reddit hackernews mail facebook facebook linkedin


Network security scanner with an extensible plugin system.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

When security vulnerabilities or misconfigurations are actively exploited by attackers, organizations need to react quickly in order to protect potentially vulnerable assets. As attackers increasingly invest in automation, the time window to react to a newly released, high severity vulnerability is usually measured in hours. This poses a significant challenge for large organizations with thousands or even millions of internet-connected systems. In such hyperscale environments, security vulnerabilities must be detected and ideally remediated in a fully automated fashion. To do so, information security teams need to have the ability to implement and roll out detectors for novel security issues at scale in a very short amount of time. Furthermore, it is important that the detection quality is consistently very high. To solve these challenges, we created Tsunami - an extensible network scanning engine for detecting high severity vulnerabilities with high confidence in an unauthenticated manner.

Goals and Philosophy:
- Tsunami supports small manually curated set of vulnerabilities
- Tsunami detects high severity, RCE-like vulnerabilities, which often actively exploited in the wild
- Tsunami generates scan results with high confidence and minimal false-positive rate.
- Tsunami detectors are easy to implement.
- Tsunami is easy to scale, executes fast and scans non-intrusively.