摘要
渗透测试技术通过模拟真实的攻击来对网络系统进行全面的安全审查,并给出漏洞或不恰当配置的修复建议.作为整个渗透测试生命周期的第1阶段,信息搜集的任务是尽可能多地搜集到有关目标的详细信息,它在很大程度上决定了一次渗透测试的成功与否.分块研究了信息搜集阶段中所用到的各种方法与技术,利用Kali Linux中提供的工具进行了深入的实战操作,最后总结归纳了本阶段中常见的漏洞并提出了较为完善的防范措施.
Penetration test does a thorough security review for network system and gives the advice of vulnerability or inappropriate configuration by simulating real attacks. As the first stage of life cycle of penetration test, the task of information collection is to collect detailed information, which determines the success of a whole penetration test to a large extent. This paper studies the various methods and technology in the information gathering stage, puts the tools provided by Kali Linux into practice, summaries the common vulnerability in this stage and proposes a comprehensive preventive measure in the end.
出处
《信息安全研究》
2016年第3期211-219,共9页
Journal of Information Security Research
基金
国家自然科学基金项目(61370188)
关键词
渗透测试
信息搜集
Kali
LINUX
漏洞
防范措施
penetration test
information gathering
Kali Linux
vulnerability
preventive measure