All Linux HowTo's Security HowTo's

Installing the Tsunami Vulnerability Scanner on Fedora / CentOS 8

This article demonstrates how to install the new Tsunami vulnerability scanner on a Redhat-like machine such as Fedora or CentOS 8 and how to use it including an example script to scan multiple targets or subnets.

Install Java:

yum install java-*-openjdk-devel

Download the Tsunami ZIP from here:

https://github.com/google/tsunami-security-scanner/archive/master.zip

Extract the file and run the installer:

unzip tsunami-security-scanner-master.zip
cd tsunami-security-scanner-master
./quick_start.sh

Once the installer finishes, you’ll see an example command that can be executed to scan the local machine:

cd /root/tsunami && \
java -cp "tsunami-main-0.0.2-SNAPSHOT-cli.jar:/root/tsunami/plugins/*" \
  -Dtsunami-config.location=/root/tsunami/tsunami.yaml \
  com.google.tsunami.main.cli.TsunamiCli \
  --ip-v4-target=10.0.0.7 \
  --scan-results-local-output-format=JSON \
  --scan-results-local-output-filename=/tmp/tsunami-output.json

Yes, I ran the above as the “root” user. Just for completeness, the scan above targets the host at “10.0.0.7”.

View your results in the “/tmp/tsunami-output.json” JSON file. This file was specified in the example execution command above.

The results may look like this:

{
  "scanStatus": "SUCCEEDED",
  "scanStartTimestamp": "2020-11-09T00:13:30.036Z",
  "scanDuration": "46.721s",
  "fullDetectionReports": {
  },
  "reconnaissanceReport": {
    "targetInfo": {
      "networkEndpoints": [{
        "type": "IP",
        "ipAddress": {
          "addressFamily": "IPV4",
          "address": "10.0.0.7"
        }
      }]
    },
    "networkServices": [{
      "networkEndpoint": {
        "type": "IP_PORT",
        "ipAddress": {
          "addressFamily": "IPV4",
          "address": "10.0.0.7"
        },
....

To make it easier to scan a range of computers (such as a network), use the following to get started:

#!/bin/bash

# Andrew Galdes (support@agix.com.au)

# Run from:
cd /root/tsunami

# Output file:
OUTPUT="/tmp/tsunami-output.json"

# Output format [JSON, BIN_PROTO]:
FORMAT="JSON"

# Specify target hosts:
for TARGET in 10.0.0.{1..254}
do
        java -cp "tsunami-main-0.0.2-SNAPSHOT-cli.jar:/root/tsunami/plugins/*" -Dtsunami-config.location=/root/tsunami/tsunami.yaml com.google.tsunami.main.cli.TsunamiCli --ip-v4-target=${TARGET} --scan-results-local-output-format=${FORMAT} --scan-results-local-output-filename=${OUTPUT}
done
echo "Check your results at: ${OUTPUT}

The output (in this example) is in JSON format. That’s easy to scan over but not easy to view at the management level. You can use one of a multitude of JSON viewers includ the simple “http://json2table.com” site where you can simple copy/paste the JSON output from the Vulnerability Scanner and see an “ok” view of the data.

Documentation can be found at “https://github.com/google/tsunami-security-scanner”.
Plugins can be found at “https://github.com/google/tsunami-security-scanner-plugins/tree/master/google”.

Similar Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.