Google has launched a completely free tool that will allow us to carry out an advanced security scanner. Its name is Tsunami and it aims to detect critical vulnerabilities in different computers. This vulnerability scanning engine will allow different organizations to protect their users’ data, in addition, its source code is on GitHub so we can extend its options by adding new functionalities. Do you want to know everything about Tsunami?
In this article we have spoken on multiple occasions about different tools to perform network scans, such as Angry IP Scanner , we also have a complete Nmap tutorial that is the first step in pentesting. Also, we have talked on several occasions about the best vulnerability scanners for hacking , and we have even talked about BinaryEdge and Shodan .
Cybercriminals have automated the process of exploiting vulnerabilities, therefore, if the Blue Team of an organization does not have automated tools to protect the network and computers, it is very possible that they cannot face them because they are not on equal terms . The deadline to react to a newly released serious vulnerability is hours, and this poses a challenge for large organizations with thousands of computers connected to the Internet. In these environments, it is critical that security vulnerabilities are detected and resolved in a fully automated manner. In order to make detection quality very high and fast, Google has created Tsunami, an extensible network scanning engine that is capable of detecting critical vulnerabilities.
Google takes advantage of the GKE (Google Kubernetes Engine) engine to continuously scan and protect your computers with the Tsunami scan engine, this tool that Google has now published, mainly performs two tasks:
- Acknowledgment : The first step Tsunami takes is to detect open ports, then it tries to identify the protocols, services, and other software running on the destination host. Tsunami makes use of the powerful Nmap tool to carry out this task, since it is simply the best network, host and open port scanner that we can use. Specifically, it uses Nmap 7.80.
- Verify the vulnerability : based on the information collected above, Tsunami selects all the plugins we have to identify the services. To confirm that it really exists, Tsunami runs an exploit to see if it really works.
In this initial version that Google has published on GitHub, Tsunami incorporates detectors for exposed UIs, such as Jenkings, Jupyter and Hadoop Yarn, we can also program workloads or execute system commands. It is also in charge of detecting weak credentials in typical services such as SSH, FTP, RDP, MySQL among others, for this, it uses the ncrack tool, specifically it uses Ncrack 0.7.
We recommend you access the Google Tsunami project on GitHub where you will find all the details and you can download this tool totally free. In the official documentation we have everything necessary to use it from Docker easily and quickly, in addition, we also have a project on GitHub of the Tsunami plugins , they are separated so that it is a centralized repository with all the plugins.
