logo
DATABASE RESOURCES PRICING ABOUT US

Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence

Description

[![](https://1.bp.blogspot.com/-VbXQbYJT9wc/Xwuh6m5onUI/AAAAAAAATGQ/dKVwFKV_lHomW3v3Rmza7MuJSKe2az1LQCNcBGAsYHQ/s640/tsunami.jpg)](<https://1.bp.blogspot.com/-VbXQbYJT9wc/Xwuh6m5onUI/AAAAAAAATGQ/dKVwFKV_lHomW3v3Rmza7MuJSKe2az1LQCNcBGAsYHQ/s1600/tsunami.jpg>) Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high [severity vulnerabilities](<https://www.kitploit.com/search/label/Severity%20Vulnerabilities> "severity vulnerabilities" ) with high confidence. To learn more about Tsunami, visit our [documentations](<https://github.com/google/tsunami-security-scanner/blob/master/docs/index.md> "documentations" ). Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All publicly available Tsunami plugins are hosted in a separate [google/tsunami-security-scanner-plugins](<https://github.com/google/tsunami-security-scanner-plugins> "google/tsunami-security-scanner-plugins" ) repository. **Current Status** * Currently Tsunami is in 'pre-alpha' release for developer preview. * Tsunami project is currently under active development. Do expect major API changes in the future. **Quick Start** To quickly get started with Tsunami scans, 1. install the following required dependencies: nmap >= 7.80 ncrack >= 0.7 2. start a [vulnerable application](<https://www.kitploit.com/search/label/Vulnerable%20Application> "vulnerable application" ) that can be identified by Tsunami, e.g. an unauthenticated [Jupyter Notebook](<https://www.kitploit.com/search/label/Jupyter%20Notebook> "Jupyter Notebook" ) server. The easiest way is to use a docker image: docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token='' 3. execute the following command: bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)" The `quick_start.sh` script performs the following tasks: 1. Clone the [google/tsunami-security-scanner](<https://github.com/google/tsunami-security-scanner> "google/tsunami-security-scanner" ) and [google/tsunami-security-scanner-plugins](<https://github.com/google/tsunami-security-scanner-plugins> "google/tsunami-security-scanner-plugins" ) repos into `$HOME/tsunami/repos` directory. 2. Compile all [Google Tsunami plugins](<https://github.com/google/tsunami-security-scanner-plugins/tree/master/google> "Google Tsunami plugins" ) and move all plugin `jar` files into `$HOME/tsunami/plugins` directory. 3. Compile the Tsunami scanner Fat Jar file and move it into `$HOME/tsunami` directory. 4. Move the `tsunami.yaml` example config into `$HOME/tsunami` directory. 5. Print example Tsunami command for scanning `127.0.0.1` using the previously generated artifacts. **Contributing** Read how to [contribute to Tsunami](<https://github.com/google/tsunami-security-scanner/blob/master/docs/contributing.md> "contribute to Tsunami" ). **Disclaimers** Tsunami is not an official Google product. **[Download Tsunami-Security-Scanner](<https://github.com/google/tsunami-security-scanner> "Download Tsunami-Security-Scanner" )**