[go: up one dir, main page]

CN113268765B - Credential detection method, system, electronic device and storage medium - Google Patents

Credential detection method, system, electronic device and storage medium Download PDF

Info

Publication number
CN113268765B
CN113268765B CN202110486208.9A CN202110486208A CN113268765B CN 113268765 B CN113268765 B CN 113268765B CN 202110486208 A CN202110486208 A CN 202110486208A CN 113268765 B CN113268765 B CN 113268765B
Authority
CN
China
Prior art keywords
detection
credential
file
target file
historical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110486208.9A
Other languages
Chinese (zh)
Other versions
CN113268765A (en
Inventor
郑云超
范渊
黄进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202110486208.9A priority Critical patent/CN113268765B/en
Publication of CN113268765A publication Critical patent/CN113268765A/en
Application granted granted Critical
Publication of CN113268765B publication Critical patent/CN113268765B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1734Details of monitoring file system events, e.g. by the use of hooks, filter drivers, logs

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Library & Information Science (AREA)
  • Human Computer Interaction (AREA)
  • Storage Device Security (AREA)

Abstract

本申请涉及一种凭据检测方法、系统、电子装置和存储介质,其中,该凭据检测方法包括:查询系统中是否存在目标文件的历史检测记录;在系统中不存在目标文件的历史检测记录的情况下,执行预设的文件内凭据检测任务;在系统中存在目标文件的历史检测记录的情况下,判断目标文件当前的修改时间与目标文件的历史检测记录中记录的目标文件的修改时间是否一致,以及,当前文件内凭据检测任务的文件内凭据检测规则与目标文件的历史检测记录中记录的文件内凭据检测规则是否一致,若是,则结束对目标文件的检测,若否,则执行文件内凭据检测任务。通过本申请,解决了关技术中存在缺少针对文件内凭据进行检测的方法的问题,实现了文件内凭据的快速检测。

Figure 202110486208

The present application relates to a credential detection method, system, electronic device and storage medium, wherein the credential detection method includes: querying whether there is a historical detection record of a target file in the system; if there is no historical detection record of the target file in the system Execute the preset in-file credential detection task; if there is a historical detection record of the target file in the system, determine whether the current modification time of the target file is consistent with the modification time of the target file recorded in the historical detection record of the target file , and whether the in-file credential detection rule of the current in-file credential detection task is consistent with the in-file credential detection rule recorded in the historical detection record of the target file, if so, end the detection of the target file, if not, execute the in-file credential detection rule Credential detection task. The present application solves the problem of lack of a method for detecting credentials in a file in the related art, and realizes rapid detection of credentials in a file.

Figure 202110486208

Description

凭据检测方法、系统、电子装置和存储介质Credential detection method, system, electronic device and storage medium

技术领域technical field

本申请涉及信息安全领域,特别是涉及一种凭据检测方法、系统、电子装置和存储介质。The present application relates to the field of information security, and in particular, to a credential detection method, system, electronic device and storage medium.

背景技术Background technique

凭据,包括系统或服务的登陆账号密码、特定服务访问的key码和用于数据加密解密的密钥等,很多服务系统会将一些访问凭据存储在文件中,甚至明文存储。这些文件可以是用户创建的用于存储自己的凭据的文件、一组用户的共享凭据、包含系统或服务密码的配置文件,或包含嵌入密码的源代码。文件中的凭据可能被攻击者扫描出并恶意使用,攻击者可以通过合法凭据轻易的访问相关系统或服务,危害极大。Credentials, including login account passwords for systems or services, key codes for access to specific services, and keys for data encryption and decryption, etc. Many service systems store some access credentials in files, or even in plaintext. These files can be files created by users to store their own credentials, shared credentials for a group of users, configuration files that contain system or service passwords, or source code that contains embedded passwords. Credentials in files may be scanned by attackers and used maliciously. Attackers can easily access related systems or services through legitimate credentials, which is extremely harmful.

现有技术中暂时还没有针对文件内凭据进行检测的方法和系统。There is currently no method and system for detecting credentials in a file in the prior art.

针对相关技术中存在缺少针对文件内凭据进行检测的方法的问题,目前还没有提出有效的解决方案。Aiming at the problem of lack of a method for detecting credentials in a file in the related art, no effective solution has been proposed yet.

发明内容SUMMARY OF THE INVENTION

在本实施例中提供了一种凭据检测方法、系统、电子装置和存储介质,以解决相关技术中缺少针对文件内凭据进行检测的方法的问题。In this embodiment, a credential detection method, system, electronic device, and storage medium are provided to solve the problem of the lack of a method for detecting credentials in a file in the related art.

第一个方面,在本实施例中提供了一种凭据检测方法,该凭据检测方法用于对系统中的文件内的凭据进行检测,所述方法包括:In a first aspect, a credential detection method is provided in this embodiment. The credential detection method is used to detect credentials in a file in the system, and the method includes:

查询所述系统中是否存在目标文件的历史检测记录;Query whether there is a historical detection record of the target file in the system;

在所述系统中不存在所述目标文件的所述历史检测记录的情况下,执行预设的文件内凭据检测任务,并创建所述目标文件的所述历史检测记录;所述历史检测记录包括所述目标文件的修改时间和文件内凭据检测规则;In the case that the historical detection record of the target file does not exist in the system, a preset in-file credential detection task is executed, and the historical detection record of the target file is created; the historical detection record includes the modification time of the target file and the credential detection rule in the file;

在所述系统中存在所述目标文件的所述历史检测记录的情况下,判断所述目标文件当前的修改时间与所述目标文件的所述历史检测记录中记录的所述目标文件的修改时间是否一致,以及,当前所述文件内凭据检测任务的所述文件内凭据检测规则与所述目标文件的所述历史检测记录中记录的所述文件内凭据检测规则是否一致,若是,则结束对所述目标文件的检测,若否,则执行所述文件内凭据检测任务,并更新所述目标文件的所述历史检测记录。In the case that the historical detection record of the target file exists in the system, determine the current modification time of the target file and the modification time of the target file recorded in the historical detection record of the target file Whether it is consistent, and whether the in-file credential detection rule of the current in-file credential detection task is consistent with the in-file credential detection rule recorded in the historical detection record of the target file, and if so, end the verification The detection of the target file, if not, execute the task of detecting the credentials in the file, and update the historical detection record of the target file.

在其中的一些实施例中,所述文件内凭据检测任务包括:查找所述目标文件中是否存在预设的凭据关键词,若是,则根据预设的匹配规则提取所述目标文件中的凭据内容;In some of these embodiments, the in-file credential detection task includes: finding whether a preset credential keyword exists in the target file, and if so, extracting credential content in the target file according to a preset matching rule ;

所述文件内凭据检测规则包括预设的所述凭据关键词和预设的所述匹配规则。The in-file credential detection rule includes the preset credential keyword and the preset matching rule.

在其中的一些实施例中,在查询所述系统中是否存在所述目标文件的所述历史检测记录之前,所述方法还包括:判断所述目标文件的后缀名是否匹配预设的后缀名规则,若否,则结束对所述目标文件的检测。In some of the embodiments, before querying whether the historical detection record of the target file exists in the system, the method further includes: judging whether the suffix name of the target file matches a preset suffix name rule , if not, end the detection of the target file.

在其中的一些实施例中,在查询所述系统中是否存在所述目标文件的所述历史检测记录之前,所述方法还包括:判断所述目标文件的大小是否在预设的文件大小范围内,若否,则结束对所述目标文件的检测。In some of the embodiments, before querying whether the historical detection record of the target file exists in the system, the method further includes: judging whether the size of the target file is within a preset file size range , if not, end the detection of the target file.

在其中的一些实施例中,提供了一种凭据检测方法,该凭据检测方法应用于包含多个文件的系统,所述方法包括:In some of these embodiments, a credential detection method is provided, the credential detection method applied to a system containing a plurality of files, the method comprising:

利用上述任一项所述的凭据检测方法,对所述系统中的文件进行检测;Use the credential detection method described in any of the above to detect the files in the system;

在完成对所述系统中所有文件的检测之后,将凭据检测结果上报给用户。After the detection of all files in the system is completed, the credential detection result is reported to the user.

在其中的一些实施例中,所述凭据检测结果包括:In some of these embodiments, the credential detection result includes:

检测出凭据内容的文件的文件路径、检测出的所述凭据关键词和所述凭据关键词对应的所述凭据内容。The file path of the file whose credential content is detected, the detected credential keyword, and the credential content corresponding to the credential keyword.

在其中的一些实施例中,所述利用上述任一项所述的凭据检测方法,对所述系统中的文件进行检测包括:In some of the embodiments, using the credential detection method described in any one of the above to detect the files in the system includes:

按照预设的检测周期,利用上述任一项所述的凭据检测方法,对所述系统中的文件进行检测。According to a preset detection period, the file in the system is detected by using the credential detection method described in any one of the above.

第二个方面,在本实施例中提供了一种凭据检测系统,该凭据检测系统包括检测配置模块、凭据检测模块和检测历史模块;In a second aspect, a credential detection system is provided in this embodiment, and the credential detection system includes a detection configuration module, a credential detection module, and a detection history module;

所述凭据检测模块用于对系统中的文件执行文件内凭据检测,所述文件内凭据检测包括:查询所述系统中是否存在目标文件的历史检测记录;在所述系统中不存在所述目标文件的所述历史检测记录的情况下,执行预设的文件内凭据检测任务,并创建所述目标文件的所述历史检测记录;所述历史检测记录包括所述目标文件的修改时间和文件内凭据检测规则;所述文件内凭据检测任务包括:查找所述目标文件中是否存在预设的凭据关键词,若是,则根据预设的匹配规则提取所述目标文件中的凭据内容;所述文件内凭据检测规则包括预设的所述凭据关键词和预设的所述匹配规则;在所述系统中存在所述目标文件的所述历史检测记录的情况下,判断所述目标文件当前的修改时间与所述目标文件的所述历史检测记录中记录的所述目标文件的修改时间是否一致,以及,当前所述文件内凭据检测任务的所述文件内凭据检测规则与所述目标文件的所述历史检测记录中记录的所述文件内凭据检测规则是否一致,若是,则结束对所述目标文件的检测,若否,则执行所述文件内凭据检测任务,并更新所述目标文件的所述历史检测记录;The credential detection module is used to perform in-file credential detection on files in the system, and the in-file credential detection includes: querying whether there is a historical detection record of the target file in the system; if the target does not exist in the system In the case of the historical detection record of the file, the preset in-file credential detection task is executed, and the historical detection record of the target file is created; the historical detection record includes the modification time of the target file and the content in the file. credential detection rules; the in-file credential detection task includes: finding out whether there is a preset credential keyword in the target file, and if so, extracting the credential content in the target file according to a preset matching rule; the file The internal credential detection rule includes the preset credential keyword and the preset matching rule; in the case that the historical detection record of the target file exists in the system, determine the current modification of the target file Whether the time is consistent with the modification time of the target file recorded in the historical detection record of the target file, and whether the current in-file credential detection rules of the in-file credential detection task and all the target files Whether the in-file credential detection rules recorded in the historical detection record are consistent, if so, end the detection of the target file, if not, execute the in-file credential detection task, and update all the target files. the historical detection records;

所述检测配置模块用于配置所述凭据关键词和所述匹配规则;The detection configuration module is used to configure the credential keyword and the matching rule;

所述检测历史模块用于存储所述系统中文件的所述历史检测记录。The detection history module is used for storing the historical detection records of the files in the system.

第三个方面,在本实施例中提供了一种电子装置,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行上述第一个方面所述的凭据检测方法。In a third aspect, in this embodiment, an electronic device is provided, including a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to execute the above-mentioned first The credential detection method described in the aspect.

第四个方面,在本实施例中提供了一种计算机可读存储介质,其上存储有计算机程序,该程序被处理器执行时实现上述第一个方面所述的凭据检测方法。In a fourth aspect, this embodiment provides a computer-readable storage medium on which a computer program is stored, and when the program is executed by a processor, implements the credential detection method described in the first aspect above.

与相关技术相比,本申请提供的凭据检测方法、系统、电子装置和存储介质,通过对系统内的文件进行凭据检测,解决了相关技术中缺少针对文件内凭据进行检测的方法的问题。Compared with the related art, the credential detection method, system, electronic device and storage medium provided by the present application solve the problem of lack of a method for detecting credentials in files in the related art by performing credential detection on files in the system.

本申请的一个或多个实施例的细节在以下附图和描述中提出,以使本申请的其他特征、目的和优点更加简明易懂。The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below in order to make other features, objects and advantages of the application more apparent.

附图说明Description of drawings

此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are used to provide further understanding of the present application and constitute a part of the present application. The schematic embodiments and descriptions of the present application are used to explain the present application and do not constitute an improper limitation of the present application. In the attached image:

图1为本申请实施例的提供的凭据检测方法的终端的硬件结构框图;1 is a block diagram of a hardware structure of a terminal of a credential detection method provided by an embodiment of the present application;

图2为其中一个实施例提供的凭据检测方法的流程图;2 is a flowchart of a credential detection method provided by one of the embodiments;

图3为其中一个实施例提供的凭据检测方法的流程图;3 is a flowchart of a credential detection method provided by one of the embodiments;

图4为中一个实施例提供的凭据检测系统的结构框图。FIG. 4 is a structural block diagram of a credential detection system provided by one embodiment of the present invention.

具体实施方式Detailed ways

为更清楚地理解本申请的目的、技术方案和优点,下面结合附图和实施例,对本申请进行了描述和说明。For a clearer understanding of the purpose, technical solutions and advantages of the present application, the present application is described and illustrated below with reference to the accompanying drawings and embodiments.

除另作定义外,本申请所涉及的技术术语或者科学术语应具有本申请所属技术领域具备一般技能的人所理解的一般含义。在本申请中的“一”、“一个”、“一种”、“该”、“这些”等类似的词并不表示数量上的限制,它们可以是单数或者复数。在本申请中所涉及的术语“包括”、“包含”、“具有”及其任何变体,其目的是涵盖不排他的包含;例如,包含一系列步骤或模块(单元)的过程、方法和系统、产品或设备并未限定于列出的步骤或模块(单元),而可包括未列出的步骤或模块(单元),或者可包括这些过程、方法、产品或设备固有的其他步骤或模块(单元)。在本申请中所涉及的“连接”、“相连”、“耦接”等类似的词语并不限定于物理的或机械连接,而可以包括电气连接,无论是直接连接还是间接连接。在本申请中所涉及的“多个”是指两个或两个以上。“和/或”描述关联对象的关联关系,表示可以存在三种关系,例如,“A和/或B”可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。通常情况下,字符“/”表示前后关联的对象是一种“或”的关系。在本申请中所涉及的术语“第一”、“第二”、“第三”等,只是对相似对象进行区分,并不代表针对对象的特定排序。Unless otherwise defined, the technical or scientific terms involved in this application shall have the general meaning understood by a person with ordinary skills in the technical field to which this application belongs. Words like "a", "an", "an", "the", "these" and the like in this application do not denote quantitative limitations, and they may be singular or plural. The terms "comprising", "comprising", "having" and any variations thereof referred to in this application are intended to cover non-exclusive inclusion; for example, processes, methods and The system, product or device is not limited to the listed steps or modules (units), but may include unlisted steps or modules (units), or may include other steps or modules inherent to these processes, methods, products or devices (unit). References in this application to "connected," "connected," "coupled," and similar words are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. As used in this application, "plurality" refers to two or more. "And/or" describes the association relationship between associated objects, indicating that there can be three kinds of relationships. For example, "A and/or B" can mean that A exists alone, A and B exist at the same time, and B exists alone. Normally, the character "/" indicates that the objects associated with each other are an "or" relationship. The terms "first", "second", "third", etc. involved in this application are only for distinguishing similar objects, and do not represent a specific order for the objects.

在本实施例中提供的方法实施例可以在终端、计算机或者类似的运算装置中执行。比如在终端上运行,图1是本实施例的凭据检测方法的终端的硬件结构框图。如图1所示,终端可以包括一个或多个(图1中仅示出一个)处理器102和用于存储数据的存储器104,其中,处理器102可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置。上述终端还可以包括输入输出设备108。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述终端的结构造成限制。例如,终端还可包括比图1中所示更多或者更少的组件,或者具有与图1所示出的不同配置。The method embodiments provided in this embodiment may be executed in a terminal, a computer or a similar computing device. For example, it runs on a terminal. FIG. 1 is a block diagram of the hardware structure of the terminal according to the credential detection method of this embodiment. As shown in FIG. 1 , the terminal may include one or more (only one is shown in FIG. 1 ) processor 102 and a memory 104 for storing data, wherein the processor 102 may include but is not limited to a microprocessor MCU or may A processing device such as a programming logic device FPGA. The above-mentioned terminal may also include an input and output device 108 . Those of ordinary skill in the art can understand that the structure shown in FIG. 1 is only for illustration, which does not limit the structure of the above-mentioned terminal. For example, the terminal may also include more or fewer components than shown in FIG. 1 , or have a different configuration than that shown in FIG. 1 .

存储器104可用于存储计算机程序,例如,应用软件的软件程序以及模块,如在本实施例中的凭据检测方法对应的计算机程序,处理器102通过运行存储在存储器104内的计算机程序,从而执行各种功能应用以及数据处理,即实现上述的方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器102远程设置的存储器,这些远程存储器可以通过网络连接至终端。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store computer programs, for example, software programs and modules of application software, such as the computer programs corresponding to the credential detection method in this embodiment. A functional application and data processing are implemented, namely, the above-mentioned method is implemented. Memory 104 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, memory 104 may further include memory located remotely from processor 102, and these remote memories may be connected to the terminal through a network. Examples of such networks include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.

输入输出设备108可以包括显示器、鼠标和键盘灯设备,也可以是触摸屏,用于实现用户与该终端的交互,例如,用户配置文件内凭据检测规则和终端将凭据检测结果展示给用户。The input and output device 108 may include a display, a mouse and a keyboard light device, or a touch screen, which is used to realize the interaction between the user and the terminal, for example, the credential detection rules in the user profile and the terminal displaying the credential detection result to the user.

在本实施例中提供了一种凭据检测方法,用于对系统中的文件内的凭据进行检测,图2是本实施例的凭据检测方法的流程图,如图2所示,该流程包括:In this embodiment, a credential detection method is provided for detecting credentials in a file in the system. FIG. 2 is a flowchart of the credential detection method in this embodiment. As shown in FIG. 2 , the process includes:

S201,查询系统中是否存在目标文件的历史检测记录;S201, query whether there is a historical detection record of the target file in the system;

在系统中不存在目标文件的历史检测记录的情况下,执行步骤S202,和步骤S205。If there is no historical detection record of the target file in the system, step S202 and step S205 are executed.

S202,创建目标文件的历史检测记录。S202, creating a historical detection record of the target file.

具体地,历史检测记录包括目标文件的修改时间,如果目标文件的历史检测记录不存在,说明之前没有检测过该目标文件,则对该目标执行文件内凭据检测任务,并创建该目标文件的历史检测记录,用于以后查询。Specifically, the historical detection record includes the modification time of the target file. If the historical detection record of the target file does not exist, it means that the target file has not been detected before, and the in-file credential detection task is performed for the target, and the history of the target file is created. The detection record is used for future query.

在系统中存在目标文件的历史检测记录的情况下,执行步骤S203。If there is a history detection record of the target file in the system, step S203 is executed.

S203,判断目标文件当前的修改时间与历史检测记录中记录的修改时间是否一致,以及,当前文件内凭据检测任务的文件内凭据检测规则与历史检测记录中记录的文件内凭据检测规则是否一致。S203, determine whether the current modification time of the target file is consistent with the modification time recorded in the historical detection record, and whether the in-file credential detection rule of the current in-file credential detection task is consistent with the in-file credential detection rule recorded in the historical detection record.

若目标文件当前的修改时间与历史检测记录中记录的修改时间一致,并且当前文件内凭据检测任务的文件内凭据检测规则与历史检测记录中记录的文件内凭据检测规则一致,则结束对目标文件的检测。若存在任一项不一致,比如目标文件当前的修改时间与历史检测记录中记录的修改时间不一致,和/或,当前文件内凭据检测任务的文件内凭据检测规则与历史检测记录中记录的文件内凭据检测规则不一致,则执行步骤S204和步骤S205。If the current modification time of the target file is consistent with the modification time recorded in the historical detection record, and the in-file credential detection rule of the current in-file credential detection task is consistent with the in-file credential detection rule recorded in the historical detection record, then the target file will end. detection. If there is any inconsistency, for example, the current modification time of the target file is inconsistent with the modification time recorded in the historical detection record, and/or, the in-file credential detection rules of the current in-file credential detection task and the in-file credential detection rules recorded in the historical detection record If the credential detection rules are inconsistent, step S204 and step S205 are executed.

S204,更新目标文件的历史检测记录。具体地,更新检测记录是将历史检测记录中的记录的文件内凭据检测规则和文件的修改时间替换到当前的文件内凭据检测规则和文件的修改时间。S204, update the historical detection record of the target file. Specifically, updating the detection record is to replace the in-file credential detection rule and file modification time recorded in the historical detection record with the current in-file credential detection rule and file modification time.

S205,执行预设的文件内凭据检测任务。S205, performing a preset task of detecting credentials in a file.

本实施例中提供的凭据检测方法,在执行文件内凭据检测任务前,先查询系统中是否存在目标文件的历史检测记录,在系统中存在目标文件的历史检测记录的情况下,若目标文件当前的修改时间与历史检测记录中记录的修改时间一致,并且当前文件内凭据检测任务的文件内凭据检测规则与历史检测记录中记录的文件内凭据检测规则一致,则说明目标文件在历史检测后至今没有发生过修改或变化,且本次检测与历史检测的文件内凭据检测规则没有改变,所以这种情况下无需再进行检测,从而可以加快系统内凭据文件的检测速度。In the credential detection method provided in this embodiment, before performing the in-file credential detection task, the system is first queried to see if there is a historical detection record of the target file. The modification time is consistent with the modification time recorded in the historical detection record, and the in-file credential detection rule of the current in-file credential detection task is consistent with the in-file credential detection rule recorded in the historical detection record, it means that the target file has been detected since the historical detection. No modification or change has occurred, and the in-file credential detection rules for this detection and historical detection have not changed, so no further detection is required in this case, which can speed up the detection of credential files in the system.

作为一种可实施方式,上述预设的文件内凭据检测任务包括:查找所述目标文件中是否存在预设的凭据关键词,若是,则根据预设的匹配规则提取所述目标文件中的凭据内容;所述文件内凭据检测规则包括预设的所述凭据关键词和预设的所述匹配规则。As an implementation manner, the above-mentioned preset in-file credential detection task includes: finding whether a preset credential keyword exists in the target file, and if so, extracting the credential in the target file according to a preset matching rule content; the in-file credential detection rule includes the preset credential keyword and the preset matching rule.

具体地,上述凭据关键词为标识凭据的关键词,例如:password、pass、pwd、login、secure、key、credential等通常用来为凭据命名的词。Specifically, the above-mentioned credential keyword is a keyword for identifying a credential, for example, password, pass, pwd, login, secure, key, credential, etc., which are commonly used to name the credential.

凭据关键词与凭据内容之间的匹配规则可以是正则匹配,例如(pass:|key:)(.*\s+),获取从pass:或key:到下一个空格之前的内容。(pass:|key:)是第一匹配内容,代表凭据关键词,匹配成功后,获取第二个匹配内容(.*\s+),即空格,则可以获取pass:或key:之后的凭据内容。The matching rule between the credential keyword and the credential content can be a regular match, such as (pass:|key:)(.*\s+), to get the content from pass: or key: to the next space. (pass:|key:) is the first matching content, which represents the credential keyword. After the match is successful, get the second matching content (.*\s+), that is, a space, you can get the credential content after pass: or key: .

上述历史检测记录还可以包括文件的文件路径,查询文件的历史检测记录时,可以根据文件路径进行查询。The above-mentioned historical detection record may further include the file path of the file. When querying the historical detection record of the file, the query can be performed according to the file path.

本实施例提供的凭据检测方法,通过对文件进行关键词查找和凭据内容匹配,并跳过之前按照相同文件内凭据检测规则检测过的且至今未发生过修改的文件,可以快速对系统中的文件内的凭据进行检测,扫描出系统内的凭据文件,并提取各类不同凭据文件中的凭据信息。In the credential detection method provided by this embodiment, by performing keyword search and credential content matching on files, and skipping files that have been previously detected according to the credential detection rules in the same file and have not been modified so far, it is possible to quickly detect the files in the system. The credentials in the file are detected, the credential files in the system are scanned, and the credential information in various credential files is extracted.

在其中的一些实施例中,提供了一种凭据检测方法,该凭据检测方法在上述实施例的基础上,在查询系统中是否存在目标文件的历史检测记录之前,还包括:In some of the embodiments, a credential detection method is provided. On the basis of the above-mentioned embodiment, before querying whether there is a historical detection record of the target file in the system, the credential detection method further includes:

S301,判断目标文件的后缀名是否匹配预设的后缀名规则。若否,则结束对所述目标文件的检测,若是,则执行步骤S201。S301: Determine whether the suffix name of the target file matches a preset suffix name rule. If no, the detection of the target file is ended, and if yes, step S201 is executed.

根据文件的后缀名筛选出可能保存凭据的配置文件,针对特定的文件类型进行检测,可以进一步加快系统内凭据文件的检测速度。Filter out the configuration files that may save credentials according to the file suffix, and detect for specific file types, which can further speed up the detection of credential files in the system.

本实施例提供的凭据检测方法,根据文件的后缀名筛选出可能保存凭据的文件,进一步加快了系统内凭据文件的检测速度。In the credential detection method provided in this embodiment, files that may store credentials are filtered out according to the file suffix, which further speeds up the detection of credential files in the system.

在其中的一些实施例中,提供了一种凭据检测方法,该凭据检测方法在上述实施例的基础上,在查询系统中是否存在目标文件的历史检测记录之前,方法还包括:In some of the embodiments, a credential detection method is provided. The credential detection method is based on the above-mentioned embodiment. Before querying whether there is a historical detection record of the target file in the system, the method further includes:

S401,判断目标文件的大小是否在预设的文件大小范围内,若否,则结束对目标文件的检测。若是,则执行步骤S201。S401: Determine whether the size of the target file is within a preset file size range, and if not, end the detection of the target file. If yes, step S201 is executed.

根据文件的文件大小筛选出可能保存凭据的配置文件,针对特定大小的文件进行检测,可以进一步加快系统内凭据文件的检测速度。According to the file size of the file, the configuration files that may save the credentials are filtered out, and the detection of files of a specific size can further speed up the detection of the credential files in the system.

本实施例提供的凭据检测方法,根据文件的文件大小筛选出可能保存凭据的文件,进一步加快了系统内凭据文件的检测速度。In the credential detection method provided in this embodiment, files that may store credentials are filtered out according to the file size of the files, which further speeds up the detection of credential files in the system.

在其中的一些实施例中,提供了一种凭据检测方法,该凭据检测方法在上述实施例的基础上,在查询系统中是否存在目标文件的历史检测记录之前,方法还包括:In some of the embodiments, a credential detection method is provided. The credential detection method is based on the above-mentioned embodiment. Before querying whether there is a historical detection record of the target file in the system, the method further includes:

S501,判断目标文件的大小是否在预设的文件大小范围内,以及目标文件的大小是否在预设的文件大小范围内,若否,则结束对目标文件的检测。若是,则执行步骤S201。S501, determine whether the size of the target file is within a preset file size range, and whether the size of the target file is within the preset file size range, if not, end the detection of the target file. If yes, step S201 is executed.

根据文件的文件大小和后缀名筛选出可能保存凭据的配置文件,可以进一步加快系统内凭据文件的检测速度。判断目标文件的大小是否在预设的文件大小范围内,与判断目标文件的大小是否在预设的文件大小范围内,可以同时进行,也可以先后进行,前后顺序不做限定。According to the file size and suffix name of the file, the configuration files that may save credentials can be filtered out, which can further speed up the detection of credential files in the system. Judging whether the size of the target file is within the preset file size range and judging whether the size of the target file is within the preset file size range can be performed simultaneously or sequentially, and the sequence is not limited.

本实施例提供的凭据检测方法,根据文件的后缀名和文件大小筛选出可能保存凭据的文件,进一步加快了系统内凭据文件的检测速度。The credential detection method provided in this embodiment filters out files that may store credentials according to the file suffix and file size, which further speeds up the detection of credential files in the system.

在其中的一些实施例中,提供了一种凭据检测方法,图3是本实施例采用的凭据检测方法的流程图,如图3所示,该凭据检测方法包括如下步骤:In some of the embodiments, a credential detection method is provided. FIG. 3 is a flowchart of the credential detection method adopted in this embodiment. As shown in FIG. 3 , the credential detection method includes the following steps:

步骤S601,判断目标文件的后缀名是否匹配预设的后缀名规则。若否,则结束检测,若是,则执行步骤S602。Step S601, judging whether the suffix name of the target file matches a preset suffix name rule. If not, end the detection, if yes, execute step S602.

S602,判断目标文件的大小是否在预设的文件大小范围内。若否,则结束检测,若是,则执行步骤S603。S602: Determine whether the size of the target file is within a preset file size range. If no, end the detection, if yes, execute step S603.

S603,查询系统中是否存在目标文件的历史检测记录。若否,则执行步骤S613,若是,则执行步骤S604。S603, query whether there is a historical detection record of the target file in the system. If no, go to step S613, if yes, go to step S604.

S613,创建目标文件的历史检测记录。S613, creating a historical detection record of the target file.

S604,判断目标文件当前的修改时间与目标文件的历史检测记录中记录的目标文件的修改时间是否一致,以及当前文件内凭据检测任务的文件内凭据检测规则与目标文件的历史检测记录中记录的文件内凭据检测规则是否一致。若是,则结束检测,若否,则执行步骤S605和步骤S606。S604, determine whether the current modification time of the target file is consistent with the modification time of the target file recorded in the historical detection record of the target file, and whether the in-file credential detection rule of the current in-file credential detection task is the same as that recorded in the historical detection record of the target file Whether the in-file credential detection rules are consistent. If yes, end the detection, if not, execute step S605 and step S606.

S605,更新目标文件的历史检测记录。S605, update the historical detection record of the target file.

S606,执行文件内凭据检测任务。S606 , perform the task of checking the credentials in the file.

需要说明的是,在上述流程中或者附图的流程图中示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。例如,步骤S605,更新目标文件的历史检测记录,和步骤S606,执行文件内凭据检测任务,可以互换。It should be noted that the steps shown in the above flow or the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and although a logical sequence is shown in the flow chart, in the In some cases, steps shown or described may be performed in an order different from that herein. For example, step S605, updating the historical detection record of the target file, and step S606, performing the task of checking the credentials in the file, can be interchanged.

本实施例提供的凭据检测方法,根据文件的后缀名和文件大小筛选出可能保存凭据的配置文件,再通过凭据关键词以及凭据关键词与凭据内容之间的匹配规则对凭据信息进行提取,对于修改时间没有改变的文件,可以跳过相同文件内凭据检测规则的文件内凭据检测任务,可以加快系统内凭据文件的检测速度,最后将凭据文件信息统一上报到中心系统,供用户确认,便于用户做好系统防护。The credential detection method provided in this embodiment filters out the configuration files that may save credentials according to the file suffix and file size, and then extracts credential information through credential keywords and matching rules between credential keywords and credential content. For files that have not changed in time, the in-file credential detection task of the same in-file credential detection rule can be skipped, which can speed up the detection of credential files in the system. Finally, the credential file information is reported to the central system uniformly for user confirmation, which is convenient for users to do. good system protection.

在本实施例中提供了一种凭据检测方法,该凭据检测方法应用于包含多个文件的系统,该方法包括:A credential detection method is provided in this embodiment, and the credential detection method is applied to a system containing multiple files, and the method includes:

S701,设置检测周期;S701, set the detection period;

S702,按照检测周期,利用上述实施例任一项的凭据检测方法,对系统中的文件进行检测。S702, according to the detection period, use the credential detection method of any one of the foregoing embodiments to detect the files in the system.

在完成对系统中所有文件的检测之后,将凭据检测结果上报给用户。After the detection of all files in the system is completed, the credential detection result is reported to the user.

具体地,凭据检测结果可以包括:检测出凭据内容的文件的文件路径、检测出的凭据关键词和凭据关键词对应的凭据内容。Specifically, the credential detection result may include: the file path of the file whose credential content is detected, the detected credential keyword, and the credential content corresponding to the credential keyword.

本实施例提供的凭据检测方法,通过设置检测周期,定期对系统内文件进行凭据检测,并将检测出的凭据文件和凭据信息上报给用户,检测系统内是否存在凭据文件,便于用户做好系统防护。In the credential detection method provided in this embodiment, by setting a detection period, credential detection is performed on files in the system regularly, and the detected credential files and credential information are reported to the user to detect whether there is a credential file in the system, which is convenient for users to do a good job in the system. protection.

下面通过优选实施例对本实施例进行描述和说明。The present embodiment will be described and illustrated below through preferred embodiments.

在本优选实施例中,提供了一种凭据检测方法,该凭据检测方法应用于包含多个文件的系统,该方法包括:In this preferred embodiment, a credential detection method is provided, and the credential detection method is applied to a system containing multiple files, and the method includes:

S801,设置检测周期;S801, set the detection period;

S802,按照检测周期,利用上述任一实施例提供的凭据检测方法(如图3所示),对系统中的文件进行检测。S802 , according to the detection period, use the credential detection method (as shown in FIG. 3 ) provided in any of the foregoing embodiments to detect the files in the system.

S803,在完成对系统中所有文件的检测之后,将凭据检测结果上报并展示给用户。S803 , after the detection of all files in the system is completed, the credential detection result is reported and displayed to the user.

在本实施例中还提供了一种凭据检测系统,该系统用于实现上述实施例及优选实施方式,已经进行过说明的不再赘述。以下所使用的术语“模块”、“单元”、“子单元”等可以实现预定功能的软件和/或硬件的组合。尽管在以下实施例中所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。In this embodiment, a credential detection system is also provided, and the system is used to implement the above-mentioned embodiments and preferred implementations, and what has been described will not be repeated. The terms "module", "unit", "subunit", etc. used below may be a combination of software and/or hardware that implements a predetermined function. Although the apparatus described in the following embodiments is preferably implemented in software, implementations in hardware, or a combination of software and hardware, are also possible and contemplated.

图4是本实施例的凭据检测系统的结构框图,如图4所示,该系统包括:,包括检测配置模块10、凭据检测模块20和检测历史模块30;FIG. 4 is a structural block diagram of the credential detection system of the present embodiment. As shown in FIG. 4 , the system includes: a detection configuration module 10 , a credential detection module 20 and a detection history module 30 ;

其中,凭据检测模块20用于对系统中的文件执行文件内凭据检测,文件内凭据检测包括:查询系统中是否存在目标文件的历史检测记录;在系统中不存在目标文件的历史检测记录的情况下,执行预设的文件内凭据检测任务,并创建目标文件的历史检测记录;历史检测记录包括目标文件的修改时间和文件内凭据检测规则;在系统中存在目标文件的历史检测记录的情况下,判断目标文件当前的修改时间与目标文件的历史检测记录中记录的目标文件的修改时间是否一致,以及,当前文件内凭据检测任务的文件内凭据检测规则与目标文件的历史检测记录中记录的文件内凭据检测规则是否一致,若是,则结束对目标文件的检测,若否,则执行文件内凭据检测任务,并更新目标文件的历史检测记录;The credential detection module 20 is used to perform in-file credential detection on files in the system, and the in-file credential detection includes: querying whether there is a historical detection record of the target file in the system; if there is no historical detection record of the target file in the system , execute the preset in-file credential detection task, and create a historical detection record of the target file; the historical detection record includes the modification time of the target file and the in-file credential detection rules; if there is a historical detection record of the target file in the system , to determine whether the current modification time of the target file is consistent with the modification time of the target file recorded in the historical detection record of the target file, and whether the in-file credential detection rules of the credential detection task in the current file are recorded in the historical detection record of the target file. Whether the in-file credential detection rules are consistent, if so, end the detection of the target file; if not, execute the in-file credential detection task and update the historical detection record of the target file;

检测配置模块10用于配置凭据关键词和匹配规则,凭据检测模块20根据配置的凭据关键词和匹配规则来检测文件内凭据;可选地,检测配置模块10还可用于配置检测周期,凭据检测模块20根据配置的检测周期对系统内的文件进行凭据检测。The detection configuration module 10 is used to configure credential keywords and matching rules, and the credential detection module 20 detects the credentials in the file according to the configured credential keywords and matching rules; The module 20 performs credential detection on the files in the system according to the configured detection period.

检测历史模块30用于存储系统中文件的历史检测记录。具体地,存储方式为持久化存储(例如,数据库存储和文件存储),以提供给凭据检测模块20进行后续的查询。The detection history module 30 is used for storing historical detection records of files in the system. Specifically, the storage method is persistent storage (eg, database storage and file storage), so as to be provided to the credential detection module 20 for subsequent query.

可选地,该凭据检测系统还可以包括文件凭据展示模块,用于接收检测配置模块10检测的结果,并将检测出的凭据信息展示给用户。Optionally, the credential detection system may further include a document credential display module, configured to receive the detection result of the detection configuration module 10 and display the detected credential information to the user.

可选地,凭据检测系统可以分为两个单元:防护中心和防护终端,其中,防护中心包括上述检测配置模块10和上述文件凭据展示模块,防护终端上述凭据检测模块20、上述检测历史模块30和检测结果上报模块,其中,凭据检测模块20将检测结果,包括检测出凭据内容的文件的文件路径、检测出的凭据关键词和凭据关键词对应的凭据内容,组合好后交给检测结果上报模块,检测结果上报模块用于将检测结果发送给防护中心。Optionally, the credential detection system can be divided into two units: a protection center and a protection terminal, wherein the protection center includes the above-mentioned detection configuration module 10 and the above-mentioned file credential display module, the above-mentioned credential detection module 20 of the protection terminal, and the above-mentioned detection history module 30. and the detection result reporting module, wherein the credential detection module 20 will report the detection result, including the file path of the file whose credential content is detected, the detected credential keyword and the credential content corresponding to the credential keyword, and then submit the combination to the detection result report module, the detection result reporting module is used to send the detection result to the protection center.

需要说明的是,上述各个模块可以是功能模块也可以是程序模块,既可以通过软件来实现,也可以通过硬件来实现。对于通过硬件来实现的模块而言,上述各个模块可以位于同一处理器中;或者上述各个模块还可以按照任意组合的形式分别位于不同的处理器中。It should be noted that each of the above modules may be functional modules or program modules, and may be implemented by software or hardware. For the modules implemented by hardware, the above-mentioned modules may be located in the same processor; or the above-mentioned modules may also be located in different processors in any combination.

本实施例提供的凭据检测系统,通过对文件进行关键词查找和凭据内容匹配,并跳过之前检测过的且修改时间未变的文件,可以快速对系统中的文件内的凭据进行检测,扫描出系统内的凭据文件,便于用户做好系统防护。The credential detection system provided by this embodiment can quickly detect and scan the credentials in the files in the system by searching the files for keywords and matching the content of the credentials, and skipping the files that have been detected before and whose modification time has not changed. The credential file in the system is exported, which is convenient for users to protect the system.

在本实施例中还提供了一种电子装置,包括存储器和处理器,该存储器中存储有计算机程序,该处理器被设置为运行计算机程序以执行上述任一项方法实施例中的步骤。An electronic device is also provided in this embodiment, including a memory and a processor, where a computer program is stored in the memory, and the processor is configured to run the computer program to execute the steps in any one of the above method embodiments.

可选地,上述电子装置还可以包括传输设备以及输入输出设备,其中,该传输设备和上述处理器连接,该输入输出设备和上述处理器连接。Optionally, the above-mentioned electronic device may further include a transmission device and an input-output device, wherein the transmission device is connected to the above-mentioned processor, and the input-output device is connected to the above-mentioned processor.

需要说明的是,在本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,在本实施例中不再赘述。It should be noted that, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementation manners, and details are not repeated in this embodiment.

此外,结合上述实施例中提供的凭据检测方法,在本实施例中还可以提供一种存储介质来实现。该存储介质上存储有计算机程序;该计算机程序被处理器执行时实现上述实施例中的任意一种凭据检测方法。In addition, in combination with the credential detection method provided in the foregoing embodiment, a storage medium may also be provided in this embodiment for implementation. A computer program is stored on the storage medium; when the computer program is executed by the processor, any one of the credential detection methods in the foregoing embodiments is implemented.

应该明白的是,这里描述的具体实施例只是用来解释这个应用,而不是用来对它进行限定。根据本申请提供的实施例,本领域普通技术人员在不进行创造性劳动的情况下得到的所有其它实施例,均属本申请保护范围。It should be understood that the specific embodiments described herein are used to illustrate this application, not to limit it. According to the embodiments provided in the present application, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present application.

显然,附图只是本申请的一些例子或实施例,对本领域的普通技术人员来说,也可以根据这些附图将本申请适用于其他类似情况,但无需付出创造性劳动。另外,可以理解的是,尽管在此开发过程中所做的工作可能是复杂和漫长的,但是,对于本领域的普通技术人员来说,根据本申请披露的技术内容进行的某些设计、制造或生产等更改仅是常规的技术手段,不应被视为本申请公开的内容不足。Obviously, the accompanying drawings are only some examples or embodiments of the present application, and for those skilled in the art, the present application can also be applied to other similar situations according to these drawings, but no creative work is required. In addition, it can be understood that although the work done in this development process may be complex and lengthy, for those of ordinary skill in the art, certain designs, manufactures and designs based on the technical content disclosed in this application Modifications such as production or production are only conventional technical means, and should not be regarded as insufficient content disclosed in this application.

“实施例”一词在本申请中指的是结合实施例描述的具体特征、结构或特性可以包括在本申请的至少一个实施例中。该短语出现在说明书中的各个位置并不一定意味着相同的实施例,也不意味着与其它实施例相互排斥而具有独立性或可供选择。本领域的普通技术人员能够清楚或隐含地理解的是,本申请中描述的实施例在没有冲突的情况下,可以与其它实施例结合。The term "embodiment" is used in this application to mean that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearance of the phrase in various places in the specification does not necessarily mean the same embodiment, nor does it mean that it is mutually exclusive or alternative to other embodiments. It can be clearly or implicitly understood by those of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.

以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对专利保护范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请的保护范围应以所附权利要求为准。The above-mentioned embodiments only represent several embodiments of the present application, and the descriptions thereof are relatively specific and detailed, but should not be construed as a limitation on the scope of patent protection. It should be pointed out that for those skilled in the art, without departing from the concept of the present application, several modifications and improvements can be made, which all belong to the protection scope of the present application. Therefore, the scope of protection of the present application should be determined by the appended claims.

Claims (9)

1.一种凭据检测方法,其特征在于,用于对系统中的文件内的凭据进行检测,所述方法包括:1. a credential detection method, is characterized in that, is used to detect credential in the file in the system, and described method comprises: 查询所述系统中是否存在目标文件的历史检测记录;Query whether there is a historical detection record of the target file in the system; 在所述系统中不存在所述目标文件的所述历史检测记录的情况下,执行预设的文件内凭据检测任务,并创建所述目标文件的所述历史检测记录;所述历史检测记录包括所述目标文件的修改时间和文件内凭据检测规则;In the case that the historical detection record of the target file does not exist in the system, a preset in-file credential detection task is executed, and the historical detection record of the target file is created; the historical detection record includes the modification time of the target file and the credential detection rule in the file; 在所述系统中存在所述目标文件的所述历史检测记录的情况下,判断所述目标文件当前的修改时间与所述目标文件的所述历史检测记录中记录的所述目标文件的修改时间是否一致,以及,当前所述文件内凭据检测任务的所述文件内凭据检测规则与所述目标文件的所述历史检测记录中记录的所述文件内凭据检测规则是否一致,若是,则结束对所述目标文件的检测,若否,则执行所述文件内凭据检测任务,并更新所述目标文件的所述历史检测记录;In the case that the historical detection record of the target file exists in the system, determine the current modification time of the target file and the modification time of the target file recorded in the historical detection record of the target file Whether it is consistent, and whether the in-file credential detection rule of the current in-file credential detection task is consistent with the in-file credential detection rule recorded in the historical detection record of the target file, and if so, end the verification Detecting the target file, if not, executing the credential detection task in the file, and updating the historical detection record of the target file; 所述文件内凭据检测任务包括:查找所述目标文件中是否存在预设的凭据关键词,若是,则根据预设的匹配规则提取所述目标文件中的凭据内容;The in-file credential detection task includes: finding whether a preset credential keyword exists in the target file, and if so, extracting the credential content in the target file according to a preset matching rule; 所述文件内凭据检测规则包括预设的所述凭据关键词和预设的所述匹配规则。The in-file credential detection rule includes the preset credential keyword and the preset matching rule. 2.根据权利要求1所述的凭据检测方法,其特征在于,在查询所述系统中是否存在所述目标文件的所述历史检测记录之前,所述方法还包括:判断所述目标文件的后缀名是否匹配预设的后缀名规则,若否,则结束对所述目标文件的检测。2 . The credential detection method according to claim 1 , wherein, before querying whether the historical detection record of the target file exists in the system, the method further comprises: judging the suffix of the target file. 3 . Whether the name matches the preset suffix name rule, if not, end the detection of the target file. 3.根据权利要求1或2所述的凭据检测方法,其特征在于,在查询所述系统中是否存在所述目标文件的所述历史检测记录之前,所述方法还包括:判断所述目标文件的大小是否在预设的文件大小范围内,若否,则结束对所述目标文件的检测。3. The credential detection method according to claim 1 or 2, characterized in that, before querying whether the historical detection record of the target file exists in the system, the method further comprises: judging the target file Whether the size of the target file is within the preset file size range, if not, end the detection of the target file. 4.一种凭据检测方法,其特征在于,应用于包含多个文件的系统,所述方法包括:4. A credential detection method, characterized in that, applied to a system comprising a plurality of files, the method comprising: 利用权利要求1至3任一项所述的凭据检测方法,对所述系统中的文件进行检测;Utilize the credential detection method according to any one of claims 1 to 3 to detect the files in the system; 在完成对所述系统中所有文件的检测之后,将凭据检测结果上报给用户。After the detection of all files in the system is completed, the credential detection result is reported to the user. 5.根据权利要求4所述的凭据检测方法,其特征在于,所述凭据检测结果包括:5. The credential detection method according to claim 4, wherein the credential detection result comprises: 检测出凭据内容的文件的文件路径、检测出的凭据关键词和所述凭据关键词对应的所述凭据内容。The file path of the file whose credential content is detected, the detected credential keyword, and the credential content corresponding to the credential keyword. 6.根据权利要求4所述的凭据检测方法,其特征在于,对所述系统中的文件进行检测包括:6. The credential detection method according to claim 4, wherein detecting the files in the system comprises: 按照预设的检测周期,对所述系统中的文件进行检测。According to a preset detection period, the files in the system are detected. 7.一种凭据检测系统,其特征在于,包括检测配置模块、凭据检测模块和检测历史模块;7. A credential detection system, comprising a detection configuration module, a credential detection module and a detection history module; 所述凭据检测模块用于对系统中的文件执行文件内凭据检测,所述文件内凭据检测包括:查询所述系统中是否存在目标文件的历史检测记录;在所述系统中不存在所述目标文件的所述历史检测记录的情况下,执行预设的文件内凭据检测任务,并创建所述目标文件的所述历史检测记录;所述历史检测记录包括所述目标文件的修改时间和文件内凭据检测规则;所述文件内凭据检测任务包括:查找所述目标文件中是否存在预设的凭据关键词,若是,则根据预设的匹配规则提取所述目标文件中的凭据内容;所述文件内凭据检测规则包括预设的所述凭据关键词和预设的所述匹配规则;在所述系统中存在所述目标文件的所述历史检测记录的情况下,判断所述目标文件当前的修改时间与所述目标文件的所述历史检测记录中记录的所述目标文件的修改时间是否一致,以及,当前所述文件内凭据检测任务的所述文件内凭据检测规则与所述目标文件的所述历史检测记录中记录的所述文件内凭据检测规则是否一致,若是,则结束对所述目标文件的检测,若否,则执行所述文件内凭据检测任务,并更新所述目标文件的所述历史检测记录;The credential detection module is used to perform in-file credential detection on files in the system, and the in-file credential detection includes: querying whether there is a historical detection record of the target file in the system; if the target does not exist in the system In the case of the historical detection record of the file, the preset in-file credential detection task is executed, and the historical detection record of the target file is created; the historical detection record includes the modification time of the target file and the content in the file. credential detection rules; the in-file credential detection task includes: finding out whether there is a preset credential keyword in the target file, and if so, extracting the credential content in the target file according to a preset matching rule; the file The internal credential detection rule includes the preset credential keyword and the preset matching rule; in the case that the historical detection record of the target file exists in the system, determine the current modification of the target file Whether the time is consistent with the modification time of the target file recorded in the historical detection record of the target file, and whether the current in-file credential detection rules of the in-file credential detection task and all the target files Whether the in-file credential detection rules recorded in the historical detection record are consistent, if so, end the detection of the target file, if not, execute the in-file credential detection task, and update all the target files. the historical detection records; 所述检测配置模块用于配置所述凭据关键词和所述匹配规则;The detection configuration module is used to configure the credential keyword and the matching rule; 所述检测历史模块用于存储所述系统中文件的所述历史检测记录。The detection history module is used for storing the historical detection records of the files in the system. 8.一种电子装置,包括存储器和处理器,其特征在于,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以执行权利要求1至6中任一项所述的凭据检测方法。8. An electronic device comprising a memory and a processor, wherein a computer program is stored in the memory, and the processor is configured to run the computer program to execute the computer program according to any one of claims 1 to 6. The credential detection method described above. 9.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述的凭据检测方法的步骤。9 . A computer-readable storage medium on which a computer program is stored, wherein when the computer program is executed by a processor, the steps of the credential detection method according to any one of claims 1 to 6 are implemented. 10 .
CN202110486208.9A 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium Active CN113268765B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110486208.9A CN113268765B (en) 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110486208.9A CN113268765B (en) 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium

Publications (2)

Publication Number Publication Date
CN113268765A CN113268765A (en) 2021-08-17
CN113268765B true CN113268765B (en) 2022-06-17

Family

ID=77229906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110486208.9A Active CN113268765B (en) 2021-04-30 2021-04-30 Credential detection method, system, electronic device and storage medium

Country Status (1)

Country Link
CN (1) CN113268765B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114546947A (en) * 2022-02-22 2022-05-27 深圳壹账通智能科技有限公司 Information processing method and device, electronic equipment and storage medium
CN117668834A (en) * 2022-08-24 2024-03-08 成都华为技术有限公司 Virus detection method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105550597A (en) * 2015-12-24 2016-05-04 北京奇虎科技有限公司 Information scanning based terminal management method and apparatus
CN107679080A (en) * 2017-08-29 2018-02-09 努比亚技术有限公司 A kind of multimedia data recording method, terminal and computer-readable recording medium
CN108292315A (en) * 2015-11-23 2018-07-17 起元技术有限责任公司 Data in storage and retrieval data cube
CN111107079A (en) * 2019-12-16 2020-05-05 北京神州绿盟信息安全科技股份有限公司 Method and device for detecting uploaded files

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8621610B2 (en) * 2007-08-06 2013-12-31 The Regents Of The University Of Michigan Network service for the detection, analysis and quarantine of malicious and unwanted files
CN104536961A (en) * 2014-11-04 2015-04-22 深圳创维数字技术有限公司 Scanning method and scanning system for local media files
US10579589B2 (en) * 2014-11-06 2020-03-03 Sap Se Data filtering

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108292315A (en) * 2015-11-23 2018-07-17 起元技术有限责任公司 Data in storage and retrieval data cube
CN105550597A (en) * 2015-12-24 2016-05-04 北京奇虎科技有限公司 Information scanning based terminal management method and apparatus
CN107679080A (en) * 2017-08-29 2018-02-09 努比亚技术有限公司 A kind of multimedia data recording method, terminal and computer-readable recording medium
CN111107079A (en) * 2019-12-16 2020-05-05 北京神州绿盟信息安全科技股份有限公司 Method and device for detecting uploaded files

Also Published As

Publication number Publication date
CN113268765A (en) 2021-08-17

Similar Documents

Publication Publication Date Title
US12432197B2 (en) Filtering passwords based on a plurality of criteria
US20240007500A1 (en) Detecting use of compromised security credentials in private enterprise networks
US11558409B2 (en) Detecting use of passwords that appear in a repository of breached credentials
CN107209787B (en) Improved search capabilities for privately encrypted data
EP3752949B1 (en) Facilitating entity resolution via secure entity resolution database
CN104428785B (en) Use the icon cipher setting device and icon password setting method of the keyword of icon
CN113268765B (en) Credential detection method, system, electronic device and storage medium
EP3380982A1 (en) Genome query handling
CN114124476B (en) A sensitive information leakage vulnerability detection method, system and device for web applications
CN110581835B (en) Vulnerability detection method and device and terminal equipment
CN113315624A (en) Data security management method and system based on multipoint cooperation mechanism
CN108256301A (en) A kind of unlocking method and tripper
CN114614972A (en) Data alignment method, system, electronic device and storage medium
CN107545004A (en) The method, apparatus and search engine system of a kind of search
US20230169045A1 (en) System and method for information storage using blockchain databases combined with pointer databases
CN112784254A (en) Password management method and device, terminal equipment and storage medium
CN117879926A (en) Webpage login security verification method and device and computer equipment
CN116415287A (en) Method for searching encrypted data and storage controller
HK40018705B (en) Bug detection method and device and terminal equipment
HK40018705A (en) Bug detection method and device and terminal equipment
CN117134971A (en) Method, device, equipment and storage medium for processing encrypted data
CN117370176A (en) Application security test method, device, computer equipment and storage medium
CN106156071A (en) Intranet Intranet searching method, device and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20210817

Assignee: Hangzhou Anheng Information Security Technology Co.,Ltd.

Assignor: Dbappsecurity Co.,Ltd.

Contract record no.: X2024980043366

Denomination of invention: Credentials detection methods, systems, electronic devices, and storage media

Granted publication date: 20220617

License type: Common License

Record date: 20241231

EE01 Entry into force of recordation of patent licensing contract