Last month Google open-sourced their Tsunami vulnerability security scanner onto GitHub in the hopes it would help other organisations protect their user’s data.

The security scanner works by detecting high-severity vulnerabilities in networks.

The new open-source Tsunami security scanner that Google have released comes as a general purpose network security scanner with an extensible plugin system that provides scanning capabilities for high-level vulnerabilities in networks consisting of thousands of access points, whether it be laptops, desktops,  servers, IoT devices or any other equipment capable of connecting to the internet.

Google has been using the code internally for awhile and released it onto GitHub in June. Written in Java, it was released under the Apache 2.0 license.

According to Google it utilises Kubernetes Engine to conduct scans whilst securing a company’s external facing systems with the Tsunami scanning engine. It completes a scan using a two-step process – reconnaissance followed by a vulnerability verification.

• Reconnaissance: This step involves the detection of an open ports first, then identifying services, protocols and other applications running on each port with the help of various fingerprinting plugins using tools like nmap to do so.
• Vulnerability verification: Tsunami then takes each device and any exposed ports and selects a list of vulnerabilities to test. It will then run a live (but safe) exploit check to reveal any vulnerabilities that might possibly come under attack.

Google have commented to say that Tsunami uses other open-source tools (such as ncrack) to spot weak passwords being used by protocols and tools including FTP, SSH, MySQL and RDP.

Google have also announced they’ll be open-sourcing more plug-ins for Tsunami over the coming months to make it even more versatile in detecting security vulnerabilities with multiple other features to make it more user friendly and customisable.