This article demonstrates how to install the new Tsunami vulnerability scanner on a Redhat-like machine such as Fedora or CentOS 8 and how to use it including an example script to scan multiple targets or subnets.
Install Java:
yum install java-*-openjdk-devel
Download the Tsunami ZIP from here:
https://github.com/google/tsunami-security-scanner/archive/master.zip
Extract the file and run the installer:
unzip tsunami-security-scanner-master.zip cd tsunami-security-scanner-master ./quick_start.sh
Once the installer finishes, you’ll see an example command that can be executed to scan the local machine:
cd /root/tsunami && \ java -cp "tsunami-main-0.0.2-SNAPSHOT-cli.jar:/root/tsunami/plugins/*" \ -Dtsunami-config.location=/root/tsunami/tsunami.yaml \ com.google.tsunami.main.cli.TsunamiCli \ --ip-v4-target=10.0.0.7 \ --scan-results-local-output-format=JSON \ --scan-results-local-output-filename=/tmp/tsunami-output.json
Yes, I ran the above as the “root” user. Just for completeness, the scan above targets the host at “10.0.0.7”.
View your results in the “/tmp/tsunami-output.json” JSON file. This file was specified in the example execution command above.
The results may look like this:
{ "scanStatus": "SUCCEEDED", "scanStartTimestamp": "2020-11-09T00:13:30.036Z", "scanDuration": "46.721s", "fullDetectionReports": { }, "reconnaissanceReport": { "targetInfo": { "networkEndpoints": [{ "type": "IP", "ipAddress": { "addressFamily": "IPV4", "address": "10.0.0.7" } }] }, "networkServices": [{ "networkEndpoint": { "type": "IP_PORT", "ipAddress": { "addressFamily": "IPV4", "address": "10.0.0.7" }, ....
To make it easier to scan a range of computers (such as a network), use the following to get started:
#!/bin/bash # Andrew Galdes ([email protected]) # Run from: cd /root/tsunami # Output file: OUTPUT="/tmp/tsunami-output.json" # Output format [JSON, BIN_PROTO]: FORMAT="JSON" # Specify target hosts: for TARGET in 10.0.0.{1..254} do java -cp "tsunami-main-0.0.2-SNAPSHOT-cli.jar:/root/tsunami/plugins/*" -Dtsunami-config.location=/root/tsunami/tsunami.yaml com.google.tsunami.main.cli.TsunamiCli --ip-v4-target=${TARGET} --scan-results-local-output-format=${FORMAT} --scan-results-local-output-filename=${OUTPUT} done echo "Check your results at: ${OUTPUT}
The output (in this example) is in JSON format. That’s easy to scan over but not easy to view at the management level. You can use one of a multitude of JSON viewers includ the simple “http://json2table.com” site where you can simple copy/paste the JSON output from the Vulnerability Scanner and see an “ok” view of the data.
Documentation can be found at “https://github.com/google/tsunami-security-scanner”.
Plugins can be found at “https://github.com/google/tsunami-security-scanner-plugins/tree/master/google”.