基于网络爬虫的Web安全扫描工具的研究
首发时间:2017-09-22
摘要:本文采用自适应窗口爬取策略,基于入口URL对Web网页进行爬取。在注入点的寻找上,设计了具有更强的通配性的URL匹配模式,有效的改进了在URL重写模式下很多检测工具无法检测出漏洞的问题;并且增加了对Cookie和Session的支持。扫描器对可能的注入点,构造有针对性的攻击测试,实施模拟攻击,一旦发现包含特定漏洞的页面,扫描器会将该漏洞的详细信息保存下来,并呈现在报表中,最后自动形成对目标站点的检测报告。
关键词: 爬取、注入点、URL匹配、漏洞
For information in English, please click here
Research of Web Security Scanning Tool Based on Web Crawler
Abstract:Adaptive window crawling strategy is used to crawl Web pages based on the entry URL. In the search point of the injection point, we designed a URL matching pattern with stronger passability, which effectively improved the problem that many detection tools could not detect the vulnerabilities in URL rewriting mode, and added support for cookies and sessions. For the possible injection point, scanner constructs a targeted attack test, implements simulation attacks, once found that contains a specific vulnerability page, the scanner saves the details of the vulnerability and presents them in the test report.The test report of the target site is automatically formed finally.
Keywords: crawling, injection point, URL match, vulnerability
基金:
引用
No.****
同行评议
共计0人参与
勘误表
基于网络爬虫的Web安全扫描工具的研究
评论
全部评论0/1000