CN110896394A - Video monitoring equipment leak safety detection system - Google Patents
Video monitoring equipment leak safety detection system Download PDFInfo
- Publication number
- CN110896394A CN110896394A CN201811070136.4A CN201811070136A CN110896394A CN 110896394 A CN110896394 A CN 110896394A CN 201811070136 A CN201811070136 A CN 201811070136A CN 110896394 A CN110896394 A CN 110896394A
- Authority
- CN
- China
- Prior art keywords
- module
- vulnerability
- scanning
- plug
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N7/00—Television systems
- H04N7/18—Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a video monitoring equipment vulnerability security detection system, which comprises an input module, a program configuration module, a port scanning module, a control scheduling module, a plug-in analysis engine module, a result analysis module and an output module. Compared with the prior art, the method has the advantages of platform consistency, multi-platform compatibility, high expandability and the like.
Description
Technical Field
The invention relates to the technical field of network vulnerability security detection, in particular to a vulnerability security detection system of video monitoring equipment.
Background
The video monitoring equipment is the same as most network equipment, security vulnerabilities mainly comprise weak passwords, bypass authentication, plaintext transmission, vulnerability injection, cross-site attack, denial of service attack, command execution, unauthorized access and the like, so the vulnerability security detection method is the same as a mainstream leakage scanning tool in the market, vulnerability analysis results are obtained by scanning the equipment, extracting feature data, vulnerability feature matching and the like, but because different monitoring equipment manufacturers have different products, the feature data extraction, the vulnerability library information and the like are different from those of the traditional equipment manufacturers, the video monitoring equipment needs to be subjected to expert analysis, and a special vulnerability library is constructed. In addition, aiming at the problem that new security vulnerabilities are continuously exploded, a vulnerability analysis engine needs to adopt a plug-in design and needs to have a dynamic extensible function.
With the continuous exposure of the problems of weak password loopholes, command execution loopholes, unauthorized reading and the like of equipment of well-known monitoring equipment manufacturers, relevant monitoring equipment has serious potential safety hazards, part of the equipment is controlled by illegal personnel, and large-scale DDOS attack events are caused, and similar safety events such as monitoring pictures in scientific research laboratories, factories, home video information of kindergartens, even computer camera pictures and the like are uploaded to a network.
At present, a system for detecting vulnerability security of video monitoring equipment mainly comprises three contents: in the first aspect, the weak password and dictionary detection scheme tests the safety problem of the weak password of the video monitoring equipment by configuring dictionary files with different characteristics and combining a scanner detection and trial method, but has the following defects: the uncertainty is too large, the dictionary content is difficult to meet the requirements, and the configuration of all weak passwords cannot be complete; in the second aspect, a security hole exists in the video monitoring equipment system, and the equipment control authority is needed to bypass the process of obtaining the sensitive files of the equipment. The method has the defects that the number of loopholes is too large, the loopholes cannot be listed completely, most of the loopholes cannot be verified, and the loopholes which can be scanned and realized are too few, so that great difficulty is generated in detecting the security of the loopholes of the video monitoring equipment; in the third aspect, the protocol layer vulnerability detection scheme is used for attacking the equipment by mining the vulnerability of the video monitoring equipment protocol, so that the equipment can refuse service and cannot provide service to the outside.
The existing developed tools are designed in one step, codes are written in place, when the same module function needs to be added and modified in the later period, the source codes of the program and the tools need to be taken for recompilation and modification, and a non-ordinary technical person or a code writer cannot modify the program. The situation causes the expandability of the program to be greatly reduced, and as time advances, various bugs of the video monitoring equipment emerge endlessly, and the program cannot be expanded or is very troublesome to expand, so that the program cannot be updated timely, and the latest bug equipment cannot be effectively discovered.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a video monitoring equipment vulnerability security detection system.
The purpose of the invention can be realized by the following technical scheme:
a video surveillance equipment vulnerability security detection system, the system comprising:
and the input module is used for providing an input interface of the program and providing a pointing function of the detection target through parameter modification.
And the program configuration module is used for selecting the program loading module and the password dictionary so as to test the robustness of the password of the video monitoring equipment.
The port scanning module is used for judging the openness of the survival port; live port discovery within IP and port range is specified.
And the control scheduling module is used for scheduling and matching the port scanning module, the vulnerability library module and the result analysis module, sending results generated in the scanning process to the result analysis module for analysis through the operation logic of the control program, generating an operation interval in the program operation process, preventing the disordered program logic from causing detection failure, controlling the operation and stop of multiple threads in the scanning process, and sending control messages and logs to the UI main thread by the multiple threads to prevent thread conflict and deadlock.
A plug-in analysis engine module: the method is used for analyzing and matching the loopholes according to the data acquired by port scanning, forming a visual and uniform log format and outputting the log format in the main interface log frame.
And the leakage library module is used for finishing the updating work of the program plug-in library and the leakage data.
And the result analysis module is used for judging the scanning result sent by the control scheduling module.
And the output module is used for providing a final output feedback interface.
Preferably, the input of the input module is an IP range and a port range to be detected.
Preferably, the port scanning module performs openness determination on the live ports within the specified IP range and port range.
Preferably, the port scanning module determines the openness of the TCP port by using a TCP three-way handshake detection mechanism.
Preferably, the plugin analysis engine module adopts a scanner with a plugin structure.
Preferably, the program configuration module performs a password robustness test of the video monitoring device through selection of a username and password dictionary, and if the password of the video monitoring device is matched with the username and password in the dictionary, the video monitoring device is determined to be a weak password device.
Preferably, the plug-in analysis engine module adopts Python script to perform plug-in extension.
Preferably, the leaky library module is designed by adopting a mode of separating a UI (user interface) and a plug-in, a large number of interfaces are reserved in a Python plug-in library for later expansion, Python scripts are modified according to a plug-in format, codes in a main program are slightly modified and recompiled, and then the updating work of the program plug-in library and the leak data can be completed, so that the expandability of the program is greatly improved.
The vulnerability detection principle of the system comprises the following steps:
step one, an input module receives a user input parameter value;
secondly, the program configuration module configures parameters according to system requirements and adjusts scanning contents;
thirdly, the port scanning module acquires system scanning port information and acquires system open service according to the port information;
controlling a scheduling module to control scheduling adjustment to adapt to a video system according to the scanning port information;
fifthly, classifying and optimizing the vulnerability of the video system by the plug-in analysis engine module through port scanning, control scheduling and combination of the vulnerability plug-ins of the engine module;
and step six, the result analysis module judges the scanning result sent by the control scheduling module, loads the information of the vulnerability library module through the previously collected information, compares the vulnerability library module and scans the security vulnerability existing in the video system.
And seventhly, outputting the security vulnerability result by the output module.
Compared with the prior art, the invention has the following advantages:
(1) the system combines the advantages of Net and Python languages, adopts Net development interface and logic and Python development vulnerability plug-ins, and has platform consistency and multi-platform compatibility;
(2) the system can quickly modify the latest POC into a tool plug-in unit and perform function extension on an automatic tool;
(3) the leak library module in the system adopts a mode of separating UI (user interface) and plug-in, a large number of interfaces are reserved in a Python plug-in library for later expansion, the update work of the program plug-in library and leak data can be completed only by modifying Python scripts according to a plug-in format, slightly modifying codes in a main program and recompiling the codes, and the expandability of the program is greatly improved;
(4) the pluggable analysis engine module in the system adopts the scanner with a pluggable structure, so that anyone can construct own attack test script without knowing the principle of too many scanners, and the method is simple and convenient to apply.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention.
Detailed Description
The invention is described in detail below with reference to the figures and specific embodiments.
As shown in fig. 1, the present invention relates to a video monitoring device vulnerability security detection system, which includes:
an input and output module: an input interface for providing a program, a final output feedback interface, the input of the input module comprising: and inputting parameters such as IP range and port range to be detected. The input module can realize the pointing function of the detection target through the modification of the parameters.
A program configuration module: the module has the main functions of selecting a module for loading the program and a password dictionary, and the running process of the program can be reduced and the execution speed of the program can be accelerated by manually loading or not loading the specified module. And the password robustness test of the video monitoring equipment can be carried out through the selection of the user name and the password dictionary, and if the password of the video monitoring equipment is matched with the user name and the password in the dictionary, the video monitoring equipment is judged to be weak password equipment.
A port scanning module: the port scanning module has the main functions of specifying the IP and discovering the survival ports in the port range, and the module judges the openness of the TCP port by using a TCP three-way handshake detection mechanism, and is timely and accurate. The module scans and detects the open port, and lays a foundation for vulnerability detection of the subsequent survival port.
A control scheduling module: the main function of the control scheduling module is to bond modules of port scanning, vulnerability detection, result analysis and the like, and the modules are used for controlling the operation logic of a program and sending results generated in the scanning process to the result analysis module for analysis. Meanwhile, an operation interval is generated in the program operation process, so that the detection failure caused by program logic disorder is prevented. The operation and the stop of multiple threads in the scanning process are controlled, and the multiple sub-threads send control messages and logs to the UI main thread to prevent thread conflict and deadlock;
a plug-in analysis engine module: and analyzing and matching the vulnerability by using a plug-in scanning engine according to the data acquired by port scanning. The scanner adopting the plug-in structure can enable anyone to construct own attack test script without knowing the principle of too many scanners. Such a scanner may also be used as a platform to simulate hacking. Scanners of this construction are very life intensive, as is the case with well-known Nessus.
In the embodiment, the program uses the Python script to perform plug-in extension, so that vulnerability scanning can be completed better. In the running process of the program, many intermediate information needing to be printed can be encountered, because the program is subjected to function expansion in a Python plug-in mode, each plug-in may have a certain log output or result generation, and a uniform format needs to be set to summarize the results. The module has the main function of integrating loose logs generated in the process of executing scanning detection by a Python plug-in module to form a visual and uniform log format and outputting the log format in a main interface log frame;
a leak library module: the module adopts a mode of separating UI and plug-ins to carry out program design, reserves a large number of interfaces in a Python plug-in library for later expansion, only needs to modify Python scripts according to a plug-in format, slightly modifies codes in a main program and recompiles the codes to finish the updating work of the program plug-in library and vulnerability data, and greatly improves the expandability of the program.
The working principle of the system comprises the following steps:
step one, an input module receives a parameter value input by a user.
And step two, selecting a module for program loading and a password dictionary by the program configuration module, and configuring parameters according to system requirements by manually loading or not loading the specified module to adjust the scanning content.
And step three, the port scanning module judges the openness of the TCP port by using a TCP three-way handshake detection mechanism, acquires system scanning port information and acquires system open service according to the port information.
Fourthly, controlling a scheduling module to send results generated in the scanning process to a result analysis module for analysis, and controlling scheduling adjustment according to the information of the scanning port to adapt to a video system; meanwhile, an operation interval is generated in the program operation process, so that the detection failure caused by program logic disorder is prevented.
And step five, calculating the optimal (reasonable) playing frame number to be 30 frames as a synchronous frame by the control end of the plug-in analysis engine module according to the current playing frame number fed back by each playing end, namely 29 frames, 30 frames and 31 frames, and calculating the synchronous frame according to the maximum probability of the current frame fed back by each playing end, wherein the synchronous frame has the function of providing synchronous reference. And the plug-in analysis engine module analyzes and matches the loophole by using the plug-in scanning engine according to the data obtained by port scanning. The scanner adopting the plug-in structure can enable anyone to construct own attack test script without knowing the principle of too many scanners.
And step six, the result analysis module judges the scanning result sent by the control scheduling module, loads the information of the vulnerability library module through the previously collected information, compares the vulnerability library module and scans the security vulnerability existing in the video system. The invention adopts Net development interface and logic and Python development vulnerability plug-in by the vulnerability library module, and has the characteristics of platform consistency, multi-platform compatibility, high expandability and the like. And at present, the latest leak exposure of the network security field is generally released by adopting a mode of writing POC by Python, and the tool can quickly modify the latest POC into a tool plug-in unit and perform function expansion on the automation tool.
And seventhly, outputting the security vulnerability result by the output module.
While the invention has been described with reference to specific embodiments, the invention is not limited thereto, and those skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope of the invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. The utility model provides a video monitoring equipment vulnerability security detection system which characterized in that includes:
the input module is used for providing an input interface of a program and providing a pointing function of a detection target through parameter modification;
the program configuration module is used for selecting the program loading module and the password dictionary so as to test the robustness of the password of the video monitoring equipment;
the port scanning module is used for judging the openness of the survival port;
the control scheduling module is used for controlling the operation logic of the program, sending the result generated in the scanning process to the result analysis module for analysis, generating an operation interval in the program operation process, controlling the operation and stop of multiple threads in the scanning process, and sending control information and logs to the UI main thread by the multiple threads;
a plug-in analysis engine module: the system comprises a main interface log frame, a port scanning module, a vulnerability matching module and a vulnerability matching module, wherein the vulnerability matching module is used for analyzing and matching data acquired by port scanning to form a visual and uniform log format and outputting the visual and uniform log format in the main interface log frame;
the vulnerability database module is used for finishing the updating work of the program plug-in database and the vulnerability data;
and the result analysis module is used for judging the scanning result sent by the control scheduling module and scanning the security loopholes existing in the video system.
And the output module is used for providing a final output feedback interface.
2. The video monitoring device vulnerability security detection system of claim 1, wherein the input of the input module is an IP range, a port range to be detected.
3. The video surveillance device vulnerability security detection system of claim 2, wherein the port scanning module performs an openness determination on a live port within a specified IP range and port range.
4. The video surveillance device vulnerability security detection system of claim 3, wherein the port scanning module employs a TCP three-way handshake detection mechanism to determine the openness of TCP ports.
5. The video surveillance equipment vulnerability security detection system of claim 1, wherein the plug-in analysis engine module employs a scanner of plug-in structure.
6. The system according to claim 1, wherein the program configuration module performs a password robustness test of the video surveillance device through selection of a username and password dictionary, and determines that the video surveillance device is a weak password device if the password of the video surveillance device matches the username and password in the dictionary.
7. The video monitoring device vulnerability security detection system of claim 1, wherein the plug-in analysis engine module employs Python scripts for plug-in extension.
8. The video monitoring device vulnerability security detection system of claim 1, wherein the vulnerability library module adopts a mode of separating UI and plug-ins for programming to complete the updating work of the program plug-in library and vulnerability data.
9. The video surveillance equipment vulnerability security detection system of claim 1, wherein the vulnerability detection of the system comprises the steps of:
1) the input module receives an input parameter value of a user;
2) the program configuration module configures parameters according to system requirements and adjusts scanning contents;
3) the port scanning module acquires system scanning port information and acquires system open service according to the port information;
4) the control scheduling module controls scheduling adjustment to adapt to a video system according to the scanning port information;
5) the plug-in analysis engine module classifies and optimizes the video system bugs by port scanning, control scheduling and combining with the engine module bug plug-ins;
6) the result analysis module judges the scanning result sent by the control scheduling module, loads the information of the vulnerability library module through the previously collected information, compares the vulnerability library module and acquires the security vulnerability of the video system;
7) and the output module outputs the security vulnerability result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811070136.4A CN110896394A (en) | 2018-09-13 | 2018-09-13 | Video monitoring equipment leak safety detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811070136.4A CN110896394A (en) | 2018-09-13 | 2018-09-13 | Video monitoring equipment leak safety detection system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110896394A true CN110896394A (en) | 2020-03-20 |
Family
ID=69785544
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811070136.4A Pending CN110896394A (en) | 2018-09-13 | 2018-09-13 | Video monitoring equipment leak safety detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110896394A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804199A (en) * | 2020-12-30 | 2021-05-14 | 傅昱皓 | Method for discovering weak password of camera based on flow |
| CN113946826A (en) * | 2021-09-10 | 2022-01-18 | 国网山东省电力公司信息通信公司 | Method, system, equipment and medium for analyzing and monitoring vulnerability fingerprint silence |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193918A1 (en) * | 2003-03-28 | 2004-09-30 | Kenneth Green | Apparatus and method for network vulnerability detection and compliance assessment |
| CN102413115A (en) * | 2011-08-12 | 2012-04-11 | 乐视网信息技术(北京)股份有限公司 | Client plug-in system |
| CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for carrying out penetration test on network safety equipment |
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103929429A (en) * | 2014-04-24 | 2014-07-16 | 北京邮电大学 | Network vulnerability scanning system and method based on RESTful Web service |
-
2018
- 2018-09-13 CN CN201811070136.4A patent/CN110896394A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193918A1 (en) * | 2003-03-28 | 2004-09-30 | Kenneth Green | Apparatus and method for network vulnerability detection and compliance assessment |
| CN102468985A (en) * | 2010-11-01 | 2012-05-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and system for carrying out penetration test on network safety equipment |
| CN102413115A (en) * | 2011-08-12 | 2012-04-11 | 乐视网信息技术(北京)股份有限公司 | Client plug-in system |
| CN103065095A (en) * | 2013-01-29 | 2013-04-24 | 四川大学 | WEB vulnerability scanning method and vulnerability scanner based on fingerprint recognition technology |
| CN103929429A (en) * | 2014-04-24 | 2014-07-16 | 北京邮电大学 | Network vulnerability scanning system and method based on RESTful Web service |
Non-Patent Citations (4)
| Title |
|---|
| 何颖: "基于Nessus的网络安全检测", 《中国优秀硕士论文全文数据库》, 15 September 2006 (2006-09-15), pages 1 - 2 * |
| 吴礼发,洪征,潘瑶: "网络协议逆向分析及应用" * |
| 王景中等: "基于Nessus的漏洞扫描***设计与实现", 《网络安全技术与应用》 * |
| 王景中等: "基于Nessus的漏洞扫描***设计与实现", 《网络安全技术与应用》, 27 January 2013 (2013-01-27), pages 2 - 3 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112804199A (en) * | 2020-12-30 | 2021-05-14 | 傅昱皓 | Method for discovering weak password of camera based on flow |
| CN112804199B (en) * | 2020-12-30 | 2023-10-10 | 傅昱皓 | Method for discovering weak password of camera based on flow |
| CN113946826A (en) * | 2021-09-10 | 2022-01-18 | 国网山东省电力公司信息通信公司 | Method, system, equipment and medium for analyzing and monitoring vulnerability fingerprint silence |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10614222B2 (en) | Validation of security monitoring through automated attack testing | |
| CN110035088B (en) | Method and equipment for automatically logging in remote control operating system based on RPA | |
| US10642715B1 (en) | Dynamic authorization of requested actions using adaptive context-based matching | |
| US10581879B1 (en) | Enhanced malware detection for generated objects | |
| CN107273748B (en) | Method for realizing android system vulnerability detection based on vulnerability poc | |
| CN104239786B (en) | Exempt from ROOT Initiative Defenses collocation method and device | |
| CN107911355B (en) | Website backdoor utilization event identification method based on attack chain | |
| CN111581645B (en) | Iterative attack method of automatic penetration test system based on AI | |
| CN111488588B (en) | Automatic penetration test method based on AI | |
| CN104751056A (en) | Vulnerability verification system and method based on attack library | |
| US11824900B2 (en) | Artificial intelligence security configuration engine | |
| CN110958246B (en) | Dynamic intelligent protection method based on WEB server and application thereof | |
| CN115270131A (en) | Java anti-serialization vulnerability detection method and system | |
| WO2016180894A1 (en) | Method and system for automating the process of testing of software application | |
| CN110896394A (en) | Video monitoring equipment leak safety detection system | |
| CN103944920A (en) | Network worm active hampering method based on driver checking and confronting tool automatic generation system | |
| CN114666104A (en) | Penetration testing method, system, computer equipment and storage medium | |
| Botella et al. | Risk-based vulnerability testing using security test patterns | |
| CN109241746A (en) | Code process method, apparatus calculates equipment and storage medium | |
| Putra et al. | Infrastructure as code for security automation and network infrastructure monitoring | |
| CN111488586B (en) | Automatic permeation testing system post-permeation method based on AI | |
| Visoottiviseth et al. | Firmaster: Analysis tool for home router firmware | |
| CN106919844A (en) | A kind of android system vulnerability of application program detection method | |
| CN116484380A (en) | Automatic penetration test method and system for cloud native application | |
| CN113760436B (en) | Cloud host remote login system and method based on two-dimensional code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |