Tsunami is a general purpose network security scanner with an expandable add-on system for detecting high-risk vulnerabilities.
To learn more about the Tsunami, visit σελίδα.
Tsunami relies heavily on the add-on system to provide basic scanning capabilities.
All publicly available Tsunami plugins are hosted in a separate repository google / tsunami-security-scanner-plugins .
- Tsunami is currently in pre-alpha release for developer preview.
- The Tsunami project is under development. Expect significant API changes in the future.
install the following required kits:
Nmap >= 7.80
ncrack >= 0.7
start a vulnerable application that can be identified by Tsunami, e.g. an unauthorized Jupyter Notebook server. The easiest way is to use a docker image:
docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/basis-notebook start-notebook.sh --NotebookApp.token=''
run the following command:
bash -c "$ (curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
The quick_start.sh script runs the following processes:
- It clones them google / tsunami-security-scanner repositories and google / tsunami-security-scanner-plugins in the $ HOME / tsunami / repos folder.
- Gathers everything the Google Tsunami add-ons and moves all their jar files additions in $ HOME / tsunami / plugins.
- Writes the Fat Jar file of the Tsunami scanner and moves it to the $ HOME / tsunami folder.
- Moves tsunami.yaml config to $ HOME / tsunami.
- Print an example of the Tsunami command to scan 127.0.0.1 using previously created objects.