Sun Jul 12 2020
Google release the project code for Tsunami Security Scanner on GitHub
Last month Google open-sourced their Tsunami vulnerability security scanner onto GitHub in the hopes it would help other organisations protect their user’s data.
The security scanner works by detecting high-severity vulnerabilities in networks.
The new open-source Tsunami security scanner that Google have released comes as a general purpose network security scanner with an extensible plugin system that provides scanning capabilities for high-level vulnerabilities in networks consisting of thousands of access points, whether it be laptops, desktops, servers, IoT devices or any other equipment capable of connecting to the internet.
Google has been using the code internally for awhile and released it onto GitHub in June. Written in Java, it was released under the Apache 2.0 license.
According to Google it utilises Kubernetes Engine to conduct scans whilst securing a company’s external facing systems with the Tsunami scanning engine. It completes a scan using a two-step process – reconnaissance followed by a vulnerability verification.
Google have commented to say that Tsunami uses other open-source tools (such as ncrack) to spot weak passwords being used by protocols and tools including FTP, SSH, MySQL and RDP.
Google have also announced they’ll be open-sourcing more plug-ins for Tsunami over the coming months to make it even more versatile in detecting security vulnerabilities with multiple other features to make it more user friendly and customisable.
Sun Jul 12 2020