vulnerability-lookup/TsunamiSight
GitHub: vulnerability-lookup/TsunamiSight
一个从 Tsunami 安全扫描器插件仓库提取并发布漏洞观测记录到 Vulnerability-Lookup 的客户端工具。
Stars: 1 | Forks: 0
# TsunamiSight
一个从
[Tsunami Security Scanner 插件](https://github.com/google/tsunami-security-scanner-plugins)
仓库中提取漏洞相关观察结果的客户端,并将其发布为
[观测记录](https://www.vulnerability-lookup.org/user-manual/sightings/)
到 Vulnerability-Lookup 实例。
每个已提交的 Tsunami 检测器都是针对特定漏洞的编译后可执行证明概念。TsunamiSight 为每个 `(插件, CVE)` 对发出一条观测记录,类型为默认的 `published-proof-of-concept`。
## 安装
```
$ pipx install TsunamiSight
$ export TSUNAMISIGHT_CONFIG=~/.TsunamiSight/conf.py
$ git clone https://github.com/google/tsunami-security-scanner-plugins.git tsunami-security-scanner-plugins
```
将 `tsunamisight/conf_sample.py` 复制到您选择的配置路径,并填写令牌 + URL。
### 使用 Docker
```
git clone
cd TsunamiSight
cp tsunamisight/conf_sample.py tsunamisight/conf.py # then fill in token
docker compose up --build
```
## 用法
```
TsunamiSight --help
usage: TsunamiSight [-h] [--init] [--dry-run]
Extract CVE references from the Tsunami plugins repo and publish sightings.
options:
-h, --help show this help message and exit
--init Full sweep: emit sightings for every CVE-bearing plugin.
--dry-run Parse and print (plugin, CVE, timestamp) triples without POSTing.
```
## 许可证
[TsunamiSight](https://github.com/vulnerability-lookup/TsunamiSight) 根据
[GNU General Public License version 3](https://www.gnu.org/licenses/gpl-3.0.html)
授权。
```
Copyright (c) 2026 Computer Incident Response Center Luxembourg (CIRCL)
Copyright (C) 2026 Philippe Parage - https://github.com/pparage
```
标签:CIRCL, CVE, Docker, Google 开源, Python 客户端, Tsunami 安全扫描器, Vulnerability-Lookup, XSS, 初始化扫描, 发布观察, 安全扫描插件, 安全防御评估, 干运行, 开源安全工具, 插件仓库, 数字签名, 漏洞利用证明, 漏洞情报, 漏洞查找, 漏洞观察, 网络安全研究, 观测发布, 请求拦截, 逆向工具, 逆向工程平台