Skip to main content

Google makes Tsunami vulnerability scanner open-source

(Image credit: Shutterstock)

Google has open sourced its own internal vulnerability scanner which is designed to be used on large-scale enterprise networks made up of thousands or even millions of internet-connected systems.

Tsunami was made available on GitHub by the search giant last month, and has been used internally at the company for some time now. Making it open source will no longer mean it is a Google product, but instead will be maintained by the open source community in a similar way to Kubernetes.

While hundreds of other commercial and open source vulnerability scanners are available today, Tsunami is a bit different due to the fact that Google built it with other large businesses like itself in mind.

Google says it designed its vulnerability scanner to be extremely adaptable, withTsunami capable of scanning a wide variety of device types without the need to run a different scanner for each.

Tsunami vulnerability scanner

In a blog post, Google explained that Tsunami executes a two-step process when scanning a system.

The first step is reconnaissance during which Tsunami scans a company's network for open ports. After this, it then tests each port and tries to identify the protocols and services running on them to prevent mislabeling ports and testing devices for the wrong vulnerabilities.

The second step deals with vulnerability verification and here Tsunami uses the information gathered through reconnaissance to confirm that a vulnerability does indeed exist. To do so, the vulnerability scanner executes a fully working, benign exploit. The vulnerability verification module also allows Tsunami to be extended through plugins.

At release, Tsunami ships with detectors for exposed sensitive UIs, found in applications such as Jenkins, Jypyter and Hadoop Yarn, and weak credentials by using open source tools such as ncrack to detect weak passwords used by protocols and tools including SSH, FTP, RDP and MySQL.

In the coming months, Google plans to further enhance Tsunami's capabilities by adding many more detectors for vulnerabilities similar to remote code execution (RCE). The company is also working on several other new features that will make the vulnerability scanner's engine more powerful as well as easier to use and extend. 

Via ZDNet