cloudThing logo in white
Menu open icon
email: info@cloudthing.com
tel: +44 (0) 121 393 4700
Menu closed icon

General

Generally useful pages

Sectors

We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

Tsunami Security Scanner Now Open-Source on GitHub

Sun Jul 12 2020

Google release the project code for Tsunami Security Scanner on GitHub

Last month Google open-sourced their Tsunami vulnerability security scanner onto GitHub in the hopes it would help other organisations protect their user’s data.

The security scanner works by detecting high-severity vulnerabilities in networks.

 

The new open-source Tsunami security scanner that Google have released comes as a general purpose network security scanner with an extensible plugin system that provides scanning capabilities for high-level vulnerabilities in networks consisting of thousands of access points, whether it be laptops, desktops,  servers, IoT devices or any other equipment capable of connecting to the internet.

 

Google has been using the code internally for awhile and released it onto GitHub in June. Written in Java, it was released under the Apache 2.0 license.

According to Google it utilises Kubernetes Engine to conduct scans whilst securing a company’s external facing systems with the Tsunami scanning engine. It completes a scan using a two-step process – reconnaissance followed by a vulnerability verification.

 

  • Reconnaissance: This step involves the detection of an open ports first, then identifying services, protocols and other applications running on each port with the help of various fingerprinting plugins using tools like nmap to do so.
  • Vulnerability verification: Tsunami then takes each device and any exposed ports and selects a list of vulnerabilities to test. It will then run a live (but safe) exploit check to reveal any vulnerabilities that might possibly come under attack.

 

Google have commented to say that Tsunami uses other open-source tools (such as ncrack) to spot weak passwords being used by protocols and tools including FTP, SSH, MySQL and RDP.

 

Google have also announced they’ll be open-sourcing more plug-ins for Tsunami over the coming months to make it even more versatile in detecting security vulnerabilities with multiple other features to make it more user friendly and customisable.

Not quite ready to get back to work just yet?

CLOUDTHING NOMINATED FOR NOT ONE, BUT THREE AWARDS IN TECH EXCELLENCE

SECURITY-BY-DESIGN: OR… BETTER SAFE THAN SORRY!

PRIVACY BY DESIGN – WHAT YOU NEED TO KNOW

Contact Us

Name

*

Company Name

*

Email Address

*

Telephone Number

Is there anything else you'd like us to know?

© cloudThing 2020

Sun Jul 12 2020

email iconinfo@cloudthing.com
© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739