Webray RayScan

RayScan (一体化漏洞评估系统) is an integrated vulnerability assessment system developed by Webray (盛邦安全). It combines five scanning modules into a single platform to identify and evaluate security weaknesses across an organization's network assets. The five core components are: - System Scanning: Detects security vulnerabilities in network devices and host systems, covering CVE, CVSS, CNVD, CNNVD, CNCVE, and Bugtraq vulnerability standards. - Web Scanning: Checks for OWASP Top 10 web vulnerabilities including SQL injection, cookie injection, blind injection, cross-site scripting, file inclusion, and sensitive information disclosure. - Weak Password (Brute Force) Detection: Tests for weak password vulnerabilities across mainstream protocols, middleware, databases, cameras, and web services; supports custom password dictionaries. - Security Baseline Check: Audits configuration compliance for host systems, network devices, security devices, databases, middleware, and virtualization/big data platforms against standards including China's MLPS (等保), MIIT, China Telecom, and China Mobile baselines. - Database Scanning: Scans database systems for vulnerabilities, focusing on configuration, authentication and authorization, and patch management. RayScan also includes a hidden/shadow asset discovery module that automatically identifies hosts and website assets in the network environment and builds an asset inventory. Deployment options include standalone and distributed deployment modes. The system supports cross-security-domain scanning via a proxy scan mode using network tunnels through gateway devices or proxy servers. Application scenarios include periodic business security assessments, China MLPS (等保) compliance checks, emergency incident response support, and cross-security-domain vulnerability scanning. Webray is a CNVD and CNNVD technical support unit and a national cybersecurity emergency service provider.