Design of web vulnerability scanner based on go language

. The vulnerability scanner designed in this paper completed the collection of information and scanning of vulnerability, including six parts: input assets, asset collection, vulnerability profile, plug-in upload, single case detection and report display. The framework of vue realized the front end that included six pages, and the framework of gin realized the back end. The interface completed the separation of the front and back end. The database using MySQL designed seven tables. This scanner can avoid tedious and repetitive work, it can realize automatic scanning and testing of network vulnerabilities.


Introduction
Information digital society makes human life more intelligent. There are no drivers' cars, schools without textbooks, remote health management and so on. In the era of artificial intelligence, pervasive computing that can access and process information in any way anytime and anywhere can be realized. At the same time, network-based information security protection is an important issue in the current and future long-term network environment research. This paper designed a web vulnerability scanner based on the network information security. The results of information collection and vulnerability scanning can be viewed through the background management page anytime and anywhere. The function module consists of six parts: input assets, asset collection, vulnerability profile, plug-in upload, single case detection and report display.
Active scanning technology mainly included two parts: information collection and vulnerability scanning. Information collection collects all relevant information about the scanned assets, such as all links in the website, the real IP address of the website, the port opening of the website, etc. Vulnerability scanning is to scan all the information collected, so as to detect the risk points of the website [1]. The advantage of active scanning is that once the configuration items are configured, the scanning can be started immediately, and the penetration personnel only need to wait for the final penetration results.

Passive scanning technology
Passive scanning technology is to send the traffic generated by our active browsing web pages to the passive scanner for scanning. The usual way is to set up a traffic agent to forward all the traffic to the passive scanner [2].

SQL injection vulnerability
In the process of dynamic website development, there must be database operation. Any user input data is not trusted, attackers can construct special characters to splice SQL statements, so as to execute some unauthorized commands on the database, which may lead to data destruction and deletion [3].

Cross site scripting vulnerability
The main attack way of cross site scripting vulnerability is to add JavaScript malicious code to HTML page, and obtain sensitive information in browser through the malicious code [4].

Arbitrary file download vulnerability
Arbitrary file download vulnerability exists in the download function of Web site. The realization of download function is to request local or remote resources through the network. In the case of controllable web resource paths, the files may be downloaded from a malicious site.

Design of information collection module
The information collection module mainly includes information collection of embedded links, IP addresses, port opening and sensitive directory opening of assets. Crawlergo is used to crawl the embedded links of assets. Crawlergo can obtain all the links in the station, and obtain more resources in the station by intelligent de duplication and intelligent filling form; the asset IP address can be resolved through the net package in go language; the asset port can be resolved by resolving the asset link into IP address, and then judging whether the asset port is open through the TCP handshake time; the asset sensitive directory can use the The domain name and dictionary are combined, and then the head request is sent to determine whether there is sensitive directory opening through the returned status code.

design of vulnerability scanning module
Vulnerability scanning module is to detect the vulnerability of asset links and IP in information collection, mainly relying on the plug-ins uploaded by users.After all links and IP probes are completed, the module will store the vulnerability information in the database.

design of plug-in mechanism
Plug in mechanism can maximize the extension of plug-ins from the outside. Users only need to meet the rules of plug-in customization, they can upload the plug-in for vulnerability detection. To facilitate the customization of scripts, plug-ins are allowed to be written in Python and Go languages [5].

design of data tables
Data information is the basis for vulnerability scanner to run. This web scanner designs seven data tables, which are assets table, buginfo table, baseinfobase table, pocinfo table,  primaryinfocol table, singleonbuginfo table and user table. The assets table contains

Implementation of front desk
The user interface is mainly implemented by Vue and its open source component library element UI. The front end mainly contains six files, the results are represented in Table 1 below. Vulnerability scanning will start when the information collection is completed. All resource links in the station are executed through the exectarget method. The method of ExecTarget is shown in Fig.1.

the method of judge Ip Address Or url Address
In this method, judge ipaddressorurladdress method is used to determine whether the incoming IP address is true or false. If it is an IP address, the plug-in related to host will be executed; if not, the plug-in related to web will be executed. The method of judgeIpAddressOrurlAddress is shown in Fig. 2.

System operation interfaces
The interface of System vulnerability profile shows vulnerability detection date, end date, asset address and operation. The interface of System vulnerability profile is shown in Fig. 3. The function of Plug-in upload can realize specifying the name of plug-in, the selection of plug-in category, the description of plug-in, the of hazards of vulnerability, uploading the file, etc.The interface is shown in Fig. 4.

Conclusion
The feature of this web vulnerability scanner system is that the development method realizes the separation of the front and back ends. This system well demonstrates the advantages of Go language. A reasonable choice of programming language and the use of the characteristics of different languages can make the project more elegant.