Google Tsunami open-sourced, can detect high severity vulnerabilities in network servers, Internet of Things (IoT) devices, and other gadgets connected to the internet
After using it internally to detect network-related vulnerabilities, Google has now open-sourced it’s Google Tsunami network vulnerability scanner. Google Tsunami is a network security scanner that scans Internet-connected gadgets for vulnerabilities. It comes with an extensible plugin system to provide scanning capabilities for high severity vulnerabilities in networks that consist of thousands of workstations, servers, Internet of Things (IoT) devices, and other gadgets that are connected to the internet.
Google Tsunami is written in Java programming language and was used by Google internally till June 2020 when it decided to release it on GitHub. Google says it leverages Kubernetes Engine to conduct scans and to secure the company’s externally facing systems with the Tsunami scanning engine. According to Google, the Tsunami scans Internet-connected like NAS. IoT, web servers in two ways :
- vulnerability verification.
Tsunami’s reconnaissance scan involves detecting open ports initially and then identifying services, protocols, and other applications running on each port with the help of various fingerprinting plugins. Tsunami uses security research tools like Nmap to perform network sniffing.
For vulnerability verification, Google Tsunami tests the devices it finds vulnerable against a select list of vulnerabilities. It runs a fully working but benign exploit to check if the device is vulnerable to attacks. For this purpose, it uses tools like Ncrack to spot weak passwords being used by protocols and tools including FTP, SSH, MySQL, and RDP. If the vulnerability scan of the device gives a positive test result, it is deemed vulnerable and the Tsunami notifies the user.
The company plans to release many more plugins in the coming months for Tsunami to make it more powerful in detecting vulnerabilities similar to remote code execution.