CN117319345A - Method, system, terminal and storage medium for collecting key information of website - Google Patents
Method, system, terminal and storage medium for collecting key information of website Download PDFInfo
- Publication number
- CN117319345A CN117319345A CN202311167921.2A CN202311167921A CN117319345A CN 117319345 A CN117319345 A CN 117319345A CN 202311167921 A CN202311167921 A CN 202311167921A CN 117319345 A CN117319345 A CN 117319345A
- Authority
- CN
- China
- Prior art keywords
- domain name
- sub
- information
- website
- name
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000001514 detection method Methods 0.000 claims abstract description 17
- 238000004590 computer program Methods 0.000 claims description 11
- 238000012216 screening Methods 0.000 claims description 9
- 230000009193 crawling Effects 0.000 claims description 8
- 230000010354 integration Effects 0.000 claims description 5
- 230000000694 effects Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 230000035515 penetration Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000000149 penetrating effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 241000282414 Homo sapiens Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/3015—Name registration, generation or assignment
- H04L61/302—Administrative registration, e.g. for domain names at internet corporation for assigned names and numbers [ICANN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/30—Managing network names, e.g. use of aliases or nicknames
- H04L61/3015—Name registration, generation or assignment
- H04L61/3025—Domain name generation or assignment
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application relates to a method, a system, a terminal and a storage medium for collecting key information of a website, wherein the method comprises the steps of detecting a website domain name based on a preset domain name detection rule to obtain a first sub-domain name of the website domain name; based on a preset subdomain database, calling user information associated with the first subdomain name according to the first subdomain name; calling a second sub domain name associated with the user information according to the user information; matching search engines associated with the first sub-domain name and the second sub-domain name based on preset matching rules; determining subdomain name asset information and sensitive information of the first subdomain name and the second subdomain name by utilizing the search engine; and integrating the user information, the subdomain name asset information and the sensitive information to obtain key information. This application has the effect that improves work efficiency, reduces the cost of labor.
Description
Technical Field
The present disclosure relates to the field of information security, and in particular, to a method, a system, a terminal, and a storage medium for collecting key information of a website.
Background
Currently, with the development of network and information technologies, particularly the wide popularization and application of the internet, such as e-government affairs, e-commerce, network offices, network media and virtual communities, the living and working modes of human beings are being affected. Meanwhile, the importance of information security is also continuously increasing.
In the process of penetrating the web site, information of the site needs to be collected first, so that the site can be precisely hit in a targeted manner. The more information collection on the architecture of the site, middleware used, deployment mode, etc. the higher the probability of successful penetration of the target, so the information collection on the web site is of great importance in the penetration test process. However, the information about the sites to be collected is collected manually at present, so that the collection workload is very large, the working efficiency is low, and a great amount of labor cost is also required.
Disclosure of Invention
In order to improve working efficiency and reduce labor cost, the application provides a method, a system, a terminal and a storage medium for collecting key information of a website.
The first purpose of the application is to provide a key information collection method of a website.
The first object of the present application is achieved by the following technical solutions:
a key information collection method of a website comprises the following steps of;
detecting a website domain name based on a preset domain name detection rule to obtain a first sub domain name of the website domain name;
based on a preset subdomain database, calling user information associated with the first subdomain name according to the first subdomain name; calling a second sub domain name associated with the user information according to the user information;
matching search engines associated with the first sub-domain name and the second sub-domain name based on preset matching rules;
determining subdomain name asset information and sensitive information of the first subdomain name and the second subdomain name by utilizing the search engine;
and integrating the user information, the subdomain name asset information and the sensitive information to obtain key information.
The present application may be further configured in a preferred embodiment to: detecting a website domain name to obtain a first sub-domain name of the website domain name, wherein the first sub-domain name comprises;
resolving the website domain name to obtain IP address information of the website domain name;
screening the IP address information of the content distribution network in the IP address information to obtain a screening result;
and carrying out IP reverse checking on the IP address information in the screening result to obtain a reverse checking result, wherein the reverse checking result is a first sub domain name.
The present application may be further configured in a preferred embodiment to: detecting a website domain name to obtain a first sub-domain name of the website domain name, wherein the first sub-domain name comprises;
crawling a page corresponding to the website domain name to obtain a crawling result;
analyzing the crawling result to obtain sub domain names in the page;
and integrating the website domain name and the sub domain name in the page to obtain a first sub domain name.
The present application may be further configured in a preferred embodiment to: determining subdomain name asset information and sensitive information of a first subdomain name and a second subdomain name by using the search engine, wherein the subdomain name asset information and sensitive information comprises;
according to the search engine, class libraries and functional plug-ins corresponding to the search engine are called;
analyzing the using method and grammar rules of the search engine;
sending a search request for the first sub domain name and the second sub domain name to a server according to the using method;
search results of the search engine are received, the search results including sub-domain name asset information and sensitive information.
The present application may be further configured in a preferred embodiment to: the preset sub domain name database comprises any one or any combination of an ICP record database, a whois database, a DNS distributed database and an open source hosting website.
The present application may be further configured in a preferred embodiment to: the search engine comprises any one or any combination of hundred degrees, google, dog searching, 360 and bing.
The second purpose of the application is to provide a key information collection system of a website.
The second object of the present application is achieved by the following technical solutions:
a critical information gathering system for a web site, comprising;
the detection module is used for detecting the website domain name to obtain a first sub domain name of the website domain name;
the calling module is used for calling the user information associated with the first sub-domain name according to the first sub-domain name; calling a second sub domain name associated with the user information according to the user information;
the matching module is used for matching the search engine associated with the first sub domain name and the second sub domain name;
the determining module is used for determining subdomain name asset information and sensitive information of the first subdomain name and the second subdomain name by utilizing the search engine;
and the integration module is used for integrating the user information, the subdomain name asset information and the sensitive information to obtain key information.
The third object of the present application is to provide a terminal.
The third object of the present application is achieved by the following technical solutions:
a terminal comprising a memory and a processor, said memory having stored thereon a computer program capable of being loaded by the processor and executing a method for critical information collection of a web site as described above.
A fourth object of the present application is to provide a computer storage medium capable of storing a corresponding program.
The fourth object of the present application is achieved by the following technical solutions:
a computer-readable storage medium storing a computer program capable of being loaded by a processor and executing the critical information collection method of any of the above websites.
In summary, the present application includes the following beneficial technical effects:
the method comprises the steps of obtaining a first sub-domain name of a website domain name through a preset domain name detection rule, obtaining user information associated with the first sub-domain name and a second sub-domain name associated with the user information from a preset sub-domain name database, obtaining sub-domain name asset information and sensitive information through the first sub-domain name and the second sub-domain name, and integrating the user information, the sub-domain name asset information and the sensitive information.
Drawings
Fig. 1 is a flow chart of a method for collecting key information of a website according to an embodiment of the present application.
Fig. 2 is a system schematic diagram of a key information collecting system of a website according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of a terminal according to an embodiment of the present application.
Reference numerals illustrate: 21. a detection module; 22. a calling module; 23. a matching module; 24. a determining module; 25. an integration module; 301. a CPU; 302. a ROM; 303. a RAM; 304. a bus; 305. an I/O interface; 306. an input section; 307. an output section; 308. a storage section; 309. a communication section; 310. a driver; 311. removable media.
Detailed Description
The present application is described in further detail below with reference to the accompanying drawings.
The present embodiment is merely illustrative of the present application and is not intended to be limiting, and those skilled in the art, after having read the present specification, may make modifications to the present embodiment without creative contribution as required, but is protected by patent laws within the scope of the claims of the present application.
The embodiment of the application provides a key information collection method of a website, which is mainly applied to a scene of website information collection. Specifically, in the process of penetrating the web site, information of the site needs to be collected first, so that the site can be precisely hit in a targeted manner. The more information collection on the architecture of the site, middleware used, deployment mode, etc. the higher the probability of successful penetration of the target, so the information collection on the web site is of great importance in the penetration test process. However, the information about the sites to be collected is collected manually at present, so that the collection workload is very large, the working efficiency is low, and a great amount of labor cost is also required.
Therefore, the method for collecting the key information of the website can effectively improve the working efficiency and reduce the labor cost.
Embodiments of the present application are described in further detail below with reference to the drawings attached hereto.
The main flow of the key information collection method of the website is described as follows.
As shown in fig. 1:
step S100: detecting the website domain name based on a preset domain name detection rule to obtain a first sub-domain name of the website domain name.
The website domain name is detected by a preset domain name detection rule, and the preset domain name detection rule can be implemented by any possible method. For example, various possible manners of DNS server query, HTTPS certificate query, dictionary enumeration, DNS domain transfer vulnerability detection, etc. may be employed.
If the DNS server is selected for detection, a DNS query command may be sent to the local DNS server, where the DNS query command includes a website domain name, and the DNS server receives the DNS query command and then makes a response to stop, where the response includes a sub-domain name that can be queried by the local DNS server, and the sub-domain name is the first sub-domain name.
Meanwhile, the website domain name can be resolved to obtain IP address information of the website domain name; screening the IP address information of the content distribution network in the IP address information to obtain a screening result; and carrying out IP reverse check on the IP address information in the screening result to obtain a reverse check result, wherein the reverse check result is the first sub domain name. Therefore, the IP address information of the content distribution network can be screened according to the method, the corresponding domain name information of the content distribution network can be screened, and the accuracy of the first sub domain name can be further improved.
The page corresponding to the website domain name can be crawled to obtain a crawling result; analyzing the crawling result to obtain sub domain names in the page; and integrating the website domain name and the sub domain name in the page to obtain a first sub domain name.
In one specific application, the domain name may be searched directly using the gituub or the js file of the website reveal the sub-domain name, both JSFinder, JSINFO-SCAN and subdomain being tools to search for the sub-domain name from the js file of the website. With file leakage, many websites have cross domain policy files cross domain. Xml, site map sitemap. Xml, and robots. Txt, etc., where sub domain name information may also be present. With web crawlers, many web sites have the function of jumping to other systems, such as OA, mailbox systems, etc., wherein other information related to sub domain names may be included, and in addition, the web sites with Content Security Policies (CSP) deployed may also have domain name information in the header Content-Security-Policy. The site may be crawled using burpasite or awvs-like tools.
It will be appreciated that one or more of the above-mentioned DNS server query, HTTPS certificate query, dictionary enumeration, DNS domain transfer loopholes detection, etc. may be selected in combination with actual technical needs.
Step S200: based on a preset subdomain database, calling user information associated with the first subdomain name according to the first subdomain name; and calling a second sub domain name associated with the user information according to the user information.
The preset sub domain name database stores sub domain names of all website domain names and user information associated with the sub domain names. In the embodiment of the application, the subdomain name database comprises any one or any combination of an ICP record database, a whois database, a DNS distributed database and an open source hosting website.
For example, when the preset sub domain name database is a whois database, the registrant will leave user information when registering the first sub domain name, and the user information includes the name, mailbox, phone number, etc. of the registrant. The social networking code can be made based on the user information, and the associated second sub-domain name can also be found.
Step S300: based on a preset matching rule, matching search engines associated with the first sub-domain name and the second sub-domain name.
Specifically, the search engines associated with the first sub-domain name and the second sub-domain name are matched, and the search engines comprise any one or any combination of hundred degrees, google, dog search, 360 and bing.
Step S400: subdomain name asset information and sensitive information for the first subdomain name and the second subdomain name are determined using a search engine.
Specifically, a class library and a functional plug-in corresponding to a search engine are called according to the search engine; analyzing the using method and grammar rules of the search engine; sending a search request for the first sub domain name and the second sub domain name to a server according to a using method; search results of the search engine are received, the search results including sub-domain name asset information and sensitive information.
For example, obtaining subdomain name asset information, hundred degrees grammar, intent = company name; site, company name.
For example, sensitive information is obtained, and various tools such as various imperial swords, dirmap, dirsearch, dirbus, 7 kbstore, gobuster and the like are utilized to scan domain name ports of the first sub domain name and the second sub domain name, so that whether the ports are unauthorized or not can be tested, and if the ports are unauthorized, the ports comprise password and secret key sensitive data.
The method can also collect the information through an online website and an online network disk, for example, a query command is sent to the online network disk, the subdomain name asset information and the sensitive information are called after the online network disk receives the query command, and the subdomain name asset information and the sensitive information are fed back.
Step S500: and integrating the user information, the subdomain name asset information and the sensitive information to obtain key information.
And integrating the user information, the sub-domain name asset information and the sensitive information to construct a data set or a database. In the process of constructing the data set or the database, the initial sequence of the data information is sequenced, so that the searching of staff is facilitated.
In summary, a first sub-domain name of the website domain name is obtained through a preset domain name detection rule, then user information associated with the first sub-domain name and a second sub-domain name associated with the user information are obtained from a preset sub-domain name database, then sub-domain name asset information and sensitive information are obtained through the first sub-domain name and the second sub-domain name, and finally the user information, the sub-domain name asset information and the sensitive information are integrated, so that the work efficiency can be improved, and the labor cost is reduced.
Fig. 2 is a system schematic diagram of a key information collecting system of a website according to an embodiment of the present application.
The key information collection system of a website as shown in fig. 2 includes a detection module 21, a retrieving module 22, a matching module 23, a determining module 24 and an integrating module 25, wherein:
the detection module 21 is configured to detect a website domain name, and obtain a first sub-domain name of the website domain name;
a retrieving module 22, configured to retrieve user information associated with the first sub-domain name according to the first sub-domain name; calling a second sub domain name associated with the user information according to the user information;
a matching module 23, configured to match search engines associated with the first sub-domain name and the second sub-domain name;
a determining module 24 for determining subdomain name asset information and sensitive information for the first subdomain name and the second subdomain name using the search engine;
and the integration module 25 is configured to integrate the user information, the subdomain name asset information and the sensitive information to obtain key information.
Fig. 3 shows a schematic structural diagram of a terminal suitable for implementing embodiments of the present application.
As shown in fig. 3, the terminal includes a Central Processing Unit (CPU) 301 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage section into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data required for the system operation are also stored. The CPU 301, ROM 302, and RAM 303 are connected to each other through a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input section 306 including a keyboard, a mouse, and the like; an output portion 307 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 308 including a hard disk or the like; and a communication section 309 including a network interface card such as a LAN card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet. The drive 310 is also connected to the I/O interface 305 as needed. A removable medium 311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed on the drive 310 as needed, so that a computer program read out therefrom is installed into the storage section 308 as needed.
In particular, according to embodiments of the present application, the process described above with reference to flowchart fig. 1 may be implemented as a computer software program. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a machine-readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 309, and/or installed from the removable medium 311. The above-described functions defined in the system of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 301.
It should be noted that the computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules described in the embodiments of the present application may be implemented by software, or may be implemented by hardware. The described units or modules may also be provided in a processor, for example, as: a processor interface detection module 21, a retrieval module 22, a matching module 23, a determination module 24 and an integration module 25. The names of these units or modules do not in any way limit the units or modules themselves, and for example, the probing module 21 may also be described as "a module for probing a website domain name to obtain a first sub-domain name of the website domain name".
As another aspect, the present application also provides a computer-readable storage medium that may be included in the electronic device described in the above embodiments; or may be present alone without being incorporated into the electronic device. The computer-readable storage medium stores one or more programs that when executed by one or more processors perform the data encryption transmission method described herein.
The foregoing description is only of the preferred embodiments of the present application and is presented as a description of the principles of the technology being utilized. It will be appreciated by persons skilled in the art that the scope of the application referred to in this application is not limited to the specific combinations of features described above, but it is intended to cover other embodiments in which any combination of features described above or their equivalents is possible without departing from the spirit of the application. Such as the above-mentioned features and the technical features having similar functions (but not limited to) applied for in this application are replaced with each other.
Claims (9)
1. A key information collection method of a website is characterized in that: comprises the following steps of;
detecting a website domain name based on a preset domain name detection rule to obtain a first sub domain name of the website domain name;
based on a preset subdomain database, calling user information associated with the first subdomain name according to the first subdomain name; calling a second sub domain name associated with the user information according to the user information;
matching search engines associated with the first sub-domain name and the second sub-domain name based on preset matching rules;
determining subdomain name asset information and sensitive information of the first subdomain name and the second subdomain name by utilizing the search engine;
and integrating the user information, the subdomain name asset information and the sensitive information to obtain key information.
2. The method for collecting key information of a website according to claim 1, wherein: detecting a website domain name to obtain a first sub-domain name of the website domain name, wherein the first sub-domain name comprises;
resolving the website domain name to obtain IP address information of the website domain name;
screening the IP address information of the content distribution network in the IP address information to obtain a screening result;
and carrying out IP reverse checking on the IP address information in the screening result to obtain a reverse checking result, wherein the reverse checking result is a first sub domain name.
3. The method for collecting key information of a website according to claim 1, wherein: detecting a website domain name to obtain a first sub-domain name of the website domain name, wherein the first sub-domain name comprises;
crawling a page corresponding to the website domain name to obtain a crawling result;
analyzing the crawling result to obtain sub domain names in the page;
and integrating the website domain name and the sub domain name in the page to obtain a first sub domain name.
4. The method for collecting key information of a website according to claim 1, wherein: determining subdomain name asset information and sensitive information of a first subdomain name and a second subdomain name by using the search engine, wherein the subdomain name asset information and sensitive information comprises;
according to the search engine, class libraries and functional plug-ins corresponding to the search engine are called;
analyzing the using method and grammar rules of the search engine;
sending a search request for the first sub domain name and the second sub domain name to a server according to the using method;
search results of the search engine are received, the search results including sub-domain name asset information and sensitive information.
5. The method for collecting key information of a website according to claim 1, wherein: the preset sub domain name database comprises any one or any combination of an ICP record database, a whois database, a DNS distributed database and an open source hosting website.
6. The method for collecting key information of a website according to claim 1, wherein: the search engine comprises any one or any combination of hundred degrees, google, dog searching, 360 and bing.
7. A key information collection system of a website is characterized in that: comprises the following steps of;
the detection module (21) is used for detecting the website domain name to obtain a first sub-domain name of the website domain name;
a retrieving module (22) for retrieving user information associated with the first sub-domain name according to the first sub-domain name; calling a second sub domain name associated with the user information according to the user information;
-a matching module (23) for matching search engines associated with the first and second sub-domain names;
a determination module (24) for determining subdomain name asset information and sensitive information for the first subdomain name and the second subdomain name using the search engine;
and the integration module (25) is used for integrating the user information, the subdomain name asset information and the sensitive information to obtain key information.
8. A terminal, characterized by: comprising a memory and a processor, said memory having stored thereon a computer program capable of being loaded by the processor and performing the method according to any of claims 1 to 6.
9. A computer-readable storage medium, characterized by: a computer program being stored which can be loaded by a processor and which performs the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311167921.2A CN117319345A (en) | 2023-09-11 | 2023-09-11 | Method, system, terminal and storage medium for collecting key information of website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311167921.2A CN117319345A (en) | 2023-09-11 | 2023-09-11 | Method, system, terminal and storage medium for collecting key information of website |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117319345A true CN117319345A (en) | 2023-12-29 |
Family
ID=89241644
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311167921.2A Pending CN117319345A (en) | 2023-09-11 | 2023-09-11 | Method, system, terminal and storage medium for collecting key information of website |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117319345A (en) |
-
2023
- 2023-09-11 CN CN202311167921.2A patent/CN117319345A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11005779B2 (en) | Method of and server for detecting associated web resources | |
| Aliero et al. | An algorithm for detecting SQL injection vulnerability using black-box testing | |
| KR100619178B1 (en) | Method and apparatus for detecting invalid clicks on the internet search engine | |
| US8359651B1 (en) | Discovering malicious locations in a public computer network | |
| US9954886B2 (en) | Method and apparatus for detecting website security | |
| US8601434B2 (en) | Method and system for information processing and test case generation | |
| US8307276B2 (en) | Distributed content verification and indexing | |
| CN106992981B (en) | Website backdoor detection method and device and computing equipment | |
| RU2722693C1 (en) | Method and system for detecting the infrastructure of a malicious software or a cybercriminal | |
| CN108667766B (en) | File detection method and file detection device | |
| CN109831459B (en) | Method, device, storage medium and terminal equipment for secure access | |
| CN111435393B (en) | Object vulnerability detection method, device, medium and electronic equipment | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN108353083A (en) | The system and method for algorithm (DGA) Malware is generated for detecting domains | |
| CN110069693B (en) | Method and device for determining target page | |
| CN114003794A (en) | Asset collection method, device, electronic equipment and medium | |
| CN108848276A (en) | Telephone number method for detecting availability, system, equipment and storage medium | |
| CN114584486B (en) | Distributed network asset scanning detection platform and scanning detection method | |
| CN110895587A (en) | Method and device for determining target user | |
| US11308280B2 (en) | Capture and search of virtual machine application properties using log analysis techniques | |
| KR20130068769A (en) | Apparatus for analyzing connections about security events based on rule and method thereof | |
| CN112685255A (en) | Interface monitoring method and device, electronic equipment and storage medium | |
| CN117319345A (en) | Method, system, terminal and storage medium for collecting key information of website | |
| CN114491533B (en) | Data processing method, device, server and storage medium | |
| CN114765599B (en) | Subdomain name acquisition method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |