Azure Marketplace "Tsunami - security scanner" Users manual
Last updated:
Select a language: [English] [日本語]
Introduction
This is the simplified manual for “Tsunami - security scanner” from Azure Marketplace.
What’s Tsunami - security scanner
Tsunami is a general purpose network security scanner for detecting high severity vulnerabilities.
We offer “Tsunami - Security Scanner” to go live Tsunami on Azure.
Main feature of Tsunami - security scanner
- Installed Tsunami
- Perform batch scan for multiple target hosts
- Provided as Azure virtual machine image.
System requirements
- Allows users to log in to the virtual machine (e.g. ssh)
How to introduction
Access to “Create Tsunami - security scanner” and Create.
Network Security Group (NSG) is applied to the virtual machine NIC.
The following rules have been added to the NSG inbound security rules:
- Allow ssh(TCP/22) from any source
Recommend that change this NSG settings. (If you want to allow connections only from where you need them.)
If you want to perform a security scan on a host with an IPv6 address, you cannot deploy it from Azure Portal at this time.
How to use
Connect to and operate the deployed virtual machine. (e.g. ssh)
Security checks are performed on multiple hosts
Configuration for the security scan target hosts
Add the list of hosts to be scanned for security to each file in ~/conf, with one line per host.- Host name : hostname_list.conf
- IPv4 address : ipv4_list.conf
- IPv6 address : ipv6_list.conf
[Sample]
- ~/conf/hostname_list.conf
test-server01.local test-server02.local - ~/conf/ipv4_list.conf
192.168.1.23 192.168.2.48 - ~/conf/ipv6_list.conf
fe80::1:23 fe80::2:48
Execute of the Tsunami
Execute ~/TsunamiMulti.sh to start security checks on multiple hosts.$ ./TsunamiMulti.sh Start Scanning test-server01.local (List: /home/azureuser/conf/hostname_list.conf) Oct 20, 2020 4:51:16 AM com.google.tsunami.main.cli.TsunamiCli main INFO: Full classpath scan took 7.236 s Oct 20, 2020 4:51:16 AM com.google.tsunami.common.config.ConfigModule configure INFO: Found Tsunami config class: com.google.tsunami.plugins.detectors.credentials.ncrack.NcrackWeakCredentialDetectorConfigs ... Start Scanning 192.168.1.23 (List: /home/azureuser/conf/ipv4_list.conf) ...If an updated version of Tsunami has been released, update it by entering “y” in the “Do you want to update tsunami? (y/N):” question, if necessary.
Confirmation of scan results The results of the scan and a list of vulnerabilities are output to ~/YYYYmmdd-HHMMSS.log/ directory.
- Scan result : {host}.json
- Vulnerabilities detected : ValunerabilitySummary.json
Perform security checks on a single host
In the ~/tsunami directory, execute the following example.
$ cd ~/tsunami
$ java -cp "${JAR_FILENAME}:${WD}/plugins/*" \
-Dtsunami-config.location=${WD}/tsunami.yaml \
com.google.tsunami.main.cli.TsunamiCli \
--ip-v4-target=127.0.0.1 \
--scan-results-local-output-format=JSON \
--scan-results-local-output-filename=/tmp/tsunami-output.json
Document of Tsunami
https://github.com/google/tsunami-security-scanner/blob/master/docs/index.md
FAQ
Deployment with PowerShell, Azure CLI, etc
Please use the following VM image.
- publisher : pnop
- offer : tsunami
- sku : standard
- version : latest
Software update
The latest version of the software at the time of registration on the Azure Marketplace is installed.
Please update it with apt command if necessary.
Supports
Support is available at a charge.
- Supported inquiries example
- The target solution can not be deployed.
- Virtual machines does not work properly after deployment
- The following are not supported
- General usage on Ubuntu and JMeter
- For general questions about Azure, please go to “Azure Technical Support Service (Japanese only)” provided by our company.
If you wish to support services, please contact below.
- pnop, Inc. - Marketplace Solutions Support Sales
- sales@pnop.co.jp