摘要
本文采用渗透测试技术,设计并实现一个Web应用扫描器。扫描器通过爬虫获取结果,然后调用插件检测常见漏洞,能够进行目录文件爆破、CMS识别、端口扫描、爬虫、SQL注入检测、XSS漏洞检测等扫描,最终通过输出扫描报告达到一次完整的网站扫描。
This article penetration testing technology,design and implement a Web application scanner.The scanner obtains the result through the crawler,and then calls the plug-in to detect common vulnerabilities.It can perform directory file blasting,CMS identification,port scanning,crawler,SQL injection detection,XSS vulnerability detection,etc,and finally achieves a complete website scan through the output scan report.
作者
牛咏梅
NIU Yong-mei(Nanyang Institute of Technology, Nanyang 473004, China)
出处
《南阳理工学院学报》
2018年第6期66-69,共4页
Journal of Nanyang Institute of Technology
关键词
渗透测试
扫描器
爬虫
CMS识别
端口扫描
XSS漏洞检测
penetration testing
scanner
crawler
CMS identification
port scanning
XSS vulnerability detection