Tsunami: A network security scanner

Tsunami is a general purpose network security scanner with an expandable add-on system for detecting high-risk vulnerabilities.

To learn more about the Tsunami, visit σελίδα.
Tsunami relies heavily on the add-on system to provide basic scanning capabilities.

All publicly available Tsunami plugins are hosted in a separate repository google / tsunami-security-scanner-plugins .

Current situation

  • Tsunami is currently in pre-alpha release for developer preview.
  • The Tsunami project is under development. Expect significant API changes in the future.


install the following required kits:

nmap> = 7.80 ncrack> = 0.7

start a vulnerable application that can be identified by Tsunami, e.g. an unauthorized Jupyter Notebook server. The easiest way is to use a docker image:

docker run --name unauthenticated-jupyter-notebook -p 8888: 8888 -d jupyter / base-notebook start-notebook.sh --NotebookApp.token = ''

run the following command:

bash -c "$ (curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"

The quick_start.sh script runs the following processes:

  1. It clones them google / tsunami-security-scanner repositories and google / tsunami-security-scanner-plugins in the $ HOME / tsunami / repos folder.
  2. Gathers everything the Google Tsunami add-ons and moves all their jar files additions in $ HOME / tsunami / plugins.
  3. Writes the Fat Jar file of the Tsunami scanner and moves it to the $ HOME / tsunami folder.
  4. Moves tsunami.yaml config to $ HOME / tsunami.
  5. Print an example of the Tsunami command to scan using previously created objects.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news