/awesome-pentest-tools-in-colab

A curated list of awesome Penetration Testing Tools ported to Google Colab to make faster and easier to execute and test.

Primary LanguageJupyter Notebook

awesome-pentest-tools-in-colab

A curated list of awesome Penetration Testing and DevSecOps Tools ported to Google Colab to make faster and easier to try, execute and test.

Google Colab, โ€œColabโ€ for short, is a product from Google Research. Colab allows anybody to write and execute arbitrary python code through the browser, and is especially well suited to machine learning, data analysis, education and now security. More technically, Colab is a hosted Jupyter notebook service that requires no setup to use, while providing free access to computing resources including GPUs. Colab allows you to write and execute Python, Bash and Linux tools in your browser, with:

  • Zero configuration required
  • Free access to GPUs
  • Easy sharing
  • Easily execute new Security Tools

Open the Google Colab link, copy the commands or use it with your own run-time (https://research.google.com/colaboratory/local-runtimes.html) and execute the tools against your own code or running environment with proper required authorizations.

โญ Androbugs for Google Colab in order to quickly analyse Android apps security: https://colab.research.google.com/drive/1SwyRN-3tucTqJQ5o3_b0Dlu9RL3ebbif?usp=sharing

๐Ÿ’ฅ Anubis subdomain enumeration tool ported to Google Colab: https://colab.research.google.com/drive/1sAQ6Gik_zMPVI2ACYyRmmYcx7q5l0JpS?usp=sharing

๐Ÿ”” Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications: https://colab.research.google.com/drive/1s2obuKsT2x-Qic2e0f6dEW5NVCcWrn9q?usp=sharing

๐Ÿ‘พ Arjun can find and enumerate query parameters for URL endpoints. Very useful for testing APIs. Google Colab: https://colab.research.google.com/drive/1TWlKfIdx-rYh-KCEEpKSTsh1KMZbydWd?usp=sharing

๐ŸŽ† domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time ported to Google Colab: https://colab.research.google.com/drive/1snH2GGHqm-X8NCG5rsBsRmdxPaUyvtax?usp=sharing

๐Ÿ‘‰DrHEADer helps with the audit of security headers received in response to a single request or a list of requests. Google Colab: https://colab.research.google.com/github/brinhosa/awesome-pentest-tools-in-colab/blob/main/DrHeader.ipynb

๐Ÿ‘€ Insider is a Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Google Colab: https://colab.research.google.com/drive/1bxH1GOw4swsp_cwICe9CltO1ykGUXWY_?usp=sharing

๐Ÿ”ฅ JARM is an active Transport Layer Security (TLS) server fingerprinting tool ported to Google Colab: https://colab.research.google.com/drive/1kbF276z8Wlh81hqp_mvKqPYQNUrBAy4D?usp=sharing

๐Ÿš€ OWASP Amass, the OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. Google Colab: https://colab.research.google.com/drive/1TsjsC7w1AF3IzOCeKLlo53Jphk26fWQC?usp=sharing

๐Ÿ•ถ๏ธ OWASP Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. Google Colab: https://colab.research.google.com/drive/1E1DhyXS51KhrwIBWJdioVV4_zf4CTm-3?usp=sharing

๐Ÿ™ OWASP Nettacker is a project to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. Google Colab: https://colab.research.google.com/drive/12Dg93h575eG7UPW1zWNKDcT_G1-4Yh4Q?usp=sharing

๐Ÿ‘ฝ Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. Google Colab: https://colab.research.google.com/drive/1TxPQOpSsDsvHKQVghfZvnF6c52rigbWI?usp=sharing

๐Ÿ‘๏ธ Nmap is a free and open source utility for network discovery and security auditing. Running nmap with the "vuln" scripts argument against our applications and servers can help to identify vulnerabilities. Google Colab: https://colab.research.google.com/drive/1aKolpvz5WjWxHJjbS5cAOYpbbDBco_wn?usp=sharing

๐Ÿฆ‚ Semgrep is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. This will run 1,000+ community-driven rules covering security, correctness, and performance bugs. Google Colab: https://colab.research.google.com/drive/1vy9j10O4OGRl6Og3mI1g_57hRfo31Vu0?usp=sharing

๐Ÿงน Tsunami is a general purpose network security scanner from Google with an extensible plugin system for detecting high severity vulnerabilities with high confidence. Google Colab: https://colab.research.google.com/drive/1wj-DEF84cILBQSihRXd014wcMbQIPkSE?usp=sharing

๐Ÿ“ซ Send your comments and suggestions to: https://twitter.com/brinhosa

Disclaimer:

Author assume no liability and is not responsible for any misuse or damage caused by these programs. Copy the commands and execute using your own responsability in your own servers. This is distributed in the hope that it will be useful, for educational purposes, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. It is released under GPLv3 license.