网络渗透测试综合实验平台技术研究与实现
发布时间:2018-11-26 11:58
【摘要】:网络渗透测试实验平台是网络安全实验教学环境的重要组成部分,是培养学生深入理解和掌握网络渗透测试技术的主要手段,对于提高学员的渗透测试实践能力具有重要意义。网络渗透测试包含信息搜集、网络扫描、渗透攻击等多个阶段,每个阶段涉及多种网络安全技术。复杂的渗透测试过程极大的增加了顺利开展网络安全实验教学的难度。在网络渗透测试教学实践中,已有的渗透测试工具只具有特定的渗透测试功能,集成化程度低,同时,漏洞信息搜集途径单一,人工依赖程度高,缺乏自动获取能力。渗透测试急需一种综合性的实验教学平台。针对网络渗透测试实验教学中漏洞信息更新不及时、渗透测试工具功能分散的问题,本文提出了一种网络渗透测试综合实验平台。该平台包括漏洞信息搜集爬虫系统和网络渗透测试集成处理系统,以用户友好性和集成可扩展性为设计目标,旨在建立一套灵活易用的综合性渗透测试教学实验平台。本文的主要工作包括以下几点:(1)针对网络安全教学过程中存在的问题和特殊性,通过大量的理论调研,总结了网络渗透测试综合实验平台的理论需求,提出了一个集成化的网络渗透测试综合实验平台设计思想,并给出了平台结构和应用技术的详细设计方案。(2)针对网络安全教学中网络渗透测试过程的复杂性问题,提出了一个导航式流程集成方法,实现了网络渗透测试流程的向导式操作和可视化展示,提供了一个功能强大、简洁实用的用户友好界面。(3)针对网络渗透测试工具功能覆盖面不全的问题,在详细分析了NMap和Nessue扫描功能特性及Metasploit渗透测试原理的基础上,提出了一个基于远程API的工具扩展方法,为网络渗透测试环境的工具集成提供支撑。(4)针对漏洞信息收集效率不高的问题,引入了基于主题爬虫的信息搜集技术,设计了一种基于主题爬虫的漏洞信息自动搜集系统,给出了系统的框架结构和运行流程,能够实现漏洞信息的即时更新。(5)通过UML建模分析,设计了测试平台的层次结构,阐述了各个模块及相关技术的实现细节,最后,实现了基于Django架构的实验平台原型系统。本文最后通过对实验平台原型系统进行功能测试。通过测试分析验证了该平台具有较好的可靠性和灵活扩展能力,能够有效解决渗透测试实验过程复杂、工具功能覆盖不全、漏洞信息搜索效率不高的问题,对实际教学实践应用有效,可为学生更好的学习和掌握网络渗透测试技术提供实验环境支持。
[Abstract]:The experimental platform of network penetration test is an important part of the network security experimental teaching environment and the main means to train students to understand and master the network penetration test technology deeply. It is of great significance to improve the students' practical ability of penetration testing. Network penetration testing includes information gathering, network scanning, penetration attack and so on. Each stage involves various network security technologies. The complicated process of penetration test greatly increases the difficulty of carrying out network security experiment teaching smoothly. In the teaching practice of network penetration testing, the existing penetration testing tools only have specific penetration testing functions, and the integration degree is low. At the same time, the way of collecting vulnerability information is single, the degree of artificial dependence is high, and the ability of automatic acquisition is lacking. Penetration testing is in urgent need of a comprehensive experimental teaching platform. In order to solve the problem that the loophole information is not up to date and the function of penetration testing tools is dispersed in the experiment teaching of network penetration testing, a comprehensive experimental platform for network penetration testing is proposed in this paper. The platform includes a vulnerability information gathering crawler system and a network penetration test integrated processing system. It aims at establishing a flexible and easy to use comprehensive penetration test teaching experimental platform with the goal of user friendliness and integrated scalability. The main work of this paper includes the following points: (1) in view of the problems and particularities in the teaching process of network security, through a large number of theoretical investigations, the theoretical requirements of the comprehensive experimental platform for network penetration testing are summarized. This paper puts forward a design idea of an integrated experimental platform for network penetration testing, and gives a detailed design scheme of the platform structure and application technology. (2) aiming at the complexity of network penetration testing process in network security teaching, A navigational process integration method is proposed, which realizes the guided operation and visual display of the network penetration testing process, and provides a powerful function. Simple and practical user friendly interface. (3) aiming at the problem of incomplete functional coverage of network penetration testing tools, the features of NMap and Nessue scanning functions and the principle of Metasploit penetration testing are analyzed in detail. A tool extension method based on remote API is proposed to support tool integration in network penetration testing environment. (4) Information gathering technology based on topic crawler is introduced to solve the problem of low efficiency of vulnerability information collection. A vulnerability information collection system based on topic crawler is designed, and the framework and running flow of the system are given. (5) through UML modeling and analysis, the hierarchical structure of the test platform is designed. The implementation details of each module and related technologies are described. Finally, the prototype system of experimental platform based on Django architecture is implemented. At the end of this paper, the function of the prototype system of the experimental platform is tested. The test results show that the platform has good reliability and flexible expansion ability, and can effectively solve the problems of complex process of penetration test, incomplete coverage of tool functions and low efficiency of vulnerability information search. It is effective to practical teaching practice and can provide experimental environment for students to learn better and master network penetration test technology.
【学位授予单位】:国防科学技术大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2358493
[Abstract]:The experimental platform of network penetration test is an important part of the network security experimental teaching environment and the main means to train students to understand and master the network penetration test technology deeply. It is of great significance to improve the students' practical ability of penetration testing. Network penetration testing includes information gathering, network scanning, penetration attack and so on. Each stage involves various network security technologies. The complicated process of penetration test greatly increases the difficulty of carrying out network security experiment teaching smoothly. In the teaching practice of network penetration testing, the existing penetration testing tools only have specific penetration testing functions, and the integration degree is low. At the same time, the way of collecting vulnerability information is single, the degree of artificial dependence is high, and the ability of automatic acquisition is lacking. Penetration testing is in urgent need of a comprehensive experimental teaching platform. In order to solve the problem that the loophole information is not up to date and the function of penetration testing tools is dispersed in the experiment teaching of network penetration testing, a comprehensive experimental platform for network penetration testing is proposed in this paper. The platform includes a vulnerability information gathering crawler system and a network penetration test integrated processing system. It aims at establishing a flexible and easy to use comprehensive penetration test teaching experimental platform with the goal of user friendliness and integrated scalability. The main work of this paper includes the following points: (1) in view of the problems and particularities in the teaching process of network security, through a large number of theoretical investigations, the theoretical requirements of the comprehensive experimental platform for network penetration testing are summarized. This paper puts forward a design idea of an integrated experimental platform for network penetration testing, and gives a detailed design scheme of the platform structure and application technology. (2) aiming at the complexity of network penetration testing process in network security teaching, A navigational process integration method is proposed, which realizes the guided operation and visual display of the network penetration testing process, and provides a powerful function. Simple and practical user friendly interface. (3) aiming at the problem of incomplete functional coverage of network penetration testing tools, the features of NMap and Nessue scanning functions and the principle of Metasploit penetration testing are analyzed in detail. A tool extension method based on remote API is proposed to support tool integration in network penetration testing environment. (4) Information gathering technology based on topic crawler is introduced to solve the problem of low efficiency of vulnerability information collection. A vulnerability information collection system based on topic crawler is designed, and the framework and running flow of the system are given. (5) through UML modeling and analysis, the hierarchical structure of the test platform is designed. The implementation details of each module and related technologies are described. Finally, the prototype system of experimental platform based on Django architecture is implemented. At the end of this paper, the function of the prototype system of the experimental platform is tested. The test results show that the platform has good reliability and flexible expansion ability, and can effectively solve the problems of complex process of penetration test, incomplete coverage of tool functions and low efficiency of vulnerability information search. It is effective to practical teaching practice and can provide experimental environment for students to learn better and master network penetration test technology.
【学位授予单位】:国防科学技术大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前1条
1 张勇,李力,薛倩;Web环境下SQL注入攻击的检测与防御[J];现代电子技术;2004年15期
,本文编号:2358493
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2358493.html
