Google opens its Tsunami vulnerability scanner to open source

Google opens its Tsunami vulnerability scanner to open source Cybersecurity

Google has developed a vulnerability scanner for corporate networks made up of thousands, if not millions, of systems connected to the Internet. Called Tsunami, the scanner is used internally at Google and was made available on GitHub last month.

Tsunami will not be an official Google product but will instead be maintained by the open-source community, in the same way that Google first made Kubernetes (another internal Google tool) available to the general public.

How Tsunami works

There are already hundreds of other commercial or open source vulnerability scanners on the market. But what differs with Tsunami is that Google built the scanner by thinking of companies the size of a mammoth. Like Google. So companies that manage networks comprising hundreds of thousands of servers, workstations, network equipment and IoT devices connected to the internet.

Google said it designed Tsunami to adapt to these extremely diverse and extensive networks from the start, without having to run different scanners for each type of device. To do this, Tsunami is divided into two main parts, and a plugin mechanism is also included.

The first component of Tsunami is the scanner itself – or the recognition module. This component scans a company’s network for open ports. It then tests each port and attempts to identify the protocols and services that run on it, to avoid port labeling errors and to test devices for vulnerabilities. Google says that the port analysis module is based on the industry-tested nmap network mapping engine, but also uses custom code.

The second element is the most complex. It works on the basis of the results of the first. It takes each device and its exposed ports, selects a list of vulnerabilities to test, and performs benign exploits to verify if the device is vulnerable to attack. The vulnerability checking module also allows Tsunami to be extended through plugins, which allow security teams to add new attack vectors and new vulnerabilities.

The current version of Tsunami is delivered with these plugins:

  • User interface : applications such as Jenkins, Jupyter and Hadoop Yarn have user interfaces that allow you to program workloads or execute system commands. If these systems are exposed to the internet without authentication, attackers can exploit the functionality of the application to execute malicious commands.
  • Low credits: Tsunami uses other open source tools such as ncrack to detect weak passwords used by protocols and tools such as SSH, FTP, RDP and MySQL.

Google said it plans to improve Tsunami through
new plugins to detect a wider variety of exploits in
the coming months. All plugins will be available via a second GitHub repository.

The project will focus on the absence of false positives

The research giant has said that in the future, Tsunami will focus on achieving the goals of large companies like it, and the conditions found in these types of large, multi-device networks. The main objective will be the accuracy of the scan, the project striving to provide results with as few false positives as possible.

This is important because the scanner will operate within giant networks where the slightest false positive can cause incorrect patches to be sent to hundreds or thousands of devices, which can cause device crashes, crashes. network, countless hours of work lost, and even losses to a company’s bottom line.

Source: “ZDNet.com”

Source: www.zdnet.fr

Rate article