Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence

2020-07-17T12:30:00

Description

[![](https://1.bp.blogspot.com/-VbXQbYJT9wc/Xwuh6m5onUI/AAAAAAAATGQ/dKVwFKV_lHomW3v3Rmza7MuJSKe2az1LQCNcBGAsYHQ/s640/tsunami.jpg)](<https://1.bp.blogspot.com/-VbXQbYJT9wc/Xwuh6m5onUI/AAAAAAAATGQ/dKVwFKV_lHomW3v3Rmza7MuJSKe2az1LQCNcBGAsYHQ/s1600/tsunami.jpg>) Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high [severity vulnerabilities](<https://www.kitploit.com/search/label/Severity%20Vulnerabilities> "severity vulnerabilities" ) with high confidence. To learn more about Tsunami, visit our [documentations](<https://github.com/google/tsunami-security-scanner/blob/master/docs/index.md> "documentations" ). Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All publicly available Tsunami plugins are hosted in a separate [google/tsunami-security-scanner-plugins](<https://github.com/google/tsunami-security-scanner-plugins> "google/tsunami-security-scanner-plugins" ) repository. **Current Status** * Currently Tsunami is in 'pre-alpha' release for developer preview. * Tsunami project is currently under active development. Do expect major API changes in the future. **Quick Start** To quickly get started with Tsunami scans, 1. install the following required dependencies: nmap >= 7.80 ncrack >= 0.7 2. start a [vulnerable application](<https://www.kitploit.com/search/label/Vulnerable%20Application> "vulnerable application" ) that can be identified by Tsunami, e.g. an unauthenticated [Jupyter Notebook](<https://www.kitploit.com/search/label/Jupyter%20Notebook> "Jupyter Notebook" ) server. The easiest way is to use a docker image: docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token='' 3. execute the following command: bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)" The `quick_start.sh` script performs the following tasks: 1. Clone the [google/tsunami-security-scanner](<https://github.com/google/tsunami-security-scanner> "google/tsunami-security-scanner" ) and [google/tsunami-security-scanner-plugins](<https://github.com/google/tsunami-security-scanner-plugins> "google/tsunami-security-scanner-plugins" ) repos into `$HOME/tsunami/repos` directory. 2. Compile all [Google Tsunami plugins](<https://github.com/google/tsunami-security-scanner-plugins/tree/master/google> "Google Tsunami plugins" ) and move all plugin `jar` files into `$HOME/tsunami/plugins` directory. 3. Compile the Tsunami scanner Fat Jar file and move it into `$HOME/tsunami` directory. 4. Move the `tsunami.yaml` example config into `$HOME/tsunami` directory. 5. Print example Tsunami command for scanning `127.0.0.1` using the previously generated artifacts. **Contributing** Read how to [contribute to Tsunami](<https://github.com/google/tsunami-security-scanner/blob/master/docs/contributing.md> "contribute to Tsunami" ). **Disclaimers** Tsunami is not an official Google product. **[Download Tsunami-Security-Scanner](<https://github.com/google/tsunami-security-scanner> "Download Tsunami-Security-Scanner" )**

{"id": "KITPLOIT:5921383082083032652", "vendorId": null, "type": "kitploit", "bulletinFamily": "tools", "title": "Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence", "description": "[![](https://1.bp.blogspot.com/-VbXQbYJT9wc/Xwuh6m5onUI/AAAAAAAATGQ/dKVwFKV_lHomW3v3Rmza7MuJSKe2az1LQCNcBGAsYHQ/s640/tsunami.jpg)](<https://1.bp.blogspot.com/-VbXQbYJT9wc/Xwuh6m5onUI/AAAAAAAATGQ/dKVwFKV_lHomW3v3Rmza7MuJSKe2az1LQCNcBGAsYHQ/s1600/tsunami.jpg>)\n\n \nTsunami is a general-purpose network security scanner with an extensible plugin system for detecting high [severity vulnerabilities](<https://www.kitploit.com/search/label/Severity%20Vulnerabilities> \"severity vulnerabilities\" ) with high confidence. \nTo learn more about Tsunami, visit our [documentations](<https://github.com/google/tsunami-security-scanner/blob/master/docs/index.md> \"documentations\" ). \nTsunami relies heavily on its plugin system to provide basic scanning capabilities. All publicly available Tsunami plugins are hosted in a separate [google/tsunami-security-scanner-plugins](<https://github.com/google/tsunami-security-scanner-plugins> \"google/tsunami-security-scanner-plugins\" ) repository. \n \n**Current Status** \n\n\n * Currently Tsunami is in 'pre-alpha' release for developer preview.\n * Tsunami project is currently under active development. Do expect major API changes in the future.\n \n**Quick Start** \nTo quickly get started with Tsunami scans, \n\n\n 1. install the following required dependencies: \n\n \n nmap >= 7.80\n ncrack >= 0.7\n\n 2. start a [vulnerable application](<https://www.kitploit.com/search/label/Vulnerable%20Application> \"vulnerable application\" ) that can be identified by Tsunami, e.g. an unauthenticated [Jupyter Notebook](<https://www.kitploit.com/search/label/Jupyter%20Notebook> \"Jupyter Notebook\" ) server. The easiest way is to use a docker image: \n\n \n docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token=''\n\n 3. execute the following command: \n\n \n bash -c \"$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)\"\n\nThe `quick_start.sh` script performs the following tasks: \n\n\n 1. Clone the [google/tsunami-security-scanner](<https://github.com/google/tsunami-security-scanner> \"google/tsunami-security-scanner\" ) and [google/tsunami-security-scanner-plugins](<https://github.com/google/tsunami-security-scanner-plugins> \"google/tsunami-security-scanner-plugins\" ) repos into `$HOME/tsunami/repos` directory.\n 2. Compile all [Google Tsunami plugins](<https://github.com/google/tsunami-security-scanner-plugins/tree/master/google> \"Google Tsunami plugins\" ) and move all plugin `jar` files into `$HOME/tsunami/plugins` directory.\n 3. Compile the Tsunami scanner Fat Jar file and move it into `$HOME/tsunami` directory.\n 4. Move the `tsunami.yaml` example config into `$HOME/tsunami` directory.\n 5. Print example Tsunami command for scanning `127.0.0.1` using the previously generated artifacts.\n \n**Contributing** \nRead how to [contribute to Tsunami](<https://github.com/google/tsunami-security-scanner/blob/master/docs/contributing.md> \"contribute to Tsunami\" ). \n \n**Disclaimers** \nTsunami is not an official Google product. \n \n \n\n\n**[Download Tsunami-Security-Scanner](<https://github.com/google/tsunami-security-scanner> \"Download Tsunami-Security-Scanner\" )**\n", "published": "2020-07-17T12:30:00", "modified": "2020-07-17T12:30:06", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "http://www.kitploit.com/2020/07/tsunami-general-purpose-network.html", "reporter": "KitPloit", "references": ["https://github.com/google/tsunami-security-scanner-plugins", "https://github.com/google/tsunami-security-scanner-plugins/tree/master/google", "https://github.com/google/tsunami-security-scanner", "https://github.com/google/tsunami-security-scanner/blob/master/docs/index.md", "https://github.com/google/tsunami-security-scanner/blob/master/docs/contributing.md"], "cvelist": [], "immutableFields": [], "lastseen": "2022-04-07T12:02:47", "viewCount": 51, "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "_state": {"dependencies": 0}, "_internal": {}, "toolHref": "https://github.com/google/tsunami-security-scanner"}