Google company security scanner , designed to check hosts on the network for known vulnerabilities or identify problems with settings that affect the security of the infrastructure. Tsunami provides a common universal platform, the functionality of which is defined through . For example, a plug-in for scanning ports based on and a plug-in for checking unreliable authentication parameters based on
,
as well as plugins with vulnerability detectors in Hadoop Yarn, Jenkins, Jupyter and WordPress. The project code is written in Java and licensed under Apache 2.0.
The goal of the project is to provide a tool for the rapid identification of vulnerabilities in large companies with extensive network infrastructures. With the disclosure of new critical problems, a race is created with attackers who seek to attack enterprise infrastructures before the problem is fixed. Problematic components should be identified by the company's employees as early as possible, since the system can be attacked in a matter of hours after the vulnerability is disclosed. In companies with thousands of systems connected to the Internet, automating validation is a must, and Tsunami is recognized for tackling this challenge.
Tsunami allows you to quickly create the necessary vulnerability detectors yourself or use ready-made collections to identify the most dangerous problems for which attacks have been recorded. After scanning the network, Tsunami provides a report on the performed check, which focuses on reducing the number of false positives in order not to take too much time for analysis. Tsunami is also being developed with an eye to scaling and automating the execution of checks, which allows it to be used, for example, to regularly monitor the strength of the applied authentication parameters.
The verification process in Tsunami is divided into two stages:
- Collection of information about services in the network. At this stage, open ports are determined, as well as the services, protocols and applications associated with them. At this stage, already well-established tools such as nmap are used.
- Vulnerability verification. Based on the information obtained in the first stage, plugins suitable for the identified services are selected and launched. For the final confirmation of the presence of the problem, fully working neutralized exploits are used. Additionally, generic credential strength can be checked to detect weak passwords using the ncrack program, which supports various protocols, including SSH, FTP, RDP, and MySQL.
The project is in alpha testing, but Google is already using Tsunami to continuously scan and protect all of its services that are open to external requests. From the nearest plans to increase the functionality implementation of new plugins to identify critical problems that lead to remote code execution, as well as the addition of a more advanced component for determining the applications used (web app fingerprinter), which will improve the logic of choosing one or another verification plugin. Of the distant plans, the provision of tools for writing plugins in any programming language and the ability to dynamically add plugins are mentioned.
Source: opennet.ru
