[go: up one dir, main page]

CN112738127B - Web-based website and host vulnerability detection system and method thereof - Google Patents

Web-based website and host vulnerability detection system and method thereof Download PDF

Info

Publication number
CN112738127B
CN112738127B CN202110021227.4A CN202110021227A CN112738127B CN 112738127 B CN112738127 B CN 112738127B CN 202110021227 A CN202110021227 A CN 202110021227A CN 112738127 B CN112738127 B CN 112738127B
Authority
CN
China
Prior art keywords
vulnerability
detection
target
page
ftp
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110021227.4A
Other languages
Chinese (zh)
Other versions
CN112738127A (en
Inventor
浩明
任意
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian University of Posts and Telecommunications
Original Assignee
Xian University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian University of Posts and Telecommunications filed Critical Xian University of Posts and Telecommunications
Priority to CN202110021227.4A priority Critical patent/CN112738127B/en
Publication of CN112738127A publication Critical patent/CN112738127A/en
Application granted granted Critical
Publication of CN112738127B publication Critical patent/CN112738127B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The Web-based website and host vulnerability detection system comprises a target receiving module, a vulnerability detection module and a structure output module; the Web-based website and host vulnerability detection method comprises the following steps: step 1, selecting a vulnerability type to be detected; step 2, detecting the Sql injection vulnerability; step 3, XSS cross-site script attack detection; step 4, detecting a tomcat sample; step 5, shodan searching; 6, detecting unauthorized vulnerabilities of Redis; 7, detecting the Ftp unauthorized vulnerability; step 8, detecting an Ftp directory; step 9, detecting the unauthorized access vulnerability of the Docker; step 10, weblogic weak password scanning, and detection of the loophole can quickly find out threats existing in the system, prevent and repair the threats in time, so that the safety of the whole network is improved.

Description

基于Web的网站与主机漏洞检测系统及其方法Web-Based Web Site and Host Vulnerability Detection System and Its Method

技术领域technical field

本发明属于计算机技术领域,具体涉及基于Web的网站与主机漏洞检测系统及其方法。The invention belongs to the technical field of computers, and in particular relates to a web-based website and host loophole detection system and a method thereof.

背景技术Background technique

日益发达的计算机科学技术,给人们的生活带来了巨大的改变,然而在发展的同时,安全问题简练不断的出现。其中,安全漏洞问题比较严重,解决漏洞检测是目前的重中之重。在计算机发展的过程之中,安全漏洞问题是一大拦路虎,一旦出现安全漏洞,就可能会造成不可挽回的损失。最近几年,攻击者利用漏洞对社会造成各种危害,产生了很大的恶劣影响。在安全问题中尤为突出的是安全漏洞问题,因此,解决漏洞检测是目前的重中之重。近年来,各大互联网漏洞频发,给社会和公司带来了很大损失。2018年上半年瑞星“云安全”系统共截获病毒样本总量2,587万个,病毒感染次数7.82亿次,瑞星“云安全”系统共拦截诈骗网站攻击182万余次,瑞星“云安全”系统共拦截挂马网站攻击38万余次。花样百出的漏洞和恶意代码攻击,困扰着广大用户。The increasingly developed computer science and technology have brought great changes to people's lives, but at the same time of development, security issues are constantly emerging. Among them, the problem of security loopholes is relatively serious, and solving loophole detection is the top priority at present. In the process of computer development, the problem of security loopholes is a big obstacle. Once a security loophole occurs, it may cause irreparable losses. In recent years, attackers have exploited vulnerabilities to cause various harms to the society and have had a very bad impact. Among the security problems, the most prominent one is the problem of security loopholes. Therefore, solving loophole detection is the most important thing at present. In recent years, major Internet vulnerabilities have occurred frequently, causing great losses to society and companies. In the first half of 2018, Rising's "Cloud Security" system intercepted a total of 25.87 million virus samples, and the number of virus infections was 782 million times. Intercepted more than 380,000 attacks on websites linked to horses. Various loopholes and malicious code attacks have plagued the majority of users.

网站与主机面临的主要威胁包括以下几个方面:黑客的恶意攻击;网站与主机自身配置的缺陷;恶意网站的欺骗;用户网络工作人员的不良行为问题。The main threats faced by websites and hosts include the following aspects: malicious attacks by hackers; defects in the configuration of websites and hosts themselves; deception by malicious websites; bad behavior of users and network staff.

目前主流的防护措施主要集中在硬件安全防护设备上,通过在设备中设置安全策略,配置安全规则来防止攻击。但是由于策略的局限性,以及安全策略容易被绕过等原因,漏洞检测就变得必不可少,目前主流的漏洞检测工具存难以扩展、消耗资源多等缺点。At present, mainstream protection measures mainly focus on hardware security protection devices, and prevent attacks by setting security policies and configuring security rules in the devices. However, due to the limitations of policies and the ease of bypassing security policies, vulnerability detection becomes essential. The current mainstream vulnerability detection tools have disadvantages such as difficulty in expansion and resource consumption.

发明内容Contents of the invention

为克服上述现有技术的不足,本发明的目的是提供基于Web的网站与主机漏洞检测系统及其方法,通过对漏洞的检测,可以快速发现系统中存在的威胁,及时预防及修复,从而提高整个网络的安全性。In order to overcome the above-mentioned deficiencies in the prior art, the purpose of the present invention is to provide a Web-based website and host vulnerability detection system and method thereof. By detecting the loopholes, threats that exist in the system can be quickly discovered, prevented and repaired in time, thereby improving Security of the entire network.

为实现上述目的,本发明采用的技术方案是:基于Web的网站与主机漏洞检测系统,包括有目标接收模块、漏洞检测模块、结构输出模块;In order to achieve the above object, the technical solution adopted in the present invention is: a Web-based website and host vulnerability detection system, including a target receiving module, a vulnerability detection module, and a structure output module;

所述的目标接收模块,通过前端页面输入需要检测的目标,选择需要检测的漏洞类型,进入漏洞检测页面,点击漏洞检测,检测目标将传送到对应的功能代码,进入漏洞检测模块;The target receiving module inputs the target to be detected through the front-end page, selects the type of vulnerability to be detected, enters the vulnerability detection page, clicks on the vulnerability detection, and the detection target will be transmitted to the corresponding function code to enter the vulnerability detection module;

所述的漏洞检测模块,当漏洞检测模块接收到前端传送过来的漏洞检测目标后,开始进行漏洞检测,首先判断检测目标是否为合法目标,然后进行漏洞检测,根据检测结果,将对应的数据传送到结果输出模块;The vulnerability detection module, when the vulnerability detection module receives the vulnerability detection target transmitted by the front end, starts to perform vulnerability detection, first judges whether the detection target is a legitimate target, then performs vulnerability detection, and transmits the corresponding data according to the detection result to the result output module;

所述的结果输出模块,当漏洞检测完成后,输出模块根据接收到的漏洞检测结果,在页面输出漏洞情况,以及修改意见。In the result output module, when the vulnerability detection is completed, the output module outputs the vulnerability situation and modification opinions on the page according to the received vulnerability detection result.

基于Web的网站与主机漏洞检测方法,包括以下步骤:Web-based website and host vulnerability detection method, comprising the following steps:

步骤1,选择需要检测的漏洞类型,进入漏洞检测页面检测;Step 1, select the type of vulnerability to be detected, and enter the vulnerability detection page for detection;

步骤2,Sql注入漏洞检测,输入需要检测的URL链接,开始检测,根据检测结果,给出检测的payload;Step 2, Sql injection vulnerability detection, enter the URL link to be detected, start the detection, and give the detected payload according to the detection result;

步骤3,XSS跨站脚本攻击检测,进入检测页面,输入检测目标URL,检测完成后,结果输出;Step 3, XSS cross-site scripting attack detection, enter the detection page, enter the detection target URL, after the detection is completed, the result is output;

步骤4,Tomcat Example检测,输入检测目标URL,检测完成后,结果输出;Step 4, Tomcat Example detection, input the detection target URL, after the detection is completed, the result is output;

步骤5,Shodan 搜索,输入需要搜索的服务名称、设备名称等信息,开始通过Shodan搜索对应的信息;Step 5, Shodan search, enter the service name, device name and other information to be searched, and start searching the corresponding information through Shodan;

步骤6,Redis 未授权漏洞检测,通过根据Shodan 搜索的结果,输入redis 设备的IP地址,开始检测Redis 未授权访问漏洞;Step 6, Redis unauthorized access vulnerability detection, by entering the IP address of the redis device according to the search results of Shodan, start detecting the Redis unauthorized access vulnerability;

步骤7,Ftp未授权漏洞检测,先通过Shodan 搜索存在Ftp 服务的网络主机IP地址,根据搜索到的Ftp 服务主机,检测其是否存在未授权访问漏洞,将检测结果输出;Step 7, Ftp unauthorized vulnerability detection, first search the IP address of the network host with Ftp service through Shodan, according to the searched Ftp service host, detect whether there is an unauthorized access vulnerability, and output the detection result;

步骤8,Ftp 目录检测,根据Ftp 未授权访问检测结果,扫描其Ftp目录,可以获取到敏感的文件;Step 8, Ftp directory detection, according to the Ftp unauthorized access detection results, scan its Ftp directory, you can get sensitive files;

步骤9,Docker未授权访问漏洞检测,输入检测目标,点击Docker未授权访问,开始进行咯度检测;Step 9, Docker unauthorized access vulnerability detection, enter the detection target, click Docker unauthorized access, and start the detection;

步骤10,Weblogic弱口令扫描,输入检测目标,通过扫描,检测是否存在弱口令威胁。Step 10, Weblogic weak password scan, input detection target, through scanning, detect whether there is a weak password threat.

所述的Sql注入漏洞检测,当在测试目标后拼接为真语句时,页面返回正常,与原页面相等;当在测试目标后拼接为假语句时,页面返回错误,因此,假设原页面为页面test,通过在测试目标后拼接为真语句页面test1和假语句test2,若拼接为真语句页面test1等于原页面test,且不等于拼接为假页面test2,则可以判定该URL存在SQL 注入漏洞。Described Sql injection vulnerability detection, when splicing is true statement after test target, page returns normally, is equal to original page; When splicing is false statement after test target, page returns error, therefore, suppose original page is page test, by splicing the true statement page test1 and the false statement test2 after the test target, if the spliced true statement page test1 is equal to the original page test, and not equal to the spliced false page test2, it can be determined that the URL has a SQL injection vulnerability.

所述的Sql注入漏洞检测,包括以下步骤:The described Sql injection vulnerability detection comprises the following steps:

第一,输入检测目标First, enter the detection target

第二,检测目标URL是否可访问,若否,则结束,若是,则进行第三步;Second, check whether the target URL is accessible, if not, then end, if so, go to the third step;

第三,在检测目标URL拼接Payload;Third, splicing Payload in the detection target URL;

第四,判断是否原网页等于True,网页不等于Fail,网页test2是否,若否,则不存在SQL漏洞,若是,则存在SQL漏洞。Fourth, judge whether the original webpage is equal to True, the webpage is not equal to Fail, whether the webpage test2 is, if not, there is no SQL vulnerability, and if so, there is an SQL vulnerability.

所述的XSS跨站脚本攻击检测,包括以下步骤:The described XSS cross-site scripting attack detection comprises the following steps:

步骤一,输入检测目标;Step 1, input detection target;

步骤二,检测目标URL是否可访问,若否,则结束;若是,则进行下一步;Step 2, check whether the target URL is accessible, if not, then end; if so, proceed to the next step;

步骤三,寻找参数,替换Payload;Step 3, find parameters and replace Payload;

步骤四,爬取测试页面源码,查找Payload,若未查找到,则不存在XSS漏洞,若查找到,则存在XSS漏洞。Step 4: Crawl the source code of the test page and search for the Payload. If not found, there is no XSS vulnerability. If found, there is an XSS vulnerability.

所述的Weblogic 弱口令扫描,检测Weblogic 弱口令时,通过尝试访问Weblogic后台地址,以POST 形式提交账号密码信息,默认端口号为:7001,默认后台登录地址为:http://目标IP地址:7001/console/j_security_check/ ,账号信息为参数:j_username ,密码信息为参数:j_password,通过构造该请求遍历用户名和密码,通过爬取访问页面代码信息,若在代码中发现代码:The Weblogic weak password scan described above, when detecting a Weblogic weak password, attempts to access the Weblogic background address and submit account password information in the form of POST. The default port number is: 7001, and the default background login address is: http://target IP address: 7001/console/j_security_check/ , the account information is the parameter: j_username , the password information is the parameter: j_password, traverse the user name and password by constructing the request, and access the page code information by crawling, if the code is found in the code:

'Oracle WebLogic Server Administration Console'和'Home Page - base_domain - WLS Console''Oracle WebLogic Server Administration Console' and 'Home Page - base_domain - WLS Console'

则证明发现该登录页面,若成功登录,则表示存在该弱口令,否则表示未发现弱口令信息。Then it proves that the login page is found. If the login is successful, it means that the weak password exists, otherwise it means that no weak password information is found.

所述的Ftp未授权漏洞检测,利用Python 的ftplib 模块创建ftp 对象 FTP,利用FTP 的login 方法,使用账号:anonymous,密码为空探测匿名登录,若成功登录,若成功登录,则表明存在未授权访问漏洞;否则,证明该主机不存在FTP 未授权访问漏洞。The Ftp unauthorized vulnerability detection described above uses the ftplib module of Python to create the ftp object FTP, uses the login method of FTP, uses the account number: anonymous, and the password is empty to detect anonymous login. If the login is successful, it indicates that there is an unauthorized login. Access vulnerability; otherwise, it proves that there is no FTP unauthorized access vulnerability on the host.

所述的Docker未授权访问漏洞检测,利用Python 的 docker 模块进行测试,通过创建对象client为 docker.DockerClient(url) ,尝试访问若成功,则表明存在Docker 未授权访问漏洞,否则,该测试目标就不存在该漏洞。The above-mentioned Docker unauthorized access vulnerability detection is tested by using the docker module of Python. By creating an object client as docker.DockerClient(url), if the attempted access is successful, it indicates that there is a Docker unauthorized access vulnerability. Otherwise, the test target is This vulnerability does not exist.

本发明的有益效果是:The beneficial effects of the present invention are:

本发明从多个角度建立安全测试方法进行测试,从而对漏洞进行快速定位。由于漏洞是互联网发展中最大的威胁,所以漏洞检测变得相当重要。漏洞检测主要分为对网站的漏洞检测和对主机的漏洞检测。本发明的系统采用B/S (浏览器/服务器)的架构进行设计,根据漏洞的测试方法,模拟攻击者进行测试,若符合漏洞特征码则标识为存在该漏洞。采用黑盒测试的方法快速发现网站与主机存在的安全漏洞问题。通过对漏洞的检测,可以快速发现系统中存在的威胁,及时预防及修复,从而提高整个网络的安全性。The invention establishes a safety testing method from multiple angles for testing, thereby quickly locating loopholes. Since vulnerabilities are the biggest threat in the development of the Internet, vulnerability detection has become quite important. Vulnerability detection is mainly divided into vulnerability detection for websites and vulnerability detection for hosts. The system of the present invention adopts the framework of B/S (browser/server) to design, according to the testing method of the loophole, simulates the attacker to test, if conforms to the vulnerability signature code, then it is identified as having the loophole. Use the method of black box testing to quickly discover the security vulnerabilities of websites and hosts. Through the detection of vulnerabilities, threats in the system can be quickly discovered, and timely prevention and repair can be performed, thereby improving the security of the entire network.

本发明的系统在基于B/S(浏览器/服务器)架构的基础上,选择MVC模型设计并开发实现。由于采用了漏洞检测模块,所以具有易于扩展的特点,可先进行脚本单元测试,漏洞检测功能成功后,加入该系统调用即可。本系统使用Python语言开发,可以快速开发漏洞检测脚本,易于扩展系统漏洞检测功能;通过实际测试,检测功能已经实现,性能表现良好,从整体角度来看,完全满足了设计的需求。由于前端和后端分离,可扩展性非常高。The system of the present invention is based on the B/S (browser/server) architecture, selects the MVC model design and develops it. Due to the adoption of the vulnerability detection module, it is easy to expand. The script unit test can be performed first. After the vulnerability detection function is successful, the system call can be added. The system is developed using Python language, which can quickly develop vulnerability detection scripts and easily expand the system vulnerability detection function; through actual testing, the detection function has been realized and the performance is good. From the overall point of view, it fully meets the design requirements. Due to the separation of front-end and back-end, the scalability is very high.

本发明检测网站与主机的漏洞,挖掘网站与主机中存在的常见漏洞。根据检测结果提出相关安全修复意见,帮助提高网站与主机安全性,保证网站与主机免受攻击。通过检测网站与主机漏洞,提高相关工作人员的安全意识,使其在网站建设与主机配置过程中避免缺陷,导致网站与主机面临被攻陷的可能。检测常见的网站漏洞包括:SQL注入攻击、XSS跨站脚本攻击、CMS扫描、Weblogic 弱口令扫描、Tomcat Example 扫描等。检测常见主机漏洞包括:FTP未授权访问、Docker未授权访问、SSH弱口令爆破等。通过对网站与主机的漏洞检测,防患于未然,从整体上提高系统安全性等级。The invention detects the loopholes of the website and the host computer, and excavates the common loopholes existing in the website and the host computer. According to the detection results, relevant security repair suggestions are proposed to help improve the security of websites and hosts, and ensure that websites and hosts are free from attacks. By detecting the vulnerabilities of websites and hosts, the security awareness of relevant staff can be improved, so that they can avoid defects in the process of website construction and host configuration, which may lead to the possibility of websites and hosts being compromised. Common website vulnerabilities detected include: SQL injection attacks, XSS cross-site scripting attacks, CMS scanning, Weblogic weak password scanning, Tomcat Example scanning, etc. Common host vulnerabilities detected include: FTP unauthorized access, Docker unauthorized access, SSH weak password blasting, etc. Through the vulnerability detection of websites and hosts, prevent problems before they happen, and improve the system security level as a whole.

本发明的系统主要检测常见的网站与主机漏洞,应该保证漏洞的多样性,全方位的检测网站与主机的安全性;本发明的系统采用B/S架构,基于Web 界面的图形化界面,具有操作简单,结果直接显示在页面,直观明了,便于使用;本发明的方法具有高效,简便特点。通过漏洞检测可以有效的帮助修复网站与主机的安全性问题。The system of the present invention mainly detects common website and host loopholes, and should ensure the diversity of loopholes, and comprehensively detect the security of websites and hosts; the system of the present invention adopts a B/S architecture, a graphical interface based on a Web interface, and has The operation is simple, the result is directly displayed on the page, intuitive and clear, and easy to use; the method of the invention has the characteristics of high efficiency and convenience. Vulnerability detection can effectively help repair the security problems of websites and hosts.

本发明解决了对网站与主机的漏洞检测问题,提前发现网站与主机的脆弱性,并做出相关的修复方案对漏洞进行修复,保证网站与主机的安全运行。The invention solves the problem of loophole detection of the website and the host computer, discovers the vulnerability of the website and the host computer in advance, and makes a related repair plan to repair the loopholes, so as to ensure the safe operation of the website and the host computer.

附图说明Description of drawings

图1本发明系统原理框图。Fig. 1 is the functional block diagram of the system of the present invention.

图2为本发明方法的流程图。Fig. 2 is a flow chart of the method of the present invention.

图3为本发明 SQL注入漏洞检测流程图。Fig. 3 is the flow chart of SQL injection vulnerability detection of the present invention.

图4为本发明XSS漏洞检测流程图。Fig. 4 is a flow chart of XSS vulnerability detection in the present invention.

具体实施方式Detailed ways

下面结合附图和实施例对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

参见图1,基于Web的网站与主机漏洞检测系统,包括有目标接收模块、漏洞检测模块、结构输出模块;Referring to Fig. 1, the web-based website and host vulnerability detection system includes a target receiving module, a vulnerability detection module, and a structure output module;

所述的目标接收模块,通过前端页面输入需要检测的目标,选择需要检测的漏洞类型,进入漏洞检测页面,点击漏洞检测,检测目标将传送到对应的功能代码,进入漏洞检测模块;The target receiving module inputs the target to be detected through the front-end page, selects the type of vulnerability to be detected, enters the vulnerability detection page, clicks on the vulnerability detection, and the detection target will be transmitted to the corresponding function code to enter the vulnerability detection module;

所述的漏洞检测模块,当漏洞检测模块接收到前端传送过来的漏洞检测目标后,开始进行漏洞检测,首先判断检测目标是否为合法目标,然后进行漏洞检测,根据检测结果,将对应的数据传送到结果输出模块;The vulnerability detection module, when the vulnerability detection module receives the vulnerability detection target transmitted by the front end, starts to perform vulnerability detection, first judges whether the detection target is a legitimate target, then performs vulnerability detection, and transmits the corresponding data according to the detection result to the result output module;

所述的结果输出模块,当漏洞检测完成后,输出模块根据接收到的漏洞检测结果,在页面输出漏洞情况,以及修改意见。In the result output module, when the vulnerability detection is completed, the output module outputs the vulnerability situation and modification opinions on the page according to the received vulnerability detection result.

参见图2,基于Web的网站与主机漏洞检测方法,包括以下步骤:Referring to Fig. 2, the web-based website and host vulnerability detection method includes the following steps:

步骤1,选择需要检测的漏洞类型,进入漏洞检测页面检测;Step 1, select the type of vulnerability to be detected, and enter the vulnerability detection page for detection;

步骤2,Sql注入漏洞检测,输入需要检测的URL链接,开始检测,根据检测结果,给出检测的payload;Step 2, Sql injection vulnerability detection, enter the URL link to be detected, start the detection, and give the detected payload according to the detection result;

步骤3,XSS跨站脚本攻击检测,进入检测页面,输入检测目标URL,检测完成后,结果输出;Step 3, XSS cross-site scripting attack detection, enter the detection page, enter the detection target URL, after the detection is completed, the result is output;

步骤4,Tomcat Example检测,输入检测目标URL,检测完成后,结果输出;Step 4, Tomcat Example detection, input the detection target URL, after the detection is completed, the result is output;

步骤5,Shodan 搜索,输入需要搜索的服务名称、设备名称等信息,开始通过Shodan搜索对应的信息;Step 5, Shodan search, enter the service name, device name and other information to be searched, and start searching the corresponding information through Shodan;

步骤6,Redis 未授权漏洞检测,通过根据Shodan 搜索的结果,输入redis 设备的IP地址,开始检测Redis 未授权访问漏洞;Step 6, Redis unauthorized access vulnerability detection, by entering the IP address of the redis device according to the search results of Shodan, start detecting the Redis unauthorized access vulnerability;

步骤7,Ftp未授权漏洞检测,类似于redis 未授权检测,先通过Shodan 搜索存在Ftp 服务的网络主机IP地址,根据搜索到的Ftp 服务主机,检测其是否存在未授权访问漏洞,将检测结果输出;Step 7, Ftp unauthorized vulnerability detection, similar to redis unauthorized detection , first search the IP address of the network host with Ftp service through Shodan, check whether there is an unauthorized access vulnerability according to the searched Ftp service host, and output the detection result ;

步骤8,Ftp 目录检测,根据Ftp 未授权访问检测结果,扫描其Ftp目录,可以获取到敏感的文件;Step 8, Ftp directory detection, according to the Ftp unauthorized access detection results, scan its Ftp directory, you can get sensitive files;

步骤9,Docker未授权访问漏洞检测,输入检测目标,点击Docker未授权访问,开始进行咯度检测;Step 9, Docker unauthorized access vulnerability detection, enter the detection target, click Docker unauthorized access, and start the detection;

步骤10,Weblogic 弱口令扫描,输入检测目标,通过扫描,检测是否存在弱口令威胁。Step 10, Weblogic weak password scan, enter the detection target, and scan to detect whether there is a weak password threat.

所述的Sql注入漏洞检测,当在测试目标后拼接为真语句时,页面返回正常,与原页面相等;当在测试目标后拼接为假语句时,页面返回错误,因此,假设原页面为页面test,通过在测试目标后拼接为真语句页面test1和假语句test2,若拼接为真语句页面test1等于原页面test且不等于拼接为假页面test2,则可以判定该URL 存在SQL 注入漏洞。Described Sql injection vulnerability detection, when splicing is true statement after test target, page returns normally, is equal to original page; When splicing is false statement after test target, page returns error, therefore, suppose original page is page test, by splicing the true statement page test1 and the false statement test2 after the test target, if the spliced true statement page test1 is equal to the original page test and not equal to the spliced false page test2, it can be determined that the URL has a SQL injection vulnerability.

参见图3,所述的Sql注入漏洞检测,包括以下步骤:Referring to Fig. 3, the described Sql injection vulnerability detection includes the following steps:

第一,输入检测目标First, enter the detection target

第二,检测目标URL是否可访问,若否,则结束,若是,则进行第三步;Second, check whether the target URL is accessible, if not, then end, if so, go to the third step;

第三,在检测目标URL拼接Payload;Third, splicing Payload in the detection target URL;

第四,判断是否原网页等于True,网页不等于Fail,网页test2是否,若否,则不存在SQL漏洞,若是,则存在SQL漏洞。Fourth, judge whether the original webpage is equal to True, the webpage is not equal to Fail, whether the webpage test2 is, if not, there is no SQL vulnerability, and if so, there is an SQL vulnerability.

参见图4,所述的XSS跨站脚本攻击检测,包括以下步骤:Referring to Figure 4, the described XSS cross-site scripting attack detection includes the following steps:

步骤一,输入检测目标;Step 1, input detection target;

步骤二,检测目标URL是否可访问,若否,则结束;若是,则进行下一步;Step 2, check whether the target URL is accessible, if not, then end; if so, proceed to the next step;

步骤三,寻找参数,替换Payload;Step 3, find parameters and replace Payload;

步骤四,爬取测试页面源码,查找Payload,若未查找到,则不存在XSS漏洞,若查找到,则存在XSS漏洞。Step 4: Crawl the source code of the test page and search for the Payload. If not found, there is no XSS vulnerability. If found, there is an XSS vulnerability.

所述的Weblogic 弱口令扫描,检测Weblogic 弱口令时,通过尝试访问Weblogic后台地址,以POST 形式提交账号密码信息,默认端口号为:7001,默认后台登录地址为:http://目标IP址:7001/console/j_security_check/ ,账号信息为参数:j_username ,密码信息为参数:j_password,通过构造该请求遍历用户名和密码,通过爬取访问页面代码信息,若在代码中发现代码:'Oracle WebLogic Server Administration Console'和'HomePage - base_domain - WLS Console' 则证明发现该登录页面,若成功登录,则表示存在该弱口令,否则表示未发现弱口令信息。The Weblogic weak password scan described above, when detecting a Weblogic weak password, attempts to access the Weblogic background address and submit account password information in the form of POST. The default port number is: 7001, and the default background login address is: http://target IP address: 7001/console/j_security_check/ , the account information is the parameter: j_username , the password information is the parameter: j_password, traverse the user name and password by constructing the request, and access the page code information by crawling, if the code is found in the code: 'Oracle WebLogic Server Administration Console' and 'HomePage - base_domain - WLS Console' prove that the login page is found. If the login is successful, it means that the weak password exists, otherwise it means that no weak password information is found.

所述的Ftp未授权漏洞检测,利用Python 的ftplib 模块创建ftp 对象 FTP,利用FTP 的login 方法,使用账号:anonymous,密码为空探测匿名登录,若成功登录,若成功登录,则表明存在未授权访问漏洞;否则,证明该主机不存在FTP 未授权访问漏洞。The Ftp unauthorized vulnerability detection described above uses the ftplib module of Python to create the ftp object FTP, uses the login method of FTP, uses the account number: anonymous, and the password is empty to detect anonymous login. If the login is successful, it indicates that there is an unauthorized login. Access vulnerability; otherwise, it proves that there is no FTP unauthorized access vulnerability on the host.

所述的Docker未授权访问漏洞检测,利用Python 的 docker 模块进行测试,通过创建对象client为 docker.DockerClient(url) ,尝试访问若成功,则表明存在Docker 未授权访问漏洞,否则,该测试目标就不存在该漏洞。The above-mentioned Docker unauthorized access vulnerability detection is tested by using the docker module of Python. By creating an object client as docker.DockerClient(url), if the attempted access is successful, it indicates that there is a Docker unauthorized access vulnerability. Otherwise, the test target is This vulnerability does not exist.

Claims (2)

1. The method for detecting the vulnerability of the website and the host based on the Web is characterized by comprising the following steps:
step 1, selecting a vulnerability type to be detected, and entering vulnerability detection page detection;
step 2, sql is injected into vulnerability detection, a URL link needing to be detected is input, the detection is started, and the detected payload is given according to the detection result;
the Sql injection vulnerability detection method comprises the following steps:
firstly, inputting a detection target;
secondly, detecting whether the target URL can be accessed, if not, ending, and if so, performing a third step;
thirdly, splicing Payload at the detection target URL;
fourthly, judging whether the original webpage is equal to True, the webpage is not equal to Fail, whether the webpage test2 is True, if not, no SQL loophole exists, and if yes, the SQL loophole exists;
the Sql injection vulnerability detection is carried out, when true sentences are spliced after the target is tested, the page returns to be normal and is equal to the original page; when the true statement page test1 is equal to the original page test and is not equal to the true statement page test2, judging that the URL has SQL injection vulnerability;
step 3, XSS cross-site script attack detection, entering a detection page, inputting a detection target URL, and outputting a result after the detection is finished;
the XSS cross-site scripting attack detection comprises the following steps:
inputting a detection target;
step two, detecting whether the target URL can be accessed, if not, ending; if yes, carrying out the next step;
step three, searching parameters to replace Payload;
crawling a test page source code, searching Payload, if not found, not having an XSS vulnerability, and if found, having an XSS vulnerability;
step 4, tomcat Example detection, inputting a detection target URL, and outputting a result after the detection is finished;
step 5, shodan searching, inputting the service name and equipment name information to be searched, and starting to search corresponding information through Shodan;
step 6, detecting the unauthorized vulnerability of Redis, inputting the IP address of the Redis equipment according to the Shodan searching result, and starting to detect the unauthorized vulnerability of Redis access;
7, detecting the Ftp unauthorized vulnerability, namely searching the IP address of the network host with the Ftp service through Shodan, detecting whether the searched Ftp service host has the unauthorized access vulnerability or not according to the searched Ftp service host, and outputting a detection result;
and (3) detecting the Ftp unauthorized vulnerability, establishing an Ftp object FTP by using an Ftp module of Python, and using an account number by using a logic method of the FTP: anonymous, the password is null, anonymous login is detected, if successful login, unauthorized access vulnerability exists; otherwise, proving that the host does not have FTP unauthorized access vulnerability;
step 8, detecting the Ftp directory, scanning the Ftp directory according to the detection result of unauthorized access of the Ftp, and acquiring a sensitive file;
9, detecting the Docker unauthorized access vulnerability, inputting a detection target, clicking Docker unauthorized access, and starting to detect the chuck degree;
detecting the Docker unauthorized access vulnerability, testing by using a Docker module of Python, and if the attempted access is successful, indicating that the Docker unauthorized access vulnerability exists, otherwise, indicating that the vulnerability does not exist in the test target;
step 10, weblogic weak password scanning, inputting a detection target, and detecting whether weak password threat exists or not through scanning;
the Weblogic weak password scanning is that when the Weblogic weak password is detected, account password information is submitted in a POST mode by trying to access a Weblogic background address, and the default port number is as follows: 7001, the default backstage supporter login address is: http:// target IP address 7001/console/j _ security _ check/, account information is parameter: j _ username, the password information is a parameter: j _ password, traversing user name and password by constructing request, accessing page code information by crawling, if the code is found in the code: the 'Oracle WebLogic Server Administration System' and the 'Home Page-base _ domain-WLS System' prove that a login Page is found, if the login is successful, the weak password exists, and otherwise, the weak password information is not found.
2. The special detection system for the Web-based website and host vulnerability detection method according to claim 1, comprising a target receiving module, a vulnerability detection module, a structure output module;
the target receiving module inputs a target to be detected through a front-end page, selects a vulnerability type to be detected, enters a vulnerability detection page, clicks vulnerability detection, and transmits the detection target to a corresponding function code to enter a vulnerability detection module;
the vulnerability detection module starts vulnerability detection after receiving a vulnerability detection target transmitted from the front end, firstly judges whether the detection target is a legal target, then detects the vulnerability, and transmits corresponding data to the result output module according to a detection result;
and the result output module outputs the vulnerability condition on the page and modifies the opinion according to the received vulnerability detection result after vulnerability detection is completed.
CN202110021227.4A 2021-01-08 2021-01-08 Web-based website and host vulnerability detection system and method thereof Active CN112738127B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110021227.4A CN112738127B (en) 2021-01-08 2021-01-08 Web-based website and host vulnerability detection system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110021227.4A CN112738127B (en) 2021-01-08 2021-01-08 Web-based website and host vulnerability detection system and method thereof

Publications (2)

Publication Number Publication Date
CN112738127A CN112738127A (en) 2021-04-30
CN112738127B true CN112738127B (en) 2023-04-07

Family

ID=75589708

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110021227.4A Active CN112738127B (en) 2021-01-08 2021-01-08 Web-based website and host vulnerability detection system and method thereof

Country Status (1)

Country Link
CN (1) CN112738127B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114547629A (en) * 2022-02-28 2022-05-27 河南宝通信息安全测评有限公司 Man-machine interaction method for platform vulnerability testing based on multicast optimization
CN114679321B (en) * 2022-03-29 2024-04-12 杭州安恒信息技术股份有限公司 SSTI vulnerability detection method, device and medium
CN114880653B (en) * 2022-05-18 2024-12-27 尚蝉(浙江)科技有限公司 A vulnerability scanning system and method for java web services
CN115242462B (en) * 2022-06-30 2024-08-27 北京华顺信安科技有限公司 Data leakage detection method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101312393A (en) * 2007-05-24 2008-11-26 北京启明星辰信息技术有限公司 Detection method and system for SQL injection loophole
CN104657659A (en) * 2013-11-20 2015-05-27 腾讯科技(深圳)有限公司 Storage cross-site attack script vulnerability detection method, device and system
CN104881608A (en) * 2015-05-21 2015-09-02 北京工业大学 XSS vulnerability detection method based on simulating browser behavior
CN106845248A (en) * 2017-01-18 2017-06-13 北京工业大学 A kind of XSS leak detection methods based on state transition graph
CN110113311A (en) * 2019-03-05 2019-08-09 北京丁牛科技有限公司 Cross-site scripting attack XSS leak detection method and device
CN111770104A (en) * 2020-07-02 2020-10-13 浪潮云信息技术股份公司 Web vulnerability detection method, system, terminal and computer readable storage medium

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8949990B1 (en) * 2007-12-21 2015-02-03 Trend Micro Inc. Script-based XSS vulnerability detection
US8365290B2 (en) * 2009-05-15 2013-01-29 Frederick Young Web application vulnerability scanner
CN101808093B (en) * 2010-03-15 2013-08-07 北京安天电子设备有限公司 System and method for automatically detecting WEB security
CN104200166B (en) * 2014-08-05 2017-05-03 杭州安恒信息技术有限公司 Script-based website vulnerability scanning method and system
CN104363236A (en) * 2014-11-21 2015-02-18 西安邮电大学 Automatic vulnerability validation method
CN108769063A (en) * 2018-06-26 2018-11-06 郑州云海信息技术有限公司 A kind of method and device of automatic detection WebLogic known bugs
CN109325351B (en) * 2018-08-23 2021-04-09 中通服咨询设计研究院有限公司 Security hole automatic verification system based on public testing platform
CN109981653B (en) * 2019-03-28 2021-07-23 上海中通吉网络技术有限公司 A web vulnerability scanning method
CN111523123A (en) * 2020-04-26 2020-08-11 北京信息科技大学 Intelligent website vulnerability detection method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101312393A (en) * 2007-05-24 2008-11-26 北京启明星辰信息技术有限公司 Detection method and system for SQL injection loophole
CN104657659A (en) * 2013-11-20 2015-05-27 腾讯科技(深圳)有限公司 Storage cross-site attack script vulnerability detection method, device and system
CN104881608A (en) * 2015-05-21 2015-09-02 北京工业大学 XSS vulnerability detection method based on simulating browser behavior
CN106845248A (en) * 2017-01-18 2017-06-13 北京工业大学 A kind of XSS leak detection methods based on state transition graph
CN110113311A (en) * 2019-03-05 2019-08-09 北京丁牛科技有限公司 Cross-site scripting attack XSS leak detection method and device
CN111770104A (en) * 2020-07-02 2020-10-13 浪潮云信息技术股份公司 Web vulnerability detection method, system, terminal and computer readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
左丹丹 ; 王丹 ; 付利华 ; .一种XSS漏洞检测方法的设计与实现.计算机应用与软件.2016,(07),全文. *

Also Published As

Publication number Publication date
CN112738127A (en) 2021-04-30

Similar Documents

Publication Publication Date Title
CN112738127B (en) Web-based website and host vulnerability detection system and method thereof
US8601586B1 (en) Method and system for detecting web application vulnerabilities
US8495742B2 (en) Identifying malicious queries
CN102156832B (en) Security defect detection method for Firefox expansion
CN102739675B (en) Website security detection method and device
CN102799830B (en) Improved SQL (Structured Query Language) injection flaw detection method
CN112929390A (en) Network intelligent monitoring method based on multi-strategy fusion
Wang et al. Research on web application security vulnerability scanning technology
Li et al. The application of fuzzing in web software security vulnerabilities test
Jonker et al. Shepherd: a generic approach to automating website login
CN113596114B (en) Extensible automatic Web vulnerability scanning system and method
Wang et al. A cost-effective ocr implementation to prevent phishing on mobile platforms
CN111967018A (en) Method for automatically detecting Tomcat known vulnerability
Kapodistria et al. An advanced web attack detection and prevention tool
Kollepalli et al. An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications.
van der Loo Comparison of penetration testing tools for web applications
CN118784369A (en) A network asset attack path prediction method, device, equipment and storage medium
Jithin et al. Secure-d: Framework for detecting and preventing attacks in sql and nosql databases
Zhang et al. An automated composite scanning tool with multiple vulnerabilities
Liang et al. Internet's Invisible Enemy: Detecting and Measuring Web Cache Poisoning in the Wild
Ye et al. A Tool Design for SQL injection vulnerability detection based on improved crawler
Potter et al. Clarity: Analysing security in web applications
Almi Web Server Security and Survey on Web Application Security
Kondracki et al. Smudged fingerprints: characterizing and improving the performance of web application fingerprinting
Selvamani et al. Protection of web applications from cross-site scripting attacks in browser side

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant