Tsunami - A General Purpose Network Security Scanner With An Extensible Plugin System For Detecting High Severity Vulnerabilities With High Confidence

2020-07-17T12:30:06
ID KITPLOIT:5921383082083032652
Type kitploit
Reporter KitPloit
Modified 2020-07-17T12:30:06

Description

Tsunami is a general-purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
To learn more about Tsunami, visit our documentations .
Tsunami relies heavily on its plugin system to provide basic scanning capabilities. All publicly available Tsunami plugins are hosted in a separate google/tsunami-security-scanner-plugins repository.

Current Status

  • Currently Tsunami is in 'pre-alpha' release for developer preview.
  • Tsunami project is currently under active development. Do expect major API changes in the future.

Quick Start
To quickly get started with Tsunami scans,

  1. install the following required dependencies:

    nmap >= 7.80
    

    ncrack >= 0.7

  2. start a vulnerable application that can be identified by Tsunami, e.g. an unauthenticated Jupyter Notebook server. The easiest way is to use a docker image:

    docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token=''
    
  3. execute the following command:

    bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
    

The quick_start.sh script performs the following tasks:

  1. Clone the google/tsunami-security-scanner and google/tsunami-security-scanner-plugins repos into $HOME/tsunami/repos directory.
  2. Compile all Google Tsunami plugins and move all plugin jar files into $HOME/tsunami/plugins directory.
  3. Compile the Tsunami scanner Fat Jar file and move it into $HOME/tsunami directory.
  4. Move the tsunami.yaml example config into $HOME/tsunami directory.
  5. Print example Tsunami command for scanning 127.0.0.1 using the previously generated artifacts.

Contributing
Read how to contribute to Tsunami .

Disclaimers
Tsunami is not an official Google product.

Download Tsunami-Security-Scanner