Το Tsunami είναι ένας σαρωτής ασφαλείας δικτύου γενικής χρήσης με ένα επεκτάσιμο σύστημα προσθηκών για την detection high risk vulnerabilities.
To learn more about the Tsunami, visit σελίδα.
Tsunami relies heavily on the add-on system to provide basic scanning capabilities.
All publicly available Tsunami plugins are hosted in a separate repository google/tsunami-security-scanner-plugins .
Current situation
- Tsunami is currently in pre-alpha release for developer preview.
- The Tsunami project is under development. Expect significant API changes in the future.
Installation
install the following required kits:
nmap> = 7.80 ncrack> = 0.7
start a vulnerable application which can be recognized by Tsunami, e.g. an unauthorized Jupyter Notebook server. The easiest way is to use a docker image:
docker run --name unauthenticated-jupyter-notebook -p 8888: 8888 -d jupyter / base-notebook start-notebook.sh --NotebookApp.token = ''
run the following command:
bash -c "$ (curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
The quick_start.sh script runs the following processes:
- It clones them google / tsunami-security-scanner repositories and google/tsunami-security-scanner-plugins in the $ HOME / tsunami / repos folder.
- Gathers everything the Google Tsunami add-ons and moves all the jars archives of additions in $ HOME / tsunami / plugins.
- Writes the Fat Jar file of the Tsunami scanner and moves it to the $ HOME / tsunami folder.
- Moves tsunami.yaml config to $ HOME / tsunami.
- Print an example of the Tsunami command to scan 127.0.0.1 using the objects previously created.