信息安全研究 ›› 2016, Vol. 2 ›› Issue (3): 211-219.

• 学术论文 • 上一篇    下一篇

渗透测试之信息搜集的研究与漏洞防范

张明舵   

  1. 北京电子科技学院
  • 收稿日期:2016-03-15 出版日期:2016-03-15 发布日期:2016-03-16
  • 通讯作者: 张明舵
  • 作者简介:硕士研究生,主要研究方向为渗透测试、信息安全.

Research and Vulnerability Prevention of Information Gathering in Penetration Test

  • Received:2016-03-15 Online:2016-03-15 Published:2016-03-16

摘要: 渗透测试技术通过模拟真实的攻击来对网络系统进行全面的安全审查,并给出漏洞或不恰当配置的修复建议.作为整个渗透测试生命周期的第1阶段,信息搜集的任务是尽可能多地搜集到有关目标的详细信息,它在很大程度上决定了一次渗透测试的成功与否.分块研究了信息搜集阶段中所用到的各种方法与技术,利用Kali Linux中提供的工具进行了深入的实战操作,最后总结归纳了本阶段中常见的漏洞并提出了较为完善的防范措施.

关键词: 渗透测试, 信息搜集, Kali Linux, 漏洞, 防范措施

Abstract: Penetration test does a thorough security review for network system and gives the advice of vulnerability or inappropriate configuration by simulating real attacks. As the first stage of life cycle of penetration test, the task of information collection is to collect detailed information, which determines the success of a whole penetration test to a large extent. This paper studies the various methods and technology in the information gathering stage, puts the tools provided by Kali Linux into practice, summaries the common vulnerability in this stage and proposes a comprehensive preventive measure in the end.Key wordspenetration test; information gathering; Kali Linux; vulnerability; preventive measure

Key words: penetration test, information gathering, Kali Linux, vulnerability, preventive measure