WO2020233022A1 - Vulnerability detection method and apparatus, computer device, and storage medium - Google Patents

Vulnerability detection method and apparatus, computer device, and storage medium Download PDF

Info

Publication number
WO2020233022A1
WO2020233022A1 PCT/CN2019/118685 CN2019118685W WO2020233022A1 WO 2020233022 A1 WO2020233022 A1 WO 2020233022A1 CN 2019118685 W CN2019118685 W CN 2019118685W WO 2020233022 A1 WO2020233022 A1 WO 2020233022A1
Authority
WO
WIPO (PCT)
Prior art keywords
detection
server
target server
traffic information
information sent
Prior art date
Application number
PCT/CN2019/118685
Other languages
French (fr)
Chinese (zh)
Inventor
王延辉
张驰
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020233022A1 publication Critical patent/WO2020233022A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • This application relates to the field of information security, in particular to a method, device, computer equipment and storage medium for vulnerability detection.
  • Website vulnerabilities as the B/S model is widely used, more and more programmers use this model to write Web applications.
  • the inventor found that due to the uneven level and experience of developers, a considerable number of developers did not make necessary legal judgments on the user’s input data or the information carried in the page (such as cookies) when writing code , Resulting in an attacker can use this programming loophole to invade the database or attack the user of the Web application, thereby obtaining some important data and benefits.
  • Website vulnerability detection usually refers to a security detection (penetration attack) behavior that detects the security vulnerabilities of specified remote or local computer systems through scanning and other means based on the vulnerability database, and discovers exploitable vulnerabilities.
  • the web site is mainly based on crawlers. After login, the page is obtained by simulated login or by filling in cookies; the current main problems are: current websites have anti-crawl systems, and simulated login is becoming more and more difficult. Fully applicable; in addition, the comprehensiveness of crawlers has always been a difficult point. It supports web sites, but the network connection of mobile apps cannot be detected.
  • the purpose of this application is to address the deficiencies of the prior art, and provide a method, device, computer equipment and storage medium for vulnerability detection.
  • the flow information is sent to the detection server for analysis, and the results are obtained according to the analysis results.
  • Vulnerability detection results can effectively perform vulnerability detection in different scenarios and improve detection efficiency.
  • the technical solution of the present application provides a method, device, computer equipment and storage medium for vulnerability detection.
  • This application discloses a method of vulnerability detection, including the following steps:
  • the detection server After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain an analysis result;
  • the target server When it is detected that the target server has a vulnerability, the target server is located, and the existing vulnerability is repaired.
  • the acquiring the traffic information sent to the target server and sending the traffic information sent to the target server to the detection server includes:
  • the hypertext transfer protocol HTTP request information is sent to the detection server associated with the plug-in in the browser.
  • the acquiring the traffic information sent to the target server and sending the traffic information sent to the target server to the detection server includes:
  • the network flow information is sent to the detection server associated with the proxy system through the proxy system.
  • analyzing the traffic information sent to the target server to obtain the analysis result includes:
  • the detection server After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain analytical data;
  • the analyzing the traffic information sent to the target server to obtain the analytical data includes:
  • the application function file is obtained from the traffic information sent to the target server, and the uniform resource locator URL corresponding to the application function file is parsed to obtain hypertext transfer protocol HTTP request parameter information.
  • the performing vulnerability detection on the parsed data to obtain a vulnerability detection result includes:
  • the uniform resource locator URL is a periodic detection task and the file corresponding to the uniform resource locator URL has not been changed, the last vulnerability detection result is called as the current vulnerability detection result, otherwise the uniform resource
  • the URL of the locator performs fingerprint recognition on the World Wide Web and obtains the vulnerability detection result.
  • said performing World Wide Web fingerprint recognition on the uniform resource locator URL to obtain the vulnerability detection result includes:
  • the fingerprint information includes: operating system type, World Wide Web Web server, database type and World Wide Web web application script language;
  • the detection tool provided by the vulnerability detection terminal is invoked for detection, and the vulnerability detection result is obtained.
  • the application also discloses a vulnerability detection device, which includes:
  • Information sending module configured to obtain traffic information sent to the target server, and send the traffic information sent to the target server to the detection server;
  • Data analysis module configured to, after the detection server receives the traffic information sent to the target server, analyze the traffic information sent to the target server to obtain the analysis result;
  • Detection module set to detect whether the target server has vulnerabilities according to the analysis result
  • Vulnerability repair module set to locate the target server when a vulnerability exists in the target server and repair the existing vulnerability.
  • the application also discloses a computer device, the computer device includes a memory and a processor, the memory stores computer-readable instructions, and when the computer-readable instructions are executed by one or more of the processors, One or more of the processors execute the steps of the vulnerability detection method described above.
  • This application also discloses a computer-readable storage medium, which can be read and written by a processor, and the storage medium stores computer instructions.
  • the computer-readable instructions are executed by one or more processors, One or more processors execute the steps of the vulnerability detection method described above.
  • the beneficial effect of this application is that this application obtains traffic information, sends the traffic information to the detection server for analysis, and obtains the vulnerability detection result according to the analysis result, which can effectively perform vulnerability detection in different scenarios and improve detection efficiency.
  • FIG. 1 is a schematic flowchart of a method for vulnerability detection according to the first embodiment of this application
  • FIG. 2 is a schematic flowchart of a method for detecting a vulnerability according to a second embodiment of this application;
  • FIG. 3 is a schematic flowchart of a method for vulnerability detection according to a third embodiment of this application.
  • FIG. 4 is a schematic flowchart of a method for detecting a vulnerability according to a fourth embodiment of this application.
  • FIG. 5 is a schematic flowchart of a vulnerability detection method according to a fifth embodiment of this application.
  • FIG. 6 is a schematic flowchart of a vulnerability detection method according to a sixth embodiment of this application.
  • FIG. 7 is a schematic flowchart of a vulnerability detection method according to a seventh embodiment of this application.
  • Fig. 8 is a schematic structural diagram of a vulnerability detection device according to an embodiment of the application.
  • FIG. 1 The flow of a method of vulnerability detection in the first embodiment of the present application is shown in Fig. 1. This embodiment includes the following steps:
  • Step s101 Obtain the traffic information sent to the target server, and send the traffic information sent to the target server to the detection server;
  • the traffic information includes an HTTP (Hypertext Transfer Protocol) request to the target server, where the HTTP request includes an HTTP GET request and an HTTP POST request; it is possible to initiate an HTTP (Hypertext Transfer Protocol) request to the target server It is a browser, mobile phone or APP application.
  • HTTP Hypertext Transfer Protocol
  • HTTP Hypertext Transfer Protocol
  • the HTTP (Hypertext Transfer Protocol) request information can be collected and sent to the detection server for analysis For vulnerability detection.
  • Step s102 after the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain an analysis result;
  • the detection server after the detection server receives the traffic information sent to the target server, that is, after receiving HTTP (Hypertext Transfer Protocol) request and other information, it can analyze the traffic information sent to the target server, To obtain the analysis result, the analysis process can be divided into an analysis phase and a vulnerability detection phase.
  • the analysis phase is used to analyze the traffic information sent to the target server to obtain analysis data; the vulnerability detection phase is used to analyze the analyzed data Perform vulnerability detection and find vulnerabilities in the target server.
  • Step s103 detecting whether the target server has vulnerabilities according to the analysis result
  • the vulnerability detection result includes: the file URL (uniform resource locator) vulnerability scanning result and Application function file URL (Uniform Resource Locator) vulnerability detection result;
  • the file URL (Uniform Resource Locator) vulnerability scanning result is used to scan the file corresponding to the URL (Uniform Resource Locator) by calling the scanning tool provided by the vulnerability detection terminal Obtained, the application function file URL (Uniform Resource Locator) vulnerability detection result can be obtained by calling vulnerability detection tools such as SQL injection, XSS attack, and unauthorized vulnerability detection.
  • Step s104 When it is detected that the target server has a vulnerability, locate the target server, and repair the existing vulnerability.
  • the location of the target server can be located according to the domain name information or IP (Internet Protocol) information corresponding to the URL (Uniform Resource Locator) of the target server, and then attack the The target server locates a security vulnerability in the target server, and the attack can be carried out by initiating an HTTP (Hypertext Transfer Protocol) request to the target server and obtaining an HTTP (Hypertext Transfer Protocol) response.
  • HTTP Hypertext Transfer Protocol
  • FIG. 2 is a schematic flow chart of a method for vulnerability detection according to the second embodiment of the application.
  • step s101 the traffic information sent to the target server is obtained, and the traffic information sent to the target server is obtained Send to the detection server, including:
  • step s201 a plug-in is set in the browser, the plug-in is associated with the detection server, and the hypertext transfer protocol HTTP request information for visiting each site is obtained through the plug-in in the browser;
  • a self-made plug-in can be installed in the browser, and the flow information of each site can be obtained through the self-made plug-in.
  • the flow information includes HTTP (Hypertext Transfer Protocol) request information, for example: install the chrome plug-in in a chrome browser Associate the detection server with the chrome browser through the chrome plug-in, and then obtain traffic information of each site from the chrome browser through the chrome plug-in, and send the acquired traffic information to the detection server.
  • HTTP Hypertext Transfer Protocol
  • Step s202 Send the hypertext transfer protocol HTTP request information to the detection server associated with the plug-in in the browser.
  • the corresponding detection server can be found through the association relationship between the plug-in in the browser and the detection server, And send the HTTP (Hypertext Transfer Protocol) request information to the detection server associated with the plug-in in the browser.
  • FIG. 3 is a schematic flow chart of a method for vulnerability detection according to the third embodiment of the application.
  • step s101 the traffic information sent to the target server is obtained, and the traffic information sent to the target server is obtained Send to the detection server, including:
  • Step s301 setting up a hypertext transfer protocol HTTP proxy server, and directing the web proxy port of the browser to the proxy system through the hypertext transfer protocol HTTP proxy server, and associating the proxy system with the detection server;
  • an HTTP (Hypertext Transfer Protocol) proxy server can be set up first, the network proxy port of the browser is pointed to the proxy system through the Hypertext Transfer Protocol HTTP proxy server, and the proxy system is associated with the detection server, For example, through the HTTP (Hypertext Transfer Protocol) proxy server, the detection server can be associated with the web proxy port of the browser, mobile phone, and APP application.
  • HTTP Hypertext Transfer Protocol
  • Step s302 When the network flow information is acquired, the network flow information is sent to the detection server associated with the proxy system through the proxy system.
  • the corresponding detection server can be found through the association relationship between the proxy system and the detection server, and the network traffic information also includes HTTP (Hypertext Transfer Protocol) requests And then send the HTTP (Hypertext Transfer Protocol) request information to the detection server associated with the proxy system.
  • HTTP Hypertext Transfer Protocol
  • the traffic information is sent to the detection server through the proxy server for vulnerability detection, which can improve the efficiency of vulnerability detection.
  • FIG. 4 is a schematic flow chart of a method for vulnerability detection according to the fourth embodiment of the application.
  • step s102 after the detection server receives the traffic information sent to the target server, Analyze the traffic information sent to the target server to obtain the analysis results, including:
  • Step s401 After receiving the traffic information sent to the target server, the detection server analyzes the traffic information sent to the target server to obtain analytical data;
  • the detection server may perform data analysis processing on the traffic information sent to the target server to obtain the traffic information sent to the target server.
  • URL Uniform Resource Locator
  • IP Internet Protocol
  • Step s402 Perform vulnerability detection on the parsed data to obtain a vulnerability detection result.
  • vulnerability detection is performed according to the parsed data to obtain a vulnerability detection result.
  • the vulnerability detection includes vulnerability scanning of file URL (uniform resource locator) and vulnerability scanning of application function file URL (uniform resource locator). Detect and obtain file URL (Uniform Resource Locator) vulnerability scanning results and application function file URL (Uniform Resource Locator) vulnerability detection results from this.
  • file URL Uniform Resource Locator
  • application function file URL Uniform Resource Locator
  • the detection server performs vulnerability detection after analyzing the flow information, which can effectively obtain the vulnerability detection result and improve the detection efficiency.
  • Figure 5 is a schematic flow chart of a method for vulnerability detection according to the fifth embodiment of the application.
  • the step s401 parsing the traffic information sent to the target server to obtain analytical data, includes:
  • Step s501 parse the uniform resource locator URL in the traffic information sent to the target server to obtain domain name information of each site and associated domain name information;
  • URL is a uniform resource locator. It is a concise representation of the location and access method of resources available on the Internet. It is the address of a standard resource on the Internet. Each file on the Internet has a unique URL, it contains information indicating the location of the file and how the browser should handle it.
  • the standard URL contains information such as domain name, port number, resource location, parameters, and anchor.
  • the URL (Uniform Resource Locator) in the traffic information can be parsed to obtain the domain name information and associated domain name information of each site. It is a part of URL (Uniform Resource Locator), so it is easy to parse out domain name information from URL (Uniform Resource Locator).
  • Step s502 obtaining associated Internet Protocol IP information according to the uniform resource locator URL or the domain name information;
  • the URL may directly contain IP (Internet Protocol) information
  • the IP (Internet Protocol) information can be obtained directly from the URL (Uniform Resource Locator); if the URL (Uniform Resource Locator) is It contains domain name information.
  • IP (Internet Protocol) information is represented by numbers, which are used to uniquely identify the logical address of a computer on the Internet, but it is not easy to remember, such as 192.168.1.1. Therefore, IP (Internet Protocol) information is usually converted into domain name information, and domain name information is represented by characters, which is easy to remember, such as www.baidu.com; therefore, IP (Internet Protocol) can be obtained through the analysis of domain name information. )information.
  • step s503 the application function file is obtained from the traffic information sent to the target server, and the uniform resource locator URL corresponding to the application function file is parsed to obtain hypertext transfer protocol HTTP request parameter information.
  • the application function files can be filtered out from the traffic information sent to the target server, and then the URL (Uniform Resource Locator) corresponding to each application function file can be parsed to obtain the hypertext transfer protocol contained therein. HTTP request parameter information.
  • URL Uniform Resource Locator
  • the URL and IP information contained in the flow information are obtained, and vulnerability detection can be performed based on the URL and IP information, which can effectively improve the detection efficiency.
  • Figure 6 is a schematic flow chart of a method for vulnerability detection according to the sixth embodiment of the application.
  • the step s402 performing vulnerability detection on the parsed data to obtain a vulnerability detection result, includes:
  • Step s601 sending the parsed data to the queue to be detected, and sequentially detecting the uniform resource locator URL of the parsed data in the queue to be detected;
  • the URL Uniform Resource Locator
  • the URL Uniform Resource Locator
  • the queue to be detected contains multiple detection tasks. The tasks are arranged in chronological order and inspections are carried out in chronological order.
  • the detection of URL includes: periodic detection task detection on URL (Uniform Resource Locator) and whether the file corresponding to the URL (Uniform Resource Locator) has been changed Detection.
  • Step s602 when it is detected that the uniform resource locator URL is a periodic detection task and the file corresponding to the uniform resource locator URL has not been changed, call the previous vulnerability detection result as the current vulnerability detection result, otherwise
  • the Uniform Resource Locator URL performs World Wide Web fingerprint recognition to obtain the vulnerability detection result.
  • the last vulnerability detection result can be called as the current vulnerability detection Results; among them, the vulnerability detection results can be stored after each vulnerability detection.
  • judging whether the file corresponding to the URL (Uniform Resource Locator) has changed includes: recording the md5 value of the file corresponding to the current URL (Uniform Resource Locator) each time the URL (Uniform Resource Locator) is detected, When the file corresponding to the URL (Uniform Resource Locator) is detected again, it is determined whether the md5 value of the file corresponding to the URL (Uniform Resource Locator) is the same as the md5 value recorded during the last detection. The file corresponding to the URL (Uniform Resource Locator) has not changed. If it is not the same, the file corresponding to the URL (Uniform Resource Locator) has been changed.
  • the Uniform Resource Locator URL can be fingerprinted on the World Wide Web Identify, and obtain the vulnerability detection result from this.
  • the detection result can be effectively obtained and the detection efficiency is improved.
  • FIG. 7 is a schematic flow chart of a method for vulnerability detection according to the seventh embodiment of the application. As shown in the figure, in step s602, performing World Wide Web fingerprinting on the uniform resource locator URL to obtain the vulnerability detection result includes :
  • Step s701 After performing web fingerprint recognition on the uniform resource locator URL, if fingerprint information of the corresponding website is obtained, perform vulnerability detection according to the fingerprint information to obtain the vulnerability detection result, the fingerprint information includes: operating system Type, WWW web server, database type and WWW web application script language;
  • web (World Wide Web) fingerprint identification can be performed on the URL (Uniform Resource Locator). If the fingerprint information of the corresponding website is obtained after the web (World Wide Web) fingerprint identification, then the corresponding fingerprint information can be called Vulnerability detection is performed on the basis of the scanning to obtain the vulnerability detection result.
  • the fingerprint information includes the operating system type, the web (World Wide Web) server used, the database type and the script language of the web (World Wide Web) application.
  • step s702 after performing web fingerprint recognition on the uniform resource locator URL, if the fingerprint information of the corresponding website is not obtained, the detection tool provided by the vulnerability detection terminal is invoked for detection, and the vulnerability detection result is obtained.
  • the URL (Uniform Resource Locator) corresponding to each file contained in each application function can also be collected, and the detection tool for the application function can be called to perform vulnerability detection on the corresponding URL (Uniform Resource Locator);
  • the detection tools for SQL injection, XSS attacks and unauthorized vulnerabilities automatically detect SQL injection, XSS attacks, and unauthorized vulnerabilities for each application function to obtain the vulnerability detection results.
  • FIG. 8 The structure of a vulnerability detection device according to an embodiment of the present application is shown in FIG. 8, and includes:
  • Information sending module 801, data analysis module 802, detection module 803, and vulnerability repair module 804 are connected to data analysis module 802, data analysis module 802 is connected to detection module 803, and detection module 803 is connected to vulnerability repair module 804 Connected; the information sending module 801 is set to obtain traffic information sent to the target server, and send the traffic information sent to the target server to the detection server; the data analysis module 802 is set to when the detection server receives the sent After the traffic information of the target server, the traffic information sent to the target server is analyzed to obtain the analysis result; the detection module 803 is set to detect whether the target server has a vulnerability according to the analysis result; the vulnerability repair module 804 is set to When the target server has a vulnerability, the target server is located, and the existing vulnerability is repaired.
  • the embodiment of the present application also discloses a computer device.
  • the computer device includes a memory and a processor.
  • the memory stores computer-readable instructions.
  • the computer-readable instructions are executed by one or more of the processors, , Enabling one or more of the processors to execute the steps in the vulnerability detection methods in the foregoing embodiments.
  • An embodiment of the present application also discloses a computer-readable storage medium, the storage medium can be read and written by a processor, the memory stores computer-readable instructions, and the computer-readable instructions are executed by one or more processors At this time, one or more processors are caused to execute the steps in the vulnerability detection methods described in the foregoing embodiments.
  • the computer storage medium may be a non-volatile storage medium or a volatile storage medium, which is not specifically limited in this application.
  • the computer program can be stored in a computer readable storage medium. When executed, it may include the processes of the above-mentioned method embodiments.
  • the aforementioned storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.

Abstract

The present application relates to the field of information security. Disclosed are a vulnerability detection method and apparatus, a computer device, and a storage medium. The method comprises: obtaining traffic information sent to a target server, and sending to a detection server said traffic information; upon receiving said traffic information, the detection server analyzes said traffic information to obtain an analysis result; detect whether vulnerability exists in the target server according to the analysis result; and if yes, locate the target server and fix the existing vulnerability. In the present application, traffic information is obtained and sent to a detection server to perform analysis, so as to obtain a vulnerability detection result according to the analysis result, such that vulnerability detection can be effectively performed in different scenarios, and the detection efficiency is improved.

Description

漏洞检测方法、装置、计算机设备和存储介质Vulnerability detection method, device, computer equipment and storage medium
本申请要求于2019年05月21日提交中国专利局、申请号为201910425959.2、发明名称为“漏洞检测方法、装置、设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on May 21, 2019, with the application number of 201910425959.2. The invention title is "Vulnerability detection methods, devices, equipment and storage media", the entire contents of which are incorporated by reference Applying.
技术领域Technical field
本申请涉及信息安全领域,特别涉及一种漏洞检测的方法、装置、计算机设备和存储介质。This application relates to the field of information security, in particular to a method, device, computer equipment and storage medium for vulnerability detection.
背景技术Background technique
网站漏洞,随着B/S模式被广泛的应用,用这种模式编写Web应用程序的程序员也越来越多。发明人发现,由于开发人员的水平和经验参差不齐,相当一部分的开发人员在编写代码的时候,没有对用户的输入数据或者是页面中所携带的信息(如Cookie)进行必要的合法性判断,导致了攻击者可以利用这个编程漏洞来入侵数据库或者攻击Web应用程序的使用者,由此获得一些重要的数据和利益。Website vulnerabilities, as the B/S model is widely used, more and more programmers use this model to write Web applications. The inventor found that due to the uneven level and experience of developers, a considerable number of developers did not make necessary legal judgments on the user’s input data or the information carried in the page (such as cookies) when writing code , Resulting in an attacker can use this programming loophole to invade the database or attack the user of the Web application, thereby obtaining some important data and benefits.
网站漏洞检测通常是指基于漏洞数据库,通过扫描等手段,对指定的远程或者本地计算机系统的安全脆弱性进行检测,发现可利用的漏洞的一种安全检测(渗透攻击)行为。Website vulnerability detection usually refers to a security detection (penetration attack) behavior that detects the security vulnerabilities of specified remote or local computer systems through scanning and other means based on the vulnerability database, and discovers exploitable vulnerabilities.
对于常规的漏洞扫描系统,对于web网站主要基于爬虫,在登录后页面以模拟登录或者填写cookie方式获取;当前主要问题有:目前网站都有防爬系统,模拟登录越来越难,cookie方式不是完全适用;此外,对于爬虫的全面性也一直是一个难点,支持web网站,但是对于手机app的网络连接无法检测。For the conventional vulnerability scanning system, the web site is mainly based on crawlers. After login, the page is obtained by simulated login or by filling in cookies; the current main problems are: current websites have anti-crawl systems, and simulated login is becoming more and more difficult. Fully applicable; in addition, the comprehensiveness of crawlers has always been a difficult point. It supports web sites, but the network connection of mobile apps cannot be detected.
发明内容Summary of the invention
本申请的目的在于针对现有技术的不足,提供一种漏洞检测的方法、装置、计算机设备和存储介质,通过获取流量信息,将所述流量信息发送至检测服务器进行分析,并根据分析结果获得漏洞检测结果,可以有效的对不同场景进行漏洞检测,提高检测效率。The purpose of this application is to address the deficiencies of the prior art, and provide a method, device, computer equipment and storage medium for vulnerability detection. By obtaining flow information, the flow information is sent to the detection server for analysis, and the results are obtained according to the analysis results. Vulnerability detection results can effectively perform vulnerability detection in different scenarios and improve detection efficiency.
为达到上述目的,本申请的技术方案提供一种漏洞检测的方法、装置、计算机设备和存储介质。To achieve the above objective, the technical solution of the present application provides a method, device, computer equipment and storage medium for vulnerability detection.
本申请公开了一种漏洞检测的方法,包括以下步骤:This application discloses a method of vulnerability detection, including the following steps:
获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;Acquiring the traffic information sent to the target server, and sending the traffic information sent to the target server to the detection server;
当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain an analysis result;
根据所述分析结果检测目标服务器是否存在漏洞;Detect whether the target server has a loophole according to the analysis result;
当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。When it is detected that the target server has a vulnerability, the target server is located, and the existing vulnerability is repaired.
较佳地,所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器,包括:Preferably, the acquiring the traffic information sent to the target server and sending the traffic information sent to the target server to the detection server includes:
在浏览器中设置插件,将所述插件与所述检测服务器进行关联,并通过所述浏览器中的插件获取访问各站点的超文本传输协议HTTP请求信息;Setting a plug-in in the browser, associating the plug-in with the detection server, and obtaining the Hypertext Transfer Protocol HTTP request information for visiting each site through the plug-in in the browser;
将所述超文本传输协议HTTP请求信息发送至与所述浏览器中的插件关联的检测服务器。The hypertext transfer protocol HTTP request information is sent to the detection server associated with the plug-in in the browser.
较佳地,所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器,包括:Preferably, the acquiring the traffic information sent to the target server and sending the traffic information sent to the target server to the detection server includes:
设置超文本传输协议HTTP代理服务器,通过所述超文本传输协议HTTP代理服务器将浏览器的网络代理端口指向代理系统,将所述代理系统与所述检测服务器进行关联;Setting a hypertext transfer protocol HTTP proxy server, and point the web proxy port of the browser to the proxy system through the hypertext transfer protocol HTTP proxy server, and associate the proxy system with the detection server;
当获取到网络流量信息时,通过所述代理系统将所述网络流量信息发送至与所述代理系统关联的检测服务器。When the network flow information is obtained, the network flow information is sent to the detection server associated with the proxy system through the proxy system.
较佳地,所述当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果,包括:Preferably, after the detection server receives the traffic information sent to the target server, analyzing the traffic information sent to the target server to obtain the analysis result includes:
当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行解析,获得解析数据;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain analytical data;
对所述解析数据进行漏洞检测,获得漏洞检测结果。Perform vulnerability detection on the parsed data to obtain a vulnerability detection result.
较佳地,所述对所述发向目标服务器的流量信息进行解析,获得解析数据,包括:Preferably, the analyzing the traffic information sent to the target server to obtain the analytical data includes:
对所述发向目标服务器的流量信息中的统一资源定位符URL进行解析,获得各站点域名信息及关联域名信息;Parse the uniform resource locator URL in the traffic information sent to the target server to obtain domain name information of each site and associated domain name information;
根据所述统一资源定位符URL或所述域名信息获取关联互联网协议IP信息;Obtaining associated Internet Protocol IP information according to the uniform resource locator URL or the domain name information;
在所述发向目标服务器的流量信息中获取应用功能文件,对所述应用功能文件对应的统一资源定位符URL进行解析,获得超文本传输协议HTTP请求参数信息。The application function file is obtained from the traffic information sent to the target server, and the uniform resource locator URL corresponding to the application function file is parsed to obtain hypertext transfer protocol HTTP request parameter information.
较佳地,所述对所述解析数据进行漏洞检测,获得漏洞检测结果,包括:Preferably, the performing vulnerability detection on the parsed data to obtain a vulnerability detection result includes:
将所述解析数据发送至待检测队列,对所述待检测队列中解析数据的统一资源定位符URL依次进行检测;Sending the parsed data to the queue to be detected, and sequentially detect the uniform resource locator URL of the parsed data in the queue to be detected;
当检测到所述统一资源定位符URL是周期性检测任务且所述统一资源定位符URL对应的文件没有更改时,调用上一次的漏洞检测结果作为本次漏洞检测 结果,否则对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果。When it is detected that the uniform resource locator URL is a periodic detection task and the file corresponding to the uniform resource locator URL has not been changed, the last vulnerability detection result is called as the current vulnerability detection result, otherwise the uniform resource The URL of the locator performs fingerprint recognition on the World Wide Web and obtains the vulnerability detection result.
较佳地,所述对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果,包括:Preferably, said performing World Wide Web fingerprint recognition on the uniform resource locator URL to obtain the vulnerability detection result includes:
当对所述统一资源定位符URL进行万维网web指纹识别后,如果获得对应网站的指纹信息,则根据所述指纹信息进行漏洞检测,获得漏洞检测结果,所述指纹信息包括:操作系统类型、万维网web服务器、数据库类型及万维网web应用脚本语言;After performing the World Wide Web fingerprint recognition on the uniform resource locator URL, if the fingerprint information of the corresponding website is obtained, the vulnerability detection is performed according to the fingerprint information, and the vulnerability detection result is obtained. The fingerprint information includes: operating system type, World Wide Web Web server, database type and World Wide Web web application script language;
当对所述统一资源定位符URL进行万维网web指纹识别后,如果未获得对应网站的指纹信息,则调用漏洞检测终端提供的检测工具进行检测,获得漏洞检测结果。After performing World Wide Web fingerprint recognition on the uniform resource locator URL, if the fingerprint information of the corresponding website is not obtained, the detection tool provided by the vulnerability detection terminal is invoked for detection, and the vulnerability detection result is obtained.
本申请还公开了一种漏洞检测的装置,所述装置包括:The application also discloses a vulnerability detection device, which includes:
信息发送模块:设置为获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;Information sending module: configured to obtain traffic information sent to the target server, and send the traffic information sent to the target server to the detection server;
数据分析模块:设置为当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;Data analysis module: configured to, after the detection server receives the traffic information sent to the target server, analyze the traffic information sent to the target server to obtain the analysis result;
检测模块:设置为根据所述分析结果检测目标服务器是否存在漏洞;Detection module: set to detect whether the target server has vulnerabilities according to the analysis result;
漏洞修复模块:设置为当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。Vulnerability repair module: set to locate the target server when a vulnerability exists in the target server and repair the existing vulnerability.
本申请还公开了一种计算机设备,所述计算机设备包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行上述所述漏洞检测方法的步骤。The application also discloses a computer device, the computer device includes a memory and a processor, the memory stores computer-readable instructions, and when the computer-readable instructions are executed by one or more of the processors, One or more of the processors execute the steps of the vulnerability detection method described above.
本申请还公开了一种计算机可读存储介质,所述存储介质可被处理器读写,所述存储介质存储有计算机指令,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行上述所述漏洞检测方法的步骤。This application also discloses a computer-readable storage medium, which can be read and written by a processor, and the storage medium stores computer instructions. When the computer-readable instructions are executed by one or more processors, One or more processors execute the steps of the vulnerability detection method described above.
本申请的有益效果是:本申请通过获取流量信息,将所述流量信息发送至检测服务器进行分析,并根据分析结果获得漏洞检测结果,可以有效的对不同场景进行漏洞检测,提高检测效率。The beneficial effect of this application is that this application obtains traffic information, sends the traffic information to the detection server for analysis, and obtains the vulnerability detection result according to the analysis result, which can effectively perform vulnerability detection in different scenarios and improve detection efficiency.
附图说明Description of the drawings
图1为本申请第一个实施例的一种漏洞检测的方法的流程示意图;FIG. 1 is a schematic flowchart of a method for vulnerability detection according to the first embodiment of this application;
图2为本申请第二个实施例的一种漏洞检测的方法的流程示意图;FIG. 2 is a schematic flowchart of a method for detecting a vulnerability according to a second embodiment of this application;
图3为本申请第三个实施例的一种漏洞检测的方法的流程示意图;FIG. 3 is a schematic flowchart of a method for vulnerability detection according to a third embodiment of this application;
图4为本申请第四个实施例的一种漏洞检测的方法的流程示意图;FIG. 4 is a schematic flowchart of a method for detecting a vulnerability according to a fourth embodiment of this application;
图5为本申请第五个实施例的一种漏洞检测的方法的流程示意图;FIG. 5 is a schematic flowchart of a vulnerability detection method according to a fifth embodiment of this application;
图6为本申请第六个实施例的一种漏洞检测的方法的流程示意图;FIG. 6 is a schematic flowchart of a vulnerability detection method according to a sixth embodiment of this application;
图7为本申请第七个实施例的一种漏洞检测的方法的流程示意图;FIG. 7 is a schematic flowchart of a vulnerability detection method according to a seventh embodiment of this application;
图8为本申请实施例的一种漏洞检测装置结构示意图。Fig. 8 is a schematic structural diagram of a vulnerability detection device according to an embodiment of the application.
具体实施方式Detailed ways
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions, and advantages of this application clearer, the following further describes this application in detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application.
本技术领域技术人员可以理解,除非特意声明,这里使用的单数形式“一”、“一个”、“所述”和“该”也可包括复数形式。应该进一步理解的是,本申请的说明书中使用的措辞“包括”是指存在所述特征、整数、步骤、操作、元件和/或组件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元件、组件和/或它们的组。Those skilled in the art can understand that, unless specifically stated, the singular forms "a", "an", "said" and "the" used herein may also include plural forms. It should be further understood that the term "comprising" used in the specification of this application refers to the presence of the described features, integers, steps, operations, elements, and/or components, but does not exclude the presence or addition of one or more other features, Integers, steps, operations, elements, components, and/or groups thereof.
本申请第一个实施例的一种漏洞检测的方法流程如图1所示,本实施例包括以下步骤:The flow of a method of vulnerability detection in the first embodiment of the present application is shown in Fig. 1. This embodiment includes the following steps:
步骤s101,获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;Step s101: Obtain the traffic information sent to the target server, and send the traffic information sent to the target server to the detection server;
具体的,所述流量信息包括对目标服务器的HTTP(超文本传输协议)请求,其中,HTTP请求包括HTTP GET请求和HTTP POST请求;对所述目标服务器发起HTTP(超文本传输协议)请求的可以是浏览器、手机或者APP应用。Specifically, the traffic information includes an HTTP (Hypertext Transfer Protocol) request to the target server, where the HTTP request includes an HTTP GET request and an HTTP POST request; it is possible to initiate an HTTP (Hypertext Transfer Protocol) request to the target server It is a browser, mobile phone or APP application.
具体的,无论是浏览器、手机或者APP应用,在向目标服务器发起HTTP(超文本传输协议)请求时,可将所述HTTP(超文本传输协议)请求信息进行采集并发送给检测服务器进行分析,用以进行漏洞检测。Specifically, whether it is a browser, a mobile phone or an APP application, when an HTTP (Hypertext Transfer Protocol) request is initiated to the target server, the HTTP (Hypertext Transfer Protocol) request information can be collected and sent to the detection server for analysis For vulnerability detection.
步骤s102,当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;Step s102, after the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain an analysis result;
具体的,当所述检测服务器接收到所述发向目标服务器的流量信息后,即收到HTTP(超文本传输协议)请求等信息后,可对所述发向目标服务器的流量信息进行分析,获取分析结果,所述分析过程可以分为解析阶段和漏洞检测阶段,其中,解析阶段用于对所述发向目标服务器的流量信息进行解析,获取解析数据;漏洞检测阶段用于对解析的数据进行漏洞检测,发现目标服务器中的漏洞。Specifically, after the detection server receives the traffic information sent to the target server, that is, after receiving HTTP (Hypertext Transfer Protocol) request and other information, it can analyze the traffic information sent to the target server, To obtain the analysis result, the analysis process can be divided into an analysis phase and a vulnerability detection phase. The analysis phase is used to analyze the traffic information sent to the target server to obtain analysis data; the vulnerability detection phase is used to analyze the analyzed data Perform vulnerability detection and find vulnerabilities in the target server.
步骤s103,根据所述分析结果检测目标服务器是否存在漏洞;Step s103, detecting whether the target server has vulnerabilities according to the analysis result;
具体的,当对流量信息进行分析并获取到漏洞检测结果后,可根据所述漏洞检测结果判断目标服务器是否存在漏洞;其中,漏洞检测结果包括:文件URL(统一资源定位符)漏洞扫描结果及应用功能文件URL(统一资源定位符)漏洞 检测结果;所述文件URL(统一资源定位符)漏洞扫描结果通过调用漏洞检测终端提供的扫描工具对URL(统一资源定位符)对应的文件进行漏洞扫描获得,所述应用功能文件URL(统一资源定位符)漏洞检测结果可通过调用SQL注入、XSS攻击及越权漏洞检测等漏洞检测工具获得。Specifically, after the traffic information is analyzed and the vulnerability detection result is obtained, it can be determined whether the target server has a vulnerability based on the vulnerability detection result; wherein the vulnerability detection result includes: the file URL (uniform resource locator) vulnerability scanning result and Application function file URL (Uniform Resource Locator) vulnerability detection result; The file URL (Uniform Resource Locator) vulnerability scanning result is used to scan the file corresponding to the URL (Uniform Resource Locator) by calling the scanning tool provided by the vulnerability detection terminal Obtained, the application function file URL (Uniform Resource Locator) vulnerability detection result can be obtained by calling vulnerability detection tools such as SQL injection, XSS attack, and unauthorized vulnerability detection.
具体的,当检测到各文件的URL(统一资源定位符)漏洞扫描无异常以及应用功能文件URL(统一资源定位符)的SQL注入、XSS攻击及越权漏洞检测结果正常时可判定目标服务器不存在漏洞;当检测到各文件的URL(统一资源定位符)漏洞扫描有异常或应用功能文件URL(统一资源定位符)的SQL注入、XSS攻击及越权漏洞检测结果异常时可判定目标服务器存在漏洞。Specifically, when it is detected that the URL (Uniform Resource Locator) vulnerability scan of each file is normal, and the SQL injection, XSS attack and unauthorized vulnerability detection result of the application function file URL (Uniform Resource Locator) is normal, it can be determined that the target server does not exist. Vulnerabilities: When an abnormality in the URL (Uniform Resource Locator) vulnerability scan of each file is detected or the SQL injection, XSS attack and unauthorized vulnerability detection result of the application function file URL (Uniform Resource Locator) is abnormal, it can be determined that the target server has a vulnerability.
步骤s104,当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。Step s104: When it is detected that the target server has a vulnerability, locate the target server, and repair the existing vulnerability.
具体的,当检测到所述目标服务器存在漏洞时,可根据目标服务器的URL(统一资源定位符)所对应的域名信息或者IP(互联网协议)信息,定位目标服务器的位置,然后通过攻击所述目标服务器定位出目标服务器中的安全漏洞,所述攻击可通过向目标服务器发起HTTP(超文本传输协议)请求,并获得HTTP(超文本传输协议)响应进行。Specifically, when a loophole in the target server is detected, the location of the target server can be located according to the domain name information or IP (Internet Protocol) information corresponding to the URL (Uniform Resource Locator) of the target server, and then attack the The target server locates a security vulnerability in the target server, and the attack can be carried out by initiating an HTTP (Hypertext Transfer Protocol) request to the target server and obtaining an HTTP (Hypertext Transfer Protocol) response.
本实施例中,通过获取流量信息,将所述流量信息发送至检测服务器进行分析,并根据分析结果获得漏洞检测结果,可以有效的对不同场景进行漏洞检测,提高检测效率。In this embodiment, by acquiring traffic information, sending the traffic information to a detection server for analysis, and obtaining a vulnerability detection result according to the analysis result, it is possible to effectively perform vulnerability detection in different scenarios and improve detection efficiency.
图2为本申请第二个实施例的一种漏洞检测的方法流程示意图,如图所示,所述步骤s101,获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器,包括:Figure 2 is a schematic flow chart of a method for vulnerability detection according to the second embodiment of the application. As shown in the figure, in step s101, the traffic information sent to the target server is obtained, and the traffic information sent to the target server is obtained Send to the detection server, including:
步骤s201,在浏览器中设置插件,将所述插件与所述检测服务器进行关联,并通过所述浏览器中的插件获取访问各站点的超文本传输协议HTTP请求信息;In step s201, a plug-in is set in the browser, the plug-in is associated with the detection server, and the hypertext transfer protocol HTTP request information for visiting each site is obtained through the plug-in in the browser;
具体的,可在浏览器中安装自制插件,通过所述自制插件可获取各站点的流量信息,所述流量信息包括HTTP(超文本传输协议)请求信息,例如:在chrome浏览器中安装chrome插件,通过所述chrome插件将检测服务器与chrome浏览器进行关联,然后通过所述chrome插件从chrome浏览器中获取各站点的流量信息,并将获取到的所述流量信息发送至所述检测服务器。Specifically, a self-made plug-in can be installed in the browser, and the flow information of each site can be obtained through the self-made plug-in. The flow information includes HTTP (Hypertext Transfer Protocol) request information, for example: install the chrome plug-in in a chrome browser Associate the detection server with the chrome browser through the chrome plug-in, and then obtain traffic information of each site from the chrome browser through the chrome plug-in, and send the acquired traffic information to the detection server.
步骤s202,将所述超文本传输协议HTTP请求信息发送至与所述浏览器中的插件关联的检测服务器。Step s202: Send the hypertext transfer protocol HTTP request information to the detection server associated with the plug-in in the browser.
具体的,当通过所述浏览器中的插件获取到所述HTTP(超文本传输协议)请求信息后,可通过所述浏览器中的插件与检测服务器之间的关联关系找到对应的检测服务器,并将所述HTTP(超文本传输协议)请求信息发送至与所述浏 览器中的插件关联的检测服务器。Specifically, after the HTTP (Hypertext Transfer Protocol) request information is obtained through the plug-in in the browser, the corresponding detection server can be found through the association relationship between the plug-in in the browser and the detection server, And send the HTTP (Hypertext Transfer Protocol) request information to the detection server associated with the plug-in in the browser.
本实施例中,通过在浏览器中设置插件,并通过插件将流量信息发送给检测服务器进行漏洞检测,可以提高漏洞检测的效率。In this embodiment, by setting a plug-in in the browser, and sending traffic information to the detection server through the plug-in for vulnerability detection, the efficiency of vulnerability detection can be improved.
图3为本申请第三个实施例的一种漏洞检测的方法流程示意图,如图所示,所述步骤s101,获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器,包括:Figure 3 is a schematic flow chart of a method for vulnerability detection according to the third embodiment of the application. As shown in the figure, in step s101, the traffic information sent to the target server is obtained, and the traffic information sent to the target server is obtained Send to the detection server, including:
步骤s301,设置超文本传输协议HTTP代理服务器,通过所述超文本传输协议HTTP代理服务器将浏览器的网络代理端口指向代理系统,将所述代理系统与所述检测服务器进行关联;Step s301, setting up a hypertext transfer protocol HTTP proxy server, and directing the web proxy port of the browser to the proxy system through the hypertext transfer protocol HTTP proxy server, and associating the proxy system with the detection server;
具体的,可先设置HTTP(超文本传输协议)代理服务器,通过所述超文本传输协议HTTP代理服务器将浏览器的网络代理端口指向代理系统,将所述代理系统与所述检测服务器进行关联,例如:通过所述HTTP(超文本传输协议)代理服务器可将检测服务器与浏览器、手机以及APP应用的网络代理端口进行关联。Specifically, an HTTP (Hypertext Transfer Protocol) proxy server can be set up first, the network proxy port of the browser is pointed to the proxy system through the Hypertext Transfer Protocol HTTP proxy server, and the proxy system is associated with the detection server, For example, through the HTTP (Hypertext Transfer Protocol) proxy server, the detection server can be associated with the web proxy port of the browser, mobile phone, and APP application.
步骤s302,当获取到网络流量信息时,通过所述代理系统将所述网络流量信息发送至与所述代理系统关联的检测服务器。Step s302: When the network flow information is acquired, the network flow information is sent to the detection server associated with the proxy system through the proxy system.
具体的,当通过代理端口获取到各站点的网络流量信息时,可通过代理系统与检测服务器之间的关联关系找到对应的检测服务器,所述网络流量信息也包括HTTP(超文本传输协议)请求信息,然后将所述HTTP(超文本传输协议)请求信息发送至与所述代理系统关联的检测服务器。Specifically, when the network traffic information of each site is obtained through the proxy port, the corresponding detection server can be found through the association relationship between the proxy system and the detection server, and the network traffic information also includes HTTP (Hypertext Transfer Protocol) requests And then send the HTTP (Hypertext Transfer Protocol) request information to the detection server associated with the proxy system.
本实施例中,通过代理服务器将流量信息发送给检测服务器进行漏洞检测,可以提高漏洞检测的效率。In this embodiment, the traffic information is sent to the detection server through the proxy server for vulnerability detection, which can improve the efficiency of vulnerability detection.
图4为本申请第四个实施例的一种漏洞检测的方法流程示意图,如图所示,所述步骤s102,当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果,包括:Figure 4 is a schematic flow chart of a method for vulnerability detection according to the fourth embodiment of the application. As shown in the figure, in step s102, after the detection server receives the traffic information sent to the target server, Analyze the traffic information sent to the target server to obtain the analysis results, including:
步骤s401,当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行解析,获得解析数据;Step s401: After receiving the traffic information sent to the target server, the detection server analyzes the traffic information sent to the target server to obtain analytical data;
具体的,当所述检测服务器接收到所述发向目标服务器的流量信息后,可对所述发向目标服务器的流量信息进行数据解析处理,获取所述发向目标服务器的流量信息中所包含的文件的URL(统一资源定位符)和IP(互联网协议)信息。Specifically, after the detection server receives the traffic information sent to the target server, it may perform data analysis processing on the traffic information sent to the target server to obtain the traffic information sent to the target server. URL (Uniform Resource Locator) and IP (Internet Protocol) information of the file.
步骤s402,对所述解析数据进行漏洞检测,获得漏洞检测结果。Step s402: Perform vulnerability detection on the parsed data to obtain a vulnerability detection result.
具体的,根据所述解析后的数据进行漏洞检测,获得漏洞检测结果,所述漏洞检测包括对文件URL(统一资源定位符)进行漏洞扫描及对应用功能文件 URL(统一资源定位符)进行漏洞检测,并由此获得文件URL(统一资源定位符)漏洞扫描结果及应用功能文件URL(统一资源定位符)漏洞检测结果。Specifically, vulnerability detection is performed according to the parsed data to obtain a vulnerability detection result. The vulnerability detection includes vulnerability scanning of file URL (uniform resource locator) and vulnerability scanning of application function file URL (uniform resource locator). Detect and obtain file URL (Uniform Resource Locator) vulnerability scanning results and application function file URL (Uniform Resource Locator) vulnerability detection results from this.
本实施例中,通过检测服务器对流量信息解析后进行漏洞检测,可以有效获取漏洞检测结果,提高检测效率。In this embodiment, the detection server performs vulnerability detection after analyzing the flow information, which can effectively obtain the vulnerability detection result and improve the detection efficiency.
图5为本申请第五个实施例的一种漏洞检测的方法流程示意图,如图所示,所述步骤s401,对所述发向目标服务器的流量信息进行解析,获得解析数据,包括:Figure 5 is a schematic flow chart of a method for vulnerability detection according to the fifth embodiment of the application. As shown in the figure, the step s401, parsing the traffic information sent to the target server to obtain analytical data, includes:
步骤s501,对所述发向目标服务器的流量信息中的统一资源定位符URL进行解析,获得各站点域名信息及关联域名信息;Step s501: parse the uniform resource locator URL in the traffic information sent to the target server to obtain domain name information of each site and associated domain name information;
具体的,URL是统一资源定位符,是对可以从互联网上得到的资源的位置和访问方法的一种简洁的表示,是互联网上标准资源的地址,互联网上的每个文件都有一个唯一的URL,它包含的信息指出文件的位置以及浏览器应该怎么处理它,标准的URL包含域名、端口号、资源位置、参数以及锚点等信息。Specifically, URL is a uniform resource locator. It is a concise representation of the location and access method of resources available on the Internet. It is the address of a standard resource on the Internet. Each file on the Internet has a unique URL, it contains information indicating the location of the file and how the browser should handle it. The standard URL contains information such as domain name, port number, resource location, parameters, and anchor.
具体的,当获取到流量信息中的URL(统一资源定位符)后,可对所述流量信息中的URL(统一资源定位符)进行解析,获得各站点域名信息及关联域名信息,由于域名信息是URL(统一资源定位符)的一部分,因此很容易从URL(统一资源定位符)中解析出域名信息。Specifically, when the URL (Uniform Resource Locator) in the traffic information is obtained, the URL (Uniform Resource Locator) in the traffic information can be parsed to obtain the domain name information and associated domain name information of each site. It is a part of URL (Uniform Resource Locator), so it is easy to parse out domain name information from URL (Uniform Resource Locator).
步骤s502,根据所述统一资源定位符URL或所述域名信息获取关联互联网协议IP信息;Step s502, obtaining associated Internet Protocol IP information according to the uniform resource locator URL or the domain name information;
具体的,由于URL(统一资源定位符)中可能直接包含IP(互联网协议)信息,那么可以直接从URL(统一资源定位符)获取IP(互联网协议)信息;如果URL(统一资源定位符)中包含的是域名信息,由于域名信息和IP(互联网协议)信息表示的是同一个信息,IP(互联网协议)信息用数字表示,用来唯一标识互联网上计算机的逻辑地址,但是不好记忆,如192.168.1.1.,因此通常将IP(互联网协议)信息转换为域名信息,而域名信息都是字符表示,容易记忆,如www.baidu.com;因此可通过对域名信息的解析获得IP(互联网协议)信息。Specifically, since the URL (Uniform Resource Locator) may directly contain IP (Internet Protocol) information, the IP (Internet Protocol) information can be obtained directly from the URL (Uniform Resource Locator); if the URL (Uniform Resource Locator) is It contains domain name information. Because domain name information and IP (Internet Protocol) information represent the same information, IP (Internet Protocol) information is represented by numbers, which are used to uniquely identify the logical address of a computer on the Internet, but it is not easy to remember, such as 192.168.1.1. Therefore, IP (Internet Protocol) information is usually converted into domain name information, and domain name information is represented by characters, which is easy to remember, such as www.baidu.com; therefore, IP (Internet Protocol) can be obtained through the analysis of domain name information. )information.
步骤s503,在所述发向目标服务器的流量信息中获取应用功能文件,对所述应用功能文件对应的统一资源定位符URL进行解析,获得超文本传输协议HTTP请求参数信息。In step s503, the application function file is obtained from the traffic information sent to the target server, and the uniform resource locator URL corresponding to the application function file is parsed to obtain hypertext transfer protocol HTTP request parameter information.
具体的,首先可在所述发向目标服务器的流量信息中筛选出应用功能的文件,然后对每个应用功能文件对应的URL(统一资源定位符)进行解析,获得其中包含的超文本传输协议HTTP请求参数信息。Specifically, firstly, the application function files can be filtered out from the traffic information sent to the target server, and then the URL (Uniform Resource Locator) corresponding to each application function file can be parsed to obtain the hypertext transfer protocol contained therein. HTTP request parameter information.
本实施例中,通过对流量信息的解析,获得流量信息中包含的URL和IP信 息,根据URL和IP信息可进行漏洞检测,可有效提高检测效率。In this embodiment, by analyzing the flow information, the URL and IP information contained in the flow information are obtained, and vulnerability detection can be performed based on the URL and IP information, which can effectively improve the detection efficiency.
图6为本申请第六个实施例的一种漏洞检测的方法流程示意图,如图所示,所述步骤s402,对所述解析数据进行漏洞检测,获得漏洞检测结果,包括:Figure 6 is a schematic flow chart of a method for vulnerability detection according to the sixth embodiment of the application. As shown in the figure, the step s402, performing vulnerability detection on the parsed data to obtain a vulnerability detection result, includes:
步骤s601,将所述解析数据发送至待检测队列,对所述待检测队列中解析数据的统一资源定位符URL依次进行检测;Step s601, sending the parsed data to the queue to be detected, and sequentially detecting the uniform resource locator URL of the parsed data in the queue to be detected;
具体的,当对流量数据进行解析获取到URL(统一资源定位符)后,可将URL(统一资源定位符)信息放入待检测队列,所述待检测队列包含多个检测任务,所述检测任务按时间顺序进行排列,并按时间顺序依次进行检测。Specifically, after the URL (Uniform Resource Locator) is obtained by parsing the traffic data, the URL (Uniform Resource Locator) information can be put into the queue to be detected. The queue to be detected contains multiple detection tasks. The tasks are arranged in chronological order and inspections are carried out in chronological order.
具体的,所述对URL(统一资源定位符)的检测包括:对URL(统一资源定位符)进行周期性检测任务的检测以及对所述URL(统一资源定位符)对应的文件是否有更改的检测。Specifically, the detection of URL (Uniform Resource Locator) includes: periodic detection task detection on URL (Uniform Resource Locator) and whether the file corresponding to the URL (Uniform Resource Locator) has been changed Detection.
步骤s602,当检测到所述统一资源定位符URL是周期性检测任务且所述统一资源定位符URL对应的文件没有更改时,调用上一次的漏洞检测结果作为本次漏洞检测结果,否则对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果。Step s602, when it is detected that the uniform resource locator URL is a periodic detection task and the file corresponding to the uniform resource locator URL has not been changed, call the previous vulnerability detection result as the current vulnerability detection result, otherwise The Uniform Resource Locator URL performs World Wide Web fingerprint recognition to obtain the vulnerability detection result.
具体的,当检测到所述URL(统一资源定位符)是周期性检测任务且所述URL(统一资源定位符)对应的文件没有更改时,可调用上一次的漏洞检测结果作为本次漏洞检测结果;其中,每次进行漏洞检测之后都可将漏洞检测结果进行存储。Specifically, when it is detected that the URL (Uniform Resource Locator) is a periodic detection task and the file corresponding to the URL (Uniform Resource Locator) has not changed, the last vulnerability detection result can be called as the current vulnerability detection Results; among them, the vulnerability detection results can be stored after each vulnerability detection.
具体的,判断所述URL(统一资源定位符)对应的文件是否有更改包括:每次在检测所述URL(统一资源定位符)时记录当前URL(统一资源定位符)对应文件的md5值,当再次检测所述URL(统一资源定位符)对应的文件时,判断所述URL(统一资源定位符)对应的文件的md5值和上次检测时记录的md5值是否相同,若相同,则所述URL(统一资源定位符)对应的文件无更改,若不相同,则所述URL(统一资源定位符)对应的文件有更改。Specifically, judging whether the file corresponding to the URL (Uniform Resource Locator) has changed includes: recording the md5 value of the file corresponding to the current URL (Uniform Resource Locator) each time the URL (Uniform Resource Locator) is detected, When the file corresponding to the URL (Uniform Resource Locator) is detected again, it is determined whether the md5 value of the file corresponding to the URL (Uniform Resource Locator) is the same as the md5 value recorded during the last detection. The file corresponding to the URL (Uniform Resource Locator) has not changed. If it is not the same, the file corresponding to the URL (Uniform Resource Locator) has been changed.
具体的,如果检测到所述URL(统一资源定位符)不是周期性检测任务或者所述URL(统一资源定位符)对应的文件有更改时,可对所述统一资源定位符URL进行万维网web指纹识别,并由此获得漏洞检测结果。Specifically, if it is detected that the URL (Uniform Resource Locator) is not a periodic detection task or the file corresponding to the URL (Uniform Resource Locator) has changed, the Uniform Resource Locator URL can be fingerprinted on the World Wide Web Identify, and obtain the vulnerability detection result from this.
本实施例中,通过对URL对应的检测任务进行识别以及对URL对应的文件进行检测,可以有效获取检测结果,提高检测效率。In this embodiment, by identifying the detection task corresponding to the URL and detecting the file corresponding to the URL, the detection result can be effectively obtained and the detection efficiency is improved.
图7为本申请第七个实施例的一种漏洞检测的方法流程示意图,如图所示,所述步骤s602,对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果,包括:Figure 7 is a schematic flow chart of a method for vulnerability detection according to the seventh embodiment of the application. As shown in the figure, in step s602, performing World Wide Web fingerprinting on the uniform resource locator URL to obtain the vulnerability detection result includes :
步骤s701,当对所述统一资源定位符URL进行万维网web指纹识别后,如 果获得对应网站的指纹信息,则根据所述指纹信息进行漏洞检测,获得漏洞检测结果,所述指纹信息包括:操作系统类型、万维网web服务器、数据库类型及万维网web应用脚本语言;Step s701: After performing web fingerprint recognition on the uniform resource locator URL, if fingerprint information of the corresponding website is obtained, perform vulnerability detection according to the fingerprint information to obtain the vulnerability detection result, the fingerprint information includes: operating system Type, WWW web server, database type and WWW web application script language;
具体的,可对所述URL(统一资源定位符)进行web(万维网)指纹识别,如果通过所述web(万维网)指纹识别后获取对应网站的指纹信息,那么可调用与所述指纹信息相对应的扫描依据进行漏洞检测,获得漏洞检测结果,所述指纹信息包括操作系统类型、使用的web(万维网)服务器、数据库类型和web(万维网)应用的脚本语言。Specifically, web (World Wide Web) fingerprint identification can be performed on the URL (Uniform Resource Locator). If the fingerprint information of the corresponding website is obtained after the web (World Wide Web) fingerprint identification, then the corresponding fingerprint information can be called Vulnerability detection is performed on the basis of the scanning to obtain the vulnerability detection result. The fingerprint information includes the operating system type, the web (World Wide Web) server used, the database type and the script language of the web (World Wide Web) application.
步骤s702,当对所述统一资源定位符URL进行万维网web指纹识别后,如果未获得对应网站的指纹信息,则调用漏洞检测终端提供的检测工具进行检测,获得漏洞检测结果。In step s702, after performing web fingerprint recognition on the uniform resource locator URL, if the fingerprint information of the corresponding website is not obtained, the detection tool provided by the vulnerability detection terminal is invoked for detection, and the vulnerability detection result is obtained.
具体的,当对所述URL(统一资源定位符)进行web(万维网)指纹识别后,如果未获得对应网站的指纹信息,那么可调用漏洞检测终端提供的所有的扫描工具对其URL(统一资源定位符)对应的文件进行漏洞扫描,根据扫描结果确定其URL(统一资源定位符)对应的文件是否存在漏洞,获得漏洞检测结果。Specifically, after web (World Wide Web) fingerprint recognition is performed on the URL (Uniform Resource Locator), if the fingerprint information of the corresponding website is not obtained, all the scanning tools provided by the vulnerability detection terminal can be invoked to check the URL (Uniform Resource Locator). The file corresponding to the locator) is scanned for vulnerabilities, and the file corresponding to its URL (Uniform Resource Locator) is determined according to the scanning result whether there are vulnerabilities, and the vulnerability detection result is obtained.
具体的,还可收集各应用功能所包含的各文件对应的URL(统一资源定位符),调用针对应用功能的检测工具对对应的URL(统一资源定位符)进行漏洞检测;例如,调用专门针对SQL注入、XSS攻击和越权漏洞的检测工具对各应用功能进行自动化的SQL注入、XSS攻击、越权漏洞的检测,获得漏洞检测结果。Specifically, the URL (Uniform Resource Locator) corresponding to each file contained in each application function can also be collected, and the detection tool for the application function can be called to perform vulnerability detection on the corresponding URL (Uniform Resource Locator); The detection tools for SQL injection, XSS attacks and unauthorized vulnerabilities automatically detect SQL injection, XSS attacks, and unauthorized vulnerabilities for each application function to obtain the vulnerability detection results.
本实施例中,通过对URL进行web指纹识别,并根据指纹识别结果进行工具检测,可以有效提高漏洞检测效率。In this embodiment, by performing web fingerprint recognition on the URL, and performing tool detection according to the fingerprint recognition result, the vulnerability detection efficiency can be effectively improved.
本申请实施例的一种漏洞检测的装置结构如图8所示,包括:The structure of a vulnerability detection device according to an embodiment of the present application is shown in FIG. 8, and includes:
信息发送模块801、数据分析模块802、检测模块803及漏洞修复模块804;其中,信息发送模块801与数据分析模块802相连,数据分析模块802与检测模块803相连,检测模块803与漏洞修复模块804相连;信息发送模块801设置为获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;数据分析模块802设置为当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;检测模块803设置为根据所述分析结果检测目标服务器是否存在漏洞;漏洞修复模块804设置为当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。 Information sending module 801, data analysis module 802, detection module 803, and vulnerability repair module 804; among them, information sending module 801 is connected to data analysis module 802, data analysis module 802 is connected to detection module 803, and detection module 803 is connected to vulnerability repair module 804 Connected; the information sending module 801 is set to obtain traffic information sent to the target server, and send the traffic information sent to the target server to the detection server; the data analysis module 802 is set to when the detection server receives the sent After the traffic information of the target server, the traffic information sent to the target server is analyzed to obtain the analysis result; the detection module 803 is set to detect whether the target server has a vulnerability according to the analysis result; the vulnerability repair module 804 is set to When the target server has a vulnerability, the target server is located, and the existing vulnerability is repaired.
本申请实施例还公开了一种计算机设备,所述计算机设备包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行上述各实施例中所述漏 洞检测方法中的步骤。The embodiment of the present application also discloses a computer device. The computer device includes a memory and a processor. The memory stores computer-readable instructions. When the computer-readable instructions are executed by one or more of the processors, , Enabling one or more of the processors to execute the steps in the vulnerability detection methods in the foregoing embodiments.
本申请实施例还公开了一种计算机可读存储介质,所述存储介质可被处理器读写,所述存储器存储有计算机可读指令,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行上述各实施例中所述漏洞检测方法中的步骤。其中,该计算机存储介质可以为非易失性存储介质,也可以为易失性存储介质,具体本申请不做限定。An embodiment of the present application also discloses a computer-readable storage medium, the storage medium can be read and written by a processor, the memory stores computer-readable instructions, and the computer-readable instructions are executed by one or more processors At this time, one or more processors are caused to execute the steps in the vulnerability detection methods described in the foregoing embodiments. The computer storage medium may be a non-volatile storage medium or a volatile storage medium, which is not specifically limited in this application.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,该计算机程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,前述的存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)等非易失性存储介质,或随机存储记忆体(Random Access Memory,RAM)等。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiment methods can be implemented by instructing relevant hardware through a computer program. The computer program can be stored in a computer readable storage medium. When executed, it may include the processes of the above-mentioned method embodiments. Among them, the aforementioned storage medium may be a non-volatile storage medium such as a magnetic disk, an optical disc, a read-only memory (Read-Only Memory, ROM), or a random access memory (Random Access Memory, RAM), etc.
以上所述实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above-mentioned embodiments can be combined arbitrarily. In order to make the description concise, all possible combinations of the technical features in the above-mentioned embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, All should be considered as the scope of this specification.

Claims (20)

  1. 一种漏洞检测的方法,包括以下步骤:A method of vulnerability detection includes the following steps:
    获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;Acquiring the traffic information sent to the target server, and sending the traffic information sent to the target server to the detection server;
    当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain an analysis result;
    根据所述分析结果检测目标服务器是否存在漏洞;Detect whether the target server has a loophole according to the analysis result;
    当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。When it is detected that the target server has a vulnerability, the target server is located, and the existing vulnerability is repaired.
  2. 如权利要求1所述的漏洞检测的方法,所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器,包括:5. The method of vulnerability detection according to claim 1, wherein said acquiring traffic information sent to the target server and sending said traffic information sent to the target server to the detection server comprises:
    在浏览器中设置插件,将所述插件与所述检测服务器进行关联,并通过所述浏览器中的插件获取访问各站点的超文本传输协议HTTP请求信息;Setting a plug-in in the browser, associating the plug-in with the detection server, and obtaining the Hypertext Transfer Protocol HTTP request information for visiting each site through the plug-in in the browser;
    将所述超文本传输协议HTTP请求信息发送至与所述浏览器中的插件关联的检测服务器。The hypertext transfer protocol HTTP request information is sent to the detection server associated with the plug-in in the browser.
  3. 如权利要求1所述的漏洞检测的方法,所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器,包括:5. The method of vulnerability detection according to claim 1, wherein said acquiring traffic information sent to the target server and sending said traffic information sent to the target server to the detection server comprises:
    设置超文本传输协议HTTP代理服务器,通过所述超文本传输协议HTTP代理服务器将浏览器的网络代理端口指向代理系统,将所述代理系统与所述检测服务器进行关联;Setting a hypertext transfer protocol HTTP proxy server, and point the web proxy port of the browser to the proxy system through the hypertext transfer protocol HTTP proxy server, and associate the proxy system with the detection server;
    当获取到网络流量信息时,通过所述代理系统将所述网络流量信息发送至与所述代理系统关联的检测服务器。When the network flow information is obtained, the network flow information is sent to the detection server associated with the proxy system through the proxy system.
  4. 如权利要求1所述的漏洞检测的方法,所述当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果,包括:The method of vulnerability detection according to claim 1, wherein after the detection server receives the traffic information sent to the target server, analyzing the traffic information sent to the target server to obtain the analysis result, including :
    当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行解析,获得解析数据;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain analytical data;
    对所述解析数据进行漏洞检测,获得漏洞检测结果。Perform vulnerability detection on the parsed data to obtain a vulnerability detection result.
  5. 如权利要求4所述的漏洞检测的方法,所述对所述发向目标服务器的流量信息进行解析,获得解析数据,包括:5. The method of vulnerability detection according to claim 4, said analyzing the traffic information sent to the target server to obtain analytical data, comprising:
    对所述发向目标服务器的流量信息中的统一资源定位符URL进行解析,获得各站点域名信息及关联域名信息;Parse the uniform resource locator URL in the traffic information sent to the target server to obtain domain name information of each site and associated domain name information;
    根据所述统一资源定位符URL或所述域名信息获取关联互联网协议IP信息;Obtaining associated Internet Protocol IP information according to the uniform resource locator URL or the domain name information;
    在所述发向目标服务器的流量信息中获取应用功能文件,对所述应用功能 文件对应的统一资源定位符URL进行解析,获得超文本传输协议HTTP请求参数信息。Obtain the application function file from the traffic information sent to the target server, analyze the uniform resource locator URL corresponding to the application function file, and obtain the hypertext transfer protocol HTTP request parameter information.
  6. 如权利要求4所述的漏洞检测的方法,所述对所述解析数据进行漏洞检测,获得漏洞检测结果,包括:5. The method for vulnerability detection according to claim 4, wherein said performing vulnerability detection on said parsed data to obtain a vulnerability detection result comprises:
    将所述解析数据发送至待检测队列,对所述待检测队列中解析数据的统一资源定位符URL依次进行检测;Sending the parsed data to the queue to be detected, and sequentially detect the uniform resource locator URL of the parsed data in the queue to be detected;
    当检测到所述统一资源定位符URL是周期性检测任务且所述统一资源定位符URL对应的文件没有更改时,调用上一次的漏洞检测结果作为本次漏洞检测结果,否则对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果。When it is detected that the uniform resource locator URL is a periodic detection task and the file corresponding to the uniform resource locator URL has not been changed, the last vulnerability detection result is called as the current vulnerability detection result, otherwise the uniform resource The URL of the locator performs fingerprint recognition on the World Wide Web and obtains the vulnerability detection result.
  7. 如权利要求6所述的漏洞检测的方法,所述对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果,包括:7. The method for vulnerability detection according to claim 6, wherein said performing World Wide Web fingerprint recognition on said uniform resource locator URL to obtain a vulnerability detection result comprises:
    当对所述统一资源定位符URL进行万维网web指纹识别后,如果获得对应网站的指纹信息,则根据所述指纹信息进行漏洞检测,获得漏洞检测结果,所述指纹信息包括:操作系统类型、万维网web服务器、数据库类型及万维网web应用脚本语言;After performing the World Wide Web fingerprint recognition on the uniform resource locator URL, if the fingerprint information of the corresponding website is obtained, the vulnerability detection is performed according to the fingerprint information, and the vulnerability detection result is obtained. The fingerprint information includes: operating system type, World Wide Web Web server, database type and World Wide Web web application script language;
    当对所述统一资源定位符URL进行万维网web指纹识别后,如果未获得对应网站的指纹信息,则调用漏洞检测终端提供的检测工具进行检测,获得漏洞检测结果。After performing World Wide Web fingerprint recognition on the uniform resource locator URL, if the fingerprint information of the corresponding website is not obtained, the detection tool provided by the vulnerability detection terminal is invoked for detection, and the vulnerability detection result is obtained.
  8. 一种漏洞检测的装置,所述装置包括:A vulnerability detection device, the device includes:
    信息发送模块:设置为获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;Information sending module: configured to obtain traffic information sent to the target server, and send the traffic information sent to the target server to the detection server;
    数据分析模块:设置为当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;Data analysis module: configured to, after the detection server receives the traffic information sent to the target server, analyze the traffic information sent to the target server to obtain the analysis result;
    检测模块:设置为根据所述分析结果检测目标服务器是否存在漏洞;Detection module: set to detect whether the target server has vulnerabilities according to the analysis result;
    漏洞修复模块:设置为当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。Vulnerability repair module: set to locate the target server when a vulnerability exists in the target server and repair the existing vulnerability.
  9. 一种计算机设备,所述计算机设备包括存储器和处理器,所述存储器中存储有计算机可读指令,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行如下所述漏洞检测方法的步骤:A computer device including a memory and a processor, and computer-readable instructions are stored in the memory. When the computer-readable instructions are executed by one or more processors, one or more The processor executes the steps of the vulnerability detection method described below:
    获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;Acquiring the traffic information sent to the target server, and sending the traffic information sent to the target server to the detection server;
    当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain an analysis result;
    根据所述分析结果检测目标服务器是否存在漏洞;Detect whether the target server has a loophole according to the analysis result;
    当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。When it is detected that the target server has a vulnerability, the target server is located, and the existing vulnerability is repaired.
  10. 如权利要求9所述的计算机设备,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器的步骤时,还执行如下步骤:The computer device according to claim 9, when the computer-readable instructions are executed by one or more of the processors, the one or more of the processors execute the acquisition of traffic information sent to the target server, and When sending the traffic information sent to the target server to the detection server, the following steps are also performed:
    在浏览器中设置插件,将所述插件与所述检测服务器进行关联,并通过所述浏览器中的插件获取访问各站点的超文本传输协议HTTP请求信息;Setting a plug-in in the browser, associating the plug-in with the detection server, and obtaining the Hypertext Transfer Protocol HTTP request information for visiting each site through the plug-in in the browser;
    将所述超文本传输协议HTTP请求信息发送至与所述浏览器中的插件关联的检测服务器。The hypertext transfer protocol HTTP request information is sent to the detection server associated with the plug-in in the browser.
  11. 如权利要求9所述的计算机设备,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器的步骤时,还执行如下步骤:The computer device according to claim 9, when the computer-readable instructions are executed by one or more of the processors, the one or more of the processors execute the acquisition of traffic information sent to the target server, and When sending the traffic information sent to the target server to the detection server, the following steps are also performed:
    设置超文本传输协议HTTP代理服务器,通过所述超文本传输协议HTTP代理服务器将浏览器的网络代理端口指向代理系统,将所述代理系统与所述检测服务器进行关联;Setting a hypertext transfer protocol HTTP proxy server, and point the web proxy port of the browser to the proxy system through the hypertext transfer protocol HTTP proxy server, and associate the proxy system with the detection server;
    当获取到网络流量信息时,通过所述代理系统将所述网络流量信息发送至与所述代理系统关联的检测服务器。When the network flow information is obtained, the network flow information is sent to the detection server associated with the proxy system through the proxy system.
  12. 如权利要求9所述的计算机设备,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行所述当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果的步骤时,还执行如下步骤:The computer device according to claim 9, when the computer-readable instructions are executed by one or more of the processors, the one or more of the processors execute the when the detection server receives the transmission After the traffic information sent to the target server, the traffic information sent to the target server is analyzed, and when the analysis result is obtained, the following steps are also performed:
    当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行解析,获得解析数据;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain analytical data;
    对所述解析数据进行漏洞检测,获得漏洞检测结果。Perform vulnerability detection on the parsed data to obtain a vulnerability detection result.
  13. 如权利要求12所述的计算机设备,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行所述发向目标服务器的流量信息进行解析,获得解析数据的步骤时,还执行如下步骤:The computer device according to claim 12, when the computer-readable instructions are executed by one or more of the processors, the one or more of the processors are executed to analyze the traffic information sent to the target server, When obtaining the step of analyzing data, the following steps are also performed:
    对所述发向目标服务器的流量信息中的统一资源定位符URL进行解析,获得各站点域名信息及关联域名信息;Parse the uniform resource locator URL in the traffic information sent to the target server to obtain domain name information of each site and associated domain name information;
    根据所述统一资源定位符URL或所述域名信息获取关联互联网协议IP信息;Obtaining associated Internet Protocol IP information according to the uniform resource locator URL or the domain name information;
    在所述发向目标服务器的流量信息中获取应用功能文件,对所述应用功能文件对应的统一资源定位符URL进行解析,获得超文本传输协议HTTP请求参数信息。The application function file is obtained from the traffic information sent to the target server, and the uniform resource locator URL corresponding to the application function file is parsed to obtain hypertext transfer protocol HTTP request parameter information.
  14. 如权利要求12所述的计算机设备,所述计算机可读指令被一个或多个所述处理器执行时,使得一个或多个所述处理器执行所述解析数据进行漏洞检测,获得漏洞检测结果的步骤时,还执行如下步骤:The computer device according to claim 12, when the computer-readable instructions are executed by one or more of the processors, the one or more processors execute the parsed data to perform vulnerability detection, and obtain a vulnerability detection result The following steps are also performed:
    将所述解析数据发送至待检测队列,对所述待检测队列中解析数据的统一资源定位符URL依次进行检测;Sending the parsed data to the queue to be detected, and sequentially detect the uniform resource locator URL of the parsed data in the queue to be detected;
    当检测到所述统一资源定位符URL是周期性检测任务且所述统一资源定位符URL对应的文件没有更改时,调用上一次的漏洞检测结果作为本次漏洞检测结果,否则对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果。When it is detected that the uniform resource locator URL is a periodic detection task and the file corresponding to the uniform resource locator URL has not been changed, the last vulnerability detection result is called as the current vulnerability detection result, otherwise the uniform resource The URL of the locator performs fingerprint recognition on the World Wide Web and obtains the vulnerability detection result.
  15. 一种计算机可读存储介质,所述存储介质可被处理器读写,所述存储介质存储有计算机可读指令,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行如下所述漏洞检测方法的步骤:A computer-readable storage medium that can be read and written by a processor, and the storage medium stores computer-readable instructions. When the computer-readable instructions are executed by one or more processors, one or more Each processor executes the steps of the vulnerability detection method as described below:
    获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器;Acquiring the traffic information sent to the target server, and sending the traffic information sent to the target server to the detection server;
    当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain an analysis result;
    根据所述分析结果检测目标服务器是否存在漏洞;Detect whether the target server has a loophole according to the analysis result;
    当检测到所述目标服务器存在漏洞时,对所述目标服务器进行定位,并对所述存在的漏洞进行修复。When it is detected that the target server has a vulnerability, the target server is located, and the existing vulnerability is repaired.
  16. 如权利要求15所述的计算机存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器的步骤时,还还执行如下步骤:The computer storage medium of claim 15, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the acquisition of traffic information sent to the target server, and the When the traffic information sent to the target server is sent to the detection server, the following steps are also performed:
    在浏览器中设置插件,将所述插件与所述检测服务器进行关联,并通过所述浏览器中的插件获取访问各站点的超文本传输协议HTTP请求信息;Setting a plug-in in the browser, associating the plug-in with the detection server, and obtaining the Hypertext Transfer Protocol HTTP request information for visiting each site through the plug-in in the browser;
    将所述超文本传输协议HTTP请求信息发送至与所述浏览器中的插件关联的检测服务器。The hypertext transfer protocol HTTP request information is sent to the detection server associated with the plug-in in the browser.
  17. 如权利要求15所述的计算机存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述获取发向目标服务器的流量信息,并将所述发向目标服务器的流量信息发送至检测服务器的步骤时,还执行如下步骤:The computer storage medium of claim 15, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the acquisition of traffic information sent to the target server, and the When the traffic information sent to the target server is sent to the detection server, the following steps are also performed:
    设置超文本传输协议HTTP代理服务器,通过所述超文本传输协议HTTP代理服务器将浏览器的网络代理端口指向代理系统,将所述代理系统与所述检测服务器进行关联;Setting a hypertext transfer protocol HTTP proxy server, and point the web proxy port of the browser to the proxy system through the hypertext transfer protocol HTTP proxy server, and associate the proxy system with the detection server;
    当获取到网络流量信息时,通过所述代理系统将所述网络流量信息发送至与所述代理系统关联的检测服务器。When the network flow information is obtained, the network flow information is sent to the detection server associated with the proxy system through the proxy system.
  18. 如权利要求15所述的计算机存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行分析,获取分析结果的步骤时,还执行如下步骤:The computer storage medium according to claim 15, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the when the detection server receives the information sent to the target server After the traffic information is analyzed, the traffic information sent to the target server is analyzed, and when the analysis result is obtained, the following steps are also performed:
    当所述检测服务器接收到所述发向目标服务器的流量信息后,对所述发向目标服务器的流量信息进行解析,获得解析数据;After the detection server receives the traffic information sent to the target server, analyzes the traffic information sent to the target server to obtain analytical data;
    对所述解析数据进行漏洞检测,获得漏洞检测结果。Perform vulnerability detection on the parsed data to obtain a vulnerability detection result.
  19. 如权利要求18所述的计算机存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述对所述发向目标服务器的流量信息进行解析,获得解析数据的步骤时,还执行如下步骤:17. The computer storage medium of claim 18, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the analysis of the traffic information sent to the target server, When obtaining the step of analyzing data, the following steps are also performed:
    对所述发向目标服务器的流量信息中的统一资源定位符URL进行解析,获得各站点域名信息及关联域名信息;Parse the uniform resource locator URL in the traffic information sent to the target server to obtain domain name information of each site and associated domain name information;
    根据所述统一资源定位符URL或所述域名信息获取关联互联网协议IP信息;Obtaining associated Internet Protocol IP information according to the uniform resource locator URL or the domain name information;
    在所述发向目标服务器的流量信息中获取应用功能文件,对所述应用功能文件对应的统一资源定位符URL进行解析,获得超文本传输协议HTTP请求参数信息。The application function file is obtained from the traffic information sent to the target server, and the uniform resource locator URL corresponding to the application function file is parsed to obtain hypertext transfer protocol HTTP request parameter information.
  20. 如权利要求18所述的计算机可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得一个或多个处理器执行所述对所述解析数据进行漏洞检测,获得漏洞检测结果的步骤时,还执行如下步骤:The computer-readable storage medium of claim 18, when the computer-readable instructions are executed by one or more processors, the one or more processors execute the vulnerability detection on the parsed data to obtain the vulnerability When checking the results, perform the following steps:
    将所述解析数据发送至待检测队列,对所述待检测队列中解析数据的统一资源定位符URL依次进行检测;Sending the parsed data to the queue to be detected, and sequentially detect the uniform resource locator URL of the parsed data in the queue to be detected;
    当检测到所述统一资源定位符URL是周期性检测任务且所述统一资源定位符URL对应的文件没有更改时,调用上一次的漏洞检测结果作为本次漏洞检测结果,否则对所述统一资源定位符URL进行万维网web指纹识别,获得漏洞检测结果。When it is detected that the uniform resource locator URL is a periodic detection task and the file corresponding to the uniform resource locator URL has not been changed, the last vulnerability detection result is called as the current vulnerability detection result, otherwise the uniform resource The URL of the locator performs fingerprint recognition on the World Wide Web and obtains the vulnerability detection result.
PCT/CN2019/118685 2019-05-21 2019-11-15 Vulnerability detection method and apparatus, computer device, and storage medium WO2020233022A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910425959.2A CN110324311B (en) 2019-05-21 2019-05-21 Vulnerability detection method and device, computer equipment and storage medium
CN201910425959.2 2019-05-21

Publications (1)

Publication Number Publication Date
WO2020233022A1 true WO2020233022A1 (en) 2020-11-26

Family

ID=68113164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/118685 WO2020233022A1 (en) 2019-05-21 2019-11-15 Vulnerability detection method and apparatus, computer device, and storage medium

Country Status (2)

Country Link
CN (1) CN110324311B (en)
WO (1) WO2020233022A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112866274A (en) * 2021-02-01 2021-05-28 北京工业大学 XSS vulnerability detection method based on cloud data
CN113422759A (en) * 2021-06-10 2021-09-21 杭州安恒信息技术股份有限公司 Vulnerability scanning method, electronic device and storage medium
CN113449310A (en) * 2021-06-29 2021-09-28 中国民航信息网络股份有限公司 Application program vulnerability detection method, device and equipment
CN114143086A (en) * 2021-11-30 2022-03-04 北京天融信网络安全技术有限公司 Web application identification method and device, electronic equipment and storage medium
CN114598503A (en) * 2022-02-21 2022-06-07 北京北信源软件股份有限公司 Illegal external connection detection method, device and system and electronic equipment
CN114697049A (en) * 2020-12-14 2022-07-01 中国科学院计算机网络信息中心 WebShell detection method and device
CN116776338A (en) * 2023-07-28 2023-09-19 上海螣龙科技有限公司 Multilayer filtering high-precision vulnerability detection method, device, equipment and medium

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324311B (en) * 2019-05-21 2022-05-17 平安科技(深圳)有限公司 Vulnerability detection method and device, computer equipment and storage medium
CN110868422B (en) * 2019-11-20 2023-04-18 杭州安恒信息技术股份有限公司 Http site detection method, apparatus, device, and medium
CN110881043B (en) * 2019-11-29 2022-07-01 杭州迪普科技股份有限公司 Method and device for detecting web server vulnerability
CN110995717B (en) * 2019-12-06 2022-11-01 杭州海康威视数字技术股份有限公司 Message processing method and device, electronic equipment and vulnerability scanning system
CN111178760B (en) * 2019-12-30 2023-05-23 成都烽创科技有限公司 Risk monitoring method, risk monitoring device, terminal equipment and computer readable storage medium
CN111639365A (en) * 2020-06-09 2020-09-08 杭州安恒信息技术股份有限公司 Data leakage warning method and related device
CN112202717B (en) * 2020-09-02 2023-09-05 深信服科技股份有限公司 HTTP request processing method and device, server and storage medium
CN114584330A (en) * 2020-11-16 2022-06-03 华为技术有限公司 Vulnerability testing method and device
CN112671728B (en) * 2020-12-14 2023-01-03 中科曙光国际信息产业有限公司 Network access request acquisition method and device, computer equipment and storage medium
CN114726559A (en) * 2020-12-22 2022-07-08 深信服科技股份有限公司 URL detection method, system, equipment and computer readable storage medium
CN112699373A (en) * 2020-12-24 2021-04-23 山东鲁能软件技术有限公司 Method and device for detecting SQL injection vulnerability in batch
CN113515746B (en) * 2021-03-25 2024-01-30 北京达佳互联信息技术有限公司 Security hole detection method and device, electronic equipment, storage medium and product
CN113127885B (en) * 2021-05-18 2024-02-23 中国银行股份有限公司 Authority vulnerability detection method and device
CN113238536B (en) * 2021-06-04 2022-03-25 西安热工研究院有限公司 Industrial control system network vulnerability identification method and device and related equipment thereof
CN114244581B (en) * 2021-11-29 2024-03-29 西安四叶草信息技术有限公司 Cache poisoning vulnerability detection method and device, electronic equipment and storage medium
CN114268498A (en) * 2021-12-22 2022-04-01 杭州安恒信息技术股份有限公司 Websocket detection method, device and medium

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104378389A (en) * 2014-12-12 2015-02-25 北京奇虎科技有限公司 Website security detecting method and device
CN105141647A (en) * 2014-06-04 2015-12-09 中国银联股份有限公司 Method and system for detecting Web application
US20170270303A1 (en) * 2016-03-21 2017-09-21 Checkmarx Ltd. Integrated Interactive Application Security Testing
CN108040045A (en) * 2017-12-07 2018-05-15 百度在线网络技术(北京)有限公司 Generation method, device, server and the storage medium of flowing of access file
CN108063759A (en) * 2017-12-05 2018-05-22 西安交大捷普网络科技有限公司 Web vulnerability scanning methods
CN108667770A (en) * 2017-03-29 2018-10-16 腾讯科技(深圳)有限公司 A kind of loophole test method, server and the system of website
CN110324311A (en) * 2019-05-21 2019-10-11 平安科技(深圳)有限公司 Method, apparatus, computer equipment and the storage medium of Hole Detection

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104363252B (en) * 2014-12-12 2016-09-28 北京奇虎科技有限公司 Website security detection method and device
CN106033512A (en) * 2015-03-20 2016-10-19 中兴通讯股份有限公司 Security vulnerability reinforcing method and system
CN106548075B (en) * 2015-09-22 2020-03-27 阿里巴巴集团控股有限公司 Vulnerability detection method and device
CN108632219B (en) * 2017-03-21 2021-04-27 腾讯科技(深圳)有限公司 Website vulnerability detection method, detection server, system and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105141647A (en) * 2014-06-04 2015-12-09 中国银联股份有限公司 Method and system for detecting Web application
CN104378389A (en) * 2014-12-12 2015-02-25 北京奇虎科技有限公司 Website security detecting method and device
US20170270303A1 (en) * 2016-03-21 2017-09-21 Checkmarx Ltd. Integrated Interactive Application Security Testing
CN108667770A (en) * 2017-03-29 2018-10-16 腾讯科技(深圳)有限公司 A kind of loophole test method, server and the system of website
CN108063759A (en) * 2017-12-05 2018-05-22 西安交大捷普网络科技有限公司 Web vulnerability scanning methods
CN108040045A (en) * 2017-12-07 2018-05-15 百度在线网络技术(北京)有限公司 Generation method, device, server and the storage medium of flowing of access file
CN110324311A (en) * 2019-05-21 2019-10-11 平安科技(深圳)有限公司 Method, apparatus, computer equipment and the storage medium of Hole Detection

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114697049A (en) * 2020-12-14 2022-07-01 中国科学院计算机网络信息中心 WebShell detection method and device
CN114697049B (en) * 2020-12-14 2024-04-12 中国科学院计算机网络信息中心 WebShell detection method and device
CN112866274A (en) * 2021-02-01 2021-05-28 北京工业大学 XSS vulnerability detection method based on cloud data
CN112866274B (en) * 2021-02-01 2022-08-16 北京工业大学 XSS vulnerability detection method based on cloud data
CN113422759A (en) * 2021-06-10 2021-09-21 杭州安恒信息技术股份有限公司 Vulnerability scanning method, electronic device and storage medium
CN113422759B (en) * 2021-06-10 2023-04-18 杭州安恒信息技术股份有限公司 Vulnerability scanning method, electronic device and storage medium
CN113449310A (en) * 2021-06-29 2021-09-28 中国民航信息网络股份有限公司 Application program vulnerability detection method, device and equipment
CN114143086A (en) * 2021-11-30 2022-03-04 北京天融信网络安全技术有限公司 Web application identification method and device, electronic equipment and storage medium
CN114143086B (en) * 2021-11-30 2023-09-26 北京天融信网络安全技术有限公司 Web application identification method and device, electronic equipment and storage medium
CN114598503A (en) * 2022-02-21 2022-06-07 北京北信源软件股份有限公司 Illegal external connection detection method, device and system and electronic equipment
CN114598503B (en) * 2022-02-21 2023-12-12 北京北信源软件股份有限公司 Illegal external connection detection method, device and system and electronic equipment
CN116776338A (en) * 2023-07-28 2023-09-19 上海螣龙科技有限公司 Multilayer filtering high-precision vulnerability detection method, device, equipment and medium

Also Published As

Publication number Publication date
CN110324311A (en) 2019-10-11
CN110324311B (en) 2022-05-17

Similar Documents

Publication Publication Date Title
WO2020233022A1 (en) Vulnerability detection method and apparatus, computer device, and storage medium
US9081961B2 (en) System and method for analyzing malicious code using a static analyzer
US9251282B2 (en) Systems and methods for determining compliance of references in a website
CN103279710B (en) Method and system for detecting malicious codes of Internet information system
CN109768992B (en) Webpage malicious scanning processing method and device, terminal device and readable storage medium
CN107046544B (en) Method and device for identifying illegal access request to website
JP5920169B2 (en) Unauthorized connection detection method, network monitoring apparatus and program
CN104601573A (en) Verification method and device for Android platform URL (Uniform Resource Locator) access result
CN108696488B (en) Uploading interface identification method, identification server and system
US8893233B2 (en) Referer verification apparatus and method
CN113259392B (en) Network security attack and defense method, device and storage medium
CN111104579A (en) Identification method and device for public network assets and storage medium
CN109672658B (en) JSON hijacking vulnerability detection method, device, equipment and storage medium
KR101902747B1 (en) Method and Apparatus for Analyzing Web Vulnerability for Client-side
US20160337385A1 (en) Network monitoring method and network monitoring device
CN110879889A (en) Method and system for detecting malicious software of Windows platform
CN105635064A (en) CSRF attack detection method and device
CN113190838A (en) Web attack behavior detection method and system based on expression
CN111404949A (en) Flow detection method, device, equipment and storage medium
WO2015188604A1 (en) Phishing webpage detection method and device
CN113411333A (en) Unauthorized access vulnerability detection method, device, system and storage medium
KR101725404B1 (en) Method and apparatus for testing web site
CN111327632B (en) Zombie host detection method, system, equipment and storage medium
US20150163238A1 (en) Systems and methods for testing and managing defensive network devices
CN111625837A (en) Method and device for identifying system vulnerability and server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19930158

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19930158

Country of ref document: EP

Kind code of ref document: A1