A Workflow-Based Information Detection and Penetration Testing Method

A technology of penetration testing and workflow, applied in the field of workflow-based information detection and penetration testing, it can solve the problems of large-scale network segments and URL information detection and penetration testing difficulties, and achieve the effect of improving efficiency

Active Publication Date: 2022-07-29
北方实验室(沈阳)股份有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The technical problem to be solved by the present invention is to provide a workflow-based information investigation and penetration testing method for the above-mentioned deficiencies in the prior art, and to automatically complete the detection and penetration of all tasks through a workflow, and to solve the problem of large-scale network segments and URL Information Reconnaissance and Penetration Testing Difficulties

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Workflow-Based Information Detection and Penetration Testing Method
  • A Workflow-Based Information Detection and Penetration Testing Method
  • A Workflow-Based Information Detection and Penetration Testing Method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The specific embodiments of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments. The following examples are intended to illustrate the present invention, but not to limit the scope of the present invention.

[0032] In this embodiment, a workflow-based information detection and penetration testing method is based on figure 1 The shown workflow implements detection, filtering, and deduplication of the domain name, IP, IP port, URL, and fingerprint of the test target, as well as known vulnerabilities, weak password vulnerabilities, deserialization vulnerabilities, injection vulnerabilities, unauthorized vulnerabilities, and overflow vulnerabilities. Conduct information reconnaissance and penetration testing.

[0033] The workflow includes a test target input, an information investigation pipeline and a penetration test pipeline; the test target input is used to input assets of the test target, and th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for information investigation and penetration testing based on workflow, and relates to the technical field of computer software information. Based on the workflow, the method realizes the detection, filtering and de-duplication of the domain name, IP, IP port, URL and fingerprint of the test target through the information detection pipeline and the penetration test pipeline, and conducts information detection and penetration testing for various vulnerabilities. The information detection pipeline is used to detect the information of the input target. Through the input IP and URL, the IP, URL, port and fingerprint information are obtained and stored based on multiple plug-ins, which are used for the penetration test pipeline call; the penetration test pipeline is connected with the information detection pipeline. , based on different multiple plug-ins, use the IP, URL, port and fingerprint obtained by the reconnaissance pipeline to perform penetration testing on various vulnerabilities, store the tested vulnerability information and output the test report at the same time. The method can detect and collect the information of the test target in a short time, and automatically carry out the vulnerability penetration, which improves the efficiency of the penetration test.

Description

technical field [0001] The invention relates to the technical field of computer software information, in particular to a method for information investigation and penetration testing based on workflow. Background technique [0002] Penetration testing is an important software testing work. Penetration testers need to use relevant tools and software for testing, but most of the tools used by penetration testers are scattered and unsystematic. Need to use multiple tools at the same time, which will not only take up a lot of computer resources, but also the efficiency of penetration testing is not high. [0003] "An automated penetration testing framework" with the application number "CN202010493526.3" realizes the evolution of penetration testing work towards automation, standardization and actual combat. Through the combination of workflows, pipelines and plug-ins, the automated execution of penetration testing is realized, making it possible to carry out automated penetratio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/36G06F21/57
CPCG06F11/3688G06F21/577
Inventor 刘文志李开李海涛
Owner 北方实验室(沈阳)股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap