CN107707561A - penetration testing method and device - Google Patents
penetration testing method and device Download PDFInfo
- Publication number
- CN107707561A CN107707561A CN201711056066.2A CN201711056066A CN107707561A CN 107707561 A CN107707561 A CN 107707561A CN 201711056066 A CN201711056066 A CN 201711056066A CN 107707561 A CN107707561 A CN 107707561A
- Authority
- CN
- China
- Prior art keywords
- website
- pagefile
- priority
- sectional drawing
- targeted website
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
Abstract
The present invention provides a kind of penetration testing method and device, applied to the electric terminal including browser.Method includes:Treat survey grid station to be scanned, obtain multiple targeted websites to be tested;Each targeted website is concomitantly accessed by the browser, and receives the pagefile that each targeted website returns;The pagefile received is rendered and loaded, to the pagefile sectional drawing after loading and preserves the sectional drawing of acquisition;Parse the code of the pagefile after being loaded;The priority of each targeted website is determined according to sectional drawing and code, and penetration testing is carried out to each targeted website according to the priority.In this way, the priority of targeted website to be measured can be determined more accurately and reliably, and then penetration testing is carried out according to the priority.
Description
Technical field
The present invention relates to technical field of the computer network, in particular to a kind of penetration testing method and device.
Background technology
Penetration testing (Penetration Test) is to assess computer network by simulating the attack method of malicious hackers
A kind of appraisal procedure of network system safety.In penetration testing, it is necessary to test the usual more than one domain name of target or website, and
It is various websites related to doubtful leaky website to be measured.Although there are many Web vulnerability scanners to use at present
In progress penetration testing, but its test effect is often bad, and therefore, artificial permeation's test is still essential.Especially
Leak in some service logics, Web vulnerability scanners are generally difficult to scanning and arrived.
However, facing substantial amounts of target to be tested, the priority of each target to be tested how is determined in test process,
So as to be tested according to the priority, to improve testing efficiency, it appears be even more important.
The content of the invention
In view of this, it is an object of the invention to provide a kind of penetration testing method, applied to the electronics including browser
Terminal, methods described include:
Treat survey grid station to be scanned, obtain multiple targeted websites to be tested;
Each targeted website is concomitantly accessed by the browser, and receives what each targeted website returned
Pagefile;
The pagefile received is rendered and loaded, to the pagefile sectional drawing after loading and preserves the sectional drawing of acquisition;
Obtain the code associated with the pagefile;
The priority of each targeted website is determined according to the sectional drawing and the code, and according to the priority pair
Each targeted website carries out penetration testing.
Alternatively, the survey grid station for the treatment of is scanned, the step of obtaining multiple targeted websites to be tested, including:
The top-level domain of website to be measured is scanned, obtains multiple subdomain names of the top-level domain, and each subdomain name is corresponding
Website as the targeted website;And
The C sections and/or B sections of the IP address of website to be measured are scanned, obtains the multiple IP address related to the website to be measured, and
Using website corresponding to each IP address as the targeted website.
Alternatively, the browser is the browser without interface.
Alternatively, methods described also includes:
When rendering the pagefile received, default script file is called, the pagefile is refreshed, with
Show the complete page.
Alternatively, the step of priority of each targeted website being determined according to the sectional drawing and the code, including:
Page title, external linkage information and error information are extracted from the code;
The priority of each targeted website is determined according to the sectional drawing, page title, external linkage and error information.
Another object of the present invention is to provide a kind of pervasion test device, applied to the electric terminal including browser,
Described device includes:
Scan module, it is scanned for treating survey grid station, obtains multiple targeted websites to be tested;
Access modules, for concomitantly accessing each targeted website by the browser, and receive each described
The pagefile that targeted website returns;
Load-on module, for rendering and loading the pagefile received, to the pagefile sectional drawing after loading and preserve
The sectional drawing of acquisition;
Parsing module, for obtaining the code associated with the pagefile;
Penetration testing module, for determining the priority of each targeted website according to the sectional drawing and the code,
And penetration testing is carried out to each targeted website according to the priority.
Alternatively, the scan module includes:
First scanning submodule, for scanning the top-level domain of website to be measured, obtains multiple subdomain names of the top-level domain,
And using website corresponding to each subdomain name as the targeted website;And
Second scanning submodule, for the C sections and/or B sections of the IP address for scanning website to be measured, is obtained and the website to be measured
Related multiple IP address, and using website corresponding to each IP address as the targeted website.
Alternatively, the browser is the browser without interface.
Alternatively, described device also includes:
Refresh module, for when rendering the pagefile received, calling default script file, to page text
Part is refreshed, to show the complete page.
Alternatively, the pervasion test device determines the excellent of each targeted website according to the sectional drawing and the code
The mode of first level, including:
Page title, external linkage information and error information are extracted from the code;
The priority of each targeted website is determined according to the sectional drawing, page title, external linkage and error information.
Compared to existing technologies, the invention has the advantages that:
Penetration testing method and device provided in an embodiment of the present invention, it is scanned, is obtained to be measured by treating survey grid station
Multiple targeted websites of examination.Each targeted website is concomitantly accessed by the browser, and receives each targeted website and returns
Pagefile, render and load the pagefile received, to the pagefile sectional drawing after loading and preserve the sectional drawing of acquisition.
The code of pagefile after being loaded by parsing, the priority of each targeted website is determined according to the sectional drawing and code,
And penetration testing is carried out to each targeted website according to the priority.It so, it is possible more accurately and reliably to determine mesh to be measured
The priority of website is marked, and then penetration testing is carried out according to the priority.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this
A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is a kind of block diagram of electric terminal provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic flow sheet of penetration testing method provided in an embodiment of the present invention;
Fig. 3 is the sub-step schematic diagram of step S150 shown in Fig. 2;
Fig. 4 is a kind of functional block diagram of pervasion test device provided in an embodiment of the present invention;
Fig. 5 is the submodule schematic diagram of scan module shown in Fig. 4.
Icon:100- electric terminals;110- memories;120- processors;200- pervasion test devices;210- scans mould
Block;211- first scans submodule;212- second scans submodule;220- access modules;230- load-on modules;240- parses mould
Block;250- penetration testing modules;260- refresh modules;300- browsers.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.The present invention implementation being generally described and illustrated herein in the accompanying drawings
The component of example can be configured to arrange and design with a variety of.
Therefore, below the detailed description of the embodiments of the invention to providing in the accompanying drawings be not intended to limit it is claimed
The scope of the present invention, but be merely representative of the present invention selected embodiment.It is common based on the embodiment in the present invention, this area
The every other embodiment that technical staff is obtained under the premise of creative work is not made, belong to the model that the present invention protects
Enclose.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.
Inventor has found that during existing penetration testing, penetration testing personnel are often through fingerprint by numerous studies
Identify to determine the type of website to be measured.So-called fingerprint recognition is exactly the text that some conventional Development Frameworks can include some fixations
Part or bibliographic structure, when we can access these files or catalogue, it is possible to it is corresponding to judge that the website to be measured has used
Development Framework, then determine its test prioritization according to whether the website to be measured has used default framework.
However, website fingerprint identification does not identify the fingerprint of all websites.The website for having some needs to test does not have
Using specific framework, these websites will be missed during fingerprint recognition, cause to test imperfect.
In addition, in existing way, the Type of website can also be determined by obtaining page title, then according to the Type of website
Determine the priority of website to be measured.For this mode, there is also many problems.Problem one, for the net of no page title
Stand, its priority naturally also can not be just determined according to page title;Problem two, many resources in the page are all to pass through client
Script (JavaScript) is come what is loaded, and the Limited information that can be got in the pagefile without loading can not be accurate
Ground determines the priority of its affiliated web site.
Thus, the embodiment of the present invention provides a kind of pagefile content that can completely obtain website to be measured and provide, so as to
More accurately determine the priority of each targeted website to be measured.
As shown in figure 1, it is a kind of block diagram of electric terminal 100 provided in an embodiment of the present invention.
In the present embodiment, browser 300 is installed, the browser 300 is treated for loading in the electric terminal 100
The pagefile that the targeted website of test returns.Thus, the electric terminal 100 can be arbitrarily have data processing function and
The equipment that browser can be installed, for example, PC (Personal Computer, PC) or other intelligent mobile terminals
(e.g., smart mobile phone, tablet personal computer etc.).
The electric terminal 100 includes pervasion test device 200, memory 110 and processor 120.
Wherein, directly or indirectly it is electrically connected between the memory 110, processor 120 and other each elements, with reality
The transmission or interaction of existing data.Wherein, browsing of being run in the processor 120 is stored with the memory 110
Device 300.The pervasion test device 300 can include it is at least one can be with software (software) or firmware (firmware)
Form be stored in the memory 110 or be solidificated in the electric terminal 100 operating system (Operating System,
OS the software function module in).
In the present embodiment, the memory 110 may be, but not limited to, random access memory (Random
Access Memory, RAM), read-only storage (Read Only Memory, ROM), programmable read only memory
(Programmable Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable
Read-Only Memory, EPROM), electricallyerasable ROM (EEROM) (Electric Erasable Programmable
Read-Only Memory, EEPROM) etc..
The processor 120 can be a kind of IC chip, have signal handling capacity.The processor 120 also may be used
To be general processor, including central processing unit (Central Processing Unit, CPU), network processing unit (Network
Processor, NP) etc.;It can also be digital signal processor (DSP), application specific integrated circuit (ASIC), field-programmable gate array
Arrange (FPGA), discrete gate or transistor logic, discrete hardware components.Wherein, general processor can be microprocessor or
Any conventional processor.
It should be appreciated that structure shown in Fig. 1 is only to illustrate, electric terminal 100 can also have it is more more than shown in Fig. 1 or
Less component, or there is the configuration different from shown in Fig. 1.What deserves to be explained is each component shown in Fig. 1 can be by soft
Part, hardware or its combination are realized.
As shown in Fig. 2 being a kind of schematic flow sheet of penetration testing method provided in an embodiment of the present invention, the infiltration is surveyed
Method for testing is applied to the electric terminal 100 shown in Fig. 1.The idiographic flow and step of the penetration testing method are done in detail below
Illustrate.
Step S110, treat survey grid station and be scanned, obtain multiple targeted websites to be tested.
Wherein, the website to be measured refers to the doubtful leaky website having predetermined that, that is, needs to be tested
Website.It is determined that making in the case of the website to be measured, it is necessary to further obtain the website associated with the website to be measured
For targeted website to be tested.
In the present embodiment, determine targeted website to be tested mode can have it is a variety of.
Alternatively, the step S110 can include following sub-step:
The top-level domain of website to be measured is scanned, obtains multiple subdomain names of the top-level domain, and each subdomain name is corresponding
Website as the targeted website;
The C sections and/or B sections of the IP address of website to be measured are scanned, obtains the multiple IP address related to the website to be measured, and
Using website corresponding to each IP address as the targeted website.
For example, it is assumed that the top-level domain of website to be measured is example.com, the top-level domain possesses multiple subdomain names, than
Such as, a.example.com, b.example.com, c.example.com etc., these websites all need to test.Assuming that treat
IP address corresponding to the domain name at survey grid station is 1.1.1.1, the C sections (1.1.1.0/24) and B sections (1.1.1.0/16) of the IP address
In also likely to be present the website related to the website to be measured or service, it is then desired to be scanned, survey grid is treated with described to obtain
All targeted websites for correlation of standing are as target to be tested.
Step S120, each targeted website is concomitantly accessed by the browser 300, and receive each mesh
Mark the pagefile that website returns.
In the present embodiment, by the browser 300 each targeted website identified in bulk, namely access simultaneously
Each targeted website, and receive the pagefile that each targeted website returns.
Step S130, the pagefile received is rendered and loaded, to the pagefile sectional drawing after loading and preserve acquisition
Sectional drawing.
Call API (Application Programming Interface, the application programming of the browser 300
Interface), the pagefile received is rendered and loaded.
Alternatively, in the present embodiment, the browser 300 can be the browser 300 at no interface, such as headless
chrome.In this way, during the pagefile received is rendered and loaded, the browser 300 is not
The pagefile after loading can be shown, resource consumption is greatly reduced, improves testing efficiency.
Complete pagefile is being loaded out, after obtaining complete content of pages, is being called corresponding in the browser 300
Sectional drawing instruction can to the page carry out sectional drawing.For example, page screenshot can be obtained by screenshot parameters.
Further, it is also possible to the code (e.g., Node.js) write by oneself controls the browser 300 to carry out sectional drawing.
In order to be truncated to complete content of pages, the Emulation modules of the Headless Chrome are may call upon
To control page viewport zoom.
In actual applications, the page that some websites provide, which needs user to carry out the refresh operations such as scroll-up/down, to be shown
Completely, thus, the penetration testing method can also comprise the following steps:
When rendering the pagefile received, default script file is called, the pagefile is refreshed, with
Show the complete page.
The script file can be the JavaScript scripts that tester writes in advance, to realize to webpage
Scroll-up/down, page turning etc. operate.
Step S140, obtain the code associated with the pagefile.
Wherein, the code associated with the pagefile include be used for ask the pagefile network request and
The code corresponding to content of pages that the pagefile and the pagefile that targeted website returns obtain after loading.
Step S150, the priority of each targeted website is determined according to the sectional drawing and the code, and according to institute
State priority and penetration testing is carried out to each targeted website.
In the present embodiment, after the sectional drawing and the code is obtained, rule, root are determined according to default priority
The priority of the targeted website is determined according to the sectional drawing and the code, and targeted website first high to priority is permeated
Test.
In detail, as shown in figure 3, the step S150 can include step S151 and the sub-steps of step S152 two.
Step S151, page title, external linkage information and error information are extracted from the code.
Wherein, page title is the Title information that includes of pagefile that targeted website returns, external linkage information
Refer to the link of external website carried in the pagefile that targeted website returns.Error information refer to targeted website access or
The error code returned in refresh process.
Step S152, each targeted website is determined according to the sectional drawing, page title, external linkage and error information
Priority.
As a kind of embodiment, it can will include targeted website corresponding to the pagefile of error information and be set as most
High priority.For the ease of description, in the present embodiment, limit priority is about set to the first priority, the second priority is
Inferior to the priority of limit priority, the like.
It can determine whether respective objects website uses default framework or component according to the sectional drawing, if having used described
Default framework or component, show that the website is based on template generation, defense mechanism is poor, therefore can be set
In the second priority.
The type of corresponding targeted website can also be determined according to the sectional drawing, for example, when a certain targeted website of determination is
During management system, show that its requirement to defense mechanism is also higher, third priority can be set it to.
When not including identifying code in log-on message corresponding to the code detection to the behavior of login but the login behavior, then
Corresponding targeted website can be set as the 4th priority.
In addition, when detecting substantial amounts of external linkage information in the code, corresponding targeted website can be set
It is set to the 5th priority.
, can be according to actual conditions or test during implementation it should be appreciated that the setting rule of above-mentioned priority is merely illustrative
The experience of personnel flexibly sets the division rule of priority, and the present embodiment is without limitation.
As shown in figure 4, be a kind of functional block diagram of pervasion test device 200 provided in an embodiment of the present invention, it is described
Pervasion test device 200 is applied to the electric terminal 100 for including browser 300.
The pervasion test device 200 includes scan module 210, access modules 220, load-on module 230, parsing module
240 and penetration testing module 250.
Wherein, the scan module 210 is scanned for treating survey grid station, obtains multiple targeted websites to be tested.
In the present embodiment, the description as described in the scan module 210 is specifically referred to the step S110 shown in Fig. 2
It is described in detail.That is, the step S110 can be performed by the scan module 210.
Alternatively, as shown in figure 5, in the present embodiment, the scan module 210 can include the first scanning submodule and
Second scanning submodule.
Wherein, the first scanning submodule is used for the top-level domain for scanning website to be measured, obtains the more of the top-level domain
Individual subdomain name, and using website corresponding to each subdomain name as the targeted website.
The second scanning submodule is used for the C sections and/or B sections for scanning the IP address of website to be measured, obtains to be measured with this
The related multiple IP address in website, and using website corresponding to each IP address as the targeted website.
The access modules 220 are used to concomitantly access each targeted website by the browser 300, and receive
The pagefile that each targeted website returns.
In the present embodiment, the description as described in the access modules 220 is specifically referred to the detailed of step S120 shown in Fig. 2
Thin description, that is, the step S120 can be performed by the access modules 220.
Alternatively, in the present embodiment, the browser 300 can be the browser at no interface.
The load-on module 230 is used to rendering and loading the pagefile received, to the pagefile sectional drawing after loading
And preserve the sectional drawing of acquisition.
In the present embodiment, the description as described in the load-on module 230 is specifically referred to the step S130 shown in Fig. 2
It is described in detail, that is, the step S130 can be performed by the load-on module 230.
The parsing module 240 is used to obtain the code associated with the pagefile.
In the present embodiment, the description as described in the parsing module 240 is specifically referred to the detailed of step S140 shown in Fig. 2
Thin description, that is, the step S140 can be performed by the parsing module 240.
The penetration testing module 250 is used to determine the excellent of each targeted website according to the sectional drawing and the code
First level, and penetration testing is carried out to each targeted website according to the priority.
In the present embodiment, the description as described in the penetration testing module 250 is specifically referred to step S150 shown in Fig. 2
Detailed description, that is, the step S150 can be performed by the penetration testing module 250.
Alternatively, in the present embodiment, the penetration testing module 250 determines each according to the sectional drawing and the code
The mode of the priority of the targeted website, it can include:
Page title, external linkage information and error information are extracted from the code;
The excellent of each targeted website is determined according to the sectional drawing, page title, external linkage information and error information
First level.
Alternatively, in the present embodiment, the pervasion test device 200 can also include refresh module 260.
The refresh module 260 is used for when rendering the pagefile received, default script file is called, to described
Pagefile is refreshed, to show the complete page.
In the present embodiment, the detailed description on the refresh module 260 may be referred to walk correlation in the above
Rapid detailed description, will not be repeated here.
In summary, the embodiment of the present invention provides a kind of penetration testing method and device, is swept by treating survey grid station
Retouch, obtain multiple targeted websites to be tested.Each targeted website is concomitantly accessed by the browser 300, and received every
The pagefile that individual targeted website returns, renders and loads the pagefile received, to the pagefile sectional drawing after loading simultaneously
Preserve the sectional drawing obtained.The code of pagefile after being loaded by parsing, each mesh is determined according to the sectional drawing and code
The priority of website is marked, and penetration testing is carried out to each targeted website according to the priority.It so, it is possible more accurately and reliably
Ground determines the priority of targeted website to be measured, and then carries out penetration testing according to the priority.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (10)
- A kind of 1. penetration testing method, it is characterised in that applied to the electric terminal including browser, methods described includes:Treat survey grid station to be scanned, obtain multiple targeted websites to be tested;Each targeted website is concomitantly accessed by the browser, and receives the page that each targeted website returns File;The pagefile received is rendered and loaded, to the pagefile sectional drawing after loading and preserves the sectional drawing of acquisition;Obtain the code associated with the pagefile;The priority of each targeted website is determined according to the sectional drawing and the code, and according to the priority to each The targeted website carries out penetration testing.
- 2. according to the method for claim 1, it is characterised in that the survey grid station for the treatment of is scanned, and is obtained to be tested The step of multiple targeted websites, including:The top-level domain of website to be measured is scanned, obtains multiple subdomain names of the top-level domain, and by net corresponding to each subdomain name Stand and be used as the targeted website;The C sections and/or B sections of the IP address of website to be measured are scanned, obtains the multiple IP address related to the website to be measured, and will be every Website is as the targeted website corresponding to individual IP address.
- 3. method according to claim 1 or 2, it is characterised in that the browser is the browser without interface.
- 4. method according to claim 1 or 2, it is characterised in that methods described also includes:When rendering the pagefile received, default script file is called, the pagefile is refreshed, with display The complete page.
- 5. method according to claim 1 or 2, it is characterised in that each institute is determined according to the sectional drawing and the code The step of stating the priority of targeted website, including:Page title, external linkage information and error information are extracted from the code;The priority of each targeted website is determined according to the sectional drawing, page title, external linkage and error information.
- 6. a kind of pervasion test device, it is characterised in that applied to the electric terminal including browser, described device includes:Scan module, it is scanned for treating survey grid station, obtains multiple targeted websites to be tested;Access modules, for concomitantly accessing each targeted website by the browser, and receive each target The pagefile that website returns;Load-on module, for rendering and loading the pagefile received, to the pagefile sectional drawing after loading and preserve acquisition Sectional drawing;Parsing module, for obtaining the code associated with the pagefile;Penetration testing module, for determining the priority of each targeted website according to the sectional drawing and the code, and press Penetration testing is carried out to each targeted website according to the priority.
- 7. device according to claim 6, it is characterised in that the scan module includes:First scanning submodule, for scanning the top-level domain of website to be measured, multiple subdomain names of the top-level domain are obtained, and will Website is as the targeted website corresponding to each subdomain name;And the second scanning submodule, for scanning the IP of website to be measured The C sections and/or B sections of location, obtain multiple IP address related to the website to be measured, and using website corresponding to each IP address as The targeted website.
- 8. the device according to claim 6 or 7, it is characterised in that the browser is the browser without interface.
- 9. the device according to claim 6 or 7, it is characterised in that described device also includes:Refresh module, for when rendering the pagefile received, calling default script file, the pagefile is entered Row refreshes, to show the complete page.
- 10. the device according to claim 6 or 7, it is characterised in that the penetration testing module is according to the sectional drawing and institute The mode that code determines the priority of each targeted website is stated, including:Page title, external linkage information and error information are extracted from the code;The priority of each targeted website is determined according to the sectional drawing, page title, external linkage information and error information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711056066.2A CN107707561B (en) | 2017-11-01 | 2017-11-01 | Penetration testing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711056066.2A CN107707561B (en) | 2017-11-01 | 2017-11-01 | Penetration testing method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107707561A true CN107707561A (en) | 2018-02-16 |
CN107707561B CN107707561B (en) | 2020-05-19 |
Family
ID=61178155
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711056066.2A Active CN107707561B (en) | 2017-11-01 | 2017-11-01 | Penetration testing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107707561B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109120643A (en) * | 2018-10-11 | 2019-01-01 | 北京知道创宇信息技术有限公司 | Penetration test method and device |
CN109413054A (en) * | 2018-10-10 | 2019-03-01 | 四川长虹电器股份有限公司 | The formation gathering method at penetration testing auxiliary system and penetration testing initial stage |
CN110765333A (en) * | 2019-08-14 | 2020-02-07 | 奇安信科技集团股份有限公司 | Method and device for collecting website information, storage medium and electronic device |
CN111104308A (en) * | 2019-11-12 | 2020-05-05 | 贝壳技术有限公司 | Display page testing method and device, storage medium and electronic equipment |
CN113422777A (en) * | 2021-06-28 | 2021-09-21 | 安天科技集团股份有限公司 | Penetration testing method and device based on white list, computing equipment and storage medium |
CN113886842A (en) * | 2021-12-02 | 2022-01-04 | 北京华云安信息技术有限公司 | Dynamic intelligent scheduling method and device based on test |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050022087A1 (en) * | 2003-02-14 | 2005-01-27 | Ankan Pramanick | Method and system for controlling interchangeable components in a modular test system |
CN103559235A (en) * | 2013-10-24 | 2014-02-05 | 中国科学院信息工程研究所 | Online social network malicious webpage detection and identification method |
CN103632100A (en) * | 2013-11-08 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for detecting website bugs |
CN103902913A (en) * | 2012-12-28 | 2014-07-02 | 百度在线网络技术(北京)有限公司 | Method and device for carrying out safety processing on web application |
CN104156490A (en) * | 2014-09-01 | 2014-11-19 | 北京奇虎科技有限公司 | Method and device for detecting suspicious fishing webpage based on character recognition |
CN106657096A (en) * | 2016-12-29 | 2017-05-10 | 北京奇虎科技有限公司 | WEB vulnerability detection method, apparatus and system |
-
2017
- 2017-11-01 CN CN201711056066.2A patent/CN107707561B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050022087A1 (en) * | 2003-02-14 | 2005-01-27 | Ankan Pramanick | Method and system for controlling interchangeable components in a modular test system |
CN103902913A (en) * | 2012-12-28 | 2014-07-02 | 百度在线网络技术(北京)有限公司 | Method and device for carrying out safety processing on web application |
CN103559235A (en) * | 2013-10-24 | 2014-02-05 | 中国科学院信息工程研究所 | Online social network malicious webpage detection and identification method |
CN103632100A (en) * | 2013-11-08 | 2014-03-12 | 北京奇虎科技有限公司 | Method and device for detecting website bugs |
CN104156490A (en) * | 2014-09-01 | 2014-11-19 | 北京奇虎科技有限公司 | Method and device for detecting suspicious fishing webpage based on character recognition |
CN106657096A (en) * | 2016-12-29 | 2017-05-10 | 北京奇虎科技有限公司 | WEB vulnerability detection method, apparatus and system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109413054A (en) * | 2018-10-10 | 2019-03-01 | 四川长虹电器股份有限公司 | The formation gathering method at penetration testing auxiliary system and penetration testing initial stage |
CN109120643A (en) * | 2018-10-11 | 2019-01-01 | 北京知道创宇信息技术有限公司 | Penetration test method and device |
CN109120643B (en) * | 2018-10-11 | 2020-11-20 | 北京知道创宇信息技术股份有限公司 | Penetration testing method and device |
CN110765333A (en) * | 2019-08-14 | 2020-02-07 | 奇安信科技集团股份有限公司 | Method and device for collecting website information, storage medium and electronic device |
CN111104308A (en) * | 2019-11-12 | 2020-05-05 | 贝壳技术有限公司 | Display page testing method and device, storage medium and electronic equipment |
CN113422777A (en) * | 2021-06-28 | 2021-09-21 | 安天科技集团股份有限公司 | Penetration testing method and device based on white list, computing equipment and storage medium |
CN113886842A (en) * | 2021-12-02 | 2022-01-04 | 北京华云安信息技术有限公司 | Dynamic intelligent scheduling method and device based on test |
Also Published As
Publication number | Publication date |
---|---|
CN107707561B (en) | 2020-05-19 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107707561A (en) | penetration testing method and device | |
US11297094B2 (en) | Automated and continuous cybersecurity assessment with measurement and scoring | |
US10432662B2 (en) | Method and system for blocking malicious third party site tagging | |
KR101001132B1 (en) | Method and System for Determining Vulnerability of Web Application | |
CN104685510B (en) | Recognition application whether be rogue program method, system and storage medium | |
CN104954372A (en) | Method and system for performing evidence acquisition and verification on phishing website | |
CN107204956B (en) | Website identification method and device | |
CN108256322B (en) | Security testing method and device, computer equipment and storage medium | |
CN104115117A (en) | Automatic synthesis of unit tests for security testing | |
CN106682489A (en) | Password security detection method, password security reminding method and corresponding devices | |
CN103647678A (en) | Method and device for online verification of website vulnerabilities | |
CN109672658B (en) | JSON hijacking vulnerability detection method, device, equipment and storage medium | |
CN114095567B (en) | Data access request processing method and device, computer equipment and medium | |
CN106209757A (en) | Automatically detection and convenient login method, device and the system of filling entry field | |
CN104462983B (en) | A kind of PHP source code processing method and system | |
CN111797026A (en) | Test case generation method and device, computer equipment and storage medium | |
CN104468459B (en) | A kind of leak detection method and device | |
CN112600863A (en) | Safe remote access system and method | |
CN112019544B (en) | Network interface security scanning method, device and system | |
CN106603572B (en) | Vulnerability detection method and device based on probe | |
CN104573486A (en) | Vulnerability detection method and device | |
CN113535577A (en) | Application testing method and device based on knowledge graph, electronic equipment and medium | |
CN113162937A (en) | Application safety automatic detection method, system, electronic equipment and storage medium | |
US20160036853A1 (en) | Storage medium storing program for login alerts, and method and system thereof | |
CN112287349A (en) | Security vulnerability detection method and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd. Address before: Room 803, Jinwei Building, 55 Lanindichang South Road, Haidian District, Beijing Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |