| 摘 要: 当下Web安全问题频发,很多Web网站代码设计时安全问题考虑不足,而市面上的漏洞扫描器存在扫描 速度慢、软件臃肿、可扩展性不强等问题,我们基于Python设计了一个Web漏洞扫描器,在参考其他同类产品设计的 基础上,采用注入分析、字典扫描等方法提高了扫描器性能,并增加了开放性的插件接口等一些实用且独特的功能。本 文介绍了其工作原理,具体实现及实验测试。 |
| 关键词: Web漏洞检测;扫描器设计;Python;插件 |
|
中图分类号: TP309
文献标识码: A
|
| 基金项目: 2019年第一批教育部产学合作协同育人项目(201901115006);教育部“新一代信息技术”产学研创新基金项目(2018A01003);2019年江苏省高等学校大学生创新创业 训练计划项目(201910333085H,201910333066Y). |
|
| A Python-based Web Vulnerability Scanner |
|
XU Guijiang,HUANG Yuanyuan,CHEN Zihao,YIN Xudong,QIAN Zhenjiang1,2,3,4,5
|
1.( College of Computer Science and Engineering, Changshu Institute of Technology, Changshu 215500, China) dream@dreamn.cn;2.673854844@qq.com;3.760391159@qq.com;4.xdyin@cslg.edu.cn;5.qianzj@cslg.edu.cn
|
| Abstract: The web security problems are frequent at present,and many website code designs do not have sufficient consideration for security problems.By contrast,the vulnerability scanners on the market have issues such as slow scanning speed,bloated designs,and poor scalability.Therefore,we designed a web vulnerability scanner based on Python,considering the designs of other similar products.This research used injection analysis,dictionary scanning,and other methods to improve scanner performance and added some practical and unique features like open plug-in interface.The working principle,specific implementation,and experimental testing are described. |
| Keywords: web vulnerability detection;scanner design;python;plug-in |
