CN108574742B - Domain name information collection method and domain name information collection device - Google Patents
Domain name information collection method and domain name information collection device Download PDFInfo
- Publication number
- CN108574742B CN108574742B CN201710142641.4A CN201710142641A CN108574742B CN 108574742 B CN108574742 B CN 108574742B CN 201710142641 A CN201710142641 A CN 201710142641A CN 108574742 B CN108574742 B CN 108574742B
- Authority
- CN
- China
- Prior art keywords
- domain name
- sub
- domain
- root
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000001514 detection method Methods 0.000 claims abstract description 104
- 230000004044 response Effects 0.000 claims abstract description 55
- 230000005540 biological transmission Effects 0.000 claims description 38
- 230000009193 crawling Effects 0.000 claims description 16
- 230000010354 integration Effects 0.000 claims description 11
- 238000012216 screening Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 27
- 238000012360 testing method Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A method and a device for collecting domain name information are provided, and the method in one embodiment comprises the following steps: detecting the sub-domain name of the root domain name by adopting a preset sub-domain name detection mode to obtain a first sub-domain name of the root domain name; sending a first query request to a domain name information source database; receiving a first query response returned by the domain name information source database, wherein the first query response comprises user information which is queried in the domain name information source database and is associated with the root domain name and the first sub-domain name; sending a second query request to a domain name information source database, wherein the second query request comprises the user information; receiving a second query response returned by the domain name information source database, wherein the second query response comprises a second sub-domain name which is queried in the domain name information source database and is associated with the user information; and integrating the root domain name, the first sub-domain name and the second sub-domain name to obtain the collected domain name information. According to the scheme, the sub-domain names can be collected more comprehensively, and therefore the safety can be improved.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a domain name information collecting method and a domain name information collecting apparatus.
Background
The domain name is used as an interface for providing WEB service for an enterprise, and is often an entrance for hacking, so that all domain names used by the enterprise can be known by collecting domain name information, and vulnerability scanning is carried out in an all-around manner without dead corners, thereby discovering vulnerabilities in time and improving the safety performance. At present, when Domain Name information is collected, modes such as sub-Domain Name enumeration, IP reverse lookup, Passive DNS (Domain Name System), crawler extraction and the like are generally adopted, however, the Domain Name information collection mode has a single function, only sub-Domain names can be collected, the sub-Domain Name collection latitude is small, the collected information is incomplete, and thus safety hazard is easy to exist.
Disclosure of Invention
Based on this, it is necessary to provide a domain name information collecting method and a domain name information collecting apparatus.
The following technical scheme is adopted in one embodiment:
a domain name information collection method includes the steps:
detecting the sub-domain name of the root domain name by adopting a preset sub-domain name detection mode to obtain a first sub-domain name of the root domain name;
sending a first query request to a domain name information source database, wherein the first query request comprises the root domain name and the first sub-domain name;
receiving a first query response returned by the domain name information source database, wherein the first query response comprises the user information which is queried in the domain name information source database and is associated with the root domain name and the first sub-domain name;
sending a second query request to the domain name information source database, wherein the second query request comprises the user information;
receiving a second query response returned by the domain name information source database, wherein the second query response comprises a second sub-domain name which is queried in the domain name information source database and is associated with the user information;
and integrating the root domain name, the first sub-domain name and the second sub-domain name to obtain the collected domain name information.
A domain name information collecting apparatus comprising:
the sub-domain detection module is used for detecting the sub-domain of the root domain by adopting a preset sub-domain detection mode to obtain a first sub-domain of the root domain;
a first query module, configured to send a first query request to a domain name information source database, where the first query request includes the root domain name and the first sub-domain name, and receive a first query response returned by the domain name information source database, where the first query response includes user information associated with the root domain name and the first sub-domain name, which is queried by the domain name information source database;
a second query module, configured to send a second query request to the domain name information source database, where the second query request includes the user information, and receive a second query response returned by the domain name information source database, where the second query response includes a second sub-domain name associated with the user information and queried by the domain name information source database;
and the integration module is used for integrating the root domain name, the first sub-domain name and the second sub-domain name to obtain the collected domain name information.
According to the scheme in the embodiment, after the first sub-domain name of the root domain name is obtained through the sub-domain name detection mode, the user information associated with the first sub-domain name is obtained through the domain name information source database query, the second sub-domain name associated with the user information is obtained through the domain name information source database query, and then the root domain name, the first sub-domain name and the second sub-domain name are integrated to obtain the collected domain name information.
Drawings
FIG. 1 is a flow diagram that illustrates a method for domain name information collection, in one embodiment;
FIG. 2 is a schematic diagram illustrating a specific example of a process for detecting and obtaining a sub-domain name;
FIG. 3 is a schematic diagram illustrating a process for detecting and obtaining a sub-domain name in another specific example;
FIG. 4 is a schematic diagram illustrating a process for detecting and obtaining a sub-domain name in another specific example;
FIG. 5 is a functional schematic diagram of the embodiment in an application example;
FIG. 6 is a schematic diagram of the basic flow of the embodiment in an application example;
FIG. 7 is a schematic diagram of a node/node map of collected domain name information in an example application;
fig. 8 is a schematic configuration diagram of a domain name information collecting apparatus in one embodiment;
fig. 9 is a schematic diagram of a structure of a sub-domain name detection module in a specific example;
FIG. 10 is a schematic diagram of an application environment in one embodiment;
FIG. 11 is a schematic diagram of an application environment in another embodiment;
fig. 12 is a schematic diagram of the composition structure of the server applied in the embodiment.
Detailed Description
To facilitate an understanding of the invention, the relevant embodiments will now be described more fully with reference to the accompanying drawings. Preferred embodiments of the present invention are shown in the drawings. It is to be understood that the embodiments of the present invention may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, which are intended to be illustrative only and should not be construed as limiting the scope of the invention. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "or/and" includes any and all combinations of one or more of the associated listed items.
Fig. 1 is a schematic flowchart illustrating a method for collecting domain name information in an embodiment, where as shown in fig. 1, the method for collecting domain name information in the embodiment includes:
step S101: detecting the sub-domain name of the root domain name by adopting a preset sub-domain name detection mode to obtain a first sub-domain name of the root domain name;
step S102: sending a first query request to a domain name information source database, wherein the first query request comprises the root domain name and the first sub-domain name;
step S103: receiving a first query response returned by the domain name information source database, wherein the first query response comprises the user information which is queried in the domain name information source database and is associated with the root domain name and the first sub-domain name;
step S104: sending a second query request to the domain name information source database, wherein the second query request comprises the user information;
step S105: receiving a second query response returned by the domain name information source database, wherein the second query response comprises a second sub-domain name which is queried in the domain name information source database and is associated with the user information;
step S106: and integrating the root domain name, the first sub-domain name and the second sub-domain name to obtain the collected domain name information.
According to the scheme in the embodiment, after the first sub-domain name of the root domain name is obtained through the sub-domain name detection mode, the user information associated with the first sub-domain name is obtained through the domain name information source database query, the second sub-domain name associated with the user information is obtained through the domain name information source database query, and then the root domain name, the first sub-domain name and the second sub-domain name are integrated to obtain the collected domain name information.
In the step S101, when the sub-domain name of the root domain name is detected to obtain the first sub-domain name of the root domain name, the adopted predetermined sub-domain name detection mode may be performed in any possible mode. In one example, search engine search, DNS server query, HTTPS certificate query, dictionary enumeration, DNS domain transfer vulnerability detection, etc. may be used in various possible ways.
When the search engine search is used for the detection, the following method can be used in a specific example: sending a sub-domain name search request to a predetermined search engine, wherein the sub-domain name search request comprises keywords of the root domain name; and receiving a sub-domain search response returned by the preset search engine, performing regular expression matching on the sub-domain search response, matching the sub-domain of the root domain, and obtaining a sub-domain search result.
When the DNS server query is used for the detection, the following method may be used in a specific example: sending a DNS query command to a local DNS server, wherein the DNS query command comprises the root domain name; receiving a DNS query response returned by the local DNS server, wherein the DNS query response comprises a sub-domain name of the root domain name queried by the local DNS server, and acquiring a sub-domain name DNS query result;
when detecting by means of HTTPS certificate inquiry, the following may be used in a specific example: inquiring to obtain an HTTPS certificate transparency report of the root domain name, determining a sub-domain name of the root domain name according to the HTTPS certificate transparency report, and obtaining a sub-domain name transparency inquiry result;
when the detection is performed by means of dictionary enumeration, the following method may be used in a specific example: acquiring a common sub-domain name dictionary; enumerating the sub domain names in the common sub domain name dictionary, enumerating the sub domain names of the root domain name, and obtaining a sub domain name enumeration result;
when detecting by using a DNS domain transmission vulnerability detection method, the following method may be used in a specific example: and detecting whether a target system corresponding to the root domain name has a DNS domain transmission vulnerability, and detecting a sub-domain name of the root domain name by using the DNS domain transmission vulnerability when detecting that the DNS domain transmission vulnerability exists, so as to obtain a sub-domain name transmission vulnerability detection result.
It can be understood that, in the above-mentioned various manners, such as search engine search, DNS server query, HTTPS certificate query, dictionary enumeration, DNS domain transfer vulnerability detection, etc., may be selected in combination with actual technical requirements.
And under the condition of selecting one of the sub-domain name search results, the sub-domain name DNS query results, the sub-domain name transparency query results, the sub-domain name enumeration results and the sub-domain name transmission vulnerability detection results, initially detecting the sub-domain name, wherein the initially detected sub-domain name is used as the first sub-domain name. For example, if the HTTPS certificate query mode is selected, the sub-domain name transparency query result is used as the initial probing sub-domain name.
In order to detect the sub-domain name more comprehensively, in a specific application example, the sub-domain name may be detected by any combination of search engine search, DNS server query, HTTPS certificate query, dictionary enumeration, DNS domain transmission vulnerability detection, and the like, at this time, an integrated result of any combination of the sub-domain name search result, the sub-domain name DNS query result, the sub-domain name transparency query result, the sub-domain name enumeration result, and the sub-domain name transmission vulnerability detection result is used as an initial detection sub-domain name, and the initial detection sub-domain name is used as the first sub-domain name. For example, when three ways of search engine search, DNS server query, and HTTPS certificate query are selected, the integrated result of the sub-domain name search result, the sub-domain name DNS query result, and the sub-domain name transparency query result is used as the initial detection sub-domain name. It can be understood that, from the perspective of comprehensive detection, detection may be performed in all manners of search engine search, DNS server query, HTTPS certificate query, dictionary enumeration, DNS domain transmission vulnerability detection, and the like, so that the integrated result of the sub-domain name search result, the sub-domain name DNS query result, the sub-domain name transparency query result, the sub-domain name enumeration result, and the sub-domain name transmission vulnerability detection result is used as the initial detection sub-domain name. The purpose of integration is to filter out the same sub-domain names in the results obtained by various detection modes, thereby avoiding data redundancy caused by the repetition of factor domain name information.
As described above, the initial probing sub-domain name obtained above may be directly used as the first sub-domain name. In some application examples, the initial probing sub-domain name may be further processed and then used as the first sub-domain name.
For example, fig. 2 shows a schematic flow chart of detecting and obtaining a sub-domain name in an example, as shown in fig. 2, in this example, after obtaining an initial detection sub-domain name, a first sub-domain name may be obtained in the following manner:
performing domain name resolution on each initial detection sub-domain name to obtain IP address information of each initial detection sub-domain name;
screening out content distribution network IP address information in the IP address information to obtain screened IP address information;
and performing IP back check on the screened IP address information to obtain a back-checked sub-domain name, wherein the obtained back-checked sub-domain name is the first sub-domain name.
Therefore, the content distribution network IP address information can be screened out, the corresponding content distribution network domain name information can be further screened out, and the accuracy of the obtained sub-domain names is further improved.
Fig. 3 is a schematic flow chart illustrating a process of detecting and obtaining a sub-domain name in another example, as shown in fig. 3, in this example, after obtaining an initial detecting sub-domain name, a first sub-domain name may be obtained in the following manner:
crawling a page corresponding to each initial detection sub-domain name;
analyzing the obtained crawled page to obtain a sub domain name in the page;
and integrating the initial detection sub-domain name and the sub-domain name in the page to obtain the first sub-domain name.
Therefore, after the initial detection sub-domain names are obtained, the sub-domain names in the page of the initial detection sub-domain names are further obtained, and the sub-domain names can be further and comprehensively detected.
In another example, the above two manners may be combined, and fig. 4 shows a schematic flow chart of obtaining the sub-domain name based on the detection of this example, as shown in fig. 4, in this example, after obtaining the initial detection sub-domain name, the first sub-domain name is obtained in the following manner:
performing domain name resolution on each initial detection sub-domain name to obtain IP address information of each initial detection sub-domain name;
screening out content distribution network IP address information in the IP address information to obtain screened IP address information;
performing IP back check on the screened IP address information to obtain a back-checked sub domain name;
crawling the page corresponding to each sub-domain name after back-check; analyzing the obtained crawled page to obtain a sub domain name in the page;
and integrating the sub domain names after the reverse check and the sub domain names in the page to obtain the first sub domain name.
Therefore, the comprehensiveness of the detected sub-domain name can be improved, and meanwhile, the accuracy of the obtained sub-domain name can be further improved.
The domain name information source database refers to a database storing domain names and related information thereof, where the related information includes user information, such as registrars, dockers, and the like. The specific type of the domain name information source database may be set according to actual needs, and may be any one or any combination of a website record information database, a whois database, and an open source code hosting website, for example.
In an application example, after the domain name information is collected, the collected domain name information may be displayed in a node/relationship graph manner, so as to more intuitively display the collected domain name information. When the collected domain name information is displayed in the node/node diagram manner, any possible manner may be adopted, for example, the collected domain name information may be sent to the Neo4j database server, Neo4j may be used as a high-performance NOSQL graph database, and structured data may be stored on the network instead of a table, so that the collected domain name information may be efficiently displayed in the structured graph manner of the node/node diagram.
Based on the embodiments described above, the following detailed description is made in conjunction with one of application examples. Fig. 5 shows a functional principle schematic diagram of the scheme of the embodiment in the application example, and fig. 6 shows a basic flow principle schematic diagram of the scheme of the embodiment in the application example.
With reference to fig. 5 and fig. 6, in the implementation of the scheme of this embodiment, for a root domain name that needs to collect domain name information, various possible sub-domain name detection methods are first adopted to detect and obtain a sub-domain name.
In one of the ways, the detection can be performed by means of search engine search. The specific mode can be as follows: a sub-domain name search request is first sent to a predetermined search engine, the sub-domain name search request including keywords of a root domain name. The predetermined search engine may be any available search engine that exists at present and may appear later, and it is understood that, because there are many search engines, a sub-domain name search request may be sent to only one of the search engines, or to a plurality of different search engines. Com, site: test.com may be included in the sub-domain name search request, assuming that all sub-domain names collecting the root domain name test.com need to be searched. And then receiving a sub-domain search response returned by a preset search engine, performing regular expression matching on the sub-domain search response, matching the sub-domain of the root domain, and obtaining a sub-domain search result. When the sub-domain search request is sent to a plurality of search engines, the sub-domain search result may be a sub-domain search result corresponding to a sub-domain search response returned by the plurality of search engines, or a sub-domain matched with the sub-domain search response of each search engine may be integrated after the sub-domain search response returned by the plurality of search engines is received, so as to obtain the sub-domain search result.
Alternatively, probing may be performed by way of a DNS server query. The specific mode can be as follows: sending a DNS query command to a local DNS server, wherein the DNS query command comprises the root domain name; and receiving a DNS query response returned by the local DNS server, wherein the DNS query response comprises the sub domain name of the root domain name queried by the local DNS server, and acquiring a sub domain name DNS query result. Here, the DNS query command may be in any possible command form, for example, a command such as nslookup-qt ═ any example. Com, the DNS query command may be in the form of nslookup-qt ═ any test. The sub-domain name of the root domain name queried by the local DNS server may be a sub-domain name of the root domain name obtained by performing DNS domain name resolution by the local DNS server through an MX record (mail routing record) or a CNAME record (alias record).
In another way, detection can be performed by means of HTTPS certificate query, that is, a sub-domain name for obtaining the root domain name can be queried through a transparency report of an HTTPS certificate. The method specifically comprises the following steps: and inquiring to obtain an HTTPS certificate transparency report of the root domain name, determining a sub-domain name of the root domain name according to the HTTPS certificate transparency report, and obtaining a sub-domain name transparency inquiry result. The method for querying the transparency report of the https certificate can be carried out in any possible method existing at present.
Alternatively, the probing may be performed by dictionary enumeration. The method specifically comprises the following steps: acquiring a common sub-domain name dictionary; enumerating the sub domain names in the common sub domain name dictionary, enumerating the sub domain names in the root domain name dictionary, and obtaining a sub domain name enumeration result. Those skilled in the art will understand that, by way of enumeration, possible sub-domain names may be guessed, for example, assuming that sub-domain names of the root domain name test.com need to be collected, a.test.com, b.test.com, c.test.com, etc. may be tried in sequence, so as to enumerate the sub-domain names in which the root domain name exists.
In another mode, a DNS domain transfer vulnerability detection mode may be adopted for detection, and the specific mode may be: and detecting whether a target system corresponding to the root domain name has the DNS domain transmission loophole, and detecting the sub-domain name of the root domain name by using the DNS domain transmission loophole when detecting that the DNS domain transmission loophole exists, so as to obtain a sub-domain name transmission loophole detection result. The specific way of detecting whether the target system corresponding to the root domain name has the DNS domain transmission vulnerability may be performed in any possible way, for example, an attempt is made through a script of the DNS domain transmission vulnerability, and the sub-domain name information can be correctly returned, which proves that the vulnerability exists. Com, assuming that the sub-domain name of the root domain name test needs to be collected, the way of using the DNS domain to transmit the sub-domain name of the vulnerability detection root domain name in one application example may be: firstly, setting a search type as DNS, and searching a domain name server corresponding to a host domain. Or the nslookup can be directly typed into the interaction mode, and then set through set type ns.
Com, by setting key C: \ > nslookup-qa ═ ns test, a similar result is returned as follows:
Server:bogon
Address:172.16.162.2
Non-authoritative answer:
test.com nameserver=ns66.worldnic.com
test.com nameserver=ns65.worldnic.com
the interaction mode can then be entered using the nslookup command, which changes the default server to the domain name server just queried by the command > server ═ ns66. Com may then list all DNS records on the server by command > ls-d test. The associated sub-domain name is obtained based on the DNS record.
Based on the various ways described above, many sub-domain names have been obtained, which are denoted as initial probing sub-domain names in this embodiment. Because a plurality of different detection modes are adopted for detection, the detected sub-domain names may include repeated sub-domain names, and therefore, after the sub-domain name search results, the sub-domain name DNS query results, the sub-domain name transparency query results, the sub-domain name enumeration results and the sub-domain name transmission vulnerability detection results are integrated, the integrated result (i.e., the sub-domain name obtained after integration) is recorded as the initial detection sub-domain name. In the following description of the examples, the initial sounding subfield names are used as an example for the sake of convenience of description.
The obtained initial detection sub-domain name actually includes a plurality of sub-domain names, and on the basis, domain name resolution is performed on the initial detection sub-domain name to obtain ip (internet protocol) address information of each initial detection sub-domain name. The specific way of domain name resolution (DNS resolution) can be done in any possible way, e.g. nslookup test.
And then, after information such as CDN (content delivery network) information and the like in the IP address information is screened, the screened IP address information is obtained. And then, performing IP reverse check on the screened IP address information to obtain the sub-domain name after the IP reverse check, which is called as the sub-domain name after the reverse check in this embodiment. When performing the IP back-check, any possible method that exists at present can be adopted, for example: the DNS database performs reverse lookup, has an IP reverse lookup domain name interface, uses system commands (nslookup 64.233.189.113 and host64.233.189.113) for query, and the like, which is not specifically limited in this embodiment.
After the sub domain names after the reverse check are obtained, crawling pages corresponding to the sub domain names after the reverse check by using a crawler; and analyzing the page obtained by crawling to obtain the sub domain name in the page. The specific crawling manner of the crawler may be performed by any available manner, and is not specifically limited in this embodiment.
The obtained sub-domain name in the page is referred to as a first sub-domain name in this embodiment, and is also referred to as a sub-domain name detection result, so as to be distinguished from the sub-domain name queried from the domain name information source database. The obtained first sub-domain name may be stored in a database.
As shown in fig. 5 and fig. 6, in combination with the obtained first sub-domain name, the domain name information source database may be queried, where the domain name information source database is a database storing domain names and related information thereof, where the related information includes user information, such as registrants, dockets, and the like. The specific type of the domain name information source database may be set according to actual needs, and may be any one or any combination of a website record information database (a record database that requires the owner of the website to apply for the relevant department according to relevant laws and regulations, such as a database recorded by ICP and a database recorded by police department), a whois database (a database of a transmission protocol for inquiring about information such as IP of a domain name and the owner, that is, a database for inquiring whether the domain name is registered and registering detailed information of the domain name (such as a domain name owner and a domain name registrar)), and an open source code hosting website, for example.
In a specific application example, a first query request may be first sent to a domain name information source database, where the first query request includes the root domain name and the first sub-domain name, and then a first query response returned by the domain name information source database is received, where the first query response includes user information associated with the root domain name and the first sub-domain name, which is queried in the domain name information source database. The domain name information source database may include at least one of a website record information database, a whois database, and an open source code hosting website. Therefore, user information related to the first sub-domain name can be obtained by querying from the domain name information source database, for example, docker information of a root domain name or a sub-domain name in the website docket information database, registrant information of the root domain name or the sub-domain name in the whois database, related personnel information of the related root domain name or the sub-domain name searched in the open source code hosting website, and the like.
And then, sending a second query request to the domain name information source database, wherein the second query request comprises the queried user information, and then receiving a second query response returned by the domain name information source database, wherein the second query response comprises a second sub-domain name which is queried in the domain name information source database and is associated with the user information. It can be understood that the second sub-domain name is actually a domain name registered by the user corresponding to the user information at the same time, and the domain name is a brother domain name of the root domain name and the sub-domain name, so that a corresponding brother domain name can be obtained through query.
And then, integrating the root domain name, the first sub-domain name and the second sub-domain name to obtain the collected domain name information and obtain a final domain name information collection result. In the integration, it can be carried out in any possible manner.
The finally obtained domain name information can be displayed in a node/relation graph mode, so that the collected domain name information can be displayed more intuitively. When the collected domain name information is displayed in the node/node diagram manner, any possible manner may be adopted, for example, the collected domain name information may be sent to the Neo4j database server, Neo4j may be used as a high-performance NOSQL graph database, and structured data may be stored on the network instead of a table, so that the collected domain name information may be efficiently displayed in the structured graph manner of the node/node diagram. Com, fig. 7 shows a schematic diagram of a node/node map of collected domain name information in one example, taking as an example the sub-domain name of the root domain name test.
It will be understood by those skilled in the art that all or part of the processes in the methods of the embodiments described above may be implemented by a computer program, which is stored in a non-volatile computer readable storage medium, and in the embodiments of the present invention, the program may be stored in the storage medium of a computer system and executed by at least one processor in the computer system to implement the processes of the embodiments including the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Based on the same idea as the above method, fig. 8 shows a schematic configuration diagram of a domain name information collecting apparatus in one embodiment. As shown in fig. 8, the apparatus in this embodiment includes:
a sub-domain name detection module 801, configured to detect a sub-domain name of the root domain name in a predetermined sub-domain name detection manner, to obtain a first sub-domain name of the root domain name;
a first query module 802, configured to send a first query request to a domain name information source database, where the first query request includes the root domain name and the first sub-domain name, and receive a first query response returned by the domain name information source database, where the first query response includes user information associated with the root domain name and the first sub-domain name, which is queried in the domain name information source database;
a second query module 803, configured to send a second query request to the domain name information source database, where the second query request includes the user information, and receive a second query response returned by the domain name information source database, where the second query response includes a second sub-domain name associated with the user information and queried in the domain name information source database;
an integrating module 804, configured to integrate the root domain name, the first sub-domain name, and the second sub-domain name, so as to obtain the collected domain name information.
According to the scheme in the embodiment, after the first sub-domain name of the root domain name is obtained through the sub-domain name detection mode, the user information associated with the first sub-domain name is obtained through the domain name information source database query, the second sub-domain name associated with the user information is obtained through the domain name information source database query, and then the root domain name, the first sub-domain name and the second sub-domain name are integrated to obtain the collected domain name information.
When the sub-domain name detection module 801 detects the sub-domain name of the root domain name to obtain the first sub-domain name of the root domain name, the adopted predetermined sub-domain name detection mode may be performed in any possible mode. Fig. 9 shows a schematic structural diagram of a sub-domain name detection module in a specific example, as shown in fig. 9, the sub-domain name detection module 801 may include at least one of a sub-domain name search module 8011, a DNS query module 8012, an HTTPS certificate collection module 8013, a dictionary enumeration module 8014, and a transmission vulnerability detection module 8015, and further include an initial integration module 8016. For convenience of description, the following description includes the sub-domain name search module 8011, the DNS query module 8012, the HTTPS certificate collection module 8013, the dictionary enumeration module 8014, and the transmission vulnerability detection module 8015 as examples.
The sub-domain name searching module 8011 is configured to send a sub-domain name searching request to a predetermined search engine, where the sub-domain name searching request includes a keyword of the root domain name; and receiving a sub-domain search response returned by the preset search engine, performing regular expression matching on the sub-domain search response, matching the sub-domain of the root domain, and obtaining a sub-domain search result.
The DNS query module 8012 is configured to send a DNS query command to a local DNS server, where the DNS query command includes the root domain name; and receiving a DNS query response returned by the local DNS server, wherein the DNS query response comprises the sub domain name of the root domain name queried by the local DNS server, and acquiring a sub domain name DNS query result. The sub-domain name of the root domain name queried by the local DNS server may be a sub-domain name of the root domain name obtained by performing DNS domain name resolution by the local DNS server through the mail routing record or the alias record.
The HTTPS certificate collection module 8013 is configured to query an HTTPS certificate transparency report of the root domain name, determine a sub-domain name of the root domain name according to the HTTPS certificate transparency report, and obtain a sub-domain name transparency query result.
The dictionary enumeration module 8014 is configured to obtain a commonly used sub-domain dictionary; enumerating the sub domain names in the common sub domain name dictionary, enumerating the sub domain names in the root domain name dictionary, and obtaining a sub domain name enumeration result.
The transmission vulnerability detection module 8015 is configured to detect whether a DNS domain transmission vulnerability exists in a target system corresponding to the root domain name, and when detecting that the DNS domain transmission vulnerability exists, detect a sub-domain name of the root domain name by using the DNS domain transmission vulnerability to obtain a sub-domain name transmission vulnerability detection result.
The initial integration module 8016 is configured to use at least one or any combination of the sub-domain search result, the sub-domain DNS query result, the sub-domain transparency query result, the sub-domain enumeration result, and the sub-domain transmission vulnerability detection result as an initial detection sub-domain.
Wherein, the obtained initial detection sub-domain name can be directly used as the first sub-domain name. In some application examples, the initial probing sub-domain name may be further processed and then used as the first sub-domain name.
In one example, as shown in fig. 9, the sub domain name probing module 801 may further include:
an IP reverse-checking module 8017, configured to perform domain name resolution on each initial detection sub-domain name, to obtain IP address information of each initial detection sub-domain name; screening out content distribution network IP address information in the IP address information to obtain screened IP address information; and performing IP back check on the screened IP address information to obtain a back-checked sub domain name. At this time, the first subdomain name is the reverse-searched subdomain name.
Therefore, the content distribution network IP address information can be screened out, the corresponding content distribution network domain name information can be further screened out, and the accuracy of the obtained sub-domain names is further improved.
In another example, as shown in fig. 9, the sub domain name probing module 801 may further include:
a crawling module 8018 configured to crawl a page corresponding to each of the initial detection sub-domain names; analyzing the obtained crawled page to obtain a sub domain name in the page; and integrating the initial detection sub-domain name and the sub-domain name in the page to obtain the first sub-domain name.
Therefore, after the initial detection sub-domain names are obtained, the sub-domain names in the page of the initial detection sub-domain names are further obtained, and the sub-domain names can be further and comprehensively detected.
In another example, the above two manners may be combined, that is, the sub domain name detecting module 801 may include the IP reverse looking module 8017 and the crawling module 8018 at the same time:
an IP reverse-checking module 8017, configured to perform domain name resolution on each initial detection sub-domain name, to obtain IP address information of each initial detection sub-domain name; screening out content distribution network IP address information in the IP address information to obtain screened IP address information; performing IP back check on the screened IP address information to obtain a back-checked sub domain name;
the crawling module 8018 is configured to crawl pages corresponding to the sub domain names after the back-check; analyzing the obtained crawled page to obtain a sub domain name in the page; and integrating the sub domain names after the reverse check and the sub domain names in the page to obtain the first sub domain name.
Therefore, the comprehensiveness of the detected sub-domain name can be improved, and meanwhile, the accuracy of the obtained sub-domain name can be further improved.
The domain name information source database refers to a database storing domain names and related information thereof, where the related information includes user information, such as registrars, dockers, and the like. The specific type of the domain name information source database may be set according to actual needs, and may be any one or any combination of a website record information database, a whois database, and an open source code hosting website, for example.
In an application example, as shown in fig. 8, the apparatus in this embodiment may further include:
a display module 805, configured to display the collected domain name information in a node/relationship graph. Therefore, the collected domain name information can be displayed more intuitively. When the collected domain name information is displayed in the node/node diagram manner, any possible manner may be adopted, for example, the collected domain name information may be sent to the Neo4j database server, Neo4j may be used as a high-performance NOSQL graph database, and structured data may be stored on the network instead of a table, so that the collected domain name information may be efficiently displayed in the structured graph manner of the node/node diagram.
The domain name information collecting method and the domain name information collecting apparatus in the above embodiments may be applied to any application environment where domain name information needs to be collected, such as asset information collection, threat intelligence collection, vulnerability scanning, and the like.
One of the application environments that may be used for enterprise asset information collection is shown in fig. 10, which is a schematic diagram of an application environment based on this application. For an information security management system of a large enterprise, it is necessary to collect asset list (IP, domain name, port, application, personnel, etc.) information of the enterprise so as to be able to respond at the first time when a security event occurs. The method for collecting the domain name information provided by the scheme of the embodiment can conveniently obtain the sub-domain name distribution and the personnel information leakage condition of an enterprise, realize asset control and risk control and improve the safety.
Another application environment is used for scanning WEB vulnerabilities to improve security, and a schematic diagram of the application environment based on the application is shown in fig. 11. After obtaining domain name information such as sub domain names and brother domain names of enterprises through the domain name information, as shown in fig. 11, the WEB vulnerability scanner can achieve a good coverage, scan all domain names in time, achieve a better scanning effect, and improve security.
As described above, the domain name information collecting method and the domain name information collecting device provided in this embodiment may be applied to a terminal and a server that need to collect domain name information, such as the terminal or the server where the information security management system is located, the WEB vulnerability server, and the like.
Accordingly, fig. 12 shows a schematic structural diagram of a server applied in the embodiment. As shown in fig. 12, the server includes a processor, a power supply module, a storage medium, a memory, and a communication interface connected through a system bus. The storage medium of the server stores an operating system, a database and a domain name information collection device, and the domain name information collection device is used for realizing a domain name information collection method. The processor is used for providing calculation and control capacity and supporting the operation of the whole server. The memory in the server provides an environment for the operation of the domain name information collection device in the storage medium, and the communication interface is used for network communication with the user terminal and other servers, such as the above-mentioned DNS server, domain name information source database, neo4j database server, and the like. Those skilled in the art will appreciate that the structure shown in fig. 12 is a block diagram of only a portion of the structure associated with the embodiment, and does not constitute a limitation on the server to which the embodiment is applied, and a particular server may include more or less components than those shown, or some components may be combined, or have a different arrangement of components.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (12)
1. A method for collecting domain name information, comprising the steps of:
detecting the sub-domain name of the root domain name by adopting a preset sub-domain name detection mode to obtain a first sub-domain name of the root domain name;
sending a first query request to a domain name information source database, wherein the first query request comprises the root domain name and the first sub-domain name;
receiving a first query response returned by the domain name information source database, wherein the first query response comprises the user information which is queried in the domain name information source database and is associated with the root domain name and the first sub-domain name;
sending a second query request to the domain name information source database, wherein the second query request comprises the user information;
receiving a second query response returned by the domain name information source database, wherein the second query response comprises a second sub-domain name which is queried in the domain name information source database and is associated with the user information, and the second sub-domain name is a domain name which is registered by a user corresponding to the user information at the same time;
integrating the root domain name, the first sub-domain name and the second sub-domain name to obtain collected domain name information;
detecting the sub-domain name of the root domain name, wherein the mode of obtaining the first sub-domain name of the root domain name comprises the following steps:
sending a sub-domain name search request to a predetermined search engine, wherein the sub-domain name search request comprises keywords of the root domain name; receiving a sub-domain search response returned by the preset search engine, performing regular expression matching on the sub-domain search response, matching a sub-domain of a root domain, and obtaining a sub-domain search result;
sending a DNS query command to a local DNS server, wherein the DNS query command comprises the root domain name; receiving a DNS query response returned by the local DNS server, wherein the DNS query response comprises a sub-domain name of the root domain name queried by the local DNS server, and acquiring a sub-domain name DNS query result;
inquiring to obtain an HTTPS certificate transparency report of the root domain name, determining a sub-domain name of the root domain name according to the HTTPS certificate transparency report, and obtaining a sub-domain name transparency inquiry result;
acquiring a common sub-domain name dictionary; enumerating the sub domain names in the common sub domain name dictionary, enumerating the sub domain names of the root domain name, and obtaining a sub domain name enumeration result;
detecting whether a target system corresponding to the root domain name has a DNS domain transmission vulnerability, and detecting a sub-domain name of the root domain name by using the DNS domain transmission vulnerability when detecting that the DNS domain transmission vulnerability exists to obtain a sub-domain name transmission vulnerability detection result;
and taking the sub-domain name search result, the sub-domain name DNS query result, the sub-domain name transparency query result, the sub-domain name enumeration result and the integration result of the sub-domain name transmission vulnerability detection result as an initial detection sub-domain name, wherein the first sub-domain name is the initial detection sub-domain name.
2. The method for collecting domain name information according to claim 1, further comprising, after obtaining the initial probing sub-domain name:
performing domain name resolution on each initial detection sub-domain name to obtain IP address information of each initial detection sub-domain name; screening out content distribution network IP address information in the IP address information to obtain screened IP address information; and performing IP reverse check on the screened IP address information to obtain a reverse-checked sub-domain name, wherein the first sub-domain name is the reverse-checked sub-domain name.
3. The method for collecting domain name information according to claim 1, further comprising, after obtaining the initial probing sub-domain name:
crawling a page corresponding to each initial detection sub-domain name; analyzing the obtained crawled page to obtain a sub domain name in the page; and integrating the initial detection sub-domain name and the sub-domain name in the page to obtain the first sub-domain name.
4. The method for collecting domain name information according to claim 1, further comprising, after obtaining the initial probing sub-domain name:
performing domain name resolution on each initial detection sub-domain name to obtain IP address information of each initial detection sub-domain name; screening out content distribution network IP address information in the IP address information to obtain screened IP address information; performing IP back check on the screened IP address information to obtain a back-checked sub domain name; crawling the page corresponding to each sub-domain name after back-check; analyzing the obtained crawled page to obtain a sub domain name in the page; and integrating the sub domain names after the reverse check and the sub domain names in the page to obtain the first sub domain name.
5. The method according to claim 1, wherein the sub-domain name of the root domain name queried by the local DNS server is a sub-domain name of the root domain name obtained by performing DNS domain name resolution for the local DNS server through a mail routing record or an alias record.
6. The method of collecting domain name information according to claim 1, comprising at least one of:
the domain name information source database comprises any one or any combination of a website record information database, a whois database and an open source code hosting website;
further comprising the steps of: and displaying the collected domain name information in a node/relation graph mode.
7. A domain name information collecting apparatus, comprising:
the sub-domain detection module is used for detecting the sub-domain of the root domain by adopting a preset sub-domain detection mode to obtain a first sub-domain of the root domain;
a first query module, configured to send a first query request to a domain name information source database, where the first query request includes the root domain name and the first sub-domain name, and receive a first query response returned by the domain name information source database, where the first query response includes user information associated with the root domain name and the first sub-domain name, which is queried by the domain name information source database;
a second query module, configured to send a second query request to the domain name information source database, where the second query request includes the user information, and receive a second query response returned by the domain name information source database, where the second query response includes a second sub-domain name associated with the user information and queried by the domain name information source database, and the second sub-domain name is a domain name registered by a user corresponding to the user information at the same time;
the integration module is used for integrating the root domain name, the first sub-domain name and the second sub-domain name to obtain collected domain name information;
the sub-domain name detection module comprises: the system comprises a sub-domain name search module, a DNS query module, an HTTPS certificate collection module, a dictionary enumeration module, a transmission vulnerability detection module and an initial integration module:
the sub-domain name searching module is used for sending a sub-domain name searching request to a preset searching engine, wherein the sub-domain name searching request comprises keywords of the root domain name; receiving a sub-domain search response returned by the preset search engine, performing regular expression matching on the sub-domain search response, matching a sub-domain of a root domain, and obtaining a sub-domain search result;
the DNS query module is used for sending a DNS query command to a local DNS server, wherein the DNS query command comprises the root domain name; receiving a DNS query response returned by the local DNS server, wherein the DNS query response comprises a sub-domain name of the root domain name queried by the local DNS server, and acquiring a sub-domain name DNS query result;
the HTTPS certificate collection module is used for inquiring and obtaining an HTTPS certificate transparency report of the root domain name, determining a sub-domain name of the root domain name according to the HTTPS certificate transparency report, and obtaining a sub-domain name transparency inquiry result;
the dictionary enumeration module is used for acquiring a common sub-domain name dictionary; enumerating the sub domain names in the common sub domain name dictionary, enumerating the sub domain names of the root domain name, and obtaining a sub domain name enumeration result;
the transmission vulnerability detection module is used for detecting whether a target system corresponding to the root domain name has a DNS domain transmission vulnerability or not, and when the DNS domain transmission vulnerability is detected, detecting a sub-domain name of the root domain name by using the DNS domain transmission vulnerability to obtain a sub-domain name transmission vulnerability detection result;
the initial integration module is configured to use an integration result in the sub-domain name search result, the sub-domain name DNS query result, the sub-domain name transparency query result, the sub-domain name enumeration result, and the sub-domain name transmission vulnerability detection result as an initial detection sub-domain name, where the first sub-domain name is the initial detection sub-domain name.
8. The apparatus of claim 7, wherein the sub-domain name detection module further comprises: the IP back-check module or the crawling module:
the IP back-check module is used for carrying out domain name resolution on each initial detection sub-domain name to obtain the IP address information of each initial detection sub-domain name; screening out content distribution network IP address information in the IP address information to obtain screened IP address information; performing IP reverse check on the screened IP address information to obtain a reverse-checked sub-domain name, wherein the first sub-domain name is the reverse-checked sub-domain name;
the crawling module is used for crawling the page corresponding to each initial detection sub-domain name; analyzing the obtained crawled page to obtain a sub domain name in the page; and integrating the initial detection sub-domain name and the sub-domain name in the page to obtain the first sub-domain name.
9. The apparatus of claim 7, wherein the sub-domain name detection module further comprises: the IP back-check module and the crawling module:
the IP back-check module is used for carrying out domain name resolution on each initial detection sub-domain name to obtain the IP address information of each initial detection sub-domain name; screening out content distribution network IP address information in the IP address information to obtain screened IP address information; performing IP back check on the screened IP address information to obtain a back-checked sub domain name;
the crawling module is used for crawling the page corresponding to each sub domain name after the back check; analyzing the obtained crawled page to obtain a sub domain name in the page; and integrating the sub domain names after the reverse check and the sub domain names in the page to obtain the first sub domain name.
10. The apparatus of claim 7, comprising at least one of:
the domain name information source database comprises any one or any combination of a website record information database, a whois database and an open source code hosting website;
still include the display module: and the system is used for displaying the collected domain name information in a node/relationship graph mode.
11. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 6.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710142641.4A CN108574742B (en) | 2017-03-10 | 2017-03-10 | Domain name information collection method and domain name information collection device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710142641.4A CN108574742B (en) | 2017-03-10 | 2017-03-10 | Domain name information collection method and domain name information collection device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108574742A CN108574742A (en) | 2018-09-25 |
| CN108574742B true CN108574742B (en) | 2021-04-16 |
Family
ID=63578144
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710142641.4A Active CN108574742B (en) | 2017-03-10 | 2017-03-10 | Domain name information collection method and domain name information collection device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108574742B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109451094B (en) * | 2018-12-20 | 2022-02-22 | 奇安信科技集团股份有限公司 | A method, system, electronic device and medium for obtaining IP address of source station |
| CN109600385B (en) * | 2018-12-28 | 2021-06-15 | 绿盟科技集团股份有限公司 | Access control method and device |
| CN110493224B (en) * | 2019-08-20 | 2022-01-07 | 杭州安恒信息技术股份有限公司 | Sub-domain name hijacking vulnerability detection method, device and equipment |
| CN110719344B (en) * | 2019-10-10 | 2022-02-15 | 北京知道创宇信息技术股份有限公司 | Domain name acquisition method and device, electronic equipment and storage medium |
| RU2743974C1 (en) * | 2019-12-19 | 2021-03-01 | Общество с ограниченной ответственностью "Группа АйБи ТДС" | System and method for scanning security of elements of network architecture |
| CN111432041A (en) * | 2020-02-29 | 2020-07-17 | 深圳壹账通智能科技有限公司 | Domain name acquisition method, system, terminal and computer readable storage medium |
| CN113301001B (en) * | 2020-04-07 | 2023-05-23 | 阿里巴巴集团控股有限公司 | Attacker determination method, attacker determination device, computing equipment and attacker determination medium |
| CN111556077A (en) * | 2020-05-15 | 2020-08-18 | 杭州安恒信息技术股份有限公司 | Network data acquisition method, equipment and related equipment |
| CN111447304B (en) * | 2020-06-17 | 2020-09-11 | 中国人民解放军国防科技大学 | An anycast recursive domain name system anycast node IP address enumeration method and system |
| CN114765599B (en) * | 2021-01-13 | 2024-04-05 | 腾讯科技(深圳)有限公司 | Subdomain name acquisition method and device |
| CN115277129A (en) * | 2022-07-13 | 2022-11-01 | 杭州安恒信息技术股份有限公司 | Domain name asset vulnerability scanning method, device, equipment and storage medium |
| CN115378727A (en) * | 2022-08-26 | 2022-11-22 | 西安热工研究院有限公司 | A vulnerability detection method, device and storage medium based on domain name resolution |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094129A (en) * | 2006-06-20 | 2007-12-26 | 腾讯科技(深圳)有限公司 | Method for accessing domain name, and client terminal |
| CN103685606A (en) * | 2013-12-23 | 2014-03-26 | 北京奇虎科技有限公司 | Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method |
| CN105407186A (en) * | 2015-12-23 | 2016-03-16 | 北京奇虎科技有限公司 | Method and device for acquiring subdomain names |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10404634B2 (en) * | 2015-07-01 | 2019-09-03 | Sean P. Fenlon | Method for publishing and sharing content on the internet |
-
2017
- 2017-03-10 CN CN201710142641.4A patent/CN108574742B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101094129A (en) * | 2006-06-20 | 2007-12-26 | 腾讯科技(深圳)有限公司 | Method for accessing domain name, and client terminal |
| CN103685606A (en) * | 2013-12-23 | 2014-03-26 | 北京奇虎科技有限公司 | Associated domain name acquisition method, associated domain name acquisition system and web administrator permission validation method |
| CN105407186A (en) * | 2015-12-23 | 2016-03-16 | 北京奇虎科技有限公司 | Method and device for acquiring subdomain names |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108574742A (en) | 2018-09-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108574742B (en) | Domain name information collection method and domain name information collection device | |
| US11310132B2 (en) | System and method of identifying internet-facing assets | |
| US11347797B2 (en) | Asset search and discovery system using graph data structures | |
| JP6894528B2 (en) | Methods and equipment for evaluating DNS | |
| US20190253366A1 (en) | Method of and server for detecting associated web resources | |
| US20060230039A1 (en) | Online identity tracking | |
| US20070055749A1 (en) | Identifying a network address source for authentication | |
| US20100174829A1 (en) | Apparatus for to provide content to and query a reverse domain name system server | |
| US20090327487A1 (en) | Method and system for discovering dns resolvers | |
| CN112804210B (en) | Data association method and device, electronic equipment and computer-readable storage medium | |
| CN102833262A (en) | Whois information-based phishing website gathering, identification method and system | |
| CN104468860A (en) | Method and device for recognizing risk of domain name resolution server | |
| Skwarek et al. | Characterizing vulnerability of DNS AXFR transfers with global-scale scanning | |
| CN114205330B (en) | Domain name resolution method, domain name resolution device, server, and storage medium | |
| CN111432041A (en) | Domain name acquisition method, system, terminal and computer readable storage medium | |
| CN105530251A (en) | Method and device for identifying phishing website | |
| US20110126292A1 (en) | Method and System for Providing Security Seals on Web Pages | |
| CN115794780A (en) | Method and device for collecting network space assets, electronic equipment and storage medium | |
| Sardar et al. | Detection and confirmation of web robot requests for cleaning the voluminous web log data | |
| CN115001724B (en) | Network threat intelligence management method, device, computing equipment and computer readable storage medium | |
| CN110929185A (en) | Website directory detection method and device, computer equipment and computer storage medium | |
| CN114168945A (en) | Method and device for detecting potential risk of sub-domain name | |
| US20090248673A1 (en) | Method of sorting web pages, search terminal and client terminal | |
| JP2007226343A (en) | Presence system, presence providing method and program | |
| KR100464583B1 (en) | System for mapping keyword name to url and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |