Tsunami is a general purpose network security scanner with an expandable add-on system for detecting high-risk vulnerabilities.
To learn more about the Tsunami, visit σελίδα.
Tsunami relies heavily on the add-on system to provide basic scanning capabilities.
All publicly available Tsunami plugins are hosted in a separate repository google/tsunami-security-scanner-plugins .
Current situation
- Tsunami is currently in pre-alpha release for developer preview.
- The Tsunami project is under development. Expect significant API changes in the future.
Installation
install the following required kits:
nmap> = 7.80 ncrack> = 0.7
start a vulnerable application that can be identified by Tsunami, e.g. an unauthorized Jupyter Notebook server. The easiest way is to use a docker image:
docker run --name unauthenticated-jupyter-notebook -p 8888: 8888 -d jupyter / base-notebook start-notebook.sh --NotebookApp.token = ''
run the following command:
bash -c "$ (curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
The quick_start.sh script runs the following processes:
- It clones them google / tsunami-security-scanner repositories in the upcoming years, while google/tsunami-security-scanner-plugins in the $ HOME / tsunami / repos folder.
- Gathers everything the Google Tsunami add-ons and moves all their jar files additions in $ HOME / tsunami / plugins.
- Writes the Fat Jar file of the Tsunami scanner and moves it to the $ HOME / tsunami folder.
- Moves tsunami.yaml config to $ HOME / tsunami.
- Print an example of the Tsunami command to scan 127.0.0.1 using previously created objects.
