1. Nmap and Nmap History
  2. Working In a High School As A Computer Instructor
  3. Penetration Testing Jobs in worldwide – A Valuable Online Resource
  4. Types of computer software
  5. Cross-site scripting (XSS) attack
  6. Five Best Cyber Security and Ethical Hacking Private Degrees in Sri Lanka
  7. Google’s open-source tsunami vulnerability scanner
  8. What is Google? (Tutorial)
  9. What is a SQL Injection Attack?
  10. Is WordPress Easy?
  11. How to find a perfect domain name for your website (10+ Tips and Tricks Tutorial)
  12. 6 new vulnerabilities with D-Link home routers allow hackers to launch remote attacks
  13. What is the YouTube and YouTube AdSense?
  14. C++ Lesson 6 – Storage of information through user interactions and VARIABLES
  15. How to get full root Access by Termux without Root?
  16. Trojan horse’s Story | who is this Trojan horse
  17. Don’t use these wallpapers in your mobile phone – System Crash wallpaper issue
  18. Burp Suite pro [Professional 2020.4.1]
  19. Website SEO checker tool
  20. What is DNS? (Domain Name System)
  21. C++ Lesson 5 – Get ready for the first program – Part 2
  22. Whatsapp Secrets Code List
  23. Python Lesson 1 – Python and Computer Programming
  24. C++ Lesson 4 – Get ready for the first program
  25. C++ Lesson 3 – Setting the background PROGRAMMING for LINUX.
  26. What is an Email? (Learn about Email)
  27. GoDaddy reveals a data breach, exposing the credentials of the web hosting account
  28. C++ Lesson 2: Setting the PROGRAMMING Background for WINDOWS
  29. C++ full tutorial | How to start C++ | Part 001
  30. What is the IP Address? – Full Tutorial
  31. How to install Kali Linux in windows Computer using virtualBox – 001
  32. Online YouTube Backlink Generator Tool
  33. How to use ShellPhish in mobile phone – Advance Phishing tool
  34. Remote Command Execution (R.C.E) vulnerability
  35. Mobile phone Ethical Hacking & Penetration Testing platform (Termux)
  36. Nmap network scanning (Basic Tutorial for Beginers) – 002
  37. Nmap Port Scanning tool (Basic Tutorial for Beginers) – 001
  38. Penetration Testing and Ethical Hacking Linux Distribute – Kali Linux
  1. Nmap and Nmap History
  2. Working In a High School As A Computer Instructor
  3. Penetration Testing Jobs in worldwide – A Valuable Online Resource
  4. Types of computer software
  5. Cross-site scripting (XSS) attack
  6. Five Best Cyber Security and Ethical Hacking Private Degrees in Sri Lanka
  7. Google’s open-source tsunami vulnerability scanner
  8. What is Google? (Tutorial)
  9. What is a SQL Injection Attack?
  10. Is WordPress Easy?
  11. How to find a perfect domain name for your website (10+ Tips and Tricks Tutorial)
  12. 6 new vulnerabilities with D-Link home routers allow hackers to launch remote attacks
  13. What is the YouTube and YouTube AdSense?
  14. C++ Lesson 6 – Storage of information through user interactions and VARIABLES
  15. How to get full root Access by Termux without Root?
  16. Trojan horse’s Story | who is this Trojan horse
  17. Don’t use these wallpapers in your mobile phone – System Crash wallpaper issue
  18. Burp Suite pro [Professional 2020.4.1]
  19. Website SEO checker tool
  20. What is DNS? (Domain Name System)
  21. C++ Lesson 5 – Get ready for the first program – Part 2
  22. Whatsapp Secrets Code List
  23. Python Lesson 1 – Python and Computer Programming
  24. C++ Lesson 4 – Get ready for the first program
  25. C++ Lesson 3 – Setting the background PROGRAMMING for LINUX.
  26. What is an Email? (Learn about Email)
  27. GoDaddy reveals a data breach, exposing the credentials of the web hosting account
  28. C++ Lesson 2: Setting the PROGRAMMING Background for WINDOWS
  29. C++ full tutorial | How to start C++ | Part 001
  30. What is the IP Address? – Full Tutorial
  31. How to install Kali Linux in windows Computer using virtualBox – 001
  32. Online YouTube Backlink Generator Tool
  33. How to use ShellPhish in mobile phone – Advance Phishing tool
  34. Remote Command Execution (R.C.E) vulnerability
  35. Mobile phone Ethical Hacking & Penetration Testing platform (Termux)
  36. Nmap network scanning (Basic Tutorial for Beginers) – 002
  37. Nmap Port Scanning tool (Basic Tutorial for Beginers) – 001
  38. Penetration Testing and Ethical Hacking Linux Distribute – Kali Linux
Google’s open-source tsunami vulnerability scanner

Google says tsunami is an extensible network scanner to detect high-intensity vulnerabilities with as few false positives as possible.

Google has an insecure security scanner for large-scale enterprise networks, including thousands or millions of Internet-connected systems.

The tsunami was named, the scanner used internally on Google and was made available on GitHub last month.

ALSO READ
GoDaddy reveals a data breach, exposing the credentials of the web hosting account

Tsunami is not an officially branded Google product but rather operated by the open-source community, thus making Google the first Kubernetes (another Google internal device) available to the public.

How the tsunami works
There are hundreds of other commercial or open-source risk scanners already on the market, but what makes the tsunami different is that Google built it based on companies like Mammoth.

This includes companies that operate hundreds of servers, workstations, networking devices, and networks that have IoT devices connected to the Internet.

Google said the tsunami was designed to accommodate very diverse and very large networks, without the need to run different scanners for each device type.

Google claims to have done so by first dividing the tsunami into two main components and then adding an expandable plugin policy.

The first tsunami component is the scanner – or surveillance module. This component scans the company’s network for open ports. It tests each port and tries to identify the exact protocols and services that are running on it, in an attempt to prevent faulty portables and test equipment for faulty vulnerability.

Google says the Port Finger Printing module is based on the industry-tested NAMP network mapping engine but also uses some custom code.

The second part is more complicated. This follows based on previous results. It takes each device and its exposed ports, selects a list of vulnerabilities to test, and executes sensitive exploits to check if the device is vulnerable to attacks.

We can also tell how tsunamis can be extended by vulnerability verification module plugins – so that security teams can add new attack vectors and vulnerabilities to investigate within their networks.

The current tsunami version comes with plugins:

Exposed Sensitive UI: Unix with Jenkins, Jupiter, and Hadoop Yarn Ship allows apps to schedule workloads or execute system commands. If these systems are exposed to the Internet without authentication, attackers can exploit the application’s functionality to execute malicious commands.
Weak credentials: Tsunami uses other open-source tools such as ncrack to detect weak passwords used by protocols and devices, including SSH, FTP, RDP and MySQL.

Google says it plans to increase the tsunami with new plugins to track different types of success in the coming months. All plugins are released through a second dedicated GitHub repository.

The project will focus on false-compatibility
The search giant said the upcoming tsunami will focus on the goals of high-end enterprise customers like themselves and those found on large and multi-device networks.

Scan accuracy becomes the primary goal, focusing on delivering results with false-positives (false detectives).

This is important because the scanner runs over a wide network, where small-positive results can result in device crashes and network crashes, sending wrong patches to hundreds or even thousands of devices. Too many working hours, and even a company’s bottom line risks.

In addition, tsunamis can thrive only in support of high-intensity vulnerabilities as weapons, but rather than focusing on scanning everything under the sun. Scanners are done today. This can be done to minimize alert fatigue for security teams.

Tags: , , , , , , , , , , , , , ,
Thiwanga Sandaruwan is a professional blog writer. SecDevil.com is the main website of he managed. If you have any problem feel free and contact him.

Related Article

No Related Article

Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge