Tsunami is a scanner security general-purpose network with an extensible system of plugins to detect high-risk vulnerabilities.
To learn more about the Tsunami, visit σελίδα.
Tsunami relies heavily on the plugin system to provide basic possibilities scan.
All publicly available Tsunami plugins are hosted in a separate repository google/tsunami-security-scanner-plugins .
Current situation
- Tsunami is currently in pre-alpha release for developer preview.
- The Tsunami project is under development. Expect significant API changes in the future.
Installation
install the following required kits:
nmap> = 7.80 ncrack> = 0.7
launch a vulnerable application that can be detected by Tsunami, e.g. an unauthorized server Jupyter Notebook. The easiest way is to use a docker image:
docker run --name unauthenticated-jupyter-notebook -p 8888: 8888 -d jupyter / base-notebook start-notebook.sh --NotebookApp.token = ''
run the following command:
bash -c "$ (curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
The quick_start.sh script runs the following processes:
- It clones them google / tsunami-security-scanner repositories and google/tsunami-security-scanner-plugins in the $ HOME / tsunami / repos folder.
- Gathers everything the Google Tsunami add-ons and moves all their jar files additions in $HOME/tsunami/plugins.
- Writes the Fat Jar file of the Tsunami scanner and moves it to the $ HOME / tsunami folder.
- Moves tsunami.yaml config to $ HOME / tsunami.
- Print an example of the Tsunami command to scan 127.0.0.1 using the objects previously created.