Google has opened the source Tsunami scanner - a solution for detecting dangerous vulnerabilities with a minimum number of false positives. Tsunami differs from hundreds of other scanners (both commercial and free) in its approach to its development - Google took into account the needs of giant corporations.
Tsunami ideology
When vulnerabilities or misconfigurations are actively exploited by attackers, organizations need to respond quickly to protect potentially vulnerable assets. As attackers increasingly invest in automation, the response time to a recently released high-severity vulnerability is typically measured in hours.
This poses a serious problem for large organizations with thousands or even millions of systems connected to the Internet. In such large-scale environments, security vulnerabilities must be discovered and ideally remediated in a fully automated manner. To do this, information security teams must be able to deploy and deploy detectors to address emerging security challenges at scale in a very short time.
, , . , Tsunami — .
" " — nmap ncrack, :
Tsunami — . , , , ( false-positive ). nmap, .
. : , , (PoC).
, Tsunami . UI (WordPress, Jenkins, Jupyter, Hadoop Yarn ), . "" ncrack, , , SSH, FTP, RDP MySQL.
:
nmap >= 7.80
ncrack >= 0.7-, unauthenticated Jupyter Notebook server. docker:
docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token='':
bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"The quick_start.sh :
- google/tsunami-security-scanner google/tsunami-security-scanner-plugins $HOME/tsunami/repos.
- jar $HOME/tsunami/plugins.
- the Tsunami scanner Fat Jar $HOME/tsunami.
- tsunami.yaml — $HOME/tsunami.
- Tsunami 127.0.0.1 .
Despite the direct relationship with the corporation, Tsunami will not be considered a Google-owned brand. The development community will collaborate on the scanner and improve it, and the results will be available to everyone.