Skip to content

A curated list of awesome Penetration Testing Tools ported to Google Colab to make faster and easier to execute and test.

Notifications You must be signed in to change notification settings

brinhosa/awesome-pentest-tools-in-colab

Repository files navigation

awesome-pentest-tools-in-colab

A curated list of awesome Penetration Testing and DevSecOps Tools ported to Google Colab to make faster and easier to try, execute and test.

Google Colab, “Colab” for short, is a product from Google Research. Colab allows anybody to write and execute arbitrary python code through the browser, and is especially well suited to machine learning, data analysis, education and now security. More technically, Colab is a hosted Jupyter notebook service that requires no setup to use, while providing free access to computing resources including GPUs. Colab allows you to write and execute Python, Bash and Linux tools in your browser, with:

  • Zero configuration required
  • Free access to GPUs
  • Easy sharing
  • Easily execute new Security Tools

Open the Google Colab link, copy the commands or use it with your own run-time (https://research.google.com/colaboratory/local-runtimes.html) and execute the tools against your own code or running environment with proper required authorizations.

⭐ Androbugs for Google Colab in order to quickly analyse Android apps security: https://colab.research.google.com/drive/1SwyRN-3tucTqJQ5o3_b0Dlu9RL3ebbif?usp=sharing

💥 Anubis subdomain enumeration tool ported to Google Colab: https://colab.research.google.com/drive/1sAQ6Gik_zMPVI2ACYyRmmYcx7q5l0JpS?usp=sharing

🔔 Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications: https://colab.research.google.com/drive/1s2obuKsT2x-Qic2e0f6dEW5NVCcWrn9q?usp=sharing

👾 Arjun can find and enumerate query parameters for URL endpoints. Very useful for testing APIs. Google Colab: https://colab.research.google.com/drive/1TWlKfIdx-rYh-KCEEpKSTsh1KMZbydWd?usp=sharing

🎆 domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time ported to Google Colab: https://colab.research.google.com/drive/1snH2GGHqm-X8NCG5rsBsRmdxPaUyvtax?usp=sharing

👉DrHEADer helps with the audit of security headers received in response to a single request or a list of requests. Google Colab: https://colab.research.google.com/github/brinhosa/awesome-pentest-tools-in-colab/blob/main/DrHeader.ipynb

👀 Insider is a Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Google Colab: https://colab.research.google.com/drive/1bxH1GOw4swsp_cwICe9CltO1ykGUXWY_?usp=sharing

🔥 JARM is an active Transport Layer Security (TLS) server fingerprinting tool ported to Google Colab: https://colab.research.google.com/drive/1kbF276z8Wlh81hqp_mvKqPYQNUrBAy4D?usp=sharing

🚀 OWASP Amass, the OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. Google Colab: https://colab.research.google.com/drive/1TsjsC7w1AF3IzOCeKLlo53Jphk26fWQC?usp=sharing

🕶️ OWASP Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. Google Colab: https://colab.research.google.com/drive/1E1DhyXS51KhrwIBWJdioVV4_zf4CTm-3?usp=sharing

🐙 OWASP Nettacker is a project to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. Google Colab: https://colab.research.google.com/drive/12Dg93h575eG7UPW1zWNKDcT_G1-4Yh4Q?usp=sharing

👽 Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. Google Colab: https://colab.research.google.com/drive/1TxPQOpSsDsvHKQVghfZvnF6c52rigbWI?usp=sharing

👁️ Nmap is a free and open source utility for network discovery and security auditing. Running nmap with the "vuln" scripts argument against our applications and servers can help to identify vulnerabilities. Google Colab: https://colab.research.google.com/drive/1aKolpvz5WjWxHJjbS5cAOYpbbDBco_wn?usp=sharing

🦂 Semgrep is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. This will run 1,000+ community-driven rules covering security, correctness, and performance bugs. Google Colab: https://colab.research.google.com/drive/1vy9j10O4OGRl6Og3mI1g_57hRfo31Vu0?usp=sharing

🧹 Tsunami is a general purpose network security scanner from Google with an extensible plugin system for detecting high severity vulnerabilities with high confidence. Google Colab: https://colab.research.google.com/drive/1wj-DEF84cILBQSihRXd014wcMbQIPkSE?usp=sharing

📫 Send your comments and suggestions to: https://twitter.com/brinhosa

Disclaimer:

Author assume no liability and is not responsible for any misuse or damage caused by these programs. Copy the commands and execute using your own responsability in your own servers. This is distributed in the hope that it will be useful, for educational purposes, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. It is released under GPLv3 license.

Disclaimer: Tools Usage

These tools are exclusively designed for lawful testing and educational purposes. They are provided on an "as-is" basis without warranties of any kind, express or implied. The developers and distributors of these tools explicitly disclaim any liability for misuse, unintended consequences, or damages resulting from their use.

Important Legal Notice

Unauthorized, illegal, or unethical use of these tools is strictly prohibited. Users are solely responsible for adhering to all applicable local, state, federal, and international laws, as well as any terms of service governing the networks or systems they engage with. By using these tools, users affirm that they possess the necessary authorizations to test the targeted networks or systems.

Assumption of Risk and Indemnification

By downloading, installing, or using these tools, the user assumes full responsibility for any legal repercussions associated with their usage. The developers and distributors of these tools shall not be held liable for any legal consequences, damages, or third-party claims arising from their use. Users agree to indemnify and hold harmless the developers and distributors against any claims, legal fees, or liabilities associated with their actions.

About

A curated list of awesome Penetration Testing Tools ported to Google Colab to make faster and easier to execute and test.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published