Google Tsunami vulnerability scanner is now open-source

Pierluigi Paganini July 09, 2020

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced.

Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami.

“We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data. We also hope to foster collaboration, and encourage the security community to create and share new detectors on top of Tsunami.” reads the Google’s announcement.

Tsunami was used internally by the IT giants that last month has released its project on GitHub, it will be maintained by the open-source community.

Unlike other vulnerability scanners, Tsunami has been designed to find vulnerabilities in large networks that include hundreds of thousands of devices.

Tsunami is split into two main components and has modular structure that allows to implement new features by adding specific plugins.

The first component is a scanner based on nmap, which scans a company’s network for open ports and then tests each one.

Google said the port fingerprinting module is based on the industry-tested nmap network mapping engine but also uses some custom code.

The second component uses the results of the scan of the fingerprinting module to test the devices against a list of vulnerabilities running known exploits.

This module allows users to add new testing capabilities by adding adding plugins.

The initial version of the Tsunami tool already includes modules to detect the following security issues:

  • Exposed sensitive UIs: Applications such as JenkinsJupyter, and Hadoop Yarn ship with UIs that allow a user to schedule workloads or to execute system commands. If these systems are exposed to the internet without authentication, attackers can leverage the functionality of the application to execute malicious commands.
  • Weak credentials: Tsunami uses other open source tools such as ncrack to detect weak passwords used by protocols and tools including SSH, FTP, RDP, and MySQL.

Google plans to release new plugins for its Tsunami scanner to allow users to detect a broader range of vulnerabilities in the future. The plugins will be released through a GitHub repository.

“In the coming months, we plan to release many more detectors for vulnerabilities similar to remote code execution (RCE). Furthermore, we are working on several other new features that will make the engine more powerful and easier to use and extend.” concludes Google.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Tsunami)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment