Google open-sources network security scanner Tsunami

The project code was released on GitHub last month

Google has open-sourced Tsunami vulnerability scanner to help other organisations to protect their users' data by detecting high severity vulnerabilities in their networks.

Google describes Tsunami as a general purpose network security scanner that comes with an extensible plugin system to provide scanning capabilities for high severity vulnerabilities in networks that consist of thousands of workstations, servers, Internet of Things (IoT) devices and other equipment connected to the internet.

Google was earlier using the scanner internally and released it on GitHub last month. The code of Tsunami is written in Java and it has been released under the Apache 2.0 license.

Google says it leverages Kubernetes Engine to conduct scans and to secure the company's externally facing systems with the Tsunami scanning engine.

Tsunami completes a system scan in two steps: reconnaissance and vulnerability verification.

Reconnaissance involves detecting open ports initially and then identifying services, protocols, and other applications running on each port with the help of various fingerprinting plugins. Tsunami utilises existing tools like nmap to perform some of these tasks.

In the second step, Tsunami takes each device and its exposed ports and then selects a list of vulnerabilities to test. It runs a fully working but benign exploit to check if the device is vulnerable to attacks.

The initial Tsunami version comes with detectors to check the exposed sensitive user interfaces and weak credentials. Google says Tsunami utilises other open source tools like ncrack to spot weak passwords being used by protocols and tools including FTP, SSH, MySQL and RDP.

The company plans to release many more plugins in the coming months for Tsunami to make it more powerful in detecting vulnerabilities similar to remote code execution. The company is also working on multiple other features to make the tool easier to use and expand.

Moreover, Tsunami will be expanded with a focus on high-severity vulnerabilities that are more likely to be exploited by hackers. This will help reduce alert fatigue for security teams, according to Google.