Google open-sources Tsunami vulnerability scanner

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

PCHF IT Feeds

PCHF Tech News
PCHF Bot
Jan 10, 2015
52,072
26
pchelpforum.net
Google has open sourced its own internal vulnerability scanner which is designed to be used on large-scale enterprise networks made up of thousands or even millions of internet-connected systems.

The scanner, which is named Tsunami, was made available on GitHub by the search giant last month though it has been used internally at the company for some time now. Now that it is open source though, the vulnerability scanner will no longer be a Google product but will instead be maintained by the open source community in a similar way to Kubernetes.

While hundreds of other commercial and open source vulnerability scanners are available today, Tsunami is a bit different due to the fact that Google built it with other large businesses like itself in mind.


The company designed its vulnerability scanner to be extremely adaptable and Tsunami is capable of scanning a wide variety of device types without the need to run a different scanner for each device.

Tsunami vulnerability scanner


In a blog post, Google explained that Tsunami executes a two-step process when scanning a system.

The first step is reconnaissance during which Tsunami scans a company's network for open ports. After this, it then tests each port and tries to identify the protocols and services running on them to prevent mislabeling ports and testing devices for the wrong vulnerabilities.

The second step deals with vulnerability verification and here Tsunami uses the information gathered through reconnaissance to confirm that a vulnerability does indeed exist. To do so, the vulnerability scanner executes a fully working, benign exploit. The vulnerability verification module also allows Tsunami to be extended through plugins.

At release, Tsunami ships with detectors for exposed sensitive UIs, found in applications such as Jenkins, Jypyter and Hadoop Yarn, and weak credentials by using open source tools such as ncrack to detect weak passwords used by protocols and tools including SSH, FTP, RDP and MySQL.

In the coming months, Google plans to further enhance Tsunami's capabilities by adding many more detectors for vulnerabilities similar to remote code execution (RCE). The company is also working on several other new features that will make the vulnerability scanner's engine more powerful as well as easier to use and extend.


Via ZDNet

Continue reading...