CN113596014A - Access vulnerability detection method and device and electronic equipment - Google Patents
Access vulnerability detection method and device and electronic equipment Download PDFInfo
- Publication number
- CN113596014A CN113596014A CN202110846886.1A CN202110846886A CN113596014A CN 113596014 A CN113596014 A CN 113596014A CN 202110846886 A CN202110846886 A CN 202110846886A CN 113596014 A CN113596014 A CN 113596014A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- access
- returning
- information
- unauthorized access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 76
- 238000012795 verification Methods 0.000 claims abstract description 48
- 230000004044 response Effects 0.000 claims abstract description 46
- 238000004590 computer program Methods 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 7
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000000034 method Methods 0.000 abstract description 10
- 238000005516 engineering process Methods 0.000 abstract description 7
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 210000001072 colon Anatomy 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000005034 decoration Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an access vulnerability detection method and device and electronic equipment. The detection method comprises the following steps: the method comprises the steps of receiving an address file, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, the IP addresses and the corresponding ports are stored according to a preset format, then the IP addresses and the ports are converted into Uniform Resource Locators (URLs), then HTTP requests are sent to a server side based on the URLs, after the server side receives the HTTP requests, corresponding response information is inquired according to the HTTP requests, and finally unauthorized access vulnerability verification is carried out on the IP addresses of each row based on the response information and a preset vulnerability detection library to obtain access vulnerability verification results. The invention solves the technical problem that the unauthorized access vulnerability can not be rapidly detected in batch in the related technology.
Description
Technical Field
The invention relates to the technical field of information security and detection, in particular to an access vulnerability detection method and device and electronic equipment.
Background
With the rapid development of network technology, information security is more and more emphasized. Unauthorized access is a common vulnerability threatening information security, and the unauthorized access vulnerability can be understood as defects of addresses and authorized pages needing security configuration or authority authentication, so that other users can directly access the addresses and authorized pages, and therefore, a security problem that important authorities can be leaked by sensitive information such as operation, databases or website directories is caused.
Since most services have permission problems under default conditions and applications with a large usage amount are reported with unauthorized access holes, the unauthorized access holes need to be detected in order to ensure information security.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides an access vulnerability detection method, a device and electronic equipment thereof, which are used for at least solving the technical problem that unauthorized access vulnerabilities cannot be detected rapidly in batches in the related technology.
According to an aspect of the embodiments of the present invention, there is provided an access vulnerability detection method, including: receiving an address file, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, and the IP addresses and the corresponding ports are stored according to a preset format; converting the IP address and port to a Uniform Resource Locator (URL); based on each URL, sending an HTTP request to a server side, wherein the server side inquires corresponding response information according to the HTTP request after receiving the HTTP request; and performing unauthorized access vulnerability verification on the IP address of each row based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result.
Optionally, after sending an HTTP request to the server based on each URL, the vulnerability detection method further includes: receiving response information of the server; judging whether the HTTP request is a normal access request or not based on the response information; if the HTTP request is a normal access request, returning a normal request result; and if the HTTP request is an abnormal access request, returning vulnerability information of different access vulnerability types.
Optionally, the step of returning vulnerability information of different access vulnerability types includes: if the access vulnerability type is a redis unauthorized access vulnerability, returning redis vulnerability information; and if the access vulnerability type is the mongodb unauthorized access vulnerability, returning mongodb vulnerability information.
Optionally, the step of returning vulnerability information of different access vulnerability types further includes: if the access vulnerability type is a memcached unauthorized access vulnerability, returning memcached vulnerability information; and if the access vulnerability type is an illegal access vulnerability, returning the illegal access vulnerability information.
Optionally, the step of returning vulnerability information of different access vulnerability types further includes: if the access vulnerability type is a zookeeper unauthorized access vulnerability, returning zookeeper vulnerability information; and if the access vulnerability type is the CouchDB unauthorized access vulnerability, returning CouchDB vulnerability information.
Optionally, the step of returning vulnerability information of different access vulnerability types further includes: if the access vulnerability type is a docker unauthorized access vulnerability, returning docker vulnerability information; and if the access vulnerability type is a Hadoop unauthorized access vulnerability, returning Hadoop vulnerability information.
Optionally, after performing unauthorized access vulnerability verification on each row of the IP addresses based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result, the vulnerability detection method further includes: and exporting all the access vulnerability verification results to a specified file.
According to another aspect of the embodiments of the present invention, there is also provided an access vulnerability detection apparatus, including: the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving an address file, the address file comprises a plurality of rows of IP addresses and ports to be detected, and the IP addresses and the corresponding ports are stored according to a preset format; a conversion unit for converting the IP address and the port into a Uniform Resource Locator (URL); the sending unit is used for sending an HTTP request to the server side based on each URL, wherein the server side inquires corresponding response information according to the HTTP request after receiving the HTTP request; and the verification unit is used for carrying out unauthorized access vulnerability verification on the IP address of each row based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result.
Optionally, the vulnerability detection apparatus further includes: a first receiving module, configured to receive response information of the server after sending an HTTP request to the server based on each URL; the first judging module is used for judging whether the HTTP request is a normal access request or not based on the response information; the first returning module is used for returning a normal request result if the HTTP request is a normal access request; and the second returning module is used for returning the vulnerability information of different access vulnerability types if the HTTP request is an abnormal access request.
Optionally, the second return module comprises: the first return submodule is used for returning redis vulnerability information if the access vulnerability type is a redis unauthorized access vulnerability; and the second return sub-module is used for returning the mongodb vulnerability information if the access vulnerability type is the mongodb unauthorized access vulnerability.
Optionally, the second return module further comprises: the third returning sub-module is used for returning memcached vulnerability information if the access vulnerability type is memcached unauthorized access vulnerability; and the fourth returning submodule is used for returning the vulnerability information of the elasticsearch if the access vulnerability type is an unauthorised access vulnerability of the elasticsearch.
Optionally, the second return module further comprises: a fifth returning submodule, configured to return zookeeper vulnerability information if the access vulnerability type is a zookeeper unauthorized access vulnerability; and the sixth returning submodule is used for returning the CouchDB vulnerability information if the access vulnerability type is the CouchDB unauthorized access vulnerability.
Optionally, the second return module further comprises: the seventh returning submodule is used for returning the docker vulnerability information if the access vulnerability type is the docker unauthorized access vulnerability; and the eighth returning submodule is used for returning Hadoop vulnerability information if the access vulnerability type is a Hadoop unauthorized access vulnerability.
Optionally, the vulnerability detection apparatus further includes: and the first export module is used for exporting all the access vulnerability verification results to a specified file after carrying out unauthorized access vulnerability verification on the IP addresses in each row based on the response information and a preset vulnerability detection library to obtain access vulnerability verification results.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform any one of the above described access vulnerability detection methods via execution of the executable instructions.
According to another aspect of the embodiments of the present invention, a computer-readable storage medium is further provided, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute any one of the above described access vulnerability detection methods.
In the embodiment of the invention, an address file is received, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, the IP addresses and the corresponding ports are stored according to a preset format, then the IP addresses and the ports are converted into Uniform Resource Locators (URLs), then HTTP requests are sent to a server side based on each URL, after the server side receives the HTTP requests, the server side inquires corresponding response information according to the HTTP requests, and finally unauthorized access vulnerability verification is carried out on each row of IP addresses based on the response information and a preset vulnerability detection library to obtain access verification results. In the embodiment, based on the unauthorized access vulnerability detection framework, the unauthorized access vulnerabilities can be rapidly detected in batches, the working efficiency of vulnerability detection is improved, and the technical problem that the unauthorized access vulnerabilities cannot be rapidly detected in batches in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of an alternative access vulnerability detection method according to an embodiment of the present invention;
FIG. 2 is a flow chart of another alternative access vulnerability detection method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an access vulnerability detection apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
To facilitate understanding of the invention by those skilled in the art, some terms or nouns referred to in the embodiments of the invention are explained below:
http (hyper Text Transfer protocol), hypertext Transfer protocol, is a simple request-response protocol that specifies what messages a client may send to a server and what responses it gets.
The embodiment of the invention can be applied to various terminals, such as a mobile terminal, an IPad, a tablet, a PC and the like. The unauthorized access vulnerability types related in the embodiment of the present invention include: a redis unauthorized access vulnerability, a mongodb unauthorized access vulnerability, a memcached unauthorized access vulnerability, an elasticsearch unauthorized access vulnerability, a zookeeper unauthorized access vulnerability, a CouchDB unauthorized access vulnerability, a docker unauthorized access vulnerability, a Hadoop unauthorized access vulnerability, etc. In this embodiment, by extracting the unauthorized access vulnerability structural data, an unauthorized access vulnerability detection framework can be written, and then whether an unauthorized access vulnerability corresponding to the vulnerability exists is determined based on the obtained response information.
According to an embodiment of the present invention, an access vulnerability detection method embodiment is provided, it should be noted that the steps shown in the flowchart of the figure may be executed in a computer system such as a set of computer executable instructions, and although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in an order different from that here.
Example one
Fig. 1 is a flowchart of an optional access vulnerability detection method according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
step S102, receiving an address file, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, and the IP addresses and the corresponding ports are stored according to a preset format.
Step S104, converting the IP address and the port into a Uniform Resource Locator (URL).
Step S106, based on each URL, sending an HTTP request to the server side, wherein the server side inquires corresponding response information according to the HTTP request after receiving the HTTP request.
And S108, performing unauthorized access vulnerability verification on each row of IP addresses based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result.
Through the steps, an address file can be received, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, the IP addresses and the corresponding ports are stored according to a preset format, then the IP addresses and the ports are converted into Uniform Resource Locators (URLs), then HTTP requests are sent to a server side based on each URL, after the server side receives the HTTP requests, corresponding response information is inquired according to the HTTP requests, and finally unauthorized access vulnerability verification is carried out on each row of IP addresses based on the response information and a preset vulnerability detection library to obtain access verification results. In the embodiment, based on the unauthorized access vulnerability detection framework, the unauthorized access vulnerabilities can be rapidly detected in batches, the working efficiency of vulnerability detection is improved, and the technical problem that the unauthorized access vulnerabilities cannot be rapidly detected in batches in the related technology is solved.
The following describes embodiments of the present invention in detail with reference to the respective steps.
Step S102, receiving an address file, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, and the IP addresses and the corresponding ports are stored according to a preset format.
In the embodiment of the invention, the IP addresses and the ports to be detected can be imported into the address file, and the storage format is IP plus colon number plus ports (namely, the IP addresses and the ports are stored according to the preset format), so that the address file contains a plurality of rows of IP addresses, and when an unauthorized access vulnerability detection framework is used for carrying out vulnerability detection on each row of IP addresses, the detection can be carried out rapidly in batch.
Step S104, converting the IP address and the port into a Uniform Resource Locator (URL).
In the embodiment of the invention, the IP address and the corresponding port are converted into the URL according to the format requirement of the URL, so that the corresponding information of the server side is conveniently requested.
Step S106, based on each URL, sending an HTTP request to the server side, wherein the server side inquires corresponding response information according to the HTTP request after receiving the HTTP request.
In this embodiment of the present invention, for each URL, an HTTP request is sent to the server, where the HTTP request refers to request information from the client to the server, and the request information may include: in the message head line, the server side can return corresponding response information according to the request method of the resource, the identifier of the resource and the used protocol.
Optionally, after sending the HTTP request to the server based on each URL, the vulnerability detection method further includes: receiving response information of a server side; judging whether the HTTP request is a normal access request or not based on the response information; if the HTTP request is a normal access request, returning a normal request result; if the HTTP request is an abnormal access request, returning vulnerability information of different access vulnerability types.
In the embodiment of the invention, the URL address can be read, an HTTP request packet is sent for each URL, response information of a server end is obtained, whether the HTTP request is a normal access request or not is judged according to the response information, if the HTTP request is the normal access request, the request has no loophole, a normal request result can be obtained, otherwise, each type of unauthorized access loophole is verified in sequence, and if the redis unauthorized access loophole exists, redis detailed information can be returned; if the mongodb unauthorized access vulnerability exists, the detailed mongodb information is returned; if the memcached unauthorized access vulnerability exists, returning the memcached detailed information; if the access vulnerability of the elastic search is not authorized, returning detailed information of the elastic search; if the zookeeper is not authorized to access the loophole, returning the zookeeper detailed information; if the CouchDB unauthorized access loophole exists, returning the detailed CouchDB information; if the docker unauthorized access vulnerability exists, docker detailed information is returned; and if the Hadoop unauthorized access vulnerability exists, returning Hadoop detailed information.
Optionally, the step of returning vulnerability information of different access vulnerability types includes: if the access vulnerability type is a redis unauthorized access vulnerability, returning redis vulnerability information; and if the access vulnerability type is the mongodb unauthorized access vulnerability, returning the mongodb vulnerability information.
In the embodiment of the present invention, a Redis unauthorized access vulnerability refers to that, under a default condition, a Redis is bound to 0.0.0.0:6379, if a relevant policy is not adopted, for example, a firewall rule is added to avoid IP access from other untrusted sources, and the like, so that a Redis service is exposed to a public network, if no password authentication is set to be generally null, an arbitrary user may be caused to unauthorized access the Redis and read data of the Redis under the condition that a target server can be accessed, and an attacker may perform a file writing operation by using a config command provided by the Redis itself under the condition that the Redis is unauthorized to access the Redis, and the attacker may successfully write the own ssh public key into an authored _ key file of a/ro/ssh folder of the target server, and may further directly log in the target server by using a corresponding private key.
The MongoDB unauthorized access vulnerability means that after the MongoDB service is installed, the Mongodb service is defaulted without permission verification, if the service monitoring is 0.0.0.0, the Mongodb service can remotely access the database without authorization, and because the Mongodb service which is open to the outside is not configured with access authentication authorization and does not need to be authenticated and connected with the database, the database can be arbitrarily operated, such as high-risk actions of adding, deleting, modifying, checking and the like, and serious data leakage risks can be caused.
Optionally, the step of returning the vulnerability information of different access vulnerability types further includes: if the access vulnerability type is a memcached unauthorized access vulnerability, returning memcached vulnerability information; and if the access vulnerability type is an unauthorized access vulnerability, returning vulnerability information of the elastic search.
In the embodiment of the invention, the memcached unauthorized access vulnerability refers to that due to the defect of memcached security design, after a client is connected with a memcached server, the cache content of the server can be read and modified without authentication, and except that data in the memcached server can be directly read, leaked and maliciously modified, since the data in the memcached server can be processed by a back-end code as if a normal website user accesses a submitted variable, different types of security problems can be caused again when the processed code has defects. In contrast, while more security checks are generally accepted when processing data directly input by a front-end user, data read from memcached is more likely to be considered trusted by a developer or passed security checks, and thus more likely to cause security problems.
The unauthorized access vulnerability of the elasticsearch means that if the port of the elasticsearch does not realize login authentication, the risk of data theft and data loss may occur.
Optionally, the step of returning the vulnerability information of different access vulnerability types further includes: if the access vulnerability type is a zookeeper unauthorized access vulnerability, returning zookeeper vulnerability information; and if the access vulnerability type is the CouchDB unauthorized access vulnerability, returning CouchDB vulnerability information.
In the embodiment of the invention, the Zookeeper unauthorized access vulnerability refers to the fact that under a default open port of a Zookeeper, no identity authentication is needed under a default condition after the Zookeeper is installed and deployed, so that an attacker can remotely utilize the Zookeeper, collect sensitive information through a server or destroy the Zookeeper cluster, and the attacker can execute all commands which are only allowed to be run by an administrator.
The unauthorized access vulnerability of the CouchDB means that if the CouchDB database is not configured properly, the CouchDB database can be utilized maliciously by an attacker, the attacker can access internal data without authentication, sensitive information is leaked, meanwhile, the attacker can also clean all data maliciously, and the attacker can directly execute a system command by configuring a custom function.
Optionally, the step of returning the vulnerability information of different access vulnerability types further includes: if the access vulnerability type is a docker unauthorized access vulnerability, returning docker vulnerability information; and if the access vulnerability type is a Hadoop unauthorized access vulnerability, returning Hadoop vulnerability information.
In the embodiment of the invention, a docker unauthorized access vulnerability, namely a docker remomote API unauthorized access vulnerability, is mainly used for replacing a command line interface, dcokerswar is a local cluster of distributed application under the docker, and when a monitoring container is opened, the API is called, so that the docker cluster management and expansion are facilitated.
Hadoop is a distributed system infrastructure developed by an Apache foundation, and Hadoop unauthorized access vulnerability refers to that an attacker can operate data under multiple directories through a command line, such as deleting, downloading, directory browsing, even command execution and the like, because a server directly opens a web port and a part of default service ports of a Hadoop machine HDFS.
And S108, performing unauthorized access vulnerability verification on each row of IP addresses based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result.
In the embodiment of the present invention, the preset vulnerability detection base may be an unauthorized access vulnerability POC code base, and performs unauthorized access vulnerability verification on each row of IP addresses by combining the response information and the unauthorized access vulnerability POC codes.
Optionally, after performing unauthorized access vulnerability verification on each row of IP addresses based on the response information and the preset vulnerability detection library to obtain an access vulnerability verification result, the vulnerability detection method further includes: and exporting all the access vulnerability verification results to a specified file.
In the embodiment of the invention, all the access vulnerability verification results can be exported to the specified result file, and the results are generated uniformly.
According to the embodiment of the invention, through the unauthorized access vulnerability detection framework, different types of unauthorized access vulnerabilities can be detected rapidly in batches, and the working efficiency of unauthorized access vulnerability detection is improved.
Example two
Fig. 2 is a flowchart of another alternative access vulnerability detection method according to an embodiment of the present invention, as shown in fig. 2, an IP address and a port to be detected may be imported into a designated file, the format of the IP address and the port is IP colon plus port, an HTTP request is sent to each URL by converting the IP port into URL, a response packet of the server is obtained, then unauthorized access vulnerability verification is performed on each line of IP address by combining with a vulnerability POC code, each type of unauthorized access vulnerability is sequentially verified, whether there is a redis unauthorized access vulnerability is determined, if there is a vulnerability, redis detailed information is returned, whether there is a mongodb unauthorized access vulnerability is determined, if there is a vulnerability, mongodb detailed information is returned, whether there is a memcached unauthorized access vulnerability is determined, if there is a vulnerability, memcached detailed information is returned, whether there is an electrophoretic search unauthorized access vulnerability is determined, if a bug exists, returning detailed information of an elasticsearch, judging whether a zookeeper unauthorized access bug exists, if the bug exists, returning detailed information of the zookeeper, judging whether a CouchDB unauthorized access bug exists, if the bug exists, returning detailed information of the CouchDB, judging whether a docker unauthorized access bug exists, if the bug exists, returning detailed information of the docker, judging whether a Hadoop unauthorized access bug exists, if the bug exists, returning detailed information of the Hadoop, and then outputting an unauthorized access bug result.
According to the embodiment of the invention, through the unauthorized access vulnerability detection framework, eight types of unauthorized access vulnerabilities can be detected rapidly in batches, and the unauthorized access vulnerability detection work efficiency is improved.
EXAMPLE III
The streak detection device for video images provided in this embodiment includes a plurality of implementation units, and each implementation unit corresponds to each implementation step in the first embodiment.
Fig. 3 is a schematic diagram of an access vulnerability detection apparatus according to an embodiment of the present invention, and as shown in fig. 3, the detection apparatus may include: a receiving unit 30, a converting unit 32, a transmitting unit 34, an authenticating unit 36, wherein,
the receiving unit 30 is configured to receive an address file, where the address file includes a plurality of rows of IP addresses and ports to be detected, and the IP addresses and the corresponding ports are stored according to a preset format;
a conversion unit 32 for converting the IP address and port into a uniform resource locator URL;
a sending unit 34, configured to send an HTTP request to the server side based on each URL, where the server side queries corresponding response information according to the HTTP request after receiving the HTTP request;
and the verification unit 36 is configured to perform unauthorized access vulnerability verification on each row of IP addresses based on the response information and the preset vulnerability detection library to obtain an access vulnerability verification result.
The detection device can receive an address file through the receiving unit 30, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, the IP addresses and the corresponding ports are stored according to a preset format, then the IP addresses and the ports are converted into Uniform Resource Locators (URLs) through the converting unit 32, then based on each URL, an HTTP request is sent to the server through the sending unit 34, after the server receives the HTTP request, corresponding response information is inquired according to the HTTP request, and finally based on the response information and a preset vulnerability detection library, unauthorized vulnerability access verification is carried out on each row of IP addresses through the verifying unit 36, and an access vulnerability verification result is obtained. In the embodiment, based on the unauthorized access vulnerability detection framework, the unauthorized access vulnerabilities can be rapidly detected in batches, the working efficiency of vulnerability detection is improved, and the technical problem that the unauthorized access vulnerabilities cannot be rapidly detected in batches in the related technology is solved.
Optionally, the vulnerability detection apparatus further includes: the first receiving module is used for receiving response information of the server after the HTTP request is sent to the server based on each URL; the first judgment module is used for judging whether the HTTP request is a normal access request or not based on the response information; the first returning module is used for returning a normal request result if the HTTP request is a normal access request; and the second returning module is used for returning the vulnerability information of different access vulnerability types if the HTTP request is an abnormal access request.
Optionally, the second returning module includes: the first return submodule is used for returning redis vulnerability information if the access vulnerability type is a redis unauthorized access vulnerability; and the second return sub-module is used for returning the mongodb vulnerability information if the access vulnerability type is mongodb unauthorized access vulnerability.
Optionally, the second returning module further includes: the third returning submodule is used for returning memcached vulnerability information if the access vulnerability type is memcached unauthorized access vulnerability; and the fourth returning submodule is used for returning the vulnerability information of the elasticsearch if the access vulnerability type is an unauthorised access vulnerability of the elasticsearch.
Optionally, the second returning module further includes: a fifth returning submodule, configured to return zookeeper vulnerability information if the access vulnerability type is a zookeeper unauthorized access vulnerability; and the sixth returning submodule is used for returning the CouchDB vulnerability information if the access vulnerability type is the CouchDB unauthorized access vulnerability.
Optionally, the second returning module further includes: the seventh returning submodule is used for returning the docker vulnerability information if the access vulnerability type is the docker unauthorized access vulnerability; and the eighth returning submodule is used for returning Hadoop vulnerability information if the access vulnerability type is a Hadoop unauthorized access vulnerability.
Optionally, the vulnerability detection apparatus further includes: and the first export module is used for exporting all the access vulnerability verification results to a specified file after carrying out unauthorized access vulnerability verification on each row of IP addresses based on the response information and a preset vulnerability detection library to obtain access vulnerability verification results.
The above-mentioned access hole detection apparatus may further include a processor and a memory, where the above-mentioned receiving unit 30, the converting unit 32, the sending unit 34, the verifying unit 36, and the like are all stored in the memory as program units, and the processor executes the above-mentioned program units stored in the memory to implement corresponding functions.
The processor comprises a kernel, and the kernel calls a corresponding program unit from the memory. The kernel can be set to be one or more, and unauthorized access vulnerability verification is carried out on each row of IP addresses by adjusting kernel parameters to obtain an access vulnerability verification result.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: the method comprises the steps of receiving an address file, converting an IP address and a port into Uniform Resource Locators (URLs), sending an HTTP request to a server side based on each URL, and finally performing unauthorized access vulnerability verification on each row of IP addresses based on response information and a preset vulnerability detection library to obtain an access vulnerability verification result.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including: a processor; and a memory for storing executable instructions for the processor; wherein the processor is configured to perform any one of the above described access vulnerability detection methods via execution of executable instructions.
According to another aspect of the embodiments of the present invention, a computer-readable storage medium is further provided, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute any one of the above access hole detection methods.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. An access vulnerability detection method, comprising:
receiving an address file, wherein the address file comprises a plurality of rows of IP addresses and ports to be detected, and the IP addresses and the corresponding ports are stored according to a preset format;
converting the IP address and port to a Uniform Resource Locator (URL);
based on each URL, sending an HTTP request to a server side, wherein the server side inquires corresponding response information according to the HTTP request after receiving the HTTP request;
and performing unauthorized access vulnerability verification on the IP address of each row based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result.
2. The vulnerability detection method of claim 1, wherein after sending an HTTP request to a server based on each URL, the vulnerability detection method further comprises:
receiving response information of the server;
judging whether the HTTP request is a normal access request or not based on the response information;
if the HTTP request is a normal access request, returning a normal request result;
and if the HTTP request is an abnormal access request, returning vulnerability information of different access vulnerability types.
3. The vulnerability detection method of claim 2, wherein the step of returning vulnerability information for different access vulnerability types comprises:
if the access vulnerability type is a redis unauthorized access vulnerability, returning redis vulnerability information;
and if the access vulnerability type is the mongodb unauthorized access vulnerability, returning mongodb vulnerability information.
4. The vulnerability detection method of claim 2, wherein the step of returning vulnerability information for different access vulnerability types further comprises:
if the access vulnerability type is a memcached unauthorized access vulnerability, returning memcached vulnerability information;
and if the access vulnerability type is an illegal access vulnerability, returning the illegal access vulnerability information.
5. The vulnerability detection method of claim 2, wherein the step of returning vulnerability information for different access vulnerability types further comprises:
if the access vulnerability type is a zookeeper unauthorized access vulnerability, returning zookeeper vulnerability information;
and if the access vulnerability type is the CouchDB unauthorized access vulnerability, returning CouchDB vulnerability information.
6. The vulnerability detection method of claim 2, wherein the step of returning vulnerability information for different access vulnerability types further comprises:
if the access vulnerability type is a docker unauthorized access vulnerability, returning docker vulnerability information;
and if the access vulnerability type is a Hadoop unauthorized access vulnerability, returning Hadoop vulnerability information.
7. The vulnerability detection method according to claim 1, wherein after performing unauthorized access vulnerability verification on the IP addresses of each row based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result, the vulnerability detection method further comprises:
and exporting all the access vulnerability verification results to a specified file.
8. An access vulnerability detection apparatus, comprising:
the device comprises a receiving unit, a processing unit and a processing unit, wherein the receiving unit is used for receiving an address file, the address file comprises a plurality of rows of IP addresses and ports to be detected, and the IP addresses and the corresponding ports are stored according to a preset format;
a conversion unit for converting the IP address and the port into a Uniform Resource Locator (URL);
the sending unit is used for sending an HTTP request to the server side based on each URL, wherein the server side inquires corresponding response information according to the HTTP request after receiving the HTTP request;
and the verification unit is used for carrying out unauthorized access vulnerability verification on the IP address of each row based on the response information and a preset vulnerability detection library to obtain an access vulnerability verification result.
9. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the access vulnerability detection method of any of claims 1 to 7 via execution of the executable instructions.
10. A computer-readable storage medium, comprising a stored computer program, wherein when the computer program runs, the computer-readable storage medium controls a device to execute the access hole detection method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110846886.1A CN113596014A (en) | 2021-07-26 | 2021-07-26 | Access vulnerability detection method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110846886.1A CN113596014A (en) | 2021-07-26 | 2021-07-26 | Access vulnerability detection method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113596014A true CN113596014A (en) | 2021-11-02 |
Family
ID=78250230
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110846886.1A Pending CN113596014A (en) | 2021-07-26 | 2021-07-26 | Access vulnerability detection method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113596014A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244581A (en) * | 2021-11-29 | 2022-03-25 | 西安四叶草信息技术有限公司 | Cache poisoning vulnerability detection method and device, electronic equipment and storage medium |
| CN116996254A (en) * | 2023-06-25 | 2023-11-03 | 上海计算机软件技术开发中心 | Method and system for automatically mining loopholes of vehicle-mounted information entertainment system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778280A (en) * | 2016-11-02 | 2017-05-31 | 北京知道未来信息技术有限公司 | A kind of long-range leak PoC write methods of filled type and leak detection method |
| CN108769063A (en) * | 2018-06-26 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of method and device of automatic detection WebLogic known bugs |
-
2021
- 2021-07-26 CN CN202110846886.1A patent/CN113596014A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106778280A (en) * | 2016-11-02 | 2017-05-31 | 北京知道未来信息技术有限公司 | A kind of long-range leak PoC write methods of filled type and leak detection method |
| CN108769063A (en) * | 2018-06-26 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of method and device of automatic detection WebLogic known bugs |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114244581A (en) * | 2021-11-29 | 2022-03-25 | 西安四叶草信息技术有限公司 | Cache poisoning vulnerability detection method and device, electronic equipment and storage medium |
| CN114244581B (en) * | 2021-11-29 | 2024-03-29 | 西安四叶草信息技术有限公司 | Cache poisoning vulnerability detection method and device, electronic equipment and storage medium |
| CN116996254A (en) * | 2023-06-25 | 2023-11-03 | 上海计算机软件技术开发中心 | Method and system for automatically mining loopholes of vehicle-mounted information entertainment system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10574698B1 (en) | Configuration and deployment of decoy content over a network | |
| US10291631B2 (en) | System for testing computer application | |
| US20190354709A1 (en) | Enforcement of same origin policy for sensitive data | |
| JP6559694B2 (en) | Automatic SDK acceptance | |
| CN111294345B (en) | Vulnerability detection method, device and equipment | |
| US20230388344A1 (en) | Deceiving attackers accessing active directory data | |
| US10992656B2 (en) | Distributed profile and key management | |
| US12039048B2 (en) | System and method for automatic generation of malware detection traps | |
| Palmieri et al. | MQTTSA: A tool for automatically assisting the secure deployments of MQTT brokers | |
| EP4309062A1 (en) | Cybersecurity system | |
| Srinivasa et al. | Open for hire: Attack trends and misconfiguration pitfalls of iot devices | |
| CN109861968A (en) | Resource access control method, device, computer equipment and storage medium | |
| Jammalamadaka et al. | Delegate: A proxy based architecture for secure website access from an untrusted machine | |
| Kellezi et al. | Securing Open Banking with Model‐View‐Controller Architecture and OWASP | |
| CN116484338A (en) | Database access method and device | |
| CN114024751B (en) | Application access control method and device, computer equipment and storage medium | |
| Erba et al. | Security analysis of vendor implementations of the OPC UA protocol for industrial control systems | |
| CN116346381A (en) | Attack success identification method and protection system | |
| CN113596014A (en) | Access vulnerability detection method and device and electronic equipment | |
| CN111800390A (en) | Abnormal access detection method, device, gateway equipment and storage medium | |
| US20200213322A1 (en) | Monitoring and preventing outbound network connections in runtime applications | |
| Karamanos | Investigation of home router security | |
| CN117254977B (en) | Network security monitoring method and system and storage medium | |
| Kolehmainen | Security of firmware update mechanisms within SOHO routers | |
| Radholm et al. | Ethical Hacking of an IoT-device: Threat Assessment and Penetration Testing: A Survey on Security of a Smart Refrigerator |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211102 |
|
| RJ01 | Rejection of invention patent application after publication |