Tsunami consists of two main components and its structure is such that it allows the application of new capabilities, adding specifically plugins.
The first ingredient is an nmap-based scanner that scans a company's network for open ports and then tests each one separately.
According to Google in addition Nmap, the scanner also uses some custom code.
The second component uses the scan results to test devices on a list of vulnerabilities that perform known exploits.
This allows users to add new ones possibilities tests by adding plugins.
The original version of the Tsunami tool includes functional units for detecting the following security issues:
Exposed UIs user: Applications such as Jenkins, Jupyter and Hadoop Yarn come with a UI that allows the user to schedule workloads or execute system commands. If these systems are exposed to Internet without authentication, intruders can exploit the functionality of the application to execute malicious commands.
Weak credentials: Tsunami uses other open source tools, such as ncrack, to detect weak passwords used by protocols and tools, including SSH, FTP, RDP and MySQL.
Google plans to release new add-ons for the Tsunami scanner, which will allow users to detect a wider range of vulnerabilities in the future. Additions will be released on GitHub.