Discover vulnerabilities with Google Tsunami

Before the Wave

Identifying and fixing security vulnerabilities before an attacker exploits them is one of the most difficult tasks an administrator faces. Virtually any infrastructure component can become a target for crooks. Web applications, with their cornucopia of cross-site scripting (XSS) and other injection attacks, are a problem, as are systems with unpatched software, insecure user accounts, misconfigured firewalls, poorly protected network devices, and so on. At the same time, IT setups are becoming increasingly complex, comprising increasing numbers of components. What's more, sometimes you do not know exactly what components you are dealing with locally.

The best way to prevent attacks is to identify and eliminate security risks before an attack happens. Of course, you cannot hope to do this manually if you have thousands or more virtual instances running the most diverse software zoo imaginable in your company data center. The only tools that can help you there are those that automatically query entire networks or hosts and search for specific vulnerabilities.

Google comes to the aid with its Tsunami [1] offering. Because it is not an official project, Google does not provide any support. That said, Tsunami is now available under the Apache license on GitHub, and the tool can be used without any further Google involvement.

Tsunami

Google has taken a smart approach and designed the program as a framework to which you can add arbitrary functions as plugins. Tsunami, written in Java and therefore platform independent, implements basic functions (e.g., opening connections). Therefore, the plugins "only" contain the specific commands and calls needed to check remote services for specific vulnerabilities.

Accordingly, the Tsunami source code is broken down into several sections that comprise the main program on the one

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=