CN-121984893-A - Lightweight penetration test capability fusion method and system for gateway-based Internet of things

Abstract

The invention relates to the technical field of network security, provides a lightweight penetration test capability fusion method and system for a gateway-based Internet of things, and aims to solve the problems that a traditional IT network penetration test platform cannot effectively perform lightweight and mobile near-source penetration test and network security detection on the gateway-based Internet of things due to functional redundancy, strong hardware dependence, limited compatibility and high resource expense. The invention adopts a four-layer architecture, wherein a Web interaction layer provides a graphical user interface, receives user operation instructions and displays results, a parameter checking and normalizing layer performs compliance checking and standardization processing on user input parameters, a penetration test service logic layer manages task flows, a scheduling module and data storage sharing, and a core functional layer encapsulates a penetration test tool through Shell scripts to realize calling. The system creates a file system isolation space in Android by utilizing Chroot technology, only contains a necessary Linux basic component and does not contain a complete Linux kernel, so that a core functional layer executes a Linux tool in the space, and light-weight mobile test is realized.

Inventors

• SHAO LIN
• LIU XIAOLEI
• GUO LIWEI
• Ding Kangyi
• ZHANG XIAOSONG

Assignees

• 电子科技大学

Dates

Publication Date

20260505

Application Date

20260203

Claims (8)

1. 1. A lightweight penetration testing capability fusion method for a gateway-based internet of things, the method being performed based on a four-layer architecture comprising: A Web interaction layer, which adopts a responsive Web UI framework to provide a graphical user interface of the adaptive multi-terminal device for a user, and is used for receiving an operation instruction of the user and displaying a penetration test result; And a parameter checking and normalizing layer for checking and verifying the legality of the penetration test parameters submitted by the user, and meanwhile, the checked parameters are connected in series into standard parameter character strings according to the key value pair format to provide a unified standard parameter format for the subsequent calling of the bottom penetration test tool: Analyzing the input parameters of the parameter checking and normalizing layer, calling the corresponding Shell script to execute the user selected penetration test operation according to the analysis result, and writing the penetration test process data into a database; the core functional layer consists of a series of Shell scripts, is used for packaging calling logic of various penetration test tools and writing back execution results of penetration test tasks through an I/O mechanism of an operating system; in addition, a standardized call interface is provided for the upper Web application, and interaction between the upper Web application and the bottom test tool is supported. The system creates an independent file system isolation space in the Android system through Chroot technology, wherein the file system isolation space only contains Linux base components necessary for penetration test so as to support a core functional layer to execute Linux penetration test tools in the isolation space. This configuration allows the system to run independent of the full Linux kernel, thus enabling lightweight mobile testing.
2. 2. The method of claim 1, wherein the Web interaction layer adopts a Bootstrap-based responsive Web design, defines interface components through XML configuration files, encapsulates interface elements such as a drop-down list, a table, a button and a text box, automatically adjusts layout according to the screen size of the terminal device, adapts to display requirements of a mobile phone, a tablet and a PC end, and supports Chrome, firefox, safari and other mainstream browsers.
3. 3. The method according to claim 1, wherein the parameter checking and normalizing layer is specifically configured to: Performing type-based validity check on target IP address, mac address, port range and dictionary file path parameters input by a user; Converting heterogeneous parameters required by different penetration test tools into a unified standard format; Checking whether SQL injection or cross-site script attack features exist in data input by a user; and combining the verified parameters in a key value mode to form a parameter character string which can be transferred to a service logic layer.
4. 4. The method of claim 1, wherein the penetration test business logic layer comprises: The lightweight SQLite database module is used for storing test task records, tool configuration information and test result data; The task scheduling module is used for calling corresponding tools according to a preset penetration test stage sequence, wherein the penetration test stage comprises target detection, vulnerability scanning, password cracking and result analysis; The data sharing module is used for automatically converting the output result of the tool at the previous stage into the input parameter of the tool at the next stage so as to realize the automatic connection of the test flow; and the file management module is used for managing the command execution result generated in the penetration test process and the acquired target equipment data file.
5. 5. The method of claim 1, wherein the core functional layer encapsulates the following functions through Shell scripts: a network detection function, namely calling a ping command to detect the reachability of a target host; a port scanning function, namely calling nmap a command to scan a designated port for a designated IP address range; The Web login password cracking function is that a hydro command is called to carry out dictionary attack on HTTP basic authentication and form authentication; Calling dirsearch a command to enumerate a directory structure of the Web server; invoking a hydra command to perform brute force cracking on SSH and Telnet services; And the Shell script adopts a function encapsulation mode, each function corresponds to one Shell function, the function parameters are transferred through the position parameters, and the function return values are captured through standard output.
6. 6. The method of claim 1, wherein a cross-platform tool compatibility mechanism based on Shell programming is adopted, and the specific implementation manner is as follows: Presetting corresponding Shell script adaptation versions for different operating system platforms, wherein the Shell script adaptation versions comprise a bash script of an Android platform and a PowerShell script of a Windows platform; determining a current operation platform through system environment variable detection, and automatically selecting a corresponding Shell script version; adopting unified function interface definition to shield the command line difference of tool call under different platforms; and uniformly writing the tool execution result into the temporary file under the/data/local/tmp directory by using a standard output redirection mechanism of the operating system.
7. 7. The method of claim 1, wherein employing a passive delay data processing technique comprises: closing a foreground real-time display function of the penetration test tool; writing the test data into a file system through an I/O redirection mechanism of an operating system; the analysis operation of the penetration test data is delayed until the user actively checks the test result; The system supporting software comprises a Web server, an SQLite database and a PHP execution environment.
8. 8. A lightweight penetration testing capability fusion system for the internet of things, wherein a processor implements the method of any of claims 1-7 when running the system.

Description

Lightweight penetration test capability fusion method and system for gateway-based Internet of things Technical Field The invention relates to the technical field of network security, and provides a lightweight penetration test capability fusion method and system for a gateway-based Internet of things. Background In the technical field of the Internet of things, the penetration test is used as a core means of information system security detection, so that security holes can be effectively found, but a special penetration test platform aiming at the related base Internet of things is lacking, and the conventional test work mainly depends on a traditional IT network penetration test tool. (II) the closest technical proposal to the application in the prior art The current mainstream penetration test platforms can be divided into two types, one is a penetration test system platform (such as Kali Linux, parrot Security, kali Nethunter, andrax, etc.), and the other is a penetration test tool platform (such as Metasploit, cobalt Strike, routerSploit, yakit, etc.), and the core technical scheme is as follows: 1. The scattered tool integration scheme based on the operating system is represented by Kali Linux and Parrot Security, a large number of penetration test tools are integrated by taking Debian Linux as a bottom operating system through a binary or source code compiling mode, the essence is that a tool box with the operating system is required to run in a PC end or a virtual machine environment, and versions (such as Kali Nethunter and Andrax) of a part of support ARM architecture can be adapted to Android equipment, but can only run on an Android Linux kernel by means of a virtualization technology. 2. The capability integration scheme based on the self-defined framework is represented by Metasploit and Cobalt Strike, realizes the penetration test flow management by combining a self-developed software framework with a database technology, python, ruby and other script languages, supports multiple frameworks such as Intel, ARM and the like, but lacks the capability of integrating scattered tools, has low code multiplexing rate and mainly depends on PC end operation. 3. The capability integration scheme based on the self-grinding programming language is represented by Yakit, the existing functional source codes are multiplexed based on the self-grinding Yak language, compiled into a dynamic link library for calling, and a multi-architecture and multi-operating system is supported, but the compatibility to a third party tool is limited. 4. The special scheme of the embedded equipment is represented by RouterSploit, is developed based on Python, is designed aiming at the embedded equipment such as a router and the like, supports various terminals, has single function and only covers part of penetration test scenes. The core functions of the platform are designed around basic penetration test requirements such as network detection, port scanning, password cracking and the like, and the platform is operated through Command Line Interaction (CLI) or a simple graphical interface, and is supported by a specific operating system and hardware environment. (III) disadvantages of the prior art 1. The system has the advantages that the existing platform is designed based on the traditional IT network penetration test requirements, the functions are comprehensive, but the application scene of the base Internet of things cannot be focused, most functions are useless in the safety monitoring of the Internet of things terminal, and the problems of resource waste and the like exist. 2. The hardware dependence and mobility are insufficient, namely, only 4 mobile intelligent terminals such as compatible mobile phones in the main stream penetration test platform are required to run by a PC or a virtual machine (such as Kali Linux and Parrot Security), the mobility requirement of the near-source penetration test of the base Internet of things cannot be met, the power supply mode is dependent on a fixed power supply, and the problems that the equipment is insufficient in endurance and can not supply power for the equipment exist during outdoor operation. 3. The interactivity and usability are poor, most platforms adopt Command Line Interfaces (CLI), even if Kali Nethunter and Andrax supporting Android mobile equipment lack friendly graphical interaction, the mobile intelligent terminal has low operation efficiency and high user learning cost. 4. The compatibility is limited, the bottom operating system is mostly based on Linux, lacks deep support for mobile operating systems such as Android and iOS, and has weak heterogeneous compatibility for third-party network security tools. 5. The resource expense is high, the traditional platform processes the penetration test data and the execution result in real time, the background continuously runs the monitoring process, the energy consumption is too high on the mobile intelligent termina