scanning tool according to the content type of the target basic information;
the target basic information may be stored in the form of key value pairs, and the key name may be a content type, for example, the key name may be a host name of the host under test and an identifier of an operating system of the host under test, in which case the content type is operating system information of a certain host under test. And the key value pair value is the specific information content of the target basic information.
And calling the vulnerability scanning tool to scan and/or simulate attacks on the target basic information based on the vulnerability scanning task instruction, and collecting vulnerability result data generated by the vulnerability scanning tool. Invoking the vulnerability scanning tool may be invoking with a scanning engine sub-process in the vulnerability scanning service. Some bug scans require analog attacks, such as password blasting for weak password detection scans.
Because different content types may be suitable for different vulnerability scanning tools, if the content type is web application information, the corresponding vulnerability scanning tool is a web application plug-in, and therefore, according to the vulnerability scanning task instruction, the corresponding vulnerability scanning tool can be called to carry out vulnerability scanning and/or simulated attack on the target basic information, and therefore vulnerability result data of each surviving tested host is generated by the vulnerability scanning tool.
In one embodiment, performing vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data includes:
determining whether the target basic information is complete according to the vulnerability scanning task instruction;
if the target basic information is complete, directly carrying out vulnerability scanning on the target basic information to obtain vulnerability result data; invoking the information collection plug-in may be invoking with a scan engine sub-process in the vulnerability scanning service.
If the target basic information is not complete, calling a corresponding information collection plug-in according to the lacking information to collect information, and after the lacking information is collected, scanning the vulnerability according to the lacking information and the target basic information to obtain vulnerability result data.
Because the target basic information collected in advance may not be complete, that is, not comprehensive, whether the target basic information is complete or not can be determined according to the required information indicated by the vulnerability scanning task instruction, and if the target basic information is complete, vulnerability scanning can be directly carried out on the target basic information so as to obtain accurate vulnerability result data; if the target basic information is not complete, calling a corresponding information collection plug-in according to the lacking information to collect information, and then automatically scanning the vulnerability by combining the collected lacking information and the target basic information, thereby obtaining accurate and efficient vulnerability result data.
The technical solution of the present disclosure will be further explained with reference to fig. 3:
this disclosure decomposes vulnerability scanning into basic information collection services and vulnerability scanning services, wherein:
the basic information collection service mainly aims at asset scanning tasks and scanning strategies configured by users, and performs survival detection, operating system information detection and service information detection on a network target host through plug-in technologies such as nmap, masscan and whatweb. The detected information is converted into target basic information which can be identified by a scanning engine through data conversion.
The vulnerability scanning service is mainly used for directly loading basic information data generated by the basic information collection service into a Redis cache database for a vulnerability scanning engine to use, sequentially scheduling related scanning plugins to execute vulnerability detection according to a set rule and a user configuration strategy aiming at a vulnerability scanning task and a scanning strategy configured by a user (such as what type of plugins, plugin configuration parameters, scanning time and plugin execution sequence) under a script plugin framework of NASL (network-based service library) through the vulnerability scanning engine, and collecting vulnerability result data generated in the plugin execution process, so that the overall performance of the vulnerability scanning engine is improved by improving the basic information collection efficiency of a target, the user experience is enhanced, and further vulnerability scanning is suitable for large-scale application. Compared with the network segment host for scanning an intranet in the prior art, hours or even 10 hours of scanning time may be needed, the vulnerability scanning work of the disclosure can be completed within about half an hour, and thus the vulnerability scanning method can be widely applied to network security products such as asset space mapping and the like.
In addition, the leak library in fig. 3 discloses that: various vulnerabilities and solutions, etc.; the scanning result refers to the current scanning result;
the rule base describes the response time of the plug-in, the setting parameters of the plug-in and other rules
The plug-in file is written by a programmer in advance, and describes a process of vulnerability detection by using the plug-in, and the plug-in can be activated under the condition of the plug-in depending on information such as yarn.
It is noted that while for simplicity of explanation, the foregoing method embodiments have been described as a series of acts or combination of acts, it will be appreciated by those skilled in the art that the present disclosure is not limited by the order of acts, as some steps may, in accordance with the present disclosure, occur in other orders and concurrently. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that acts and modules referred to are not necessarily required by the disclosure.
The above is a description of embodiments of the method, and the embodiments of the apparatus are further described below.
Fig. 2 shows a block diagram of a vulnerability detection apparatus 200 according to an embodiment of the present disclosure. As shown in fig. 2, the apparatus 200 includes:
a receiving module 210, configured to receive a vulnerability scanning task instruction through a vulnerability scanning service;
an obtaining module 220, configured to obtain target basic information of the host under test, which is acquired in advance by the basic information collection service;
and the vulnerability scanning module 230 is configured to perform vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
FIG. 4 shows a schematic block diagram of an electronic device 400 that may be used to implement embodiments of the present disclosure. The apparatus 400 may be used to implement the vulnerability detection apparatus 200 of FIG. 2. As shown, the device 400 includes a CPU401 that can perform various appropriate actions and processes according to computer program instructions stored in a ROM402 or loaded from a storage unit 408 into a RAM 403. In the RAM403, various programs and data required for the operation of the device 400 can also be stored. The CPU401, ROM402, and RAM403 are connected to each other via a bus 404. An I/O interface 405 is also connected to bus 404.
A number of components in device 400 are connected to I/O interface 405, including: an input unit 406 such as a keyboard, a mouse, or the like; an output unit 407 such as various types of displays, speakers, and the like; a storage unit 408 such as a magnetic disk, optical disk, or the like; and a communication unit 409 such as a network card, modem, wireless communication transceiver, etc. The communication unit 409 allows the device 400 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
Processing unit 401 performs various methods and processes described above, such as method 100. For example, in some embodiments, the method 100 may be implemented as a computer software program tangibly embodied in a machine-readable medium, such as the storage unit 408. In some embodiments, part or all of the computer program may be loaded and/or installed onto the device 400 via the ROM402 and/or the communication unit 409. When loaded into RAM403 and executed by CPU401, may perform one or more of the steps of method 100 described above. Alternatively, in other embodiments, the CPU401 may be configured to perform the method 100 by any other suitable means (e.g., by way of firmware).
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a RAM, a ROM, an EPROM, an optical fiber, a CD-ROM, an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
Further, while operations are depicted in a particular order, this should be understood as requiring that such operations be performed in the particular order shown or in sequential order, or that all illustrated operations be performed, to achieve desirable results. Under certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limitations on the scope of the disclosure. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single implementation. Conversely, various features that are described in the context of a single implementation can also be implemented in multiple implementations separately or in any suitable subcombination.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (10)

1. A vulnerability detection method is characterized by comprising the following steps:
receiving a vulnerability scanning task instruction by vulnerability scanning service;
acquiring target basic information of a tested host computer, which is acquired in advance by a basic information collection service;
and carrying out vulnerability scanning on the target basic information according to the vulnerability scanning task instruction so as to obtain vulnerability result data.
2. The method of claim 1, wherein the base information collection service collects the target base information by:
detecting one or more tested hosts according to a pre-configured detection task instruction and a detection strategy to obtain target basic information corresponding to each tested host, wherein:
the target basis information includes at least one of:
survival information, operating system information, and service information.
3. The method of claim 2,
the basic information collection service carries out format conversion on target basic information corresponding to each tested host;
and the basic information collection service loads the format-converted target basic information corresponding to each tested host into a relational database.
4. The method of claim 3, further comprising:
and the vulnerability scanning service loads the target basic information after format conversion corresponding to each tested host from the relational database to a Redis memory database.
5. The method of claim 2,
the vulnerability scanning of the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data comprises the following steps:
determining survival information as a target tested host which is still alive at present from one or more tested hosts;
and carrying out vulnerability scanning on the target basic information of the target tested host according to the vulnerability scanning task instruction so as to obtain vulnerability result data.
6. The method of claim 1,
performing vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data, wherein the vulnerability scanning task instruction comprises the following steps:
determining a corresponding vulnerability scanning tool according to the content type of the target basic information;
and calling the vulnerability scanning tool to scan and/or simulate attacks on the target basic information based on the vulnerability scanning task instruction, and collecting vulnerability result data generated by the vulnerability scanning tool.
7. The method according to any one of claims 1 to 6,
performing vulnerability scanning on the target basic information according to the vulnerability scanning task instruction to obtain vulnerability result data, wherein the vulnerability scanning task instruction comprises the following steps:
determining whether the target basic information is complete according to the vulnerability scanning task instruction;
if the target basic information is complete, directly carrying out vulnerability scanning on the target basic information to obtain vulnerability result data;
if the target basic information is not complete, calling a corresponding information collection plug-in according to the lacking information to collect information, and after the lacking information is collected, scanning the vulnerability according to the lacking information and the target basic information to obtain vulnerability result data.
8. A vulnerability detection apparatus, comprising:
the receiving module is used for receiving the vulnerability scanning task instruction through the vulnerability scanning service;
the acquisition module is used for acquiring target basic information of the tested host computer, which is acquired in advance by the basic information collection service;
and the vulnerability scanning module is used for carrying out vulnerability scanning on the target basic information according to the vulnerability scanning task instruction so as to obtain vulnerability result data.
9. An electronic device comprising a memory and a processor, the memory having stored thereon a computer program, wherein the processor, when executing the program, implements the method of any of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
CN202111342266.0A 2021-11-12 2021-11-12 Vulnerability detection method, device, equipment and computer readable storage medium Pending CN114238979A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111342266.0A CN114238979A (en) 2021-11-12 2021-11-12 Vulnerability detection method, device, equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111342266.0A CN114238979A (en) 2021-11-12 2021-11-12 Vulnerability detection method, device, equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN114238979A true CN114238979A (en) 2022-03-25

Family

ID=80749279

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111342266.0A Pending CN114238979A (en) 2021-11-12 2021-11-12 Vulnerability detection method, device, equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN114238979A (en)

Similar Documents

Publication Publication Date Title
CN108063759B (en) Web vulnerability scanning method
CN112559354A (en) Front-end code specification detection method and device, computer equipment and storage medium
CN110688305B (en) Test environment synchronization method, device, medium and electronic equipment
WO2019075994A1 (en) Method, device and system for mock data at ios end, and storage medium
CN113434396A (en) Interface test method, device, equipment, storage medium and program product
CN112035344A (en) Multi-scenario test method, device, equipment and computer readable storage medium
CN103049377B (en) Based on the parallel symbol manner of execution of path cluster reduction
CN111061489A (en) Multi-platform compiling detection method, device, equipment and medium
CN114610640A (en) Fuzzy testing method and system for trusted execution environment of Internet of things
CN111221727A (en) Test method, test device, electronic equipment and computer readable medium
CN113032341A (en) Log processing method based on visual configuration
CN114238979A (en) Vulnerability detection method, device, equipment and computer readable storage medium
CN111427582A (en) Management method, device and equipment of RT L code and computer readable storage medium
CN110543418A (en) database performance test method, system and storage medium
CN116069650A (en) Method and device for generating test cases
CN115576831A (en) Test case recommendation method, device, equipment and storage medium
CN110795330A (en) Monkey pressure testing method and device
CN113849484A (en) Big data component upgrading method and device, electronic equipment and storage medium
CN114416596A (en) Application testing method and device, computer equipment and storage medium
CN113342678A (en) Interface automatic testing method and device, electronic equipment and storage medium
CN114238130A (en) Performance test method, device, equipment and storage medium
CN110442508B (en) Test task processing method, device, equipment and medium
CN113420713A (en) Abnormity monitoring method and device, electronic equipment and computer readable medium
CN113806231A (en) Code coverage rate analysis method, device, equipment and medium
CN115658534B (en) Distributed fuzzy test method and device based on multi-engine fusion

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination