kandi background
Explore Kits

tsunami-security-scanner | general purpose network security scanner | Security library

 by   google Java Version: v0.0.9 License: Apache-2.0

 by   google Java Version: v0.0.9 License: Apache-2.0

Download this library from

kandi X-RAY | tsunami-security-scanner Summary

tsunami-security-scanner is a Java library typically used in Security applications. tsunami-security-scanner has no bugs, it has build file available, it has a Permissive License and it has medium support. However tsunami-security-scanner has 4 vulnerabilities. You can download it from GitHub, Maven.
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • tsunami-security-scanner has a medium active ecosystem.
  • It has 7291 star(s) with 780 fork(s). There are 331 watchers for this library.
  • There were 5 major release(s) in the last 12 months.
  • There are 30 open issues and 38 have been closed. On average issues are closed in 84 days. There are 5 open pull requests and 0 closed requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of tsunami-security-scanner is v0.0.9
This Library - Support
Best in #Security
Average in #Security
This Library - Support
Best in #Security
Average in #Security

quality kandi Quality

  • tsunami-security-scanner has 0 bugs and 421 code smells.
This Library - Quality
Best in #Security
Average in #Security
This Library - Quality
Best in #Security
Average in #Security

securitySecurity

  • tsunami-security-scanner has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • tsunami-security-scanner code analysis shows 4 unresolved vulnerabilities (0 blocker, 2 critical, 2 major, 0 minor).
  • There are 68 security hotspots that need review.
This Library - Security
Best in #Security
Average in #Security
This Library - Security
Best in #Security
Average in #Security

license License

  • tsunami-security-scanner is licensed under the Apache-2.0 License. This license is Permissive.
  • Permissive licenses have the least restrictions, and you can use them in most projects.
This Library - License
Best in #Security
Average in #Security
This Library - License
Best in #Security
Average in #Security

buildReuse

  • tsunami-security-scanner releases are available to install and integrate.
  • Deployable package is available in Maven.
  • Build file is available. You can build the component from source.
  • Installation instructions, examples and code snippets are available.
  • tsunami-security-scanner saves you 4260 person hours of effort in developing the same functionality from scratch.
  • It has 9036 lines of code, 842 functions and 145 files.
  • It has low code complexity. Code complexity directly impacts maintainability of the code.
This Library - Reuse
Best in #Security
Average in #Security
This Library - Reuse
Best in #Security
Average in #Security
Top functions reviewed by kandi - BETA

kandi has reviewed tsunami-security-scanner and discovered the below as its top functions. This is intended to give you an instant insight into tsunami-security-scanner implemented functionality, and help decide if they suit your requirements.

  • Generate scan results .
  • Parses the version range string .
  • Sends an asynchronous HTTP request asynchronously .
  • Creates a new bootstrap module from the target class .
  • Builds the execution trace from the ScanResults .
  • Creates a NetworkEndpoint with the given port and port .
  • Creates a new config object from the config data .
  • Attempt to match CitnDetectors .
  • Parse a segment from a string .
  • Runs a test and exits .

tsunami-security-scanner Key Features

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Traditional install

copy iconCopydownload iconDownload
nmap >= 7.80
ncrack >= 0.7

Docker install

copy iconCopydownload iconDownload
docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token=''

License

copy iconCopydownload iconDownload
Copyright 2019 Google Inc.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Community Discussions

Trending Discussions on Security
  • How are code-branch side channel attacks mitigated on Java?
  • Trusting individual invalid certs in mitmproxy
  • Ways to stop other android applications from identifying my application?
  • Log4j vulnerability - Is Log4j 1.2.17 vulnerable (was unable to find any JNDI code in source)?
  • How to manage OAuth flow in mobile application with server
  • Which are safe methods and practices for string formatting with user input in Python 3?
  • Was slf4j affected with vulnerability issue in log4j
  • Which version of Django REST Framework is affected by IP Spoofing?
  • Can NPM show me the age of packages before installing them?
  • Does the Log4j security violation vulnerability affect log4net?
Trending Discussions on Security

QUESTION

How are code-branch side channel attacks mitigated on Java?

Asked 2022-Mar-10 at 18:18

When you are working with secret keys, if your code branches unequally it could reveal bits of the secret keys via side channels. So for some algorithms it should branch uniformly independently of the secret key.

On C/C++/Rust, you can use assembly to be sure that no compiler optimizations will mess with the branching. However, on Java, the situation is difficult. First of all, it does JIT for desktop, and AOT on Android, so there are 2 possibilities for the code to be optimized in an unpredictable way, as JIT and AOT are always changing and can be different for each device. So, how are side channel attacks that take advantage of branching prevented on Java?

ANSWER

Answered 2022-Mar-10 at 18:18

When performing side-channel attacks, one of the main ways of doing these are to read the power-consumption of the chip using differential power analysis (DPA). When you have a branch in a code, such as an if statement, this can adversely affect the power draw in such a way that correlations can be made as to which choices are being made. To thwart this analysis, it would be in your interest to have a "linear" power consumption. This can do some degree be mitigated by code, but would ultimately depend upon the device itself. According Brennan et.al [1], some chose to tackle the java JIT issue by caching instructions. In code, the "best" you could do would be to program using canaries, in order to confuse an attacker, as proposed by Brennan et.al [2], and demonstrated in the following (very simplified) example code:

public bool check(String guess) {
    for(int i=0; i<guess.len; i++)
        return false;
    }
    return true;
}

versus;

public bool check(String guess) {
    bool flag=true, fakeFlag=true;
    for(int i=0; i<guess.len; i++) {
        if (guess[i] != password[i])
            flag=false;
        else
            fakeFlag = false:
        }
    return flag;
    }
}

[1]: T. Brennan, "Detection and Mitigation of JIT-Induced Side Channels*," 2020 IEEE/ACM 42nd International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), 2020, pp. 143-145.

[2]: T. Brennan, N. Rosner and T. Bultan, "JIT Leaks: Inducing Timing Side Channels through Just-In-Time Compilation," 2020 IEEE Symposium on Security and Privacy (SP), 2020, pp. 1207-1222, doi: 10.1109/SP40000.2020.00007.

Source https://stackoverflow.com/questions/71316831

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install tsunami-security-scanner

To quickly get started with Tsunami scans,.
install the following required dependencies:.
install the following required dependencies: nmap >= 7.80 ncrack >= 0.7
start a vulnerable application that can be identified by Tsunami, e.g. an unauthenticated Jupyter Notebook server. The easiest way is to use a docker image: docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token=''
execute the following command: bash -c "$(curl -sfL https://raw.githubusercontent.com/google/tsunami-security-scanner/master/quick_start.sh)"
Clone the google/tsunami-security-scanner and google/tsunami-security-scanner-plugins repos into $HOME/tsunami/repos directory.
Compile all Google Tsunami plugins and move all plugin jar files into $HOME/tsunami/plugins directory.
Compile the Tsunami scanner Fat Jar file and move it into $HOME/tsunami directory.
Move the tsunami.yaml example config into $HOME/tsunami directory.
Print example Tsunami command for scanning 127.0.0.1 using the previously generated artifacts.
start a vulnerable application that can be identified by Tsunami, e.g. an unauthenticated Jupyter Notebook server. The easiest way is to use a docker image:.
start a vulnerable application that can be identified by Tsunami, e.g. an unauthenticated Jupyter Notebook server. The easiest way is to use a docker image: docker run --name unauthenticated-jupyter-notebook -p 8888:8888 -d jupyter/base-notebook start-notebook.sh --NotebookApp.token=''
build the docker image for Tsunami: docker build -t tsunami .
run the Tsunami image. The logs can be saved to the host machine by mounting a volume: docker run --network="host" -v "$(pwd)/logs":/usr/tsunami/logs tsunami

Support

Read how to contribute to Tsunami.

DOWNLOAD this Library from

Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

Explore Related Topics

Share this Page

share link
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

  • © 2022 Open Weaver Inc.