explaingit

google/tsunami-security-scanner

8,568JavaAudience · ops devopsComplexity · 4/5LicenseSetup · hard

TLDR

Tsunami is an open-source network security scanner from Google that automatically checks networks for serious vulnerabilities, designed to produce high-confidence results with few false alarms and extended through a plugin system.

Mindmap

mindmap
  root((repo))
    What It Does
      Scan for vulnerabilities
      High confidence results
      Few false alarms
    Architecture
      Plugin system
      Extensible core
      Companion plugin repo
    Use Cases
      Network audits
      CVE detection
      Infrastructure scanning
    Audience
      Security engineers
      DevOps teams
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Scan your company's internal network for high-severity vulnerabilities like exposed admin panels or unpatched services

USE CASE 2

Add a custom vulnerability detection plugin for a new CVE without modifying the scanner's core code

USE CASE 3

Run automated security checks on infrastructure as part of a scheduled audit or CI/CD security gate

USE CASE 4

Extend Tsunami with plugins from the companion repository to detect a broader set of known vulnerabilities

Tech stack

Java

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Java build tooling, the README is sparse and full setup instructions live on the external documentation site.

Free to use, modify, and distribute for any purpose including commercial use, as long as you include the Apache 2.0 license and copyright notice.

In plain English

Tsunami is an open-source network security scanner released by Google. Its job is to automatically check a network for serious security vulnerabilities, with a focus on finding real problems rather than generating large numbers of false alarms. The design goal is high confidence: when Tsunami reports a vulnerability, it is very likely to be a genuine issue. The scanner is built around a plugin system. The core of Tsunami handles the general work of scanning a network, while specific vulnerability checks are packaged as separate plugins. This means the scanner can be extended to detect new vulnerabilities by adding plugins without changing the core code. All publicly available plugins live in a companion repository on GitHub. The project is written in Java and released under the Apache 2.0 open-source license. Google notes that Tsunami is not an official Google product, meaning it is a research and engineering project shared with the community rather than a supported commercial offering. The README is sparse and points readers to the external documentation site for instructions on how to build, run, and contribute to the project. Details about specific vulnerability detections, plugin development, and deployment are covered there rather than in the repository itself.

Copy-paste prompts

Prompt 1
Show me how to build Tsunami from source using Maven and run it against a target IP to get a vulnerability report
Prompt 2
Walk me through writing a Tsunami plugin in Java that checks whether a specific HTTP endpoint is publicly accessible without authentication
Prompt 3
How do I configure Tsunami to run only a specific subset of plugins and output the results as JSON?
Prompt 4
Explain the Tsunami plugin architecture, how does the core scanner discover and hand off work to individual vulnerability detection plugins?
Prompt 5
How do I add the Tsunami companion plugin repository as a dependency and enable all available vulnerability checks?
Open on GitHub → Explain another repo

← google on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.