摘要
文章较全面地分析和总结了现有的Web漏洞挖掘技术及工具,以开源的Web漏洞扫描工具Paros Proxy为研究对象,对Paros Proxy的爬虫模块及检测模块进行深入研究和分析,进而对其进行改进。经测试,改进后的Paros爬虫模块支持JavaScript URLs的解析及爬行,可以提取到更多的网页链接,而改进后的检测模块,在漏洞检测性能及效率上也有明显提高。
This paper makes a comprehensive analysis and summary of the existing Web loophole mining technology and tools, to open source Web vulnerability scanning tool Paros Proxy as the research object, the Paros Proxy crawler module and a detection module for in-depth research and analysis, and its improvement. After the test, the improved Paros crawler module supports the JavaScript URLs analytical and crawling, can extract more webpage link, and the improved detection module, the vulnerability detection performance and efficiency can be improved significantly.
出处
《信息网络安全》
2011年第8期65-68,共4页
Netinfo Security
关键词
网络爬虫
漏洞检测
线程池
WEB应用
web spider
vulnerability detection
thread pool
web application