A client that extracts vulnerability observations from Google's Tsunami Security Scanner plugin repository and pushes them to a Vulnerability-Lookup instance.

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: GPL-3.0-or-later
    SPDX License Expression
  • Author: Philippe Parage
  • Tags Vulnerability-Lookup , Vulnerability , CVE , Tsunami
  • Requires: Python <4.0, >=3.10
  • Provides-Extra: test
Classifiers
Report project as malware

Project description

TsunamiSight

A client that extracts vulnerability-related observations from the Tsunami Security Scanner plugins repository and publishes them as sightings on a Vulnerability-Lookup instance.

Each committed Tsunami detector is a compiled, executable proof-of-concept for a specific vulnerability. TsunamiSight emits one sighting per (plugin, CVE) pair with the default type published-proof-of-concept.

Installation

$ pipx install TsunamiSight
$ export TSUNAMISIGHT_CONFIG=~/.TsunamiSight/conf.py
$ git clone https://github.com/google/tsunami-security-scanner-plugins.git tsunami-security-scanner-plugins

Copy tsunamisight/conf_sample.py to your chosen config path and fill in the token + URL.

With Docker

git clone <this repo>
cd TsunamiSight
cp tsunamisight/conf_sample.py tsunamisight/conf.py   # then fill in token
docker compose up --build

Usage

TsunamiSight --help
usage: TsunamiSight [-h] [--init] [--dry-run]

Extract CVE references from the Tsunami plugins repo and publish sightings.

options:
  -h, --help   show this help message and exit
  --init       Full sweep: emit sightings for every CVE-bearing plugin.
  --dry-run    Parse and print (plugin, CVE, timestamp) triples without POSTing.

License

GNU General Public License v3 or later. See COPYING.

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: GPL-3.0-or-later
    SPDX License Expression
  • Author: Philippe Parage
  • Tags Vulnerability-Lookup , Vulnerability , CVE , Tsunami
  • Requires: Python <4.0, >=3.10
  • Provides-Extra: test
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

tsunamisight-0.1.0.tar.gz (17.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

tsunamisight-0.1.0-py3-none-any.whl (20.5 kB view details)

Uploaded Python 3

File details

Details for the file tsunamisight-0.1.0.tar.gz.

File metadata

  • Download URL: tsunamisight-0.1.0.tar.gz
  • Upload date:
  • Size: 17.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for tsunamisight-0.1.0.tar.gz
Algorithm Hash digest
SHA256 3146db60208eed13984b0ad9bb21e5856a79ef8b945958924465f9cd1a3608dc
MD5 0afe660a0f8892575ccec165a54dc24f
BLAKE2b-256 9b8d9322f3bd92b21b3d7abb1edc01d3fc0da611b0bf9a1a2dfeb7e05e208953

See more details on using hashes here.

Provenance

The following attestation bundles were made for tsunamisight-0.1.0.tar.gz:

Publisher: release.yml on vulnerability-lookup/TsunamiSight

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file tsunamisight-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: tsunamisight-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 20.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for tsunamisight-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ddcdcee351394357711df7e345119ff2273108502be009e0c73e68f94f0432ca
MD5 fa800bba939ed7953fd6ddf9e74dedf2
BLAKE2b-256 e5b5b975bb0566749c724b2e9e76a1458ff1e5b9309e1abf0041a599e17e3656

See more details on using hashes here.

Provenance

The following attestation bundles were made for tsunamisight-0.1.0-py3-none-any.whl:

Publisher: release.yml on vulnerability-lookup/TsunamiSight

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page