The Research And Implementation Of WEB Application Vulnerability Scanner Based On Penetration Technology

With the increase in the number of Web sites,the number of vulnerabilities in Web applications is also increasing.Attackers can steal sensitive information through Web application vulnerabilities,steal user accounts,and even obtain administrator privileges,which seriously threatens Web application security.Vulnerability scanning technology is a kind of testing technology that network administrators simulate the behavior of attackers with scanning tools and simulate attacks on websites.The application of vulnerability scanning technology can detect defects in the website and repair it in time,which improves the security of the website to some extent.This paper researches the key technologies in Web security testing.With reference to OWASP TOP 10,a detailed analysis is made of the classification,causes,and hazards of common Web application vulnerabilities.Based on this,a lightweight,multi-functional web application vulnerability scanner was implemented.The main results of the paper are as follows:1.Based on the analysis and research of commonly used vulnerability scanning technology,the overall structure of the Web Application Vulnerability Scanner is designed.The structure of the scanner is mainly divided into two parts: the main module and the plug-in module.The main module is used for information collection in penetration test technology.The main functions include CDN detection,port scanning,web application fingerprint identification,and site directory crawling.The scanning plug-in module is used to detect different Web vulnerabilities,mainly including SQL injection vulnerability detection,cross-site scripting detection,Webshell password blasting,backup file scanning,and email address scanning.2.According to the structure design of the Web Application Vulnerability Scanner,the functions of various modules and plug-ins are implemented.The paper describes the functions and implementation methods of each module in detail.Refers to the detection method in the penetration testing technology,the key algorithm is given.The Web Application Vulnerability Scanner are developed using Python,which is a cross-platform language,and makes the scanner can be run on multiple operating systems,improved the scanner's portability.3.The scan features of the Web Application Vulnerability Scanner was evaluated.First,the scan features of the Web application vulnerability scanner was validated using the domestic vulnerability shooting gallery Webug 3.0;secondly,in practical project applications,the vulnerability scanning work of a school site in Huangpu District of Shanghai was performed.Four SQL injection vulnerabilities,12 cross-site scripting attacks and 3 email address were found,indicating that the scanner has a certain practical value.In summary,the Web Application Vulnerability Scanner designed in this paper can help penetration tester with the testing work,quickly finds loopholes in the website at a relatively low cost,and brings security to the website.Search for vulnerabilities in websites quickly and at a low cost,and provide security for websites.