CN119728215B

CN119728215B - Intranet asset vulnerability scanning method, electronic device, storage medium and program product

Info

Publication number: CN119728215B
Application number: CN202411849574.6A
Authority: CN
Inventors: 邢彦龙; 肖国颖
Original assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Current assignee: Beijing Topsec Technology Co Ltd; Beijing Topsec Network Security Technology Co Ltd; Beijing Topsec Software Co Ltd
Priority date: 2024-12-16
Filing date: 2024-12-16
Publication date: 2025-10-24
Anticipated expiration: 2044-12-16
Also published as: CN119728215A

Abstract

The application provides an intranet asset vulnerability scanning method, electronic equipment, a storage medium and a program product. The method comprises the steps of receiving a vulnerability scanning request, wherein the vulnerability scanning request comprises asset information to be scanned, assets corresponding to the asset information to be scanned are intranet assets, determining an access terminal based on the asset information to be scanned, enabling the access terminal to be used for realizing communication connection between a cloud service platform and the intranet, determining a vulnerability scanner on the cloud service platform according to the access terminal, and sending vulnerability scanning flow to the access terminal through the vulnerability scanner so that the access terminal can forward the vulnerability scanning flow to the assets corresponding to the asset information to be scanned, and accordingly vulnerability scanning of the assets can be achieved. According to the embodiment of the application, the communication channel between the cloud service platform and the intranet asset is opened through the access terminal, so that the aim of carrying out vulnerability scanning on the intranet asset by utilizing the vulnerability scanner on the cloud service platform is fulfilled.

Description

Intranet asset vulnerability scanning method, electronic device, storage medium and program product

Technical Field

The application relates to the technical field of computer security, in particular to an intranet asset vulnerability scanning method, electronic equipment, a storage medium and a program product.

Background

Along with the increasing demands of enterprises for digital transformation, cloud services meet the demands of the enterprises for efficient and convenient services with the advantages of flexibility, expandability, cost effectiveness and the like. Based on the development of the cloud service industry, a cloud service business model is becoming a mainstream trend of the security service industry.

However, due to the specificity of the security industry, such as the vulnerability scanning service of the intranet, the pure cloud solution is limited to the network environment, and cannot provide the vulnerability scanning service.

Disclosure of Invention

The embodiment of the application aims to provide an intranet asset vulnerability scanning method, electronic equipment, a storage medium and a program product, which are used for scanning vulnerabilities of intranet assets through a vulnerability scanning device on a cloud service platform.

In a first aspect, an embodiment of the present application provides an intranet asset vulnerability scanning method, which is applied to a cloud service platform, and the method includes:

The method comprises the steps of receiving a vulnerability scanning request, wherein the vulnerability scanning request comprises asset information to be scanned, and the asset corresponding to the asset information to be scanned is an intranet asset;

Determining an access terminal based on the asset information to be scanned, wherein the access terminal is used for realizing communication connection between the cloud service platform and an intranet;

Determining a vulnerability scanner on a cloud service platform according to an access terminal;

And sending the vulnerability scanning flow to the access terminal through the vulnerability scanner, so that the access terminal forwards the vulnerability scanning flow to the asset corresponding to the asset information to be scanned, and vulnerability scanning of the asset is realized.

According to the embodiment of the application, the communication channel between the cloud service platform and the intranet asset is opened through the access terminal, so that the aim of carrying out vulnerability scanning on the intranet asset by utilizing the vulnerability scanner on the cloud service platform is fulfilled.

In any embodiment, the method further comprises:

Receiving a registration request sent by a terminal to be entered, wherein the registration request comprises an access code;

Verifying the access code, opening a locks 5 proxy channel under the condition that verification is passed, and opening the authority of the theme of the MQTT release/subscription of the server-side locks 5 proxy in the cloud service platform and the terminal to be accessed so as to realize the communication between the server-side locks 5 proxy and the terminal to be accessed through the MQTT protocol;

Receiving registration completion information of a terminal to be input, wherein the registration completion information comprises basic information of the terminal to be input and address information of a server socks 5 proxy corresponding to the terminal to be input;

And storing the registration completion information.

According to the embodiment of the application, the communication protocol between the access terminal and the cloud service platform is standardized through the MQTT protocol, and the flow between the access terminal and the cloud service platform is encrypted and forwarded by adopting the socks5 proxy, so that the security in the vulnerability scanning process is improved.

In any embodiment, sending, by the vulnerability scanner, vulnerability scanning traffic to the access terminal, so that the access terminal forwards the vulnerability scanning traffic to an asset corresponding to the asset information to be scanned, including:

The vulnerability scanner sends vulnerability scanning flow to the access terminal through the server-side socks5 proxy based on the MQTT protocol, so that the access terminal subscribes to the vulnerability scanning flow through the MQTT and forwards the vulnerability scanning flow to the client-side socks5 proxy, and the client-side socks5 proxy forwards the vulnerability scanning flow to the asset corresponding to the asset information to be scanned.

In any embodiment, the method further comprises:

And receiving heartbeat information sent by the access terminal with successful registration.

According to the embodiment of the application, the heartbeat information is sent to the cloud service platform at regular time through the access terminals, so that the cloud service platform can acquire which access terminals are in a normal working state, and can select the access terminals in the normal working state when carrying out vulnerability scanning, thereby improving the stability of vulnerability scanning.

In any embodiment, determining an access terminal based on asset information to be scanned includes:

Based on the received heartbeat information, one of the terminals in an online state is selected as an access terminal.

The embodiment of the application determines the online access terminal through the heartbeat information, and can select the access terminal in a normal working state when carrying out vulnerability scanning, thereby improving the stability of vulnerability scanning.

In any embodiment, the method further comprises:

acquiring vulnerability scanner resources and terminal information of a terminal to be bound on a cloud service platform;

receiving a target vulnerability scanner selected from vulnerability scanner resources;

and associating and storing the target vulnerability scanner with the terminal information.

According to the embodiment of the application, the terminal and the vulnerability scanner are bound in advance, and after the access terminal is determined, the vulnerability scanner for carrying out vulnerability scanning on the intranet asset can be rapidly determined.

In any embodiment, determining a vulnerability scanner on a cloud service platform from an access terminal comprises:

and determining a vulnerability scanner with a binding relation with the access terminal from a pre-stored binding relation table.

The embodiment of the application can conveniently and quickly determine the vulnerability scanner through the prestored binding relation table.

In a second aspect, an embodiment of the present application provides an intranet asset vulnerability scanning method, applied to an access terminal, where the access terminal and an intranet asset to be scanned are in the same local area network, and the method includes:

The method comprises the steps of receiving vulnerability scanning flow sent by a cloud service platform through a vulnerability scanner, determining by an access terminal for the cloud service platform based on a received vulnerability scanning request, wherein the vulnerability scanner and the access terminal have a binding relationship;

sending vulnerability scanning flow to the intranet assets to be scanned so as to realize vulnerability scanning of the intranet assets to be scanned;

and receiving response information returned by the intranet asset to be scanned, and sending the response information to the vulnerability scanner.

In any embodiment, the method further comprises:

Sending a registration request to a cloud service platform, wherein the registration request comprises an admission code, so that the cloud service platform starts a socks 5 proxy channel after passing verification based on the admission code, and starts the authority of a theme of MQTT release/subscription of a to-be-input terminal and a service end socks 5 proxy in the cloud service platform, so that the communication between the service end socks 5 proxy and the to-be-input terminal is realized through an MQTT protocol;

after registration is completed, registration completion information is sent to the cloud service platform, wherein the registration completion information comprises basic information of a terminal to be input and address information of a server-side socks5 proxy corresponding to the terminal to be input, so that the cloud service platform stores the registration completion information;

And receiving information of successful admittance sent by the cloud service platform.

In any embodiment, receiving vulnerability scanning traffic sent by a cloud service platform through a vulnerability scanner includes:

Receiving vulnerability scanning flow sent by a vulnerability scanner through a client-side socks 5 proxy based on an MQTT protocol;

Sending vulnerability scanning traffic to an intranet asset to be scanned, comprising:

And sending vulnerability scanning flow to the intranet assets to be scanned through the client-side socks 5 proxy.

In any embodiment, the access terminal is a lightweight access terminal.

According to the embodiment of the application, the communication channel between the cloud service platform and the intranet asset is opened through the lightweight access terminal, so that the user cost is reduced and the service experience is improved.

In a third aspect, an embodiment of the present application provides an intranet asset vulnerability scanning device, applied to a cloud service platform, where the device includes:

The system comprises a request receiving module, a vulnerability scanning module and a vulnerability scanning module, wherein the request receiving module is used for receiving a vulnerability scanning request, the vulnerability scanning request comprises asset information to be scanned, and an asset corresponding to the asset information to be scanned is an intranet asset;

the terminal determining module is used for determining an access terminal based on the asset information to be scanned, wherein the access terminal is used for realizing communication connection between the cloud service platform and an intranet;

the scanner determining module is used for determining a vulnerability scanner on the cloud service platform according to the access terminal;

And the flow sending module is used for sending the vulnerability scanning flow to the access terminal through the vulnerability scanner so that the access terminal forwards the vulnerability scanning flow to the asset corresponding to the asset information to be scanned, and thereby vulnerability scanning of the asset is realized.

In a fourth aspect, an embodiment of the present application provides another intranet asset vulnerability scanning device, which is applied to an access terminal, where the access terminal and an intranet asset to be scanned are in the same local area network, and the device includes:

The system comprises a traffic receiving module, an access terminal, a vulnerability scanning module and a vulnerability scanning module, wherein the traffic receiving module is used for receiving vulnerability scanning traffic sent by a cloud service platform through a vulnerability scanner;

The flow forwarding module is used for sending vulnerability scanning flow to the intranet assets to be scanned so as to realize vulnerability scanning of the intranet assets to be scanned;

And the response information receiving module is used for receiving response information returned by the intranet asset to be scanned and sending the response information to the vulnerability scanner.

In a fifth aspect, an embodiment of the present application provides an electronic device comprising a processor, a memory, and a bus, wherein,

The processor and the memory complete communication with each other through the bus;

The memory stores program instructions executable by the processor, the processor invoking the program instructions to enable the method of the first or second aspect to be performed.

In a sixth aspect, embodiments of the present application provide a non-transitory computer readable storage medium comprising:

The non-transitory computer readable storage medium stores computer instructions that cause the computer to perform the method of the first or second aspect.

In a seventh aspect, embodiments of the present application provide a computer program product comprising computer program instructions which, when read and executed by a processor, perform the method of the first or second aspect.

In an eighth aspect, the embodiment of the application provides an intranet asset vulnerability scanning system, which comprises a cloud service platform and an access terminal, wherein the cloud service platform is in communication connection with the access terminal;

the cloud service platform is used for executing the method of the first aspect;

The access terminal is configured to perform the method of the second aspect.

Additional features and advantages of the application will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the embodiments of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic flow chart of an intranet asset vulnerability scanning method provided by an embodiment of the present application;

Fig. 2 is a schematic flow chart of an access terminal accessing to a cloud service platform according to an embodiment of the present application;

fig. 3 is a schematic diagram of forwarding vulnerability scanning traffic according to an embodiment of the present application;

fig. 4 is a schematic diagram of a binding method between an access terminal and a vulnerability scanner according to an embodiment of the present application;

FIG. 5 is a flowchart illustrating another method for scanning vulnerabilities of intranet assets according to an embodiment of the present application;

FIG. 6 is a flowchart illustrating another method for scanning vulnerabilities of intranet assets according to an embodiment of the present application;

fig. 7 is a schematic flow chart of an intranet asset vulnerability scanning method under a specific scenario provided by the embodiment of the present application;

fig. 8 is a schematic structural diagram of an intranet asset vulnerability scanning device according to an embodiment of the present application;

Fig. 9 is a schematic structural diagram of another intranet asset vulnerability scanning device according to an embodiment of the present application;

Fig. 10 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present application.

Detailed Description

Embodiments of the technical scheme of the present application will be described in detail below with reference to the accompanying drawings. The following examples are only for more clearly illustrating the technical aspects of the present application, and thus are merely examples, and are not intended to limit the scope of the present application.

Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs, the terms used herein are for the purpose of describing particular embodiments only and are not intended to be limiting of the application, and the terms "comprising" and "having" and any variations thereof in the description of the application and the claims and the above description of the drawings are intended to cover non-exclusive inclusions.

In the description of embodiments of the present application, the technical terms "first," "second," and the like are used merely to distinguish between different objects and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated, a particular order or a primary or secondary relationship. In the description of the embodiments of the present application, the meaning of "plurality" is two or more unless explicitly defined otherwise.

Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.

In the description of the embodiment of the present application, the term "and/or" is merely an association relationship describing the association object, and indicates that three relationships may exist, for example, a and/or B, and may indicate that a exists alone, while a and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.

In the description of the embodiments of the present application, the term "plurality" means two or more (including two), and similarly, "plural sets" means two or more (including two), and "plural sheets" means two or more (including two).

In the description of the embodiments of the present application, unless explicitly specified and limited otherwise, the terms "mounted," "connected," "fixed" and the like are to be construed broadly and include, for example, fixed connection, detachable connection, or integral therewith, mechanical connection, electrical connection, direct connection, indirect connection via an intermediary, communication between two elements, or interaction between two elements. The specific meaning of the above terms in the embodiments of the present application will be understood by those of ordinary skill in the art according to specific circumstances.

To facilitate an understanding of the aspects of the application, the description will now be made with respect to the relevant terms involved:

the MQTT protocol (Message Queuing Telemetry Transport, message queue telemetry transport protocol) is a "lightweight" message protocol based on the publish/subscribe paradigm, which builds on the TCP/IP protocol.

The working principle of the MQTT protocol is based on a publish/subscribe model, where devices (clients) publish data to specific topics (topics) and other devices (servers) can subscribe to these topics to receive the data. Three key roles in the MQTT protocol include:

The publisher (Publisher) is responsible for publishing messages to a particular Topic.

Subscribers (subscribers) receive messages by subscribing to a particular Topic.

A Broker (Broker) is located between the publishers and subscribers and is responsible for receiving messages from the publishers and forwarding the messages to the corresponding subscribers based on their subscription information.

Access specification, namely, realizing the specification of terminal equipment access to the cloud based on an MQTT protocol, describing a transmission data format, an MQTT Topic specification and the like;

The proxy specification realizes the Socks 5 proxy specification based on the MQTT protocol, describes the transmission data format, the MQTT Topic specification and the like;

The cloud service platform is an online service platform for providing security service capability and has the characteristics of super large scale, high reliability, universality and the like. And a vulnerability scanning resource pool is arranged in the cloud service platform.

And the vulnerability scanning resource pool is formed by a plurality of vulnerability scanners and is positioned at the cloud end, so that comprehensive scanning capability can be provided, and different types of security vulnerability detection can be covered to improve the overall security protection level.

The vulnerability scanning resource group can be formed by selecting a plurality of vulnerability scanners from a vulnerability scanning resource pool.

The security tool is used for automatically detecting security holes in a computer system, a network or Web application, helping a user identify and repair potential security threats, and the scanner needs to support a Socks 5 agent.

The lightweight leaky-scan terminal has the main functions of establishing a secure communication channel between a cloud and an intranet asset, realizing encrypted transmission of data through a Socks 5 proxy function, guaranteeing communication security and not directly having scanning capability.

The Socks 5 (Socket Secure version) proxy is a protocol for processing data traffic by a proxy server through which internet traffic is routed. The proxy server generates a random IP address before reaching the destination, acts as an intermediary between the client and the server, and forwards the request of the client to the server on the Internet, thereby realizing the relay transmission of the data. In this process, the user's real IP address is hidden, enhancing privacy protection.

In view of the safety of intranet assets, the cloud service platform can only perform vulnerability scanning on the assets on the public network generally, but cannot perform vulnerability scanning on the intranet assets. Aiming at the problem, the embodiment of the application provides an intranet asset vulnerability scanning method, which opens a communication channel between a cloud service platform and intranet assets through an access terminal which is positioned in the same local area network with the intranet, thereby realizing vulnerability scanning of the intranet assets by using the cloud service platform.

Fig. 1 is a schematic flow chart of an intranet asset vulnerability scanning method provided by an embodiment of the application, and as shown in fig. 1, the method is applied to a cloud service platform. The cloud service platform is an internet-based computing service, and helps enterprises and individuals quickly build, deploy and manage application programs and data by providing infrastructure and services such as computing, storage, networks and the like. The embodiment of the application can provide network resources, storage resources, computing resources, vulnerability scanning resources and the like for clients based on the SaaS cloud service mode. The client only needs to access the application program through the network, and does not need to install and maintain the software locally. It should be noted that the embodiments of the present application may also be applied to other types of cloud service platforms, such as IaaS, paaS, etc.

The method comprises the following steps:

And 101, receiving a vulnerability scanning request.

The vulnerability scanning request includes asset information to be scanned, wherein the asset corresponding to the asset information to be scanned is an intranet asset, and the asset information to be scanned is used for indicating which intranet asset is to be scanned by the cloud service platform, for example, the intranet asset can be a web address, or can be an IP address or MAC address of a host, etc. The user can log in the cloud service platform, the asset information to be scanned is logged in vulnerability scanning task management of the cloud service platform, and then the cloud service platform generates a vulnerability scanning request for the asset information.

And 102, determining an access terminal based on the asset information to be scanned, wherein the access terminal is used for realizing communication connection between the cloud service platform and the intranet.

The access terminal is accessed into the intranet and is in the same local area network as the asset to be scanned. The access terminal may be a common terminal, such as a PC, a notebook, a tablet, a wearable device, etc., or may be a lightweight terminal, such as a usb disk, or may even be an executable file. If the file is an executable file, the file can be run on one of the servers or the host computers in the intranet. The lightweight terminal realizes the Socks 5 agent according to the communication access specification of the cloud service platform, and the specific protocol specification is introduced in the terminal access sub-flow. The lightweight terminal can be a pluggable USB flash disk or an executable file, the size of the terminal is controlled as much as possible, the terminal can be realized by languages such as python, go and the like, the terminal itself does not have scanning capability, but a safe and reliable SOcks 5 agent channel realized based on an MQTT protocol is maintained, and the channel is used for forwarding a vulnerability scanning request of a cloud scanner by an agent, so that the cloud and intranet partition is broken.

Because there may be a plurality of access terminals connected to the intranet, and the access terminals may be removed from the intranet at any time, after receiving the vulnerability scanning request, the cloud service platform determines the intranet corresponding to the asset to be scanned, and obtains the access terminal in the intranet in an online state. If there are multiple access terminals in presence, any one of them may be selected.

It should be noted that the access terminal is a cloud service platform that performs security check on it in advance, and registration is completed. The access terminal which completes registration through the security checksum can communicate with the cloud service platform, receive data from the cloud service platform and forward the data to the intranet, and can also forward the data of the intranet to the cloud service platform.

Step 103, determining a vulnerability scanner on the cloud service platform according to the access terminal.

In a specific implementation process, the vulnerability scanner resource pool is a vulnerability scanner aggregate constructed by the cloud, and vulnerability scanning service is provided for users by utilizing the resource pool.

The vulnerability scanner may be a single vulnerability scanner in the vulnerability scanning resource pool, or may be one of the vulnerability scanners in the vulnerability scanning resource group in the vulnerability scanning resource pool. Each access terminal can be bound with a vulnerability scanner or a vulnerability scanning resource group in the cloud service platform in advance, and after the access terminal is determined, the vulnerability scanner for performing vulnerability scanning on the intranet assets can be positioned according to the binding relation.

The cloud service platform may also temporarily allocate a vulnerability scanner for the access terminal after the vulnerability scanning request is received and after the access terminal is determined, and bind the allocated vulnerability scanner with the access terminal. In assigning vulnerability scanners, selection may be based on the type of vulnerability to be scanned, the scanning load of the vulnerability scanner, etc. After the scanning of the intranet assets is completed, the binding relation between the access terminal and the vulnerability scanner can be released.

Step 104, sending the vulnerability scanning flow to the access terminal through the vulnerability scanner, so that the access terminal forwards the vulnerability scanning flow to the asset corresponding to the asset information to be scanned, and vulnerability scanning of the asset is achieved.

After the vulnerability scanner is determined, the vulnerability scanner sends the vulnerability scanning flow to the access terminal, and the access terminal forwards the vulnerability scanning flow to the corresponding intranet asset after receiving the vulnerability scanning flow so as to realize vulnerability scanning of the intranet asset.

In the embodiment of the application, the access terminal opens the communication channel between the cloud service platform and the intranet asset, so that the aim of carrying out vulnerability scanning on the intranet asset by utilizing the vulnerability scanner on the cloud service platform is fulfilled.

On the basis of the embodiment, the method further comprises:

And storing the registration completion information.

Wherein, the MQTT protocol is constrained as follows:

1. The MQTT needs to be encrypted by adopting a TLS/SSL security protocol, and network communication is protected from eavesdropping and tampering by using an encryption algorithm, so that the security of data transmission is ensured;

2. The certificate is used for realizing the two-way authentication of the client and the server, guaranteeing the credibility of the terminal, and both sides have a pair of public key and private key. When a connection is established, both parties exchange certificates and verify the certificates of the other party to ensure that both parties in the communication are authenticated trusted entities.

3. The data transmission service quality is Qos2, so that the reliability of data transmission is ensured, qos2 is the service quality of MQTT protocol specification, and 2 is the best level, so that the success of data release is ensured.

4. The MQTT channel transmission data is transmitted by adopting Protocol Buffers (v 3) data format, so that the transmission quantity is effectively reduced (90% compared with json and binary space after serialization), and the structural platform independence is applicable.

Fig. 2 is a schematic flow chart of an access terminal accessing to a cloud service platform according to an embodiment of the present application, where, as shown in fig. 2, the flow chart includes:

step 201, initializing a terminal and starting a socks5 proxy service;

Step 202, a terminal initiates a registration request, after the terminal to be input finishes initialization, a lightweight executable program which can be realized by adopting Python or Go language and the like is adopted, a user applies for a terminal access code (namely authentication information) on a cloud service platform, the terminal access code has a valid period and is bound with user information (by using the work number and the like of the user), the terminal to be input carries the authentication information and acquired basic information (terminal type, mac address, server type, terminal unique code and the like) of a server where the terminal to be input is located, the terminal unique code is distinguishing that the terminal is not repeated), initiates the registration request to the cloud service platform through an MQTT protocol, and local Socks 5 proxy service is started.

Step 203, the cloud service platform performs access authentication, after the registration request arrives at the cloud service platform, the cloud service terminal authentication module verifies whether the access code is legal, the verification includes verifying the content such as the access code format, whether the access code is valid, whether the terminal type is compliant, and the like, so as to ensure that the terminal to be accessed is legal and effective, if not, the registration fails, and if so, the terminal enters a dedicated channel opening flow of the Socks 5 proxy.

Step 204, opening a dedicated channel of the Socks5 proxy, releasing MQTT Topic publishing/subscribing rights required by the Socks5 proxy of the to-be-input terminal and the server after the access verification is successful by the cloud service platform, allowing the to-be-input terminal and the server-side Socks5 proxy to access corresponding topics to conduct data publishing and subscribing, wherein the topics naming specification carries unique codes of the to-be-input terminal and is used for distinguishing topics of different to-be-input terminals, and achieving Topic isolation of data transmission.

Step 205, starting the locks 5 service, starting a locks 5 proxy by the server after the MQTT locks 5Topic authority is opened, and exposing the locks 5 service outwards by the port randomization, wherein the port number is limited, and the multi-IP mode can be realized by using technical schemes such as K8s and the like.

And 206, the server starts monitoring the MQTT Topic of the Socks5, after the Socks5 are started, the cloud needs to start the MQTT Topic publishing/subscribing which needs to be used for the Socks5 agent, and the cloud is used for forwarding the flow of the service interface of the Socks5 of the server to the terminal to be input through the MQTT and returning the response flow sent by the terminal to the service of the Socks5 of the server, so that the Socks 5over MQTT protocol is realized, and the existence of the MQTT can not be perceived for a user of the Socks 5.

And 207, registering the terminal, recording terminal basic information and proprietary channel information by the terminal to be input, and sending registration completion information to the cloud service platform.

The cloud service platform informs the terminal to open the MQTT sockets 5 channel, and informs the to-be-accessed terminal that the access is successful through the MQTT protocol, so that the MQTT Topic publishing/subscribing which needs to be used by the client socket 5 proxy can be opened, and the to-be-accessed terminal can be called as an access terminal at the moment. The clients on the access terminal are subscribed to the socks5 flow sent by the cloud service platform to the clients socks5 proxy service, and the response of the clients socks5 proxy service is sent to the server socks5 proxy service through the MQTT.

Step 209, continuously maintaining the terminal on-line state, and periodically sending heartbeat information to the cloud service platform by the access terminal to determine whether the access terminal is on-line. If the cloud service platform does not receive the heartbeat information sent by the access terminal within the preset time, the access terminal is considered to be offline.

On the basis of the above embodiment, sending, by the vulnerability scanner, vulnerability scanning traffic to the access terminal, so that the access terminal forwards the vulnerability scanning traffic to an asset corresponding to the asset information to be scanned, including:

In a specific implementation process, fig. 3 is a schematic diagram of forwarding vulnerability scanning traffic provided in an embodiment of the present application, as shown in fig. 3. After the access terminal finishes registration, starting client-side socks5 proxy service at the intranet side, starting server-side socks5 proxy service at the cloud service platform side, and forwarding vulnerability scanning flow to the access terminal through the proxy of the server-side socks5 by the vulnerability scanner. Wherein, in the forwarding process, the specification of the MQTT protocol is followed. The access terminal subscribes to related traffic through the MQTT, sends vulnerability scanning traffic to the client-side socks5 proxy service, and then the client-side socks5 proxy service sends the vulnerability scanning traffic to intranet resources to carry out vulnerability scanning on the intranet resources. It can be understood that the scan result data is also forwarded to the server-side socks5 proxy service through the client-side socks5 proxy, and then the server-side socks5 proxy sends the scan result data to the vulnerability scanner.

According to the embodiment of the application, the communication protocol between the access terminal and the cloud service platform is standardized through the MQTT protocol, the flow between the access terminal and the cloud service platform is encrypted and forwarded by adopting the socks5 proxy, the security in the vulnerability scanning process is improved, and the vulnerability scanning of intranet assets is realized by adopting the cloud service mode of the heavy cloud light client, so that the user cost is reduced, and the cloud service experience is improved.

On the basis of the embodiment, the method further comprises:

In a specific implementation process, the binding between the access terminal and the vulnerability scanner is to associate and bind the lightweight terminal with a resource group in a vulnerability scanner resource pool of the cloud or a specific scanner, and the scanner after binding can realize intranet vulnerability scanning by means of a Socket5 channel of the terminal. Fig. 4 is a schematic diagram of a binding method between an access terminal and a vulnerability scanner according to an embodiment of the present application, as shown in fig. 4.

Comprising the following steps:

Step 401, acquiring scanner resources, and acquiring cloud vulnerability scanning resource groups, vulnerability scanners and terminal information, wherein the vulnerability scanning resource groups and the vulnerability scanners are different in type, some vulnerability scanning resource groups and vulnerability scanners are used for scanning web assets, and some vulnerability scanning resource groups and vulnerability scanners are used for scanning host assets and the like. The vulnerability scanning resource group is composed of a plurality of independent vulnerability scanners, so that the parallel capability can be exerted, and the vulnerability scanning efficiency is improved.

Step 402, obtaining terminal information, obtaining basic information of an access terminal and a corresponding server-side socks 5 address, wherein the server-side socks 5 address is one-to-one with the access terminal. The basic information of the access terminal may include a terminal type, a MAC address, a terminal unique code, etc.

Step 403, judging whether the terminal is on line or not, the cloud service platform judges whether the access terminal is on line or not according to the received heartbeat information, if the access terminal to be bound is on line, executing step 404, otherwise ending the binding flow.

Step 404, binding the relationship between the terminal and the scanner, logging in the cloud service platform by the user, selecting the vulnerability scanner bound with the access terminal, binding the two scanners, and specifically, associating the main key through a relationship table by the binding method. The binding relation between the two can also be stored in a binding relation table.

And 405, monitoring the state of the terminal, and determining whether the binding relationship is available, wherein if the terminal is offline, the binding relationship is not used, and the vulnerability scanner cannot forward the vulnerability scanning flow to the intranet asset through the access terminal.

After the binding of the access terminal and the vulnerability scanner is completed, the vulnerability scanner with the binding relationship with the access terminal can be determined from a pre-stored binding relationship table after the access terminal is determined. The embodiment of the application can conveniently and quickly determine the vulnerability scanner through the prestored binding relation table.

Fig. 5 is a flowchart of another method for scanning an intranet asset vulnerability according to an embodiment of the present application, as shown in fig. 5, where the method is applied to an access terminal, the access terminal and an intranet asset to be scanned are located in the same lan, and the access terminal is registered in a cloud service platform in advance. It is to be appreciated that the access terminal can be a normal terminal or a lightweight terminal. The method comprises the following steps:

Step 501, receiving vulnerability scanning flow sent by a cloud service platform through a vulnerability scanner, wherein an access terminal is determined by the cloud service platform based on a received vulnerability scanning request;

Step 502, sending vulnerability scanning flow to the intranet assets to be scanned so as to realize vulnerability scanning of the intranet assets to be scanned;

step 503, receiving response information returned by the intranet asset to be scanned, and sending the response information to the vulnerability scanner.

In a specific implementation process, a user inputs asset information to be scanned in vulnerability scanning task management of a cloud service platform, and then the cloud service platform generates a vulnerability scanning request for the asset information. The cloud service platform screens available access terminals based on the vulnerability scanning request, and after the access terminals are determined, the vulnerability scanner with which the binding relationship exists is determined according to the access terminals. The cloud service platform sends a vulnerability scanning task to the vulnerability scanner, the vulnerability scanner sends vulnerability scanning flow to the intranet assets to be scanned, and the vulnerability scanning flow is used for carrying out vulnerability scanning on the intranet assets. When the vulnerability scanning flow is sent, the vulnerability scanner firstly sends the vulnerability scanning flow to the access terminal, and the access terminal forwards the vulnerability scanning flow to the intranet asset. And the receiving terminal can also forward the response information of the intranet asset to the vulnerability scanner.

On the basis of the embodiment, a registration request is sent to a cloud service platform, wherein the registration request comprises an admission code, so that the cloud service platform opens a socks 5 proxy channel and opens the authority of a theme of MQTT release/subscription of a to-be-input terminal and a service end socks 5 proxy in the cloud service platform after passing verification based on the admission code, and the communication between the service end socks 5 proxy and the to-be-input terminal is realized through an MQTT protocol;

It should be noted that, the specific flow of the terminal accessing the cloud service platform may be referred to the above embodiment, and will not be described herein.

On the basis of the above embodiment, receiving vulnerability scanning traffic sent by a cloud service platform through a vulnerability scanner includes:

It should be noted that, the specific flow of the access terminal receiving the vulnerability scanning traffic may be referred to the above embodiments, and will not be described herein.

Fig. 6is a schematic flow chart of another method for scanning vulnerabilities of an intranet asset according to an embodiment of the present application, as shown in fig. 6, where the method includes:

Step 601, creating a scanning task, logging in a cloud service platform by a user, and inputting asset information to be scanned in the cloud service platform, such as a web address of an intranet. And creating a scanning task based on the entered asset information to be scanned.

Step 602, selecting a vulnerability scanning terminal, acquiring registered terminal data, verifying whether the terminal device is online or not, binding a vulnerability scanner or not, judging whether service of a service end socks5 is available or not, and selecting an access terminal which is online and binding the vulnerability scanner and available for service end socks 5.

And 603, issuing a scanning task to the vulnerability scanner and designating an agent outlet address, wherein the cloud service platform can be matched with the bound vulnerability scanner or scanner resource group to issue tasks according to the selected terminal equipment, and the scanner is designated to use a service end Socks5 agent associated with the terminal to scan when issuing the tasks. The scanner resource group can adopt a distributed mode to preferentially select a specific vulnerability scanner, so that the load of tasks is realized, and the scanning performance is improved.

Step 604, performing vulnerability scanning through a terminal agent channel, forwarding vulnerability scanning flow to an access terminal through a server-side Socks 5 based on an MQTT protocol, subscribing related flow through the MQTT by the access terminal, and forwarding the flow to a client-side Socks 5 service, so that vulnerability scanning of a user intranet by a cloud vulnerability scanner is realized.

And 605, managing a scanning result, forwarding the flow responded by the scanning result through the client-side Socks5 to the Socks5 service of the server-side through the MQTT, and finally returning to the vulnerability scanning server and storing the vulnerability scanning server in the cloud service platform.

Fig. 7 is a schematic flow chart of an intranet asset vulnerability scanning method in a specific scenario provided by the embodiment of the present application, as shown in fig. 7, where the embodiment of the present application may be applied to providing cloud service version vulnerability scanning services, and reduce local computing resources by adopting a SaaS cloud service manner, so as to implement intranet vulnerability scanning services for users.

In the cloud service vulnerability scanning service, a user can install a lightweight access terminal A in an intranet environment, the access terminal can be a small execution program, access codes are acquired through cloud service terminal management, registration access of the access terminal is achieved based on the access codes, after registration is successful, the user can see the terminal A in terminal management, at the moment, the terminal A is internally provided with a client-side Socks5 service which can be accessed only by the user, and a service-side Socks5 service corresponding to the access terminal A is arranged at a service-side corresponding to the access terminal A.

The user binds the resources of the access terminal A and the vulnerability scanner in the terminal management, binds the access terminal A and the vulnerability scanner B (or the vulnerability scanner resource group) through logic association, can quickly determine the specific vulnerability scanner through the access terminal, and can determine one vulnerability scanner by adopting policies such as load balancing or polling if the resource group is.

The user inputs the assets to be scanned of the intranet in vulnerability scanning task management, creates a scanning task, selects an access terminal A when issuing the task, quickly locates a vulnerability scanner B according to the selected terminal, acquires a corresponding server-side Socks 5 address according to the terminal A, and issues the address to the vulnerability scanner (the vulnerability scanner needs to support a Socks 5 agency) with the parameters.

The scanning task flow of the vulnerability scanner passes through a server-side Socks 5- > MQTT- > a client-side Socks5 and finally is forwarded to the intranet, so that the scanning of the assets of the intranet by utilizing cloud vulnerability scanning resources is realized, the scanned results are summarized to a cloud service platform, and a user can check the scanning results through the cloud service platform.

The embodiment of the application has the following beneficial effects:

The communication protocol is unified, namely a network channel required by vulnerability scanning can be constructed on the basis of the MQTT communication protocol of the cloud service Internet of things, and the protocol is unchanged;

The lightweight access terminal is adopted to conveniently and rapidly open the network channels of the cloud service and the intranet, so that the use cost of a user is reduced;

The local resource consumption is low, namely, a cloud is utilized to construct a vulnerability scanning server resource pool for service, the cloud is used for providing computing resources, the use and resource cost of a user side are reduced, and real cloud service experience is brought to the user;

the vulnerability scanning service of the intranet based on the cloud service breaks through barriers of the intranet and the Internet, and can provide the vulnerability scanning service of the intranet for the cloud service platform.

Fig. 8 is a schematic structural diagram of an intranet asset vulnerability scanning device provided by an embodiment of the present application, where the device may be a module, a program segment, or a code on an electronic device. It should be understood that the apparatus corresponds to the embodiment of the method of fig. 1 described above, and is capable of performing the steps involved in the embodiment of the method of fig. 1, and specific functions of the apparatus may be referred to in the foregoing description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy. The device comprises a request receiving module 801, a terminal determining module 802, a scanner determining module 803 and a traffic transmitting module 804, wherein:

the request receiving module 801 is configured to receive a vulnerability scanning request, where the vulnerability scanning request includes asset information to be scanned, and an asset corresponding to the asset information to be scanned is an intranet asset;

the terminal determining module 802 is used for determining an access terminal based on the asset information to be scanned, wherein the access terminal is used for realizing communication connection between the cloud service platform and an intranet;

the scanner determining module 803 is configured to determine, according to the access terminal, a vulnerability scanner on the cloud service platform;

The traffic sending module 804 is configured to send, through the vulnerability scanner, vulnerability scanning traffic to the access terminal, so that the access terminal forwards the vulnerability scanning traffic to an asset corresponding to the asset information to be scanned, so as to implement vulnerability scanning on the asset.

On the basis of the above embodiment, the apparatus further includes a first registration module configured to:

Verifying the admission code, opening a socks 5 proxy channel under the condition that verification is passed, and opening the authority of the topic published/subscribed by the MQTT of the service end socks 5 proxy in the cloud service platform and the waiting terminal so as to realize the communication between the service end socks 5 proxy and the waiting terminal through an MQTT protocol;

receiving registration completion information of the terminal to be input, wherein the registration completion information comprises basic information of the terminal to be input and address information of a server socks 5 proxy corresponding to the terminal to be input;

And storing the registration completion information.

Based on the above embodiments, the traffic sending module 804 is specifically configured to:

the vulnerability scanner sends the vulnerability scanning flow to the access terminal through a server-side socks 5 proxy based on an MQTT protocol, so that the access terminal subscribes to the vulnerability scanning flow through the MQTT and forwards the vulnerability scanning flow to a client-side socks 5 proxy, and the client-side socks 5 proxy forwards the vulnerability scanning flow to an asset corresponding to the asset information to be scanned.

On the basis of the above embodiment, the apparatus further includes a heartbeat information receiving module, configured to:

Based on the above embodiment, the terminal determining module 802 is specifically configured to:

and selecting one from terminals in an online state as the access terminal based on the received heartbeat information.

On the basis of the above embodiment, the apparatus further includes a binding module configured to:

Receiving a target vulnerability scanner selected from the vulnerability scanner resources;

Based on the above embodiment, the scanner determining module 803 specifically is configured to:

And determining the vulnerability scanner with the binding relation with the access terminal from a pre-stored binding relation table.

Fig. 9 is a schematic structural diagram of another intranet asset vulnerability scanning device provided by an embodiment of the present application, where the device may be a module, a program segment, or a code on an electronic device. It should be understood that the apparatus corresponds to the above embodiment of the method of fig. 5, and is capable of executing the steps involved in the embodiment of the method of fig. 5, and specific functions of the apparatus may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy. The device comprises a flow receiving module 901, a flow forwarding module 902 and a response information receiving module 903, wherein:

the traffic receiving module 901 is used for receiving vulnerability scanning traffic sent by the cloud service platform through a vulnerability scanner, wherein the access terminal is determined by the cloud service platform based on the received vulnerability scanning request;

the flow forwarding module 902 is configured to send vulnerability scanning flow to an intranet asset to be scanned, so as to implement vulnerability scanning on the intranet asset to be scanned;

the response information receiving module 903 is configured to receive response information returned by the intranet asset to be scanned, and send the response information to the vulnerability scanner.

On the basis of the above embodiment, the apparatus further includes a second registration module configured to:

Sending a registration request to the cloud service platform, wherein the registration request comprises an admission code, so that the cloud service platform opens a socks 5 proxy channel and opens the authority of a theme of MQTT publishing/subscribing of the socks 5 proxy of the terminal to be input and the service end in the cloud service platform after passing verification based on the admission code, and the communication between the socks 5 proxy of the service end and the terminal to be input is realized through an MQTT protocol;

After registration is completed, registration completion information is sent to the cloud service platform, wherein the registration completion information comprises basic information of the terminal to be input and address information of a server-side socks 5 proxy corresponding to the terminal to be input, so that the cloud service platform stores the registration completion information;

On the basis of the above embodiment, the flow receiving module 901 is specifically configured to:

Receiving the vulnerability scanning flow sent by the vulnerability scanner through the client-side socks 5 proxy based on an MQTT protocol;

sending the vulnerability scanning flow to the intranet asset to be scanned, including:

And sending the vulnerability scanning flow to the intranet asset to be scanned through the client-side socks 5 proxy.

Based on the above embodiments, the access terminal is a lightweight access terminal.

Fig. 10 is a schematic diagram of an entity structure of an electronic device according to an embodiment of the present application, as shown in fig. 10, where the electronic device includes a processor (processor) 1001, a memory (memory) 1002, and a bus 1003,

The processor 1001 and the memory 1002 perform communication with each other through the bus 1003;

The processor 1001 is configured to invoke the program instructions in the memory 1002 to execute the method provided by the above embodiments of the method, and the method includes, for example, receiving a vulnerability scanning request, where the vulnerability scanning request includes information of an asset to be scanned, the asset corresponding to the information of the asset to be scanned is an intranet asset, determining, based on the information of the asset to be scanned, an access terminal, where the access terminal is configured to implement communication connection between the cloud service platform and the intranet, determining, according to the access terminal, a vulnerability scanner on the cloud service platform, and sending vulnerability scanning traffic to the access terminal through the vulnerability scanner, so that the access terminal forwards the vulnerability scanning traffic to the asset corresponding to the information of the asset to be scanned, so as to implement vulnerability scanning on the asset. Or alternatively, the first and second heat exchangers may be,

The method comprises the steps of receiving vulnerability scanning flow sent by a cloud service platform through a vulnerability scanner, determining by an access terminal for the cloud service platform based on a received vulnerability scanning request, enabling the vulnerability scanner to have a binding relation with the access terminal, sending the vulnerability scanning flow to the intranet assets to be scanned so as to realize vulnerability scanning of the intranet assets to be scanned, receiving response information returned by the intranet assets to be scanned, and sending the response information to the vulnerability scanner.

The processor 1001 may be an integrated circuit chip having signal processing capabilities. The processor 1001 may be a general-purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc., or may be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components. Which may implement or perform the various methods, steps, and logical blocks disclosed in embodiments of the application. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The Memory 1002 may include, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM), and the like.

The embodiment discloses a computer program product, which comprises a computer program stored on a non-transitory computer readable storage medium, wherein the computer program comprises program instructions, when the program instructions are executed by a computer, the computer can execute the method provided by the method embodiments, for example, the method comprises the steps of receiving a vulnerability scanning request, determining an access terminal based on the asset information to be scanned, wherein the asset corresponding to the asset information to be scanned is an intranet asset, determining a vulnerability scanner on the cloud service platform according to the access terminal, and transmitting vulnerability scanning flow to the access terminal through the vulnerability scanner, so that the access terminal forwards the vulnerability scanning flow to the asset corresponding to the asset information to be scanned, and scanning the asset. Or alternatively, the first and second heat exchangers may be,

The embodiment provides a non-transitory computer readable storage medium which stores computer instructions, wherein the computer instructions enable a computer to execute a method provided by the method embodiments, for example, the method comprises the steps of receiving a vulnerability scanning request, determining an access terminal based on asset information to be scanned, wherein the asset corresponding to the asset information to be scanned is an intranet asset, determining a vulnerability scanner on a cloud service platform according to the access terminal, and transmitting vulnerability scanning flow to the access terminal through the vulnerability scanner so that the access terminal forwards the vulnerability scanning flow to the asset corresponding to the asset information to be scanned to realize vulnerability scanning of the asset. Or alternatively, the first and second heat exchangers may be,

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.

Further, the units described as separate units may or may not be physically separate, and units displayed as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

Furthermore, functional modules in various embodiments of the present application may be integrated together to form a single portion, or each module may exist alone, or two or more modules may be integrated to form a single portion.

In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.

The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and variations will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims

1. An intranet asset vulnerability scanning method, which is characterized by being applied to a cloud service platform, comprises the following steps:

Receiving a vulnerability scanning request, wherein the vulnerability scanning request comprises asset information to be scanned, and the asset corresponding to the asset information to be scanned is an intranet asset;

The method comprises the steps of determining an access terminal based on asset information to be scanned, wherein the access terminal is used for realizing communication connection between a cloud service platform and an intranet, the access terminal comprises a pluggable USB flash disk and an executable file, the access terminal does not have scanning capability and is used for maintaining a secure and reliable soft s 5 proxy channel realized based on an MQTT protocol, and the channel is used for forwarding a vulnerability scanning request of a cloud scanner to the intranet by proxy;

Determining a vulnerability scanner with binding relation with the access terminal on the cloud service platform according to the access terminal;

transmitting vulnerability scanning flow to the access terminal through the vulnerability scanner, so that the access terminal forwards the vulnerability scanning flow to an asset corresponding to the asset information to be scanned, and vulnerability scanning of the asset is achieved;

the sending, by the vulnerability scanner, vulnerability scanning traffic to the access terminal, so that the access terminal forwards the vulnerability scanning traffic to an asset corresponding to the asset information to be scanned, including:

The vulnerability scanner sends the vulnerability scanning flow encrypted by adopting the TLS/SSL security protocol to the access terminal through the server-side socks 5 proxy based on the MQTT protocol, so that the access terminal subscribes to the vulnerability scanning flow through the MQTT and forwards the vulnerability scanning flow to the client-side socks 5 proxy, and the client-side socks 5 proxy forwards the vulnerability scanning flow to the asset corresponding to the asset information to be scanned.

2. The method according to claim 1, wherein the method further comprises:

And storing the registration completion information.

3. The method according to claim 2, wherein the method further comprises:

4. The method of claim 3, wherein the determining an access terminal based on the asset information to be scanned comprises:

5. The method according to any one of claims 1-4, further comprising:

6. The method of claim 5, wherein the determining, from the access terminal, a vulnerability scanner on a cloud service platform comprises:

7. The method is applied to an access terminal, the access terminal and an intranet asset to be scanned are in the same local area network, the access terminal comprises a pluggable USB flash disk and executable files, the access terminal does not have scanning capability and is used for maintaining a secure and reliable soft s5 proxy channel realized based on an MQTT protocol, the soft s5 proxy channel is used for forwarding a vulnerability scanning request of a cloud scanner to the intranet, when the access terminal establishes connection with a cloud service platform, both parties exchange certificates and verify certificates of the other party, and after verification is passed, the connection is established, the method comprises the following steps:

The method comprises the steps of receiving vulnerability scanning flow sent by a cloud service platform through a vulnerability scanner, wherein the access terminal is determined based on a received vulnerability scanning request for the cloud service platform;

The vulnerability scanning flow is sent to the intranet assets to be scanned so as to realize vulnerability scanning of the intranet assets to be scanned;

receiving response information returned by the intranet asset to be scanned, and sending the response information to the vulnerability scanner;

the receiving the vulnerability scanning flow sent by the cloud service platform through the vulnerability scanner comprises the following steps:

Receiving the vulnerability scanning flow encrypted by the vulnerability scanner based on the MQTT protocol through the client-side socks 5 proxy and the TLS/SSL security protocol sent by the server-side socks 5 proxy;

8. The method of claim 7, wherein the method further comprises:

Sending a registration request to the cloud service platform, wherein the registration request comprises an admission code, so that the cloud service platform opens a socks 5 proxy channel and opens the authority of a theme of MQTT release/subscription of a to-be-input terminal and a service end socks 5 proxy in the cloud service platform after passing verification based on the admission code, and the communication between the service end socks 5 proxy and the to-be-input terminal is realized through an MQTT protocol;

9. The method of any of claims 7-8, wherein the access terminal is a lightweight access terminal.

10. An electronic device comprising a processor, a memory and a bus, wherein,

the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1-9.

11. A non-transitory computer readable storage medium storing computer instructions which, when executed by a computer, cause the computer to perform the method of any of claims 1-9.

12. A computer program product comprising computer program instructions which, when read and executed by a processor, perform the method of any of claims 1-9.

13. The intranet asset vulnerability scanning system is characterized by comprising a cloud service platform and an access terminal, wherein the cloud service platform is in communication connection with the access terminal;

The cloud service platform is used for executing the method of any of claims 1-6;

the access terminal being configured to perform the method of any of claims 7-9.