摘要: 随着Web应用的广泛普及，Web漏洞逐渐成为网络攻击的主要入口，漏洞检测技术的重要性日益凸显。然而，在实际检测过程中，POC (概念验证)的开发与应用始终面临一系列挑战，例如开发过程繁琐、逻辑分散、标准缺失、共享困难以及复用性差等问题，严重限制了检测工具的效率与覆盖面。为应对上述问题，文章提出并实现了一种基于Python语言的可扩展Web漏洞扫描框架PkcScan，旨在构建一个支持高效POC开发、灵活调用与生态协同的轻量级漏洞检测平台。该框架采用模块化设计理念，将漏洞检测流程划分为多个可插拔的功能组件，具备良好的可维护性与可扩展性。系统引入“指纹识别 + POC验证”双引擎机制，通过先识别目标系统的指纹信息，再依据指纹特征选择合适的POC进行漏洞验证，提升了检测的准确性与效率。在POC编写方面，PkcScan支持通过标准化JSON结构定义多阶段、多请求的检测逻辑，便于开发者以结构化方式编写和组织复杂检测流程，适配模糊测试、特征识别和精准验证等多种检测模式。此外，PkcScan提供POC的自动打包、分发与一键导入功能，简化了POC的管理流程，降低了技术门槛，为构建分布式POC共享生态体系打下了基础。实验部分选取Pikachu开源靶场进行验证，结果显示，PkcScan可成功识别并分析多个典型漏洞，其误报率相比传统扫描工具降低了32%，整体检测效率提升达到80%。兼容性测试覆盖OWASP 2021 Top 10中的常见漏洞类型，理论支持超过98%的Web漏洞扩展检测，具备高度通用性与适应性。

Abstract: With the widespread popularity of Web applications, Web vulnerabilities have gradually become the main entry point for cyber attacks, and the importance of vulnerability detection technology has become increasingly prominent. However, in the actual detection process, the development and application of POCs (Proof of Concept) have always faced a series of challenges, such as cumbersome development processes, scattered logic, lack of standards, difficulty in sharing, and poor reusability, which seriously limit the efficiency and coverage of detection tools. To address these issues, this paper proposes and implements a lightweight and extensible Web vulnerability scanning framework, PkcScan, based on the Python language, aiming to build a platform that supports efficient POC development, flexible invocation, and ecological collaboration. The framework adopts a modular design concept, dividing the vulnerability detection process into multiple pluggable functional components, with good maintainability and extensibility. The system introduces a dual-engine mechanism of “fingerprint recognition + POC verification”, which first identifies the fingerprint information of the target system and then selects the appropriate POC based on the fingerprint features for vulnerability verification, improving the accuracy and efficiency of detection. In terms of POC writing, PkcScan supports defining multi-stage and multi-request detection logic through a standardized JSON structure, facilitating developers to write and organize complex detection processes in a structured manner, and adapting to various detection modes such as fuzz testing, feature recognition, and precise verification. Additionally, PkcScan provides automatic packaging, distribution, and one-click import functions for POCs, simplifying the management process of POCs, lowering the technical threshold, and laying the foundation for building a distributed POC sharing ecosystem. The experimental part selected the Pikachu open-source target field for verification, and the results showed that PkcScan could successfully identify and analyze multiple typical vulnerabilities, with a false positive rate 32% lower than that of traditional scanning tools, and an overall detection efficiency improvement of 80%. Compatibility tests covered common vulnerability types in OWASP 2021 Top 10, with theoretical support for over 98% of Web vulnerability extended detection, demonstrating high universality and adaptability.