Google Tsunami vulnerability scanner is now open-source

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced.

Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami.

“We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ data. We also hope to foster collaboration, and encourage the security community to create and share new detectors on top of Tsunami.” reads the Google’s announcement.

Tsunami was used internally by the IT giants that last month has released its project on GitHub, it will be maintained by the open-source community.

Unlike other vulnerability scanners, Tsunami has been designed to find vulnerabilities in large networks that include hundreds of thousands of devices.

Tsunami is split into two main components and has modular structure that allows to implement new features by adding specific plugins.

The first component is a scanner based on nmap, which scans a company’s network for open ports and then tests each one.

Google said the port fingerprinting module is based on the industry-tested nmap network mapping engine but also uses some custom code.

The second component uses the results of the scan of the fingerprinting module to test the devices against a list of vulnerabilities running known exploits.

This module allows users to add new testing capabilities by adding adding plugins.

The initial version of the Tsunami tool already includes modules to detect the following security issues:

Exposed sensitive UIs: Applications such as Jenkins, Jupyter, and Hadoop Yarn ship with UIs that allow a user to schedule workloads or to execute system commands. If these systems are exposed to the internet without authentication, attackers can leverage the functionality of the application to execute malicious commands.
Weak credentials: Tsunami uses other open source tools such as ncrack to detect weak passwords used by protocols and tools including SSH, FTP, RDP, and MySQL.

Google plans to release new plugins for its Tsunami scanner to allow users to detect a broader range of vulnerabilities in the future. The plugins will be released through a GitHub repository.

“In the coming months, we plan to release many more detectors for vulnerabilities similar to remote code execution (RCE). Furthermore, we are working on several other new features that will make the engine more powerful and easier to use and extend.” concludes Google.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Tsunami)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.