[go: up one dir, main page]

CN111291382B - Vulnerability Scanning System - Google Patents

Vulnerability Scanning System Download PDF

Info

Publication number
CN111291382B
CN111291382B CN202010074353.1A CN202010074353A CN111291382B CN 111291382 B CN111291382 B CN 111291382B CN 202010074353 A CN202010074353 A CN 202010074353A CN 111291382 B CN111291382 B CN 111291382B
Authority
CN
China
Prior art keywords
scanning
domain name
information
vulnerability
scan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010074353.1A
Other languages
Chinese (zh)
Other versions
CN111291382A (en
Inventor
胡国胜
宋国徽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Technical Institute of Electronics and Information
Original Assignee
Shanghai Technical Institute of Electronics and Information
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Technical Institute of Electronics and Information filed Critical Shanghai Technical Institute of Electronics and Information
Priority to CN202010074353.1A priority Critical patent/CN111291382B/en
Publication of CN111291382A publication Critical patent/CN111291382A/en
Application granted granted Critical
Publication of CN111291382B publication Critical patent/CN111291382B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3668Testing of software
    • G06F11/3672Test management
    • G06F11/3684Test management for test design, e.g. generating new test cases
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Prevention of errors by analysis, debugging or testing of software
    • G06F11/3668Testing of software
    • G06F11/3672Test management
    • G06F11/3692Test management for test results analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Quality & Reliability (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a vulnerability scanning system, which is used for carrying out vulnerability scanning on address asset information of a user and automatically generating a corresponding security report file to be checked by the user, and is characterized by comprising the following steps: at least one user terminal, which is held by users with different account information; and the scanning server is in communication connection with the user terminal, wherein the user terminal comprises a user side picture storage part and a user side input display part, the scanning server comprises a vulnerability scanning part, a report template storage part, a scanning task generation part and a service side communication part, and the user side picture storage part stores a scanning request picture and a report inquiry picture.

Description

漏洞扫描系统Vulnerability Scanning System

技术领域technical field

本发明属于互联网安全领域,具体涉及一种漏洞扫描系统。The invention belongs to the field of Internet security, in particular to a vulnerability scanning system.

背景技术Background technique

随着互联网业务的高速发展和扩张,传统的业务边界已经慢慢模糊化,企业各个业务之间互相交错关联,存在于企业网站、系统中的漏洞也随着企业业务的高速发展变得越来越多,安全隐患正急剧上升,企业面临的信息安全风险日趋严峻。与此同时,攻击者的入侵手段也在不断加强,当这些漏洞被攻击者利用,将会给企业带来直接的巨大损失。With the rapid development and expansion of Internet business, the traditional business boundaries have gradually blurred, and the various businesses of the enterprise are intertwined with each other. The loopholes in the enterprise website and system have also become more and more with the rapid development of the enterprise business. The more, the security risks are rising sharply, and the information security risks faced by enterprises are becoming more and more serious. At the same time, the intrusion methods of attackers are constantly strengthening. When these vulnerabilities are exploited by attackers, it will bring direct huge losses to enterprises.

为了对网站、系统中的漏洞进行检测,传统的漏洞扫描方法采用不同的扫描工具进行扫描,常见的扫描工具有nmap、nessus、awvs等。In order to detect vulnerabilities in websites and systems, traditional vulnerability scanning methods use different scanning tools to scan. Common scanning tools include nmap, nessus, and awvs.

然而,上述漏扫工具只能扫描单一漏洞,如扫描端口、web漏洞、主机漏洞等单方面。而这些扫描工具良莠不齐,功能种类偏多,因此测试人员在对网站、系统的漏洞进行检测需要花费大量的人工成本,同时还会因为测试人员之间实力存在差距,产生扫描错漏等问题。However, the above-mentioned vulnerability scanning tools can only scan a single vulnerability, such as scanning ports, web vulnerabilities, and host vulnerabilities. These scanning tools are of mixed quality and have many types of functions. Therefore, testers need to spend a lot of labor costs to detect the vulnerabilities of websites and systems. At the same time, due to the gap in strength between testers, problems such as scanning errors and omissions occur.

进一步,在扫描完成后,测试人员还需要根据扫描的结果进行安全性分析以及编写安全报告,同样会给测试人员造成工作负担。Further, after the scan is completed, the tester also needs to perform a security analysis and write a security report according to the scan result, which will also cause a workload to the tester.

发明内容SUMMARY OF THE INVENTION

为解决上述问题,提供一种综合各类扫描工具,同时通过让用户输入待检测的地址以及所需的扫描类型从而自动地完成漏洞扫描以及报告生成的漏洞扫描系统,本发明采用了如下技术方案:In order to solve the above problems, a vulnerability scanning system is provided that integrates various types of scanning tools, and at the same time allows users to input addresses to be detected and required scanning types to automatically complete vulnerability scanning and report generation. The vulnerability scanning system adopts the following technical solutions :

本发明提供了一种漏洞扫描系统,用于对用户的地址资产信息进行漏洞扫描并自动生成相应的安全报告文件给该用户查看,其特征在于,包括:至少一个用户终端,分别由具有不同账号信息的用户持有;以及扫描服务器,与用户终端相通信连接,其中,用户终端包括用户侧画面存储部以及用户侧输入显示部,扫描服务器包括漏洞扫描部、报告模板存储部、扫描任务生成部以及服务侧通信部,用户侧画面存储部存储有扫描请求画面以及报告查询画面,报告模板存储部存储有预设的用于生成安全报告文件的报告模板,漏洞扫描部包括多种不同类型且用于对域名进行安全扫描的域名扫描器以及多种不同类型且用于对IP进行安全扫描的IP扫描器,用户侧输入显示部显示扫描请求画面让用户输入包含待扫描的域名信息、待扫描的IP信息以及表示需要进行的扫描类型的扫描类型信息的扫描请求并将该扫描请求发送给扫描服务器,一旦扫描服务器接收到扫描请求,扫描任务生成部就基于扫描类型信息生成用于将域名信息分配给对应的域名扫描器的域名扫描任务以及用于将IP信息分配给对应IP扫描器的IP扫描任务从而完成任务分配操作,域名扫描器在接收到域名扫描任务时对相应的域名信息进行漏洞扫描从而生成域名漏洞扫描结果,并将包含扫描得到的IP信息的扫描IP信息发送给扫描任务生成部,IP扫描器在接收到IP扫描任务时对相应的IP信息进行漏洞扫描从而生成IP漏洞扫描结果,并将包含扫描得到的域名信息的扫描域名信息发送给扫描任务生成部,扫描任务生成部在接收到扫描IP信息以及扫描域名信息时就基于扫描请求、扫描IP信息以及扫描域名信息分别生成新的域名扫描任务以及新的IP扫描任务,一旦扫描任务生成部分配的域名扫描任务以及IP扫描任务都被扫描完成,安全报告生成部就基于报告模板、所有的域名漏洞扫描结果以及所有的IP漏洞扫描结果生成安全报告文件,服务侧通信部将安全报告文件根据账号信息发送给对应的用户终端,用户侧输入显示部在报告查询画面中显示接收到的安全报告文件让用户查看。The present invention provides a vulnerability scanning system, which is used to perform vulnerability scanning on a user's address asset information and automatically generate a corresponding security report file for the user to view. The user holds the information; and the scan server is connected in communication with the user terminal, wherein the user terminal includes a user-side screen storage unit and a user-side input display unit, and the scan server includes a vulnerability scanning unit, a report template storage unit, and a scan task generation unit And the service-side communication part, the user-side screen storage part stores the scan request screen and the report query screen, the report template storage part stores the preset report template for generating the security report file, and the vulnerability scanning part includes many different types and uses. For domain name scanners for security scanning of domain names and various types of IP scanners for security scanning of IP, the input display part on the user side displays a scan request screen for the user to input information including domain name information to be scanned, IP information and a scan request indicating the scan type to be performed, and send the scan request to the scan server. Once the scan server receives the scan request, the scan job generation unit generates the domain name information for assigning domain name information based on the scan type information. The domain name scanning task for the corresponding domain name scanner and the IP scanning task for allocating IP information to the corresponding IP scanner to complete the task assignment operation. The domain name scanner performs vulnerability scanning on the corresponding domain name information when receiving the domain name scanning task. Thereby, the domain name vulnerability scanning result is generated, and the scanning IP information including the scanned IP information is sent to the scanning task generation unit. When receiving the IP scanning task, the IP scanner performs vulnerability scanning on the corresponding IP information to generate the IP vulnerability scanning result. , and send the scan domain name information including the scanned domain name information to the scan task generation unit, and the scan task generation unit generates new scan request, scan IP information and scan domain name information based on the scan request, scan IP information and scan domain name information when receiving the scan IP information and scan domain name information. Once the domain name scan tasks and IP scan tasks assigned by the scan task generation section have been scanned, the security report generation section based on the report template, all domain name vulnerability scan results and all IP vulnerabilities The scanning result generates a safety report file, the service-side communication part sends the safety report file to the corresponding user terminal according to the account information, and the user-side input display part displays the received safety report file on the report query screen for the user to view.

本发明提供的漏洞扫描系统,还可以具有这样的技术特征,其中,漏洞扫描部还包括用于对域名进行子域名爆破的子域名爆破器,扫描任务生成部在基于扫描类型信息进行任务分配操作时还会将域名扫描任务分配给子域名爆破器,子域名爆破器在接收到域名扫描任务时对相应的域名信息进行子域名爆破从而得到包含对应域名信息的多个子域名信息的爆破域名信息并发送给扫描任务生成部,扫描任务生成部在接收到爆破域名信息时就基于扫描请求以及爆破域名信息分别分配新的域名扫描任务给对应的域名扫描器。The vulnerability scanning system provided by the present invention may also have such technical features, wherein the vulnerability scanning unit further includes a subdomain blaster for blasting subdomains of the domain name, and the scanning task generation unit performs a task assignment operation based on the scanning type information When receiving the domain name scanning task, the sub-domain blaster will perform sub-domain blasting on the corresponding domain name information to obtain the blasting domain name information containing multiple sub-domain information of the corresponding domain name information and It is sent to the scanning task generation unit, and upon receiving the blasting domain name information, the scanning task generation unit allocates a new domain name scanning task to the corresponding domain name scanner based on the scan request and the blasting domain name information.

本发明提供的漏洞扫描系统,还可以具有这样的技术特征,其中,扫描任务生成部包括:查重单元,用于对所有的域名信息以及IP信息进行查重并去除重复的域名信息以及IP信息;域名分配单元,用于根据扫描类型信息将去除重复后的域名信息分配给对应的域名扫描器从而形成域名扫描任务;IP任务分配单元,用于根据扫描类型信息将去除重复后的IP信息分配给对应的IP扫描器从而形成IP扫描任务;任务缓冲单元,用于对正在分配给域名扫描器以及IP扫描器的域名扫描任务以及IP扫描任务进行缓冲。The vulnerability scanning system provided by the present invention may also have such technical features, wherein, the scanning task generating unit includes: a duplicate checking unit for checking all domain name information and IP information for duplicates and removing duplicate domain name information and IP information The domain name distribution unit is used to distribute the domain name information after the deduplication to the corresponding domain name scanner according to the scan type information to form a domain name scan task; The IP task distribution unit is used to distribute the IP information after the deduplication according to the scan type information An IP scan task is formed for the corresponding IP scanner; the task buffer unit is used for buffering the domain name scan task and the IP scan task being allocated to the domain name scanner and the IP scanner.

本发明提供的漏洞扫描系统,还可以具有这样的技术特征,其中,安全报告生成部包括:标准信息存储单元,存储有预设的漏洞安全标准信息;风险等级生成单元,基于漏洞安全标准信息、所有的域名漏洞扫描结果以及IP漏洞扫描结果生成风险等级评分;漏洞信息获取单元,基于所有的域名漏洞扫描结果以及IP漏洞扫描结果从漏洞安全标准信息中获取包含对应的漏洞描述信息以及解决建议信息的漏洞信息;报告生成单元,将所有的域名漏洞扫描结果、所有的IP漏洞扫描结果、风险等级评分以及漏洞信息导入报告模板的对应位置从而完成安全报告文件的生成。The vulnerability scanning system provided by the present invention may also have such technical features, wherein, the security report generation unit includes: a standard information storage unit, which stores preset vulnerability security standard information; a risk level generation unit, based on the vulnerability security standard information, All domain name vulnerability scanning results and IP vulnerability scanning results generate a risk level score; the vulnerability information acquisition unit obtains the corresponding vulnerability description information and solution suggestion information from the vulnerability security standard information based on all domain name vulnerability scanning results and IP vulnerability scanning results. The report generation unit imports all domain name vulnerability scan results, all IP vulnerability scan results, risk level scores and vulnerability information into the corresponding location of the report template to complete the generation of the security report file.

本发明提供的漏洞扫描系统,还可以具有这样的技术特征,其中,每个类型的域名扫描器或IP扫描器包含多个集群设置的同一类型的扫描器。The vulnerability scanning system provided by the present invention may also have such technical features, wherein each type of domain name scanner or IP scanner includes a plurality of scanners of the same type set in a cluster.

本发明提供的漏洞扫描系统,还可以具有这样的技术特征,还包括:管理终端,由管理员持有并且与扫描服务器相通信连接,其中,管理终端包括管理侧画面存储部以及管理侧输入显示部,管理侧画面存储部存储有扫描器管理画面,管理侧输入显示部在扫描器管理画面中显示漏洞扫描部中所有域名扫描器以及IP扫描器的状态从而让管理员对域名扫描器以及IP扫描器的使用状态或是集群数量进行管理。The vulnerability scanning system provided by the present invention may also have such technical features, further comprising: a management terminal held by the administrator and connected to the scanning server in communication, wherein the management terminal includes a management-side screen storage unit and a management-side input display unit part, the management side screen storage part stores the scanner management screen, and the management side input display part displays the status of all domain name scanners and IP scanners in the vulnerability scanning part in the scanner management screen, so that the administrator can monitor the domain name scanners and IP scanners. Scanner usage status or number of clusters are managed.

发明作用与效果Invention action and effect

根据本发明的漏洞扫描系统,由于在扫描服务器中设有包含多种不同类型的域名扫描器和IP扫描器的漏洞扫描部以及用于进行扫描任务的分配的扫描任务生成部,因此在接收到用户的扫描请求时,可以将待扫描的域名信息以及IP信息发送给相应的扫描器进行扫描并获取对应的漏洞扫描结果,不仅实现了针对各类域名以及IP进行多种类的漏洞扫描,而且实现了根据用户的不同需求自由进行所需的漏洞分析的效果。同时,由于通过安全报告生成部基于报告模板以及所有的漏洞扫描结果自动生成安全报告文件,因此还解决了人工编写报告的繁琐问题。本发明的漏洞扫描系统可完成80%的渗透测试,并自动化报告,在减少分析人员编写报告的负担的同时,弥补了工程师之间的技术差距,将安全测试服务与安全测试工具集形成一个体系,从而高效的完成渗透测试。According to the vulnerability scanning system of the present invention, since the scanning server is provided with a vulnerability scanning section including a plurality of different types of domain name scanners and IP scanners, and a scanning task generating section for assigning scanning tasks, the scanning server receives When the user makes a scanning request, the domain name information and IP information to be scanned can be sent to the corresponding scanner for scanning and the corresponding vulnerability scanning results can be obtained. It has the effect of freely conducting the required vulnerability analysis according to the different needs of users. At the same time, because the security report generation department automatically generates security report files based on report templates and all vulnerability scanning results, it also solves the tedious problem of manually writing reports. The vulnerability scanning system of the present invention can complete 80% of penetration tests and automate reports, while reducing the burden of analysts to write reports, making up for the technical gap between engineers, and forming a system of security testing services and security testing toolsets , so as to efficiently complete the penetration test.

进一步,由于通过本发明的漏洞扫描系统,用户可以通过用户终端向扫描服务器发送扫描请求并获取返回的安全报告文件,因此还方便了用户主动进行安全扫描,更有利于用户对自身的网络资产进行有效保护。Further, through the vulnerability scanning system of the present invention, the user can send a scanning request to the scanning server through the user terminal and obtain the returned security report file, so it is also convenient for the user to take the initiative to perform security scanning, and it is more beneficial for the user to perform security scanning on his own network assets. effective protection.

附图说明Description of drawings

图1是本发明实施例中漏洞扫描系统的结构框图;1 is a structural block diagram of a vulnerability scanning system in an embodiment of the present invention;

图2是本发明实施例中扫描服务器的结构框图;2 is a structural block diagram of a scan server in an embodiment of the present invention;

图3是本发明实施例中安全报告文件的示例图;3 is an exemplary diagram of a safety report file in an embodiment of the present invention;

图4是本发明实施例中扫描服务器的处理流程图;Fig. 4 is the processing flow chart of scanning server in the embodiment of the present invention;

图5是本发明实施例中用户终端的结构框图;以及5 is a structural block diagram of a user terminal in an embodiment of the present invention; and

图6是本发明实施例中管理终端的结构框图。FIG. 6 is a structural block diagram of a management terminal in an embodiment of the present invention.

具体实施方式Detailed ways

为了使本发明实现的技术手段、创作特征、达成目的与功效易于明白了解,以下结合实施例及附图对本发明的漏洞扫描系统作具体阐述。In order to make the technical means, creation features, achievement goals and effects of the present invention easy to understand, the following describes the vulnerability scanning system of the present invention in detail with reference to the embodiments and the accompanying drawings.

<实施例><Example>

图1是本发明实施例中漏洞扫描系统的结构框图。FIG. 1 is a structural block diagram of a vulnerability scanning system in an embodiment of the present invention.

如图1所示,漏洞扫描系统100包括扫描服务器101、多个用户终端102、管理终端103以及通信网络104。As shown in FIG. 1 , the vulnerability scanning system 100 includes a scanning server 101 , a plurality of user terminals 102 , a management terminal 103 and a communication network 104 .

其中,扫描服务器101由提供漏洞扫描服务的服务商持有,用户终端102为由具有不同用户账号的用户所持有的智能终端(例如计算机、智能手机等),管理终端103为由对扫描服务器101进行管理以及对用户信息进行管理的管理员所持有的计算机。本实施例中,漏洞扫描系统100采用了B/S架构,通信网络104为万维网,用户可以在用户终端102使用浏览器从而使得用户终端2通过通信网络3向扫描服务器101发送请求或获取信息。扫描服务器101与管理员终端103通过数据线缆相通信连接(在其他实施例中,扫描服务器101与管理员终端103也可以通过局域网等通信网络相连接)。Among them, the scanning server 101 is held by a service provider that provides vulnerability scanning services, the user terminal 102 is a smart terminal (such as a computer, a smart phone, etc.) held by users with different user accounts, and the management terminal 103 is the reason for the scanning server. 101 A computer owned by an administrator who manages and manages user information. In this embodiment, the vulnerability scanning system 100 adopts a B/S architecture, the communication network 104 is the World Wide Web, and the user can use a browser on the user terminal 102 so that the user terminal 2 sends a request or obtains information to the scanning server 101 through the communication network 3. The scan server 101 and the administrator terminal 103 are communicatively connected through a data cable (in other embodiments, the scan server 101 and the administrator terminal 103 may also be connected through a communication network such as a local area network).

图2是本发明实施例中扫描服务器的结构框图。FIG. 2 is a structural block diagram of a scan server in an embodiment of the present invention.

如图2所示,扫描服务器101包括报告模板存储部11、扫描任务生成部12、漏洞扫描部13、扫描结果存储部14、安全报告生成部15、系统通信部16以及用于控制上述各部的系统控制部17。As shown in FIG. 2, the scan server 101 includes a report template storage unit 11, a scan task generation unit 12, a vulnerability scanning unit 13, a scan result storage unit 14, a security report generation unit 15, a system communication unit 16, and a System control unit 17 .

其中,系统通信部16用于进行漏洞扫描系统100的各个构成部分之间以及漏洞扫描系统100与其他系统之间的数据通信。系统控制部17中存储有用于对漏洞扫描系统100的各个构成部分进行控制的计算机程序。Among them, the system communication unit 16 is used for data communication between various components of the vulnerability scanning system 100 and between the vulnerability scanning system 100 and other systems. A computer program for controlling each component of the vulnerability scanning system 100 is stored in the system control unit 17 .

报告模板存储部11存储有用于生成安全报告文件的报告模板。The report template storage unit 11 stores a report template for generating a safety report file.

本实施例中,报告模板为预先设置好格式的安全报告模板,在进行安全报告文件的生成时,计算机将获取到的信息对应地填入报告模板的预设位置即可完成报告文件的生成。In this embodiment, the report template is a safety report template with a preset format. When generating the safety report file, the computer fills in the obtained information correspondingly in the preset position of the report template to complete the generation of the report file.

扫描任务生成部12用于对漏洞扫描部13进行任务分配操作。The scan task generation unit 12 is used to perform a task assignment operation on the vulnerability scan unit 13 .

本实施例中,用户可以通过用户终端2向扫描服务器1发送扫描请求,该扫描请求包含域名信息、IP信息、扫描类型信息以及对应用户的账号信息。其中,域名信息以及IP信息为待扫描的地址信息,扫描服务器1通过对这些地址信息进行漏洞扫描从而完成对用户的web应用以及主机进行安全检测;扫描类型信息对应用户需要进行的具体扫描方法,与本实施例的漏洞扫描部13中各个扫描器的种类相对应;账号信息为各个用户的账号名、IP地址等信息,扫描服务器1通过该账号信息识别用户的身份以及与用户终端2进行通信。In this embodiment, the user may send a scan request to the scan server 1 through the user terminal 2, where the scan request includes domain name information, IP information, scan type information, and account information of the corresponding user. Among them, the domain name information and IP information are the address information to be scanned, and the scanning server 1 completes the security detection of the user's web application and the host by performing vulnerability scanning on these address information; the scanning type information corresponds to the specific scanning method that the user needs to perform, Corresponding to the type of each scanner in the vulnerability scanning unit 13 of this embodiment; the account information is information such as the account name, IP address and other information of each user, and the scanning server 1 identifies the user's identity and communicates with the user terminal 2 through the account information. .

在扫描服务器101接收到用户发送的扫描请求时,扫描任务生成部12就会根据扫描类型信息将域名信息以及IP信息分配给漏洞扫描部13下对应的扫描器从而完成任务分配操作。同时,在各个扫描器执行扫描任务时,扫描得到的域名信息或是IP信息也会返回给扫描任务生成部12并再次进行任务分配操作。本实施例中,扫描任务生成部12具体包括查重单元121、域名分配单元122、IP任务分配单元123以及任务缓冲单元124。When the scan server 101 receives the scan request sent by the user, the scan task generation unit 12 will assign the domain name information and IP information to the corresponding scanner under the vulnerability scan unit 13 according to the scan type information to complete the task assignment operation. At the same time, when each scanner performs a scanning task, the domain name information or IP information obtained by scanning will also be returned to the scanning task generating unit 12, and the task assignment operation will be performed again. In this embodiment, the scanning task generating unit 12 specifically includes a duplicate checking unit 121 , a domain name assigning unit 122 , an IP task assigning unit 123 and a task buffering unit 124 .

查重单元121用于对所有接收到的域名信息以及IP信息进行查重并去除重复的域名信息以及IP信息。The duplicate checking unit 121 is configured to check duplicates of all received domain name information and IP information and remove duplicate domain name information and IP information.

本实施例中,查重单元121会针对在一个扫描请求下所有扫描请求中以及扫描得到的域名信息以及IP信息进行查重,从而避免扫描器进行重复的扫描操作。In this embodiment, the duplicate checking unit 121 checks all the scanning requests and the domain name information and IP information obtained by scanning under one scanning request, so as to prevent the scanner from performing repeated scanning operations.

域名分配单元122用于根据扫描类型信息将去除重复后的域名信息分配给对应的域名扫描器从而形成域名扫描任务。The domain name assigning unit 122 is configured to assign the domain name information after deduplication to the corresponding domain name scanner according to the scan type information, so as to form a domain name scan task.

IP任务分配单元123用于根据扫描类型信息将去除重复后的IP信息分配给对应的IP扫描器从而形成IP扫描任务。The IP task assignment unit 123 is configured to assign the deduplicated IP information to the corresponding IP scanner according to the scan type information to form an IP scan task.

任务缓冲单元124用于对正在分配给域名扫描器以及IP扫描器的域名扫描任务以及IP扫描任务进行缓冲。The task buffering unit 124 is used for buffering the domain name scan tasks and IP scan tasks that are being allocated to the domain name scanner and the IP scanner.

本实施例中,任务缓冲单元124采用RabbitMQ对域名扫描任务以及IP扫描任务,从而避免在同一时间待分配的扫描任务过多导致扫描器发生漏处理、错误处理等问题。In this embodiment, the task buffer unit 124 uses RabbitMQ to scan tasks for domain names and IP scan tasks, so as to avoid problems such as missed processing and error processing caused by too many scanning tasks to be allocated at the same time.

漏洞扫描部13用于对域名信息以及IP信息进行漏洞扫描操作,包括子域名爆破器、多种域名扫描器以及多种IP扫描器。The vulnerability scanning unit 13 is used to perform vulnerability scanning operations on domain name information and IP information, including sub-domain name blasters, multiple domain name scanners, and multiple IP scanners.

本实施例中,子域名爆破器用于对域名信息进行子域名爆破,从而获取对应域名下的各种子域名。域名扫描器用于根据域名信息对相应的web应用进行安全扫描,包括用于进行流行安全漏洞检测的Awvs、用于进行Web指纹识别的Whatweb等扫描器。IP扫描器用于根据IP信息对相应的端口和主机进行安全扫描,包括用于进行主机漏洞检测的Nessus、用于进行端口扫描的Nmap等扫描器。上述各类扫描器都为常见的漏洞扫描相关工具,分别用于执行不同的处理操作,在此不再赘述。In this embodiment, the sub-domain name blaster is used to blast the sub-domain name information on the domain name information, so as to obtain various sub-domain names under the corresponding domain name. Domain name scanners are used to perform security scans on corresponding web applications based on domain name information, including scanners such as Awvs for popular security vulnerability detection and Whatweb for web fingerprinting. IP scanners are used to perform security scans on corresponding ports and hosts based on IP information, including scanners such as Nessus for host vulnerability detection and Nmap for port scanning. The above types of scanners are common vulnerability scanning related tools, and are used to perform different processing operations, which will not be repeated here.

在漏洞扫描部13接收到扫描任务后,各扫描器的处理过程具体如下:After the vulnerability scanning unit 13 receives the scanning task, the specific processing procedures of each scanner are as follows:

子域名爆破器在接收到域名扫描任务时对相应的域名信息进行子域名爆破从而得到包含对应域名信息的多个子域名信息的爆破域名信息并发送给扫描任务生成部12。When receiving the domain name scan task, the subdomain blaster performs subdomain blasting on the corresponding domain name information to obtain blasted domain name information including multiple subdomain information corresponding to the domain name information, and sends the blasted domain name information to the scan task generation unit 12 .

域名扫描器在接收到域名扫描任务时对相应的域名信息进行漏洞扫描从而生成域名漏洞扫描结果,并将包含扫描得到的IP信息的扫描IP信息发送给扫描任务生成部12。When receiving the domain name scanning task, the domain name scanner performs vulnerability scanning on the corresponding domain name information to generate a domain name vulnerability scanning result, and sends the scanning IP information including the scanned IP information to the scanning task generating unit 12 .

IP扫描器在接收到IP扫描任务时对相应的IP信息进行漏洞扫描从而生成IP漏洞扫描结果,并将包含扫描得到的域名信息的扫描域名信息发送给扫描任务生成部12。When receiving the IP scanning task, the IP scanner performs vulnerability scanning on the corresponding IP information to generate an IP vulnerability scanning result, and sends the scanning domain name information including the scanned domain name information to the scanning task generating unit 12 .

本实施例中,上述漏洞扫描部13的各个扫描器扫描得到的爆破域名信息、扫描IP信息以及扫描域名信息都会发送给扫描任务生成部12进行查重以及任务分配,从而保证所有的域名以及IP被全面地扫描。In this embodiment, the blasting domain name information, scanning IP information and scanning domain name information scanned by each scanner of the vulnerability scanning unit 13 will be sent to the scanning task generating unit 12 for duplicate checking and task assignment, so as to ensure that all domain names and IP addresses been fully scanned.

另外,本实施例的漏洞扫描部13中,同一种类的扫描器可以通过集群设置的方式设置为多个,从而便于在该类型的扫描器需要处理的扫描任务过多时,通过并行处理的方式加快扫描任务的处理速度。In addition, in the vulnerability scanning unit 13 of this embodiment, a plurality of scanners of the same type can be set in a cluster setting, so that when there are too many scanning tasks to be processed by the scanners of this type, parallel processing is used to speed up the process. The processing speed of the scan task.

扫描结果存储部14用于将漏洞扫描部13扫描得到的域名漏洞扫描结果以及IP漏洞扫描结果与相应的域名信息以及IP信息进行对应存储。The scan result storage unit 14 is configured to store the domain name vulnerability scan result and the IP vulnerability scan result scanned by the vulnerability scan unit 13 in correspondence with the corresponding domain name information and IP information.

安全报告生成部15用于根据漏洞扫描部13扫描得到的域名漏洞扫描结果以及IP漏洞扫描结果生成相应的安全报告文件。The security report generation unit 15 is configured to generate a corresponding security report file according to the domain name vulnerability scan result and the IP vulnerability scan result scanned by the vulnerability scan unit 13 .

本实施例中,安全报告生成部15包括标准信息存储单元151、风险等级生成单元152、漏洞信息获取单元153以及报告生成单元154。In this embodiment, the security report generation unit 15 includes a standard information storage unit 151 , a risk level generation unit 152 , a vulnerability information acquisition unit 153 , and a report generation unit 154 .

标准信息存储单元151存储有预设的漏洞安全标准信息。The standard information storage unit 151 stores preset vulnerability security standard information.

本实施例中,漏洞安全标准信息为常规的对各类漏洞以及问题进行分析的安全标准,例如web标准:owasp top 10、国际标准open wasp top 10等,扫描服务器1可以根据扫描器输出的扫描结果对漏洞安全标准信息进行检索从而获取对应的漏洞详情描述以及解决建议等信息。In this embodiment, the vulnerability security standard information is a conventional security standard for analyzing various types of vulnerabilities and problems, such as web standards: owasp top 10, international standard open wasp top 10, etc. As a result, the vulnerability security standard information is retrieved to obtain the corresponding vulnerability detailed description and solution suggestions.

风险等级生成单元152基于漏洞安全标准信息、所有的域名漏洞扫描结果以及IP漏洞扫描结果生成风险等级评分。The risk level generating unit 152 generates a risk level score based on the vulnerability security standard information, all domain name vulnerability scan results and IP vulnerability scan results.

本实施例中,风险等级生成单元152可以根据漏洞扫描结果对国际标准open wasptop 10进行检索,从而获取扫描出来的漏洞所对应的等级,从而根据等级定义一个相应的评分,例如,“低危”、“中危”、“高危”等。In this embodiment, the risk level generating unit 152 may search the international standard open wasptop 10 according to the vulnerability scanning result, so as to obtain the level corresponding to the scanned vulnerability, so as to define a corresponding score according to the level, for example, "low risk" , "medium risk", "high risk", etc.

漏洞信息获取单元153基于所有的域名漏洞扫描结果以及IP漏洞扫描结果从漏洞安全标准信息中获取包含对应的漏洞描述信息以及解决建议信息的漏洞信息。The vulnerability information acquiring unit 153 acquires vulnerability information including corresponding vulnerability description information and solution suggestion information from vulnerability security standard information based on all domain name vulnerability scanning results and IP vulnerability scanning results.

报告生成单元154用于将所有的域名漏洞扫描结果、所有的IP漏洞扫描结果、风险等级评分以及漏洞信息导入报告模板的对应位置从而完成安全报告文件的生成。The report generating unit 154 is configured to import all domain name vulnerability scanning results, all IP vulnerability scanning results, risk level scores and vulnerability information into corresponding positions of the report template to complete the generation of the security report file.

本实施例中,以对域名信息为“http://xxxx.cn/”的网站地址进行了漏洞扫描为例,最终生成的一个安全报告文件的示意如图3所示,图3中,a区域中的信息为风险等级生成单元152生成的风险等级评分,b区域以及e区域中的信息分别为漏洞信息获取单元153获取的漏洞描述信息以及解决建议信息,c区域内的信息为对应的域名信息(或是IP信息),d区域为漏洞扫描部13对“http://xxxx.cn/”扫描得到的漏洞扫描结果。报告生成单元154通过将风险等级评分、漏洞描述信息、解决建议信息、域名信息(IP信息)以及漏洞扫描结果填入报告模板中如图3所示的对应位置即可得到相应的安全报告文件。In this embodiment, taking the vulnerability scanning of the website address whose domain name information is "http://xxxx.cn/" as an example, a schematic diagram of a finally generated security report file is shown in Figure 3. In Figure 3, a The information in the area is the risk level score generated by the risk level generating unit 152, the information in the b area and the e area are the vulnerability description information and the solution suggestion information acquired by the vulnerability information acquisition unit 153 respectively, and the information in the c area is the corresponding domain name information (or IP information), and the d area is the vulnerability scanning result obtained by the vulnerability scanning unit 13 scanning “http://xxxx.cn/”. The report generating unit 154 can obtain the corresponding security report file by filling the risk level score, vulnerability description information, solution suggestion information, domain name information (IP information) and vulnerability scanning results into the corresponding positions shown in FIG. 3 in the report template.

进一步,若扫描过程中对多个域名信息以及IP信息进行了扫描,则每一个域名信息以及IP信息都会对应生成一个如图3所示的报告,所有的报告形成一个安全报告文件。Further, if multiple domain name information and IP information are scanned during the scanning process, each domain name information and IP information will generate a corresponding report as shown in Figure 3, and all reports form a security report file.

图4是本发明实施例中扫描服务器的处理流程图。FIG. 4 is a process flow chart of a scan server in an embodiment of the present invention.

如图所示,在扫描服务器1获取用户终端2发送的扫描请求后,开始如下步骤:As shown in the figure, after the scan server 1 obtains the scan request sent by the user terminal 2, the following steps are started:

步骤S1,扫描任务生成部12对漏洞扫描部13的各个扫描器进行任务分配操作,然后进入步骤S2;Step S1, the scanning task generation unit 12 performs a task assignment operation on each scanner of the vulnerability scanning unit 13, and then proceeds to step S2;

步骤S2,各扫描器分别对各自的扫描任务进行相应处理从而得到漏洞扫描结果,然后进入步骤S3,同时,扫描过程中得到的域名信息以及IP信息会反馈给扫描任务生成部12从而通过步骤S1再次进行任务分配;In step S2, each scanner performs corresponding processing on the respective scanning tasks to obtain the vulnerability scanning result, and then proceeds to step S3. At the same time, the domain name information and IP information obtained during the scanning process will be fed back to the scanning task generation unit 12 to pass step S1. Assign tasks again;

步骤S3,扫描结果存储部14分别将各个扫描器扫描得到的漏洞扫描结果与相应的域名信息或是IP信息进行对应存储,然后进入步骤S4;Step S3, the scanning result storage unit 14 stores the vulnerability scanning results obtained by each scanner respectively and corresponding domain name information or IP information, and then enters step S4;

步骤S4,安全报告生成部15根据漏洞扫描结果生成相应的安全报告文件,然后进入步骤S5;Step S4, the security report generation unit 15 generates a corresponding security report file according to the vulnerability scan result, and then enters step S5;

步骤S5,系统通信部16根据扫描请求中的账号信息将安全报告文件发送给相应的用户终端2,然后进入结束状态。In step S5, the system communication unit 16 sends the security report file to the corresponding user terminal 2 according to the account information in the scan request, and then enters the end state.

图5是本发明实施例中用户终端的结构框图。FIG. 5 is a structural block diagram of a user terminal in an embodiment of the present invention.

如图5所示,用户终端102包括用户侧画面存储部21、用户侧输入显示部22、用户侧通信部23以及用户侧控制部24。As shown in FIG. 5 , the user terminal 102 includes a user-side screen storage unit 21 , a user-side input display unit 22 , a user-side communication unit 23 , and a user-side control unit 24 .

其中,用户侧通信部23用于进行用户终端102的各个构成部分之间以及用户终端102与其他终端或是服务器之间的数据通信。用户侧控制部24中存储有用于对用户终端102的各个构成部分进行控制的计算机程序。Among them, the user-side communication unit 23 is used to perform data communication between various components of the user terminal 102 and between the user terminal 102 and other terminals or servers. The user-side control unit 24 stores a computer program for controlling each component of the user terminal 102 .

本实施例中,用户需要以输入用户名、密码的方式登录用户终端102才能进行相应操作,此时,用户输入的用户名、密码会作为该用户的账号信息存储在用户终端102中。In this embodiment, the user needs to log in to the user terminal 102 by entering a user name and password to perform corresponding operations. At this time, the user name and password input by the user will be stored in the user terminal 102 as the user's account information.

用户侧画面存储部21存储有操作选择画面、扫描请求画面以及报告查询画面。The user-side screen storage unit 21 stores an operation selection screen, a scan request screen, and a report inquiry screen.

操作选择画面用于在用户进入用户终端102的系统时显示从而让用户选择相应的操作并进入对应的画面。The operation selection screen is used for displaying when the user enters the system of the user terminal 102 so as to allow the user to select a corresponding operation and enter the corresponding screen.

扫描请求画面用于在用户选择扫描请求操作时显示并让用户在该画面中输入扫描请求。The scan request screen is displayed when the user selects a scan request operation and allows the user to input a scan request in this screen.

本实施例中,扫描请求画面显示有分别对应域名信息与IP信息的输入框以及对应各个扫描类型的选项框。每个选项框的扫描类型都分别与扫描服务器1中的各个扫描器相对应。当用户完成输入以及选择后,用户终端102就将输入的域名信息、IP信息、扫描类型信息以及当前用户的账号信息打包为一个扫描请求并通过用户侧通信部23发送给扫描服务器1。In this embodiment, the scan request screen displays input boxes corresponding to domain name information and IP information respectively, and option boxes corresponding to each scan type. The scan type of each option box corresponds to each scanner in Scan Server 1, respectively. After the user completes the input and selection, the user terminal 102 packages the input domain name information, IP information, scan type information and the current user's account information into a scan request and sends it to the scan server 1 through the user-side communication unit 23 .

另外,用户在输入域名信息以及IP信息时,也可以只输入其中一个信息,从而仅对域名或是IP进行漏洞扫描。In addition, when the user inputs the domain name information and the IP information, the user can also input only one of the information, so as to perform vulnerability scanning only on the domain name or the IP.

报告查询画面用于在用户选择查询报告操作时显示并在该画面中显示所有用户终端2接收到的安全报告文件的名称从而让用户选择一个进行详细查看。The report query screen is used to display when the user selects the query report operation, and displays the names of all the security report files received by the user terminal 2 in this screen so that the user can select one for detailed viewing.

本实施例中,安全报告文件的名称会以列表的形式展示在报告查询画面中,并在用户选择一个后对应安全报告文件的具体内容显示给用户进行详细查看。In this embodiment, the names of the safety report files are displayed in the report query screen in the form of a list, and after the user selects one, the specific content of the safety report file is displayed to the user for detailed viewing.

用户侧输入显示部22用于显示上述画面,从而用户通过这些画面完成相应的人机交互。The user-side input display unit 22 is used to display the above-mentioned screens, so that the user can complete the corresponding human-computer interaction through these screens.

图6是本发明实施例中管理终端的结构框图。FIG. 6 is a structural block diagram of a management terminal in an embodiment of the present invention.

如图6所示,管理终端103包括管理侧画面存储部31、管理侧输入显示部32、管理侧通信部33以及管理侧控制部34。As shown in FIG. 6 , the management terminal 103 includes a management-side screen storage unit 31 , a management-side input display unit 32 , a management-side communication unit 33 , and a management-side control unit 34 .

其中,管理侧通信部33用于进行管理终端103的各个构成部分之间以及管理终端103与其他终端或是服务器之间的数据通信。管理侧控制部34中存储有用于对管理终端103的各个构成部分进行控制的计算机程序。Among them, the management-side communication unit 33 is used to perform data communication between various components of the management terminal 103 and between the management terminal 103 and other terminals or servers. The management-side control unit 34 stores a computer program for controlling each component of the management terminal 103 .

管理侧画面存储31存储有操作选择画面、扫描器管理画面以及账号管理画面。The management-side screen storage 31 stores an operation selection screen, a scanner management screen, and an account management screen.

操作选择画面用于在管理员进入管理终端103的系统时显示从而让用户选择相应的操作并进入对应的画面。The operation selection screen is displayed when the administrator enters the system of the management terminal 103 so as to allow the user to select a corresponding operation and enter the corresponding screen.

扫描器管理画面用于在管理员选择扫描器管理操作时显示并在该画面中显示漏洞扫描部13所有的扫描器从而让管理员进行管理。The scanner management screen is displayed when the administrator selects the scanner management operation, and the scanners owned by the vulnerability scanning unit 13 are displayed on the screen so that the administrator can manage them.

本实施例中,管理终端103在显示扫描器管理画面时会实时从扫描服务器1中获取所有扫描器的工作状态,从而在扫描器管理画面中进行显示。通过该画面进行管理时,具体地,管理员可以选择禁用某一种类的扫描器从而对该扫描器进行维护或是更新,也可以选择导入新种类的扫描器并使漏洞扫描部13进行更新,同时,还可以针对某一种类的扫描器设定其集群设置的数量,从而调整该类扫描器的工作效率。In this embodiment, when displaying the scanner management screen, the management terminal 103 acquires the working status of all the scanners from the scan server 1 in real time, and displays them on the scanner management screen. When managing through this screen, specifically, the administrator can choose to disable a certain type of scanner to maintain or update the scanner, or choose to import a new type of scanner and update the vulnerability scanning unit 13. At the same time, you can also set the number of cluster settings for a certain type of scanner, so as to adjust the working efficiency of this type of scanner.

账号管理画面用于在管理员选择账号管理操作时显示并在该画面中显示所有用户的账号信息从而让管理员进行管理。The account management screen is used to display when the administrator selects the account management operation, and displays the account information of all users in this screen to allow the administrator to manage.

本实施例中,扫描服务器1还存储有所有用户的账号信息,管理终端103在显示账号管理画面实时从扫描服务器1中获取所有用户的账号信息,从而在账号管理画面中显示。本实施例中,由于对用户账号的管理与常规技术相同,在此不再赘述。In this embodiment, the scanning server 1 also stores account information of all users, and the management terminal 103 acquires the account information of all users from the scanning server 1 in real time when displaying the account management screen, and displays the account information on the account management screen. In this embodiment, since the management of user accounts is the same as the conventional technology, details are not described here.

实施例作用与效果Example function and effect

根据本实施例提供的漏洞扫描系统,由于在扫描服务器中设有包含多种不同类型的域名扫描器和IP扫描器的漏洞扫描部以及用于进行扫描任务的分配的扫描任务生成部,因此在接收到用户的扫描请求时,可以将待扫描的域名信息以及IP信息发送给相应的扫描器进行扫描并获取对应的漏洞扫描结果,不仅实现了针对各类域名以及IP进行多种类的漏洞扫描,而且实现了根据用户的不同需求自由进行所需的漏洞分析的效果。同时,由于通过安全报告生成部基于报告模板以及所有的漏洞扫描结果自动生成安全报告文件,因此还解决了人工编写报告的繁琐问题。本实施例的漏洞扫描系统可完成80%的渗透测试,并自动化报告,在减少分析人员编写报告的负担的同时,弥补了工程师之间的技术差距,将安全测试服务与安全测试工具集形成一个体系,从而高效的完成渗透测试。According to the vulnerability scanning system provided in this embodiment, since the scanning server is provided with a vulnerability scanning unit including a plurality of different types of domain name scanners and IP scanners, and a scanning task generating unit for assigning scanning tasks, the When receiving the scanning request from the user, it can send the domain name information and IP information to be scanned to the corresponding scanner for scanning and obtain the corresponding vulnerability scanning result, which not only realizes various types of vulnerability scanning for various domain names and IPs, Moreover, the effect of freely performing the required vulnerability analysis according to the different needs of users is realized. At the same time, because the security report generation department automatically generates security report files based on report templates and all vulnerability scanning results, it also solves the tedious problem of manually writing reports. The vulnerability scanning system of this embodiment can complete 80% of penetration tests and automate reports, which not only reduces the burden of analysts to write reports, but also bridges the technical gap between engineers and forms a security testing service and a security testing tool set into one system to efficiently complete penetration testing.

进一步,由于通过本实施例的漏洞扫描系统,用户可以通过用户终端向扫描服务器发送扫描请求并获取返回的安全报告文件,因此还方便了用户主动进行安全扫描,更有利于用户对自身的网络资产进行有效保护。Further, through the vulnerability scanning system of this embodiment, the user can send a scanning request to the scanning server through the user terminal and obtain the returned security report file, so it is also convenient for the user to take the initiative to perform security scanning, which is more beneficial for the user to monitor their own network assets. effective protection.

另外,实施例中,由于扫描任务生成部具有查重单元、域名分配单元、IP任务分配单元以及任务缓冲单元,从而能够通过查重单元避免对统一域名或是IP进行多次重复的扫描,造成系统资源的浪费,同时在域名分配单元、IP任务分配单元分配完扫描任务后,还通过任务缓冲单元对扫描任务进行缓冲,从而使得扫描任务生成部与漏洞扫描部之间实现解耦,避免了在扫描任务过多时可能引发扫描器的工作混乱的问题。In addition, in the embodiment, since the scanning task generation unit has a duplicate checking unit, a domain name assignment unit, an IP task assignment unit and a task buffer unit, the duplicate checking unit can avoid repeated scanning of the unified domain name or IP, resulting in Waste of system resources. At the same time, after the domain name allocation unit and the IP task allocation unit allocate the scan tasks, the scan tasks are buffered by the task buffer unit, so that the decoupling between the scan task generation department and the vulnerability scan department is realized, avoiding the need for When there are too many scanning tasks, the scanner's work may be confused.

另外,实施例中,由于每个类型的扫描器可以集群设置多个同一类型的扫描器,因此在某个扫描器的扫描任务通常较多时,可以增加该扫描器的集群数量从而提升其并行处理的能力,进一步提升漏洞扫描系统的整体效率。In addition, in the embodiment, since each type of scanner can be clustered with multiple scanners of the same type, when a certain scanner usually has many scanning tasks, the number of clusters of the scanner can be increased to improve its parallel processing The ability to further improve the overall efficiency of the vulnerability scanning system.

上述实施例仅用于举例说明本发明的具体实施方式,而本发明不限于上述实施例的描述范围。The above embodiments are only used to illustrate specific embodiments of the present invention, and the present invention is not limited to the description scope of the above embodiments.

例如,在上述实施例中,扫描服务器中的安全报告生成部生成的安全报告文件被直接发送给用户终端让用户查看。在本发明的其他方案中,该安全报告文件在发送给用户终端前也可以先发送给分析人员进行分析以及审核,从而对该安全报告文件中的错漏进行修正,进一步在分析人员审核后将安全报告文件发送给用户终端。通过这样的方案,可以避免计算机生成的安全报告文件中可能存在错漏、语病等异常问题,使得用户接收到更完善的安全报告文件。For example, in the above embodiment, the security report file generated by the security report generation unit in the scan server is directly sent to the user terminal for the user to view. In other solutions of the present invention, the security report file can also be sent to analysts for analysis and review before being sent to the user terminal, so that errors and omissions in the security report file are corrected, and the security report file is further reviewed by the analysts. The report file is sent to the user terminal. Through such a solution, it is possible to avoid abnormal problems such as errors, omissions, language errors, etc. in the security report file generated by the computer, so that the user can receive a more complete security report file.

同时,在上述实施例中安全报告生成部基于漏洞安全标准信息以及漏洞扫描部的漏洞扫描结果生成了含有风险等级的安全报告文件。在本发明的其他方案中,风险等级也可以由各个扫描器生成(一些扫描器自带风险分析功能),安全报告生成部可以直接根据已有的风险等级生成含有风险等级的安全报告文件。At the same time, in the above embodiment, the security report generating unit generates a security report file containing a risk level based on the vulnerability security standard information and the vulnerability scanning result of the vulnerability scanning unit. In other solutions of the present invention, the risk level can also be generated by each scanner (some scanners have their own risk analysis function), and the security report generating unit can directly generate a security report file containing the risk level according to the existing risk level.

再例如,在上述实施例中,扫描请求中仅包含域名信息、IP信息、扫描类型信息以及账号信息,扫描服务器根据该扫描请求进行相应的漏洞扫描处理。在本发明的其他方案中,扫描请求还可以包括扫描时间,从而让用户设定扫描时间,扫描服务器在接收到扫描请求后将该扫描请求进行暂存,并在触发扫描时间时开始相应的漏洞扫描处理。通过这样的方案,用户可以更灵活地设定扫描执行的时间,从而实现错开业务系统高峰期等效果。For another example, in the above embodiment, the scan request only includes domain name information, IP information, scan type information and account information, and the scan server performs corresponding vulnerability scan processing according to the scan request. In other solutions of the present invention, the scan request may also include a scan time, so that the user can set the scan time, the scan server temporarily stores the scan request after receiving the scan request, and starts the corresponding vulnerability when the scan time is triggered Scan processing. Through such a solution, the user can set the scan execution time more flexibly, so as to realize the effect of staggering the peak period of the business system.

Claims (6)

1. A vulnerability scanning system is used for vulnerability scanning of address asset information of a user and automatically generating a corresponding security report file to be checked by the user, and is characterized by comprising the following steps:
at least one user terminal held by the users having different account information, respectively; and
a scanning server in communication connection with the user terminal,
wherein the user terminal comprises a user side picture storage part and a user side input display part,
the scanning server comprises a vulnerability scanning part, a report template storage part, a scanning task generation part and a service side communication part,
the user side picture storage part stores a scanning request picture and a report inquiry picture,
the report template storage part stores a preset report template for generating the safety report file,
the vulnerability scanning section includes a plurality of different types of domain name scanners for securely scanning domain names and a plurality of different types of IP scanners for securely scanning IPs,
the user side input display part displays the scanning request picture to allow the user to input a scanning request including domain name information to be scanned, IP information to be scanned, and scanning type information indicating a type of scanning to be performed and to transmit the scanning request to the scanning server,
upon the scan server receiving the scan request, the scan job generation section generates a domain name scan job for assigning the domain name information to a corresponding domain name scanner and an IP scan job for assigning the IP information to a corresponding IP scanner based on the scan type information to complete a job assignment operation,
the domain name scanner scans corresponding domain name information for loophole when receiving the domain name scanning task so as to generate a domain name loophole scanning result, and sends scanning IP information containing the scanned IP information to the scanning task generating part,
the IP scanner scans corresponding IP information for loophole when receiving the IP scanning task so as to generate an IP loophole scanning result, and sends scanning domain name information containing the scanned domain name information to the scanning task generating part,
the scan job generating unit generates a new domain name scan job and a new IP scan job based on the scan request, the scan IP information, and the scan domain name information, respectively, upon receiving the scan IP information and the scan domain name information,
once the domain name scanning task and the IP scanning task assigned by the scanning task generating part are all scanned, the security report generating part generates the security report file based on the report template, all the domain name vulnerability scanning results and all the IP vulnerability scanning results,
the service side communication part sends the safety report file to the corresponding user terminal according to the account information,
the user-side input display unit displays the received security report file on the report inquiry screen for the user to view.
2. The vulnerability scanning system of claim 1, wherein:
wherein the vulnerability scanning part also comprises a sub-domain name blaster for performing sub-domain name blasting on the domain name,
the scan job generating section may further allocate the domain name scan job to the sub domain name blaster when the job allocation operation is performed based on the scan type information,
the sub domain name blaster performs sub domain name blasting on the corresponding domain name information when receiving the domain name scanning task to obtain blasting domain name information containing a plurality of sub domain name information corresponding to the domain name information and sends the blasting domain name information to the scanning task generating part,
the scan task generating unit, upon receiving the blasting domain name information, allocates new domain name scan tasks to the corresponding domain name scanners based on the scan request and the blasting domain name information, respectively.
3. The vulnerability scanning system of claim 1, wherein:
wherein the scan job generating section includes:
the duplication checking unit is used for carrying out duplication checking on all the domain name information and the IP information and removing repeated domain name information and IP information;
a domain name distribution unit, configured to distribute the domain name information from which the duplication is removed to the corresponding domain name scanner according to the scanning type information, so as to form the domain name scanning task;
the IP task allocation unit is used for allocating the IP information after the repetition is removed to the corresponding IP scanner according to the scanning type information so as to form the IP scanning task;
a task buffering unit for buffering the domain name scanning task and the IP scanning task which are being allocated to the domain name scanner and the IP scanner.
4. The vulnerability scanning system of claim 1, wherein:
wherein the security report generation section includes:
the standard information storage unit stores preset vulnerability security standard information;
a risk level generation unit which generates a risk level score based on the vulnerability security standard information, all the domain name vulnerability scanning results and the IP vulnerability scanning results;
the vulnerability information acquisition unit is used for acquiring vulnerability description information and vulnerability solution suggestion information from the vulnerability security standard information based on all the domain name vulnerability scanning results and the IP vulnerability scanning results;
and the report generation unit is used for importing all the domain name vulnerability scanning results, all the IP vulnerability scanning results, the risk grade scores and the vulnerability information into corresponding positions of the report template so as to complete the generation of the safety report file.
5. The vulnerability scanning system of claim 1, wherein:
wherein each type of the domain name scanner or the IP scanner includes a plurality of scanners of the same type arranged in a cluster.
6. The vulnerability scanning system of claim 5, further comprising:
a management terminal held by an administrator and communicatively connected with the scan server,
wherein the management terminal comprises a management side screen storage part and a management side input display part,
the management-side screen storage section stores a scanner management screen,
the management side input display part displays the states of all the domain name scanners and the IP scanners in the vulnerability scanning part in the scanner management screen so that the administrator can manage the using states or the cluster number of the domain name scanners and the IP scanners.
CN202010074353.1A 2020-01-22 2020-01-22 Vulnerability Scanning System Active CN111291382B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010074353.1A CN111291382B (en) 2020-01-22 2020-01-22 Vulnerability Scanning System

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010074353.1A CN111291382B (en) 2020-01-22 2020-01-22 Vulnerability Scanning System

Publications (2)

Publication Number Publication Date
CN111291382A CN111291382A (en) 2020-06-16
CN111291382B true CN111291382B (en) 2022-04-08

Family

ID=71022371

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010074353.1A Active CN111291382B (en) 2020-01-22 2020-01-22 Vulnerability Scanning System

Country Status (1)

Country Link
CN (1) CN111291382B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112910849B (en) * 2021-01-15 2022-12-06 北京奇艺世纪科技有限公司 Vulnerability detection method, device, equipment and storage medium
CN112995143B (en) * 2021-02-04 2022-06-03 海尔数字科技(青岛)有限公司 Safety reporting method, device, equipment and medium based on mail system
CN113949536A (en) * 2021-09-26 2022-01-18 南通大学 Semi-automatic infiltration method based on open source project
CN115914029A (en) * 2022-10-31 2023-04-04 中国农业银行股份有限公司 A network address scanning method, device, electronic equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2013206427A1 (en) * 2006-12-01 2013-07-11 Websense, Inc. System and method of analyzing web addresses
CN103929429A (en) * 2014-04-24 2014-07-16 北京邮电大学 Network Vulnerability Scanning System and Method Based on RESTful Web Service
CN105978894A (en) * 2016-06-27 2016-09-28 上海柯力士信息安全技术有限公司 Network security monitoring management system based on security vulnerability scanning cloud platform
CN107026871A (en) * 2017-05-15 2017-08-08 安徽大学 Web vulnerability scanning method based on cloud computing
CN107835982A (en) * 2015-05-04 2018-03-23 赛义德·卡姆兰·哈桑 Method and apparatus for managing security in a computer network
CN108737425A (en) * 2018-05-24 2018-11-02 北京凌云信安科技有限公司 Fragility based on multi engine vulnerability scanning association analysis manages system
CN108965327A (en) * 2018-08-21 2018-12-07 中国平安人寿保险股份有限公司 Method, apparatus, computer equipment and the storage medium of detection system loophole
CN109067813A (en) * 2018-10-24 2018-12-21 腾讯科技(深圳)有限公司 Network hole detection method, device, storage medium and computer equipment
CN109600371A (en) * 2018-12-08 2019-04-09 公安部第三研究所 A kind of network layer leakage location and method
CN110431819A (en) * 2017-03-20 2019-11-08 浩瀚有限公司 Driver sweep based on the variation of network data available

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9811667B2 (en) * 2011-09-21 2017-11-07 Mcafee, Inc. System and method for grouping computer vulnerabilities
US8756698B2 (en) * 2012-08-10 2014-06-17 Nopsec Inc. Method and system for managing computer system vulnerabilities
US20160127408A1 (en) * 2014-10-31 2016-05-05 NxLabs Limited Determining vulnerability of a website to security threats

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2013206427A1 (en) * 2006-12-01 2013-07-11 Websense, Inc. System and method of analyzing web addresses
CN103929429A (en) * 2014-04-24 2014-07-16 北京邮电大学 Network Vulnerability Scanning System and Method Based on RESTful Web Service
CN107835982A (en) * 2015-05-04 2018-03-23 赛义德·卡姆兰·哈桑 Method and apparatus for managing security in a computer network
CN105978894A (en) * 2016-06-27 2016-09-28 上海柯力士信息安全技术有限公司 Network security monitoring management system based on security vulnerability scanning cloud platform
CN110431819A (en) * 2017-03-20 2019-11-08 浩瀚有限公司 Driver sweep based on the variation of network data available
CN107026871A (en) * 2017-05-15 2017-08-08 安徽大学 Web vulnerability scanning method based on cloud computing
CN108737425A (en) * 2018-05-24 2018-11-02 北京凌云信安科技有限公司 Fragility based on multi engine vulnerability scanning association analysis manages system
CN108965327A (en) * 2018-08-21 2018-12-07 中国平安人寿保险股份有限公司 Method, apparatus, computer equipment and the storage medium of detection system loophole
CN109067813A (en) * 2018-10-24 2018-12-21 腾讯科技(深圳)有限公司 Network hole detection method, device, storage medium and computer equipment
CN109600371A (en) * 2018-12-08 2019-04-09 公安部第三研究所 A kind of network layer leakage location and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"网络服务自动监测、分布式报警系统的设计";张保通;《万方》;20111206;全文 *

Also Published As

Publication number Publication date
CN111291382A (en) 2020-06-16

Similar Documents

Publication Publication Date Title
CN111291382B (en) Vulnerability Scanning System
US11909753B2 (en) Virtual private cloud flow log event fingerprinting and aggregation
CN104954189A (en) Automatic server cluster detecting method and system
CN109040333B (en) Domain name filing management system
CN102298647A (en) Inspection and allocation system and method of data file
CN110008019B (en) Method, device and system for sharing server resources
CN108769289A (en) A Visual Management System of Network Address Resources
CN110737639A (en) Audit log method, device, computer equipment and storage medium
CN112069425A (en) Log management method and device, electronic equipment and readable storage medium
CN111787030A (en) Network security inspection method, device, equipment and storage medium
CN111797345B (en) Application page display method, device, computer equipment and storage medium
CN118055052A (en) Dynamic host configuration protocol test method, electronic device and computer readable medium
CN107154982A (en) A kind of method and system of audit log record
CN106649117A (en) Data providing method and system for software pressure test
KR102093764B1 (en) Managment server for managing the server and storage
CN114598500B (en) Security service providing method, platform, electronic device, medium and program
US20240356939A1 (en) Security analysis assistance apparatus, security analysis assistance method, and computer-readable recording medium
CN111324872A (en) Method and system for redirected centralized audit of login records and operation records
CN112351082A (en) Current limiting method and device for HTTP request message
CN114598507B (en) Attacker figure generation method and device, terminal equipment and storage medium
CN107105036B (en) Activity tracing method and system for server
CN106789979B (en) Method and device for diagnosing effectiveness of active domain name in IDC machine room
CN116186090A (en) A multi-tenant multi-database matching method, device, equipment and medium
CN110995738B (en) Violent cracking behavior identification method and device, electronic equipment and readable storage medium
CN114611849A (en) IDC resource management system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200908

Address after: 201411, Shanghai, Fengxian District hung highway 3098

Applicant after: SHANGHAI TECHNICAL INSTITUTE OF ELECTRONICS & INFORMATION

Address before: 201411, Shanghai, Fengxian District hung highway 3098

Applicant before: SHANGHAI TECHNICAL INSTITUTE OF ELECTRONICS & INFORMATION

Applicant before: Shanghai pea Information Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant