A curated list of awesome Penetration Testing and DevSecOps Tools ported to Google Colab to make faster and easier to try, execute and test.
Google Colab, “Colab” for short, is a product from Google Research. Colab allows anybody to write and execute arbitrary python code through the browser, and is especially well suited to machine learning, data analysis, education and now security. More technically, Colab is a hosted Jupyter notebook service that requires no setup to use, while providing free access to computing resources including GPUs. Colab allows you to write and execute Python, Bash and Linux tools in your browser, with:
- Zero configuration required
- Free access to GPUs
- Easy sharing
- Easily execute new Security Tools
Open the Google Colab link, copy the commands or use it with your own run-time (https://research.google.com/colaboratory/local-runtimes.html) and execute the tools against your own code or running environment with proper required authorizations.
⭐ Androbugs for Google Colab in order to quickly analyse Android apps security: https://colab.research.google.com/drive/1SwyRN-3tucTqJQ5o3_b0Dlu9RL3ebbif?usp=sharing
💥 Anubis subdomain enumeration tool ported to Google Colab: https://colab.research.google.com/drive/1sAQ6Gik_zMPVI2ACYyRmmYcx7q5l0JpS?usp=sharing
🔔 Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications: https://colab.research.google.com/drive/1s2obuKsT2x-Qic2e0f6dEW5NVCcWrn9q?usp=sharing
👾 Arjun can find and enumerate query parameters for URL endpoints. Very useful for testing APIs. Google Colab: https://colab.research.google.com/drive/1TWlKfIdx-rYh-KCEEpKSTsh1KMZbydWd?usp=sharing
🎆 domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time ported to Google Colab: https://colab.research.google.com/drive/1snH2GGHqm-X8NCG5rsBsRmdxPaUyvtax?usp=sharing
👉DrHEADer helps with the audit of security headers received in response to a single request or a list of requests. Google Colab: https://colab.research.google.com/github/brinhosa/awesome-pentest-tools-in-colab/blob/main/DrHeader.ipynb
👀 Insider is a Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Google Colab: https://colab.research.google.com/drive/1bxH1GOw4swsp_cwICe9CltO1ykGUXWY_?usp=sharing
🔥 JARM is an active Transport Layer Security (TLS) server fingerprinting tool ported to Google Colab: https://colab.research.google.com/drive/1kbF276z8Wlh81hqp_mvKqPYQNUrBAy4D?usp=sharing
🚀 OWASP Amass, the OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. Google Colab: https://colab.research.google.com/drive/1TsjsC7w1AF3IzOCeKLlo53Jphk26fWQC?usp=sharing
🕶️ OWASP Dependency-Check is a Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project's dependencies. Google Colab: https://colab.research.google.com/drive/1E1DhyXS51KhrwIBWJdioVV4_zf4CTm-3?usp=sharing
🐙 OWASP Nettacker is a project to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. Google Colab: https://colab.research.google.com/drive/12Dg93h575eG7UPW1zWNKDcT_G1-4Yh4Q?usp=sharing
👽 Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. Google Colab: https://colab.research.google.com/drive/1TxPQOpSsDsvHKQVghfZvnF6c52rigbWI?usp=sharing
👁️ Nmap is a free and open source utility for network discovery and security auditing. Running nmap with the "vuln" scripts argument against our applications and servers can help to identify vulnerabilities. Google Colab: https://colab.research.google.com/drive/1aKolpvz5WjWxHJjbS5cAOYpbbDBco_wn?usp=sharing
🦂 Semgrep is a fast, open-source, static analysis tool for finding bugs and enforcing code standards at editor, commit, and CI time. This will run 1,000+ community-driven rules covering security, correctness, and performance bugs. Google Colab: https://colab.research.google.com/drive/1vy9j10O4OGRl6Og3mI1g_57hRfo31Vu0?usp=sharing
🧹 Tsunami is a general purpose network security scanner from Google with an extensible plugin system for detecting high severity vulnerabilities with high confidence. Google Colab: https://colab.research.google.com/drive/1wj-DEF84cILBQSihRXd014wcMbQIPkSE?usp=sharing
📫 Send your comments and suggestions to: https://twitter.com/brinhosa
Author assume no liability and is not responsible for any misuse or damage caused by these programs. Copy the commands and execute using your own responsability in your own servers. This is distributed in the hope that it will be useful, for educational purposes, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. It is released under GPLv3 license.