This directory contains all Tsunami plugins published by Google.

• Nmap Port Scanner

• Web Service Fingerprinter

• MantisBT Authentication Bypass Detector (CVE-2017-7615)
• Ncrack Weak Credential Detector

• Exposed Elasticsearch API Detector
• Exposed Hadoop Yarn ResourceManager API Detector
• Exposed Jenkins UI Detector
• Exposed Jupyter Notebook Detector
• Exposed Kubernetes APIDetector
• Exposed PHPUnit Vulnerable eval-stdin.php Detector
• Exposed Spring Boot Actuator Endpoint Detector
• Exposed WordPress Installation Page Detector

• PHP RCE (CVE-2012-1823) Detector
• Apache Struts Command Injection via Content-Type Header (CVE-2017-5638) Detector
• Apache Struts Command Injection via Unsafe Deserialization (CVE-2017-9805) Detector
• Apache Struts Command Injection via Namespace (CVE-2018-11776) Detector
• Jenkins CLI Deserialization RCE (CVE-2017-1000353) Detector
• Java Unprotected JMX Server Detector
• Joomla RCE (CVE-2015-8562) Detector
• Joomla Rusty RCE Detector
• Liferay Portal RCE (CVE-2020-7961) Detector
• Apache Solr VelocityResponseWriter RCE (CVE-2019-17558) Detector
• Tomcat Ghostcat (CVE-2020-1938) Detector
• vBulletin Pre-Auth RCE (CVE-2019-16759) Detector

• Exposed unauthenticated Adminer server.
• Exposed Hashicorp Consul API with enabled script checks.
• Exposed Docker daemon API.
• Exposed unauthenticated Drupal installation page.
• Exposed unauthenticated GoCD server.
• Exposed unauthenticated Kubernetes master server.
• Exposed unauthenticated phpMyAdmin server.

Use the following command to build all Google released plugins:

./build_all.sh

All generated jar files are copied into build/plugins folder.