aland/nixpkgs-odroid-hc4
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

uboot: (firmwareOdroidC2/C4) don't invoke patch tool, use patches = [] instead

Browse source 
https://github.com/NixOS/nixpkgs/blob/master/pkgs/stdenv/generic/setup.sh#L948
this can do it nicely.

Signed-off-by: Anton Arapov <anton@deadbeef.mx>
This commit is contained in:
Anton Arapov 2021-04-03 12:58:10 +02:00 committed by Alan Daniels
commit 56de2bcd43
30691 changed files with 3076956 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
pkgs/tools/security/2fa/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
version = "1.2.0";
pname = "2fa";
goPackagePath = "rsc.io/2fa";
src = fetchFromGitHub {
owner = "rsc";
repo = "2fa";
rev = "v${version}";
sha256 = "sha256-cB5iADZwvJQwwK1GockE2uicFlqFMEAY6xyeXF5lnUY=";
};
meta = with lib; {
homepage = "https://rsc.io/2fa";
description = "Two-factor authentication on the command line";
maintainers = with maintainers; [ rvolosatovs ];
license = licenses.bsd3;
};
}

84
pkgs/tools/security/acsccid/default.nix Normal file
View file

@ -0,0 +1,84 @@
{ lib
, stdenv
, fetchFromGitHub
, autoconf
, automake
, libtool
, gettext
, flex
, perl
, pkg-config
, pcsclite
, libusb1
, libiconv
}:
stdenv.mkDerivation rec {
version = "1.1.8";
pname = "acsccid";
src = fetchFromGitHub {
owner = "acshk";
repo = pname;
rev = "v${version}";
sha256 = "12aahrvsk21qgpjwcrr01s742ixs44nmjkvcvqyzhqb307x1rrn3";
};
nativeBuildInputs = [
pkg-config
autoconf
automake
libtool
gettext
flex
perl
];
buildInputs = [
pcsclite
libusb1
] ++ lib.optionals stdenv.isDarwin [
libiconv
];
configureFlags = [
"--enable-usbdropdir=${placeholder "out"}/pcsc/drivers"
];
doCheck = true;
postPatch = ''
sed -e s_/bin/echo_echo_g -i src/Makefile.am
patchShebangs src/convert_version.pl
patchShebangs src/create_Info_plist.pl
'';
preConfigure = ''
libtoolize --force
aclocal
autoheader
automake --force-missing --add-missing
autoconf
'';
meta = with lib; {
description = "A PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card readers";
longDescription = ''
acsccid is a PC/SC driver for Linux/Mac OS X and it supports ACS CCID smart card
readers. This library provides a PC/SC IFD handler implementation and
communicates with the readers through the PC/SC Lite resource manager (pcscd).
acsccid is based on ccid. See CCID free software driver for more
information:
https://ccid.apdu.fr/
It can be enabled in /etc/nixos/configuration.nix by adding:
services.pcscd.enable = true;
services.pcscd.plugins = [ pkgs.acsccid ];
'';
homepage = src.meta.homepage;
license = licenses.lgpl2Plus;
maintainers = with maintainers; [ ];
platforms = with platforms; unix;
};
}

33
pkgs/tools/security/adreaper/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ lib
, stdenv
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "adreaper";
version = "1.1";
src = fetchFromGitHub {
owner = "AidenPearce369";
repo = "ADReaper";
rev = "ADReaperv${version}";
sha256 = "sha256-+FCb5TV9MUcRyex2M4rn2RhcIsXQFbtm1T4r7MpcRQs=";
};
vendorSha256 = "sha256-lU39kj/uz0l7Rodsu6+UMv2o579eu1KUbutUNZni7bM=";
postInstall = lib.optionalString (!stdenv.isDarwin) ''
mv $out/bin/ADReaper $out/bin/$pname
'';
meta = with lib; {
description = "Enumeration tool for Windows Active Directories";
homepage = "https://github.com/AidenPearce369/ADReaper";
# Upstream doesn't have a license yet
# https://github.com/AidenPearce369/ADReaper/issues/2
license = with licenses; [ unfree ];
maintainers = with maintainers; [ fab ];
mainProgram = "ADReaper";
};
}

26
pkgs/tools/security/aesfix/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib
, stdenv
, fetchurl
}:
stdenv.mkDerivation rec {
pname = "aesfix";
version = "1.0.1";
src = fetchurl {
url = "https://citpsite.s3.amazonaws.com/memory-content/src/aesfix-${version}.tar.gz";
sha256 = "sha256-exd+h2yu5qrkjwEjEC8R32WUpzhIP5pH8sdv6BzARdQ=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp aesfix $out/bin
runHook postInstall
'';
meta = with lib; {
description = "Correct bit errors in an AES key schedules";
homepage = "https://citp.princeton.edu/our-work/memory/";
maintainers = with maintainers; [ fedx-sudo ];
};
}

30
pkgs/tools/security/aeskeyfind/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib
, stdenv
, fetchurl
}:
stdenv.mkDerivation rec {
pname = "aeskeyfind";
version = "1.0";
src = fetchurl {
url = "https://citpsite.s3.amazonaws.com/memory-content/src/aeskeyfind-${version}.tar.gz";
sha256 = "sha256-FBflwbYehruVJ9sfW+4ZlaDuqCR12zy8iA4Ev3Bgg+Q=";
};
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp aeskeyfind $out/bin
runHook postInstall
'';
meta = with lib; {
description = "Locates 128-bit and 256-bit AES keys in a captured memory image";
homepage = "https://citp.princeton.edu/our-work/memory/";
license = licenses.bsd3;
maintainers = with maintainers; [ fedx-sudo ];
};
}

29
pkgs/tools/security/aespipe/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, stdenv, fetchurl, sharutils, makeWrapper }:
stdenv.mkDerivation rec {
pname = "aespipe";
version = "2.4f";
src = fetchurl {
url = "mirror://sourceforge/loop-aes/aespipe/aespipe-v${version}.tar.bz2";
sha256 = "15pg9j27mjzl78mpzkdqd84kdafj0g6j72f8wgjrpp2qkxjy2ddi";
};
nativeBuildInputs = [ makeWrapper ];
configureFlags = [ "--enable-padlock" "--enable-intelaes" ];
postInstall = ''
cp bz2aespipe $out/bin
wrapProgram $out/bin/bz2aespipe \
--prefix PATH : $out/bin:${lib.makeBinPath [ sharutils ]}
'';
meta = with lib; {
description = "AES encrypting or decrypting pipe";
homepage = "http://loop-aes.sourceforge.net/aespipe.README";
license = licenses.gpl2;
maintainers = [ maintainers.goibhniu ];
platforms = platforms.unix;
};
}

19
pkgs/tools/security/afl/README.md Normal file
View file

@ -0,0 +1,19 @@
Updating the QEMU patches
=========================
When updating to the latest American Fuzzy Lop, make sure to check for
any new patches to qemu for binary fuzzing support:
https://github.com/google/AFL/tree/master/qemu_mode
Be sure to check the build script and make sure it's also using the
right QEMU version and options in `qemu.nix`:
https://github.com/google/AFL/blob/master/qemu_mode/build_qemu_support.sh
`afl-config.h`, `afl-types.h`, and `afl-qemu-cpu-inl.h` are part of
the afl source code, and copied from `config.h`, `types.h` and
`afl-qemu-cpu-inl.h` appropriately. These files and the QEMU patches
need to be slightly adjusted to fix their `#include`s (the patches
try to otherwise include files like `../../config.h` which causes the
build to fail).

82
pkgs/tools/security/afl/default.nix Normal file
View file

@ -0,0 +1,82 @@
{ lib, stdenv, fetchFromGitHub, callPackage, makeWrapper
, clang, llvm, which, libcgroup
}:
let
afl-qemu = callPackage ./qemu.nix { inherit afl; };
qemu-exe-name = if stdenv.hostPlatform.system == "x86_64-linux" then "qemu-x86_64"
else if stdenv.hostPlatform.system == "i686-linux" then "qemu-i386"
else throw "afl: no support for ${stdenv.hostPlatform.system}!";
afl = stdenv.mkDerivation rec {
pname = "afl";
version = "2.57b";
src = fetchFromGitHub {
owner = "google";
repo = pname;
rev = "v${version}";
sha256 = "0fqj3g6ds1f21kxz7m9mc1fspi9r4jg9jcmi60inwxijrc5ncvr6";
};
enableParallelBuilding = true;
# Note: libcgroup isn't needed for building, just for the afl-cgroup
# script.
nativeBuildInputs = [ makeWrapper which llvm.dev ];
buildInputs = [ llvm ];
makeFlags = [ "PREFIX=$(out)" ];
postBuild = ''
make -C llvm_mode $makeFlags -j$NIX_BUILD_CORES
'';
postInstall = ''
# Install the custom QEMU emulator for binary blob fuzzing.
cp ${afl-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
# Install the cgroups wrapper for asan-based fuzzing.
cp experimental/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
chmod +x $out/bin/afl-cgroup
substituteInPlace $out/bin/afl-cgroup \
--replace "cgcreate" "${libcgroup}/bin/cgcreate" \
--replace "cgexec" "${libcgroup}/bin/cgexec" \
--replace "cgdelete" "${libcgroup}/bin/cgdelete"
# Patch shebangs before wrapping
patchShebangs $out/bin
# Wrap afl-clang-fast(++) with a *different* AFL_PATH, because it
# has totally different semantics in that case(?) - and also set a
# proper AFL_CC and AFL_CXX so we don't pick up the wrong one out
# of $PATH.
# first though we need to replace the afl-clang-fast++ symlink with
# a real copy to prevent wrapProgram skipping the symlink and confusing
# nix's cc wrapper
rm $out/bin/afl-clang-fast++
cp $out/bin/afl-clang-fast $out/bin/afl-clang-fast++
for x in $out/bin/afl-clang-fast $out/bin/afl-clang-fast++; do
wrapProgram $x \
--prefix AFL_PATH : "$out/lib/afl" \
--run 'export AFL_CC=''${AFL_CC:-${clang}/bin/clang} AFL_CXX=''${AFL_CXX:-${clang}/bin/clang++}'
done
'';
passthru.qemu = afl-qemu;
meta = {
description = "Powerful fuzzer via genetic algorithms and instrumentation";
longDescription = ''
American fuzzy lop is a fuzzer that employs a novel type of
compile-time instrumentation and genetic algorithms to
automatically discover clean, interesting test cases that
trigger new internal states in the targeted binary. This
substantially improves the functional coverage for the fuzzed
code. The compact synthesized corpora produced by the tool are
also useful for seeding other, more labor or resource-intensive
testing regimes down the road.
'';
homepage = "https://lcamtuf.coredump.cx/afl/";
license = lib.licenses.asl20;
platforms = ["x86_64-linux" "i686-linux"];
maintainers = with lib.maintainers; [ thoughtpolice ris ];
};
};
in afl

34
pkgs/tools/security/afl/libdislocator.nix Normal file
View file

@ -0,0 +1,34 @@
{ lib, stdenv, afl}:
stdenv.mkDerivation {
version = lib.getVersion afl;
pname = "libdislocator";
src = afl.src;
sourceRoot = "${afl.src.name}/libdislocator";
makeFlags = [ "PREFIX=$(out)" ];
preInstall = ''
mkdir -p $out/lib/afl
'';
postInstall = ''
mkdir $out/bin
cat > $out/bin/get-libdislocator-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libdislocator.so
END
chmod +x $out/bin/get-libdislocator-so
'';
meta = with lib; {
homepage = "https://lcamtuf.coredump.cx/afl/";
description = ''
Drop-in replacement for the libc allocator which improves
the odds of bumping into heap-related security bugs in
several ways.
'';
license = lib.licenses.asl20;
maintainers = with maintainers; [ ris ];
};
}

13
pkgs/tools/security/afl/qemu-patches/no-etc-install.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/Makefile b/Makefile
index d6b9dc1..ce7c493 100644
--- a/Makefile
+++ b/Makefile
@@ -601,7 +601,7 @@ install-localstatedir:
endif
-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir
+install: all $(if $(BUILD_DOCS),install-doc) install-datadir
ifneq ($(TOOLS),)
$(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
endif

51
pkgs/tools/security/afl/qemu-patches/syscall-glibc2_30.diff Normal file
View file

@ -0,0 +1,51 @@
--- qemu-2.10.0-clean/linux-user/syscall.c 2020-03-12 18:47:47.898592169 +0100
+++ qemu-2.10.0/linux-user/syscall.c 2020-03-13 09:13:42.461809699 +0100
@@ -34,6 +34,7 @@
#include <sys/resource.h>
#include <sys/swap.h>
#include <linux/capability.h>
+#include <linux/sockios.h> // https://lkml.org/lkml/2019/6/3/988
#include <sched.h>
#include <sys/timex.h>
#ifdef __ia64__
@@ -256,7 +257,9 @@ static type name (type1 arg1,type2 arg2,
#endif
#ifdef __NR_gettid
-_syscall0(int, gettid)
+// taken from https://patchwork.kernel.org/patch/10862231/
+#define __NR_sys_gettid __NR_gettid
+_syscall0(int, sys_gettid)
#else
/* This is a replacement for the host gettid() and must return a host
errno. */
@@ -6219,7 +6222,7 @@ static void *clone_func(void *arg)
cpu = ENV_GET_CPU(env);
thread_cpu = cpu;
ts = (TaskState *)cpu->opaque;
- info->tid = gettid();
+ info->tid = sys_gettid();
task_settid(ts);
if (info->child_tidptr)
put_user_u32(info->tid, info->child_tidptr);
@@ -6363,9 +6366,9 @@ static int do_fork(CPUArchState *env, un
mapping. We can't repeat the spinlock hack used above because
the child process gets its own copy of the lock. */
if (flags & CLONE_CHILD_SETTID)
- put_user_u32(gettid(), child_tidptr);
+ put_user_u32(sys_gettid(), child_tidptr);
if (flags & CLONE_PARENT_SETTID)
- put_user_u32(gettid(), parent_tidptr);
+ put_user_u32(sys_gettid(), parent_tidptr);
ts = (TaskState *)cpu->opaque;
if (flags & CLONE_SETTLS)
cpu_set_tls (env, newtls);
@@ -11402,7 +11405,7 @@ abi_long do_syscall(void *cpu_env, int n
break;
#endif
case TARGET_NR_gettid:
- ret = get_errno(gettid());
+ ret = get_errno(sys_gettid());
break;
#ifdef TARGET_NR_readahead
case TARGET_NR_readahead:

79
pkgs/tools/security/afl/qemu.nix Normal file
View file

@ -0,0 +1,79 @@
{ lib, stdenv, fetchurl, afl, python2, zlib, pkg-config, glib, perl
, texinfo, libuuid, flex, bison, pixman, autoconf
}:
with lib;
let
cpuTarget = if stdenv.hostPlatform.system == "x86_64-linux" then "x86_64-linux-user"
else if stdenv.hostPlatform.system == "i686-linux" then "i386-linux-user"
else throw "afl: no support for ${stdenv.hostPlatform.system}!";
in
stdenv.mkDerivation rec {
pname = "afl-qemu";
version = "2.10.0";
srcs = [
(fetchurl {
url = "http://wiki.qemu.org/download/qemu-${version}.tar.bz2";
sha256 = "0j3dfxzrzdp1w21k21fjvmakzc6lcha1rsclaicwqvbf63hkk7vy";
})
afl.src
];
sourceRoot = "qemu-${version}";
postUnpack = ''
cp ${afl.src.name}/types.h $sourceRoot/afl-types.h
substitute ${afl.src.name}/config.h $sourceRoot/afl-config.h \
--replace "types.h" "afl-types.h"
substitute ${afl.src.name}/qemu_mode/patches/afl-qemu-cpu-inl.h $sourceRoot/afl-qemu-cpu-inl.h \
--replace "../../config.h" "afl-config.h"
substituteInPlace ${afl.src.name}/qemu_mode/patches/cpu-exec.diff \
--replace "../patches/afl-qemu-cpu-inl.h" "afl-qemu-cpu-inl.h"
'';
nativeBuildInputs = [
python2 perl pkg-config flex bison autoconf texinfo
];
buildInputs = [
zlib glib pixman libuuid
];
enableParallelBuilding = true;
patches = [
# patches extracted from afl source
"../${afl.src.name}/qemu_mode/patches/cpu-exec.diff"
"../${afl.src.name}/qemu_mode/patches/elfload.diff"
"../${afl.src.name}/qemu_mode/patches/syscall.diff"
"../${afl.src.name}/qemu_mode/patches/configure.diff"
"../${afl.src.name}/qemu_mode/patches/memfd.diff"
# nix-specific patches to make installation more well-behaved
./qemu-patches/no-etc-install.patch
# patch for fixing qemu build on glibc >= 2.30
./qemu-patches/syscall-glibc2_30.diff
];
configureFlags =
[ "--disable-system"
"--enable-linux-user"
"--disable-gtk"
"--disable-sdl"
"--disable-vnc"
"--disable-kvm"
"--target-list=${cpuTarget}"
"--enable-pie"
"--sysconfdir=/etc"
"--localstatedir=/var"
];
meta = with lib; {
homepage = "http://www.qemu.org/";
description = "Fork of QEMU with AFL instrumentation support";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ thoughtpolice ];
platforms = platforms.linux;
};
}

136
pkgs/tools/security/aflplusplus/default.nix Normal file
View file

@ -0,0 +1,136 @@
{ lib, stdenv, stdenvNoCC, fetchFromGitHub, callPackage, makeWrapper
, clang, llvm, gcc, which, libcgroup, python, perl, gmp
, file, wine ? null, fetchpatch
}:
# wine fuzzing is only known to work for win32 binaries, and using a mixture of
# 32 and 64-bit libraries ... complicates things, so it's recommended to build
# a full 32bit version of this package if you want to do wine fuzzing
assert (wine != null) -> (stdenv.targetPlatform.system == "i686-linux");
let
aflplusplus-qemu = callPackage ./qemu.nix { inherit aflplusplus; };
qemu-exe-name = if stdenv.targetPlatform.system == "x86_64-linux" then "qemu-x86_64"
else if stdenv.targetPlatform.system == "i686-linux" then "qemu-i386"
else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!";
libdislocator = callPackage ./libdislocator.nix { inherit aflplusplus; };
libtokencap = callPackage ./libtokencap.nix { inherit aflplusplus; };
aflplusplus = stdenvNoCC.mkDerivation rec {
pname = "aflplusplus";
version = "2.65c";
src = fetchFromGitHub {
owner = "AFLplusplus";
repo = "AFLplusplus";
rev = version;
sha256 = "1np2a3kypb2m8nyv6qnij18yzn41pl8619jzydci40br4vxial9l";
};
enableParallelBuilding = true;
# Note: libcgroup isn't needed for building, just for the afl-cgroup
# script.
nativeBuildInputs = [ makeWrapper which clang gcc ];
buildInputs = [ llvm python gmp ]
++ lib.optional (wine != null) python.pkgs.wrapPython;
postPatch = ''
# Replace the CLANG_BIN variables with the correct path
substituteInPlace llvm_mode/afl-clang-fast.c \
--replace "CLANGPP_BIN" '"${clang}/bin/clang++"' \
--replace "CLANG_BIN" '"${clang}/bin/clang"' \
--replace 'getenv("AFL_PATH")' "(getenv(\"AFL_PATH\") ? getenv(\"AFL_PATH\") : \"$out/lib/afl\")"
# Replace "gcc" and friends with full paths in afl-gcc
# Prevents afl-gcc picking up any (possibly incorrect) gcc from the path
substituteInPlace src/afl-gcc.c \
--replace '"gcc"' '"${gcc}/bin/gcc"' \
--replace '"g++"' '"${gcc}/bin/g++"' \
--replace '"gcj"' '"gcj-UNSUPPORTED"' \
--replace '"clang"' '"clang-UNSUPPORTED"' \
--replace '"clang++"' '"clang++-UNSUPPORTED"'
'';
makeFlags = [ "PREFIX=$(out)" ];
buildPhase = ''
common="$makeFlags -j$NIX_BUILD_CORES"
make all $common
make radamsa $common
make -C gcc_plugin CC=${gcc}/bin/gcc CXX=${gcc}/bin/g++ $common
make -C llvm_mode $common
make -C qemu_mode/libcompcov $common
make -C qemu_mode/unsigaction $common
'';
postInstall = ''
# remove afl-clang(++) which are just symlinks to afl-clang-fast
rm $out/bin/afl-clang $out/bin/afl-clang++
# the makefile neglects to install unsigaction
cp qemu_mode/unsigaction/unsigaction*.so $out/lib/afl/
# Install the custom QEMU emulator for binary blob fuzzing.
cp ${aflplusplus-qemu}/bin/${qemu-exe-name} $out/bin/afl-qemu-trace
# give user a convenient way of accessing libcompconv.so, libdislocator.so, libtokencap.so
cat > $out/bin/get-afl-qemu-libcompcov-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libcompcov.so
END
chmod +x $out/bin/get-afl-qemu-libcompcov-so
cp ${libdislocator}/bin/get-libdislocator-so $out/bin/
cp ${libtokencap}/bin/get-libtokencap-so $out/bin/
# Install the cgroups wrapper for asan-based fuzzing.
cp examples/asan_cgroups/limit_memory.sh $out/bin/afl-cgroup
chmod +x $out/bin/afl-cgroup
substituteInPlace $out/bin/afl-cgroup \
--replace "cgcreate" "${libcgroup}/bin/cgcreate" \
--replace "cgexec" "${libcgroup}/bin/cgexec" \
--replace "cgdelete" "${libcgroup}/bin/cgdelete"
patchShebangs $out/bin
'' + lib.optionalString (wine != null) ''
substitute afl-wine-trace $out/bin/afl-wine-trace \
--replace "qemu_mode/unsigaction" "$out/lib/afl"
chmod +x $out/bin/afl-wine-trace
# qemu needs to be fed ELFs, not wrapper scripts, so we have to cheat a bit if we
# detect a wrapped wine
for winePath in ${wine}/bin/.wine ${wine}/bin/wine; do
if [ -x $winePath ]; then break; fi
done
makeWrapperArgs="--set-default 'AFL_WINE_PATH' '$winePath'" \
wrapPythonProgramsIn $out/bin ${python.pkgs.pefile}
'';
installCheckInputs = [ perl file ];
doInstallCheck = true;
installCheckPhase = ''
# replace references to tools in build directory with references to installed locations
substituteInPlace test/test.sh \
--replace '../libcompcov.so' '`$out/bin/get-afl-qemu-libcompcov-so`' \
--replace '../libdislocator.so' '`$out/bin/get-libdislocator-so`' \
--replace '../libtokencap.so' '`$out/bin/get-libtokencap-so`'
perl -pi -e 's|(?<!\.)(?<!-I)(\.\./)([^\s\/]+?)(?<!\.c)(?<!\.s?o)(?=\s)|\$out/bin/\2|g' test/test.sh
cd test && ./test.sh
'';
passthru = {
inherit libdislocator libtokencap;
qemu = aflplusplus-qemu;
};
meta = {
description = ''
A heavily enhanced version of AFL, incorporating many features
and improvements from the community
'';
homepage = "https://aflplus.plus";
license = lib.licenses.asl20;
platforms = ["x86_64-linux" "i686-linux"];
maintainers = with lib.maintainers; [ ris mindavi ];
};
};
in aflplusplus

37
pkgs/tools/security/aflplusplus/libdislocator.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib, stdenv, aflplusplus}:
stdenv.mkDerivation {
version = lib.getVersion aflplusplus;
pname = "libdislocator";
src = aflplusplus.src;
postUnpack = "chmod -R +w ${aflplusplus.src.name}";
sourceRoot = "${aflplusplus.src.name}/libdislocator";
makeFlags = [ "PREFIX=$(out)" ];
preInstall = ''
mkdir -p $out/lib/afl
# issue is fixed upstream: https://github.com/AFLplusplus/AFLplusplus/commit/2a60ceb6944a7ca273057ddf64dcf837bf7f9521
sed -i 's/README\.dislocator\.md/README\.md/g' Makefile
'';
postInstall = ''
mkdir $out/bin
cat > $out/bin/get-libdislocator-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libdislocator.so
END
chmod +x $out/bin/get-libdislocator-so
'';
meta = with lib; {
homepage = "https://github.com/vanhauser-thc/AFLplusplus";
description = ''
Drop-in replacement for the libc allocator which improves
the odds of bumping into heap-related security bugs in
several ways.
'';
license = lib.licenses.asl20;
maintainers = with maintainers; [ ris ];
};
}

32
pkgs/tools/security/aflplusplus/libtokencap.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib, stdenv, aflplusplus}:
stdenv.mkDerivation {
version = lib.getVersion aflplusplus;
pname = "libtokencap";
src = aflplusplus.src;
postUnpack = "chmod -R +w ${aflplusplus.src.name}";
sourceRoot = "${aflplusplus.src.name}/libtokencap";
makeFlags = [ "PREFIX=$(out)" ];
preInstall = ''
mkdir -p $out/lib/afl
mkdir -p $out/share/doc/afl
'';
postInstall = ''
mkdir $out/bin
cat > $out/bin/get-libtokencap-so <<END
#!${stdenv.shell}
echo $out/lib/afl/libtokencap.so
END
chmod +x $out/bin/get-libtokencap-so
'';
meta = with lib; {
homepage = "https://github.com/vanhauser-thc/AFLplusplus";
description = "strcmp & memcmp token capture library";
license = lib.licenses.asl20;
maintainers = with maintainers; [ ris ];
};
}

13
pkgs/tools/security/aflplusplus/qemu-no-etc-install.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/Makefile b/Makefile
index d6b9dc1..ce7c493 100644
--- a/Makefile
+++ b/Makefile
@@ -601,7 +601,7 @@ install-localstatedir:
endif
-install: all $(if $(BUILD_DOCS),install-doc) install-datadir install-localstatedir
+install: all $(if $(BUILD_DOCS),install-doc) install-datadir
ifneq ($(TOOLS),)
$(call install-prog,$(subst qemu-ga,qemu-ga$(EXESUF),$(TOOLS)),$(DESTDIR)$(bindir))
endif

83
pkgs/tools/security/aflplusplus/qemu.nix Normal file
View file

@ -0,0 +1,83 @@
{ lib, stdenv, fetchurl, aflplusplus, python3, zlib, pkg-config, glib, perl
, texinfo, libuuid, flex, bison, pixman, autoconf
}:
with lib;
let
qemuName = "qemu-3.1.0";
cpuTarget = if stdenv.targetPlatform.system == "x86_64-linux" then "x86_64-linux-user"
else if stdenv.targetPlatform.system == "i686-linux" then "i386-linux-user"
else throw "aflplusplus: no support for ${stdenv.targetPlatform.system}!";
in
stdenv.mkDerivation {
name = "aflplusplus-${qemuName}";
srcs = [
(fetchurl {
url = "http://wiki.qemu.org/download/${qemuName}.tar.bz2";
sha256 = "08frr1fdjx8qcfh3fafn10kibdwbvkqqvfl7hpqbm7i9dg4f1zlq";
})
aflplusplus.src
];
sourceRoot = qemuName;
postUnpack = ''
chmod -R +w ${aflplusplus.src.name}
for f in ${aflplusplus.src.name}/qemu_mode/patches/* ; do
sed -E -i 's|(\.\./)+patches/([a-z-]+\.h)|\2|g' $f
sed -E -i 's|\.\./\.\./config\.h|afl-config.h|g' $f
sed -E -i 's|\.\./\.\./include/cmplog\.h|afl-cmplog.h|g' $f
done
cp ${aflplusplus.src.name}/qemu_mode/patches/*.h $sourceRoot/
cp ${aflplusplus.src.name}/types.h $sourceRoot/afl-types.h
substitute ${aflplusplus.src.name}/config.h $sourceRoot/afl-config.h \
--replace "types.h" "afl-types.h"
substitute ${aflplusplus.src.name}/include/cmplog.h $sourceRoot/afl-cmplog.h \
--replace "config.h" "afl-config.h" \
--replace "forkserver.h" "afl-forkserver.h"
substitute ${aflplusplus.src.name}/include/forkserver.h $sourceRoot/afl-forkserver.h \
--replace "types.h" "afl-types.h"
cat ${aflplusplus.src.name}/qemu_mode/patches/*.diff > all.patch
'';
nativeBuildInputs = [
python3 perl pkg-config flex bison autoconf texinfo
];
buildInputs = [
zlib glib pixman libuuid
];
enableParallelBuilding = true;
patches = [
# patches extracted from aflplusplus source
"../all.patch"
# nix-specific patches to make installation more well-behaved
./qemu-no-etc-install.patch
];
configureFlags =
[ "--disable-system"
"--enable-linux-user"
"--disable-gtk"
"--disable-sdl"
"--disable-vnc"
"--disable-kvm"
"--target-list=${cpuTarget}"
"--enable-pie"
"--sysconfdir=/etc"
"--localstatedir=/var"
];
meta = with lib; {
homepage = "https://www.qemu.org/";
description = "Fork of QEMU with AFL++ instrumentation support";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ ris ];
platforms = platforms.linux;
};
}

40
pkgs/tools/security/age-plugin-yubikey/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ lib
, stdenv
, rustPlatform
, fetchFromGitHub
, pkg-config
, pcsclite
, PCSC
, Foundation
}:
rustPlatform.buildRustPackage rec {
pname = "age-plugin-yubikey";
version = "0.3.0";
src = fetchFromGitHub {
owner = "str4d";
repo = pname;
rev = "v${version}";
sha256 = "sha256-KXqicTZ9GZlNj1AH3tMmOrC8zjXoEnqo4JJJTBdiI4E=";
};
cargoSha256 = "sha256-m/v4E7KHyLIWZHX0TKpqwBVDDwLjhYpOjYMrKEtx6/4=";
nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ];
buildInputs =
if stdenv.isDarwin then [
Foundation
PCSC
] else [
pcsclite
];
meta = with lib; {
description = "YubiKey plugin for age clients";
homepage = "https://github.com/str4d/age-plugin-yubikey";
license = with licenses; [ asl20 mit ];
maintainers = with maintainers; [ vtuan10 ];
};
}

41
pkgs/tools/security/age/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
buildGoModule rec {
pname = "age";
version = "1.0.0";
vendorSha256 = "sha256-Hdsd+epcLFLkeHzJ2CUu4ss1qOd0+lTjhfs9MhI5Weg=";
src = fetchFromGitHub {
owner = "FiloSottile";
repo = "age";
rev = "v${version}";
sha256 = "sha256-MfyW8Yv8swKqA7Hl45l5Zn4wZrQmE661eHsKIywy36U=";
};
ldflags = [
"-s" "-w" "-X main.Version=${version}"
];
nativeBuildInputs = [ installShellFiles ];
preInstall = ''
installManPage doc/*.1
'';
doInstallCheck = true;
installCheckPhase = ''
if [[ "$("$out/bin/${pname}" --version)" == "${version}" ]]; then
echo '${pname} smoke check passed'
else
echo '${pname} smoke check failed'
return 1
fi
'';
meta = with lib; {
homepage = "https://age-encryption.org/";
description = "Modern encryption tool with small explicit keys";
license = licenses.bsd3;
maintainers = with maintainers; [ tazjin ];
};
}

27
pkgs/tools/security/agebox/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "agebox";
version = "0.6.1";
src = fetchFromGitHub {
owner = "slok";
repo = pname;
rev = "v${version}";
sha256 = "1gi6lj3dpckhsx6hdpdnr8rclqgfkbdmkzx966nlxyi52bjfzbsv";
};
vendorSha256 = "1jwzx6hp04y8hfpwfvf9zmhqjj3ghvr3gmgnllpcff1lai78vdrw";
ldflags = [
"-s" "-w"
"-X main.Version=${version}"
];
meta = with lib; {
homepage = "https://github.com/slok/agebox";
changelog = "https://github.com/slok/agebox/releases/tag/v${version}";
description = "Age based repository file encryption gitops tool";
license = licenses.asl20;
maintainers = with maintainers; [ lesuisse ];
};
}

28
pkgs/tools/security/aide/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ lib, stdenv, fetchurl, flex, bison, libmhash, zlib, acl, attr, libselinux, pcre }:
stdenv.mkDerivation rec {
pname = "aide";
version = "0.17.4";
src = fetchurl {
url = "https://github.com/aide/aide/releases/download/v${version}/${pname}-${version}.tar.gz";
sha256 = "sha256-yBUFJG8//C52A21Dp3ISroKJW1iB2bniXBNhsam3qEY=";
};
buildInputs = [ flex bison libmhash zlib acl attr libselinux pcre ];
configureFlags = [
"--with-posix-acl"
"--with-selinux"
"--with-xattr"
];
meta = with lib; {
homepage = "https://aide.github.io/";
description = "A file and directory integrity checker";
license = licenses.gpl2Plus;
maintainers = [ maintainers.tstrobel ];
platforms = platforms.linux;
};
}

45
pkgs/tools/security/aiodnsbrute/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib
, buildPythonApplication
, fetchFromGitHub
, aiodns
, click
, tqdm
, uvloop
}:
buildPythonApplication rec {
pname = "aiodnsbrute";
version = "0.3.3";
src = fetchFromGitHub {
owner = "blark";
repo = pname;
rev = "v${version}";
sha256 = "sha256-cEpk71VoQJZfKeAZummkk7yjtXKSMndgo0VleYiMlWE=";
};
# https://github.com/blark/aiodnsbrute/pull/8
prePatch = ''
substituteInPlace setup.py --replace " 'asyncio', " ""
'';
propagatedBuildInputs = [
aiodns
click
tqdm
uvloop
];
# no tests present
doCheck = false;
pythonImportsCheck = [ "aiodnsbrute.cli" ];
meta = with lib; {
description = "DNS brute force utility";
homepage = "https://github.com/blark/aiodnsbrute";
# https://github.com/blark/aiodnsbrute/issues/5
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
};
}

26
pkgs/tools/security/amber/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, stdenv, rustPlatform, fetchFromGitHub, Security }:
rustPlatform.buildRustPackage rec {
# Renaming it to amber-secret because another package named amber exists
pname = "amber-secret";
version = "0.1.3";
src = fetchFromGitHub {
owner = "fpco";
repo = "amber";
rev = "v${version}";
sha256 = "sha256-kPDNTwsfI+8nOgsLv2aONrLGSRZhw5YzNntJ2tbE0oI=";
};
cargoSha256 = "sha256-fTdTgbeOQXEpLHq9tHiPLkttvaxS/WJ86h3jRdrfbJM=";
buildInputs = lib.optionals stdenv.isDarwin [ Security ];
meta = with lib; {
description = "Manage secret values in-repo via public key cryptography";
homepage = "https://github.com/fpco/amber";
license = licenses.mit;
maintainers = with maintainers; [ psibi ];
mainProgram = "amber";
};
}

67
pkgs/tools/security/apg/default.nix Normal file
View file

@ -0,0 +1,67 @@
{ lib, stdenv, fetchFromGitHub, openssl, autoreconfHook }:
stdenv.mkDerivation rec {
pname = "apg";
version = "unstable-2015-01-29";
src = fetchFromGitHub {
owner = "wilx";
repo = "apg";
rev = "7ecdbac79156c8864fa3ff8d61e9f1eb264e56c2";
sha256 = "sha256-+7TrJACdm/i/pc0dsp8edEIOjx8cip+x0Qc2gONajSE=";
};
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ openssl ];
meta = {
description = "Tools for random password generation";
longDescription = ''
APG (Automated Password Generator) is the tool set for random
password generation.
Standalone version
Generates some random words of required type and prints them
to standard output.
Network version
APG server: When client's request is arrived generates some
random words of predefined type and send them to client over
the network (according to RFC0972).
APG client: Sends the password generation request to the APG
server, wait for generated Passwords arrival and then prints
them to the standard output.
Advantages
* Built-in ANSI X9.17 RNG (Random Number Generator) (CAST/SHA1)
* Built-in password quality checking system (it has support for
Bloom filter for faster access)
* Two Password Generation Algorithms:
1. Pronounceable Password Generation Algorithm (according to
NIST FIPS 181)
2. Random Character Password Generation Algorithm with 35
configurable modes of operation
* Configurable password length parameters
* Configurable amount of generated passwords
* Ability to initialize RNG with user string
* Support for /dev/random
* Ability to crypt() generated passwords and print them as
additional output
* Special parameters to use APG in script
* Ability to log password generation requests for network version
* Ability to control APG service access using tcpd
* Ability to use password generation service from any type of box
(Mac, WinXX, etc.) that connected to network
* Ability to enforce remote users to use only allowed type of
password generation
'';
homepage = "https://github.com/wilx/apg";
license = lib.licenses.bsd3;
maintainers = with lib.maintainers; [ astsmtl ];
platforms = lib.platforms.unix;
};
}

37
pkgs/tools/security/apkleaks/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib
, fetchFromGitHub
, jadx
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "apkleaks";
version = "2.6.1";
disabled = python3.pythonOlder "3.6";
src = fetchFromGitHub {
owner = "dwisiswant0";
repo = pname;
rev = "v${version}";
sha256 = "0ysciv643p8gkqw2wp7zy4n07hihdcyil8d20lj86cpgga71rd64";
};
propagatedBuildInputs = with python3.pkgs; [
jadx
pyaxmlparser
setuptools
];
# Project has no tests
doCheck = false;
pythonImportsCheck = [ "apkleaks" ];
meta = with lib; {
description = "Scanning APK file for URIs, endpoints and secrets";
homepage = "https://github.com/dwisiswant0/apkleaks";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}

40
pkgs/tools/security/arsenal/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "arsenal";
version = "1.1.0";
format = "setuptools";
src = fetchFromGitHub {
owner = "Orange-Cyberdefense";
repo = "arsenal";
rev = version;
sha256 = "sha256-NbNXyR5aNKvRJU9JWGk/ndwU1bhNgDOdcRqBkAY9nPA=";
};
propagatedBuildInputs = with python3.pkgs; [
libtmux
docutils
pyfzf
pyperclip
pyyaml
];
# Project has no tests
doCheck = false;
pythonImportsCheck = [
"arsenal"
];
meta = with lib; {
description = "Tool to generate commands for security and network tools";
homepage = "https://github.com/Orange-Cyberdefense/arsenal";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
mainProgram = "arsenal";
};
}

45
pkgs/tools/security/asc-key-to-qr-code-gif/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib, stdenv, fetchFromGitHub, imagemagick, qrencode
, testQR ? false, zbar ? null
}:
assert testQR -> zbar != false;
stdenv.mkDerivation {
pname = "asc-key-to-qr-code-gif";
version = "20180613";
src = fetchFromGitHub {
owner = "yishilin14";
repo = "asc-key-to-qr-code-gif";
rev = "5b7b239a0089a5269444cbe8a651c99dd43dce3f";
sha256 = "0yrc302a2fhbzryb10718ky4fymfcps3lk67ivis1qab5kbp6z8r";
};
dontBuild = true;
dontStrip = true;
dontPatchELF = true;
preInstall = let
substitutions = [
''--replace "convert" "${imagemagick}/bin/convert"''
''--replace "qrencode" "${qrencode.bin}/bin/qrencode"''
] ++ lib.optional testQR [
''--replace "hash zbarimg" "true"'' # hash does not work on NixOS
''--replace "$(zbarimg --raw" "$(${zbar.out}/bin/zbarimg --raw"''
];
in ''
substituteInPlace asc-to-gif.sh ${lib.concatStringsSep " " substitutions}
'';
installPhase = ''
mkdir -p $out/bin
cp * $out/bin/
'';
meta = with lib; {
homepage = "https://github.com/yishilin14/asc-key-to-qr-code-gif";
description = "Convert ASCII-armored PGP keys to animated QR code";
platforms = platforms.unix;
maintainers = with maintainers; [ asymmetric ];
};
}

50
pkgs/tools/security/authoscope/default.nix Normal file
View file

@ -0,0 +1,50 @@
{ lib
, stdenv
, fetchFromGitHub
, installShellFiles
, libcap
, openssl
, pkg-config
, rustPlatform
, Security
, zlib
}:
rustPlatform.buildRustPackage rec {
pname = "authoscope";
version = "0.8.1";
src = fetchFromGitHub {
owner = "kpcyrd";
repo = pname;
rev = "v${version}";
sha256 = "sha256-SKgb/N249s0+Rb59moBT/MeFb4zAAElCMQJto0diyUk=";
};
cargoSha256 = "sha256-rSHuKy86iJNLAKSVcb7fn7A/cc75EOc97jGI14EaC6k=";
nativeBuildInputs = [
installShellFiles
pkg-config
];
buildInputs = [
libcap
zlib
openssl
] ++ lib.optional stdenv.isDarwin Security;
postInstall = ''
installManPage docs/${pname}.1
'';
# Tests requires access to httpin.org
doCheck = false;
meta = with lib; {
description = "Scriptable network authentication cracker";
homepage = "https://github.com/kpcyrd/authoscope";
license = with licenses; [ gpl3Plus ];
maintainers = with maintainers; [ fab ];
};
}

25
pkgs/tools/security/authz0/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "authz0";
version = "1.1.1";
src = fetchFromGitHub {
owner = "hahwul";
repo = pname;
rev = "v${version}";
hash = "sha256-8WtvUeHP7fJ1/G+UB1QLCSSNx7XA+vREcwJxoMeQsgM=";
};
vendorSha256 = "sha256-EQhvHu/LXZtVQ+MzjB96K0MUM4THiRDe1FkAATfGhdw=";
meta = with lib; {
description = "Automated authorization test tool";
homepage = "https://github.com/hahwul/authz0";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
}

28
pkgs/tools/security/aws-iam-authenticator/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "aws-iam-authenticator";
version = "0.5.7";
src = fetchFromGitHub {
owner = "kubernetes-sigs";
repo = pname;
rev = "v${version}";
sha256 = "sha256-nFHshmGZZMzssF2INdEqpvARkFjBpd7qNV9tabySABU=";
};
# Upstream has inconsistent vendoring, see https://github.com/kubernetes-sigs/aws-iam-authenticator/issues/377
deleteVendor = true;
vendorSha256 = null;
ldflags = [ "-s" "-w" "-X main.version=v${version}" ];
subPackages = [ "cmd/aws-iam-authenticator" ];
meta = with lib; {
homepage = "https://github.com/kubernetes-sigs/aws-iam-authenticator";
description = "AWS IAM credentials for Kubernetes authentication";
license = licenses.asl20;
maintainers = [ maintainers.srhb ];
};
}

31
pkgs/tools/security/b2sum/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib, stdenv, fetchFromGitHub, openmp ? null }:
with lib;
stdenv.mkDerivation {
pname = "b2sum";
version = "unstable-2018-06-11";
src = fetchFromGitHub {
owner = "BLAKE2";
repo = "BLAKE2";
rev = "320c325437539ae91091ce62efec1913cd8093c2";
sha256 = "E60M9oP/Sdfg/L3ZxUcDtUXhFz9oP72IybdtVUJh9Sk=";
};
sourceRoot = "source/b2sum";
buildInputs = [ openmp ];
buildFlags = [ (optional (openmp == null) "NO_OPENMP=1") ];
installFlags = [ "PREFIX=$(out)" ];
meta = {
description = "The b2sum utility is similar to the md5sum or shasum utilities but for BLAKE2";
homepage = "https://blake2.net";
license = with licenses; [ asl20 cc0 openssl ];
maintainers = with maintainers; [ kirelagin ];
# "This code requires at least SSE2."
platforms = with platforms; [ "x86_64-linux" "i686-linux" ] ++ darwin;
};
}

20
pkgs/tools/security/b3sum/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ lib, fetchCrate, rustPlatform }:
rustPlatform.buildRustPackage rec {
pname = "b3sum";
version = "1.3.1";
src = fetchCrate {
inherit version pname;
sha256 = "sha256-Vb4W1TfHppKm2Ib2VHm+917A09JY1oNebymzcQpPm8Q=";
};
cargoSha256 = "sha256-cpY69NsbsHgQITdElsNjrhjaih9rgOVpFEv4Pfp9OPw=";
meta = {
description = "BLAKE3 cryptographic hash function";
homepage = "https://github.com/BLAKE3-team/BLAKE3/";
maintainers = with lib.maintainers; [ fpletz ivan ];
license = with lib.licenses; [ cc0 asl20 ];
};
}

32
pkgs/tools/security/badchars/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib
, buildPythonApplication
, fetchPypi
}:
buildPythonApplication rec {
pname = "badchars";
version = "0.4.0";
src = fetchPypi {
inherit pname version;
sha256 = "1xqki8qnfwl97d60xj69alyzwa1mnfbwki25j0vhvhb05varaxz2";
};
postPatch = ''
substituteInPlace setup.py --replace "argparse" ""
'';
# no tests are available and it can't be imported (it's only a script, not a module)
doCheck = false;
meta = with lib; {
description = "HEX badchar generator for different programming languages";
longDescription = ''
A HEX bad char generator to instruct encoders such as shikata-ga-nai to
transform those to other chars.
'';
homepage = "https://github.com/cytopia/badchars";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

45
pkgs/tools/security/badrobot/default.nix Normal file
View file

@ -0,0 +1,45 @@
{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
buildGoModule rec {
pname = "badrobot";
version = "0.1.2";
src = fetchFromGitHub {
owner = "controlplaneio";
repo = pname;
rev = "v${version}";
sha256 = "sha256-LGoNM8wu1qaq4cVEzR723/cueZlndE1Z2PCYEOU+nPQ=";
};
vendorSha256 = "sha256-FS4kFVi+3NOJOfWfy5m/hDrQvCzpmsNSB/PliF6cVps=";
nativeBuildInputs = [ installShellFiles ];
ldflags = [
"-s"
"-w"
"-X github.com/controlplaneio/badrobot/cmd.version=v${version}"
];
postInstall = ''
installShellCompletion --cmd badrobot \
--bash <($out/bin/badrobot completion bash) \
--fish <($out/bin/badrobot completion fish) \
--zsh <($out/bin/badrobot completion zsh)
'';
meta = with lib; {
homepage = "https://github.com/controlplaneio/badrobot";
changelog = "https://github.com/controlplaneio/badrobot/blob/v${version}/CHANGELOG.md";
description = "Operator Security Audit Tool";
longDescription = ''
Badrobot is a Kubernetes Operator audit tool. It statically analyses
manifests for high risk configurations such as lack of security
restrictions on the deployed controller and the permissions of an
associated clusterole. The risk analysis is primarily focussed on the
likelihood that a compromised Operator would be able to obtain full
cluster permissions.
'';
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ jk ];
};
}

25
pkgs/tools/security/bao/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, fetchCrate
, fetchpatch
, rustPlatform
}:
rustPlatform.buildRustPackage rec {
pname = "bao";
version = "0.12.0";
src = fetchCrate {
inherit version;
pname = "${pname}_bin";
sha256 = "SkplBzor7Fv2+6K8wcTtZwjR66RfLPA/YNNUUHniWpM=";
};
cargoSha256 = "yr4HvtOWnU2dFTBgSsbVcuDELe1o1SEtZ7rN/ctKAdI=";
meta = {
description = "An implementation of BLAKE3 verified streaming";
homepage = "https://github.com/oconnor663/bao";
maintainers = with lib.maintainers; [ amarshall ];
license = with lib.licenses; [ cc0 asl20 ];
};
}

49
pkgs/tools/security/bash-supergenpass/default.nix Normal file
View file

@ -0,0 +1,49 @@
{ lib, stdenv
, fetchFromGitHub
, unstableGitUpdater
, makeWrapper
, openssl
, coreutils
, gnugrep }:
stdenv.mkDerivation {
pname = "bash-supergenpass";
version = "unstable-2020-02-03";
nativeBuildInputs = [ makeWrapper ];
src = fetchFromGitHub {
owner = "lanzz";
repo = "bash-supergenpass";
rev = "e5d96599b65d65a37148996f00f9d057e522e4d8";
sha256 = "1d8csp94l2p5y5ln53aza5qf246rwmd10043x0x1yrswqrrya40f";
};
installPhase = ''
install -m755 -D supergenpass.sh "$out/bin/supergenpass"
wrapProgram "$out/bin/supergenpass" --prefix PATH : "${lib.makeBinPath [ openssl coreutils gnugrep ]}"
'';
passthru.updateScript = unstableGitUpdater {
url = "https://github.com/lanzz/bash-supergenpass.git";
};
meta = with lib; {
description = "Bash shell-script implementation of SuperGenPass password generation";
longDescription = ''
Bash shell-script implementation of SuperGenPass password generation
Usage: ./supergenpass.sh <domain> [ <length> ]
Default <length> is 10, which is also the original SuperGenPass default length.
The <domain> parameter is also optional, but it does not make much sense to omit it.
supergenpass will ask for your master password interactively, and it will not be displayed on your terminal.
'';
homepage = "https://github.com/lanzz/bash-supergenpass";
license = licenses.mit;
maintainers = with maintainers; [ fgaz ];
mainProgram = "supergenpass";
platforms = platforms.all;
};
}

41
pkgs/tools/security/bettercap/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib, stdenv
, buildGoModule
, fetchFromGitHub
, pkg-config
, libpcap
, libnfnetlink
, libnetfilter_queue
, libusb1
}:
buildGoModule rec {
pname = "bettercap";
version = "2.32.0";
src = fetchFromGitHub {
owner = pname;
repo = pname;
rev = "v${version}";
sha256 = "sha256-OND8WPqU/95rKykqMAPWmDsJ+AjsjGjrncZ2/m3mpt0=";
};
vendorSha256 = "sha256-QKv8F9QLRi+1Bqj9KywJsTErjs7o6gFM4tJLA8y52MY=";
doCheck = false;
nativeBuildInputs = [ pkg-config ];
buildInputs = [ libpcap libusb1 ]
++ lib.optionals stdenv.isLinux [ libnfnetlink libnetfilter_queue ];
meta = with lib; {
description = "A man in the middle tool";
longDescription = ''
BetterCAP is a powerful, flexible and portable tool created to perform various
types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic
in realtime, sniff for credentials and much more.
'';
homepage = "https://www.bettercap.org/";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ y0no ];
};
}

89
pkgs/tools/security/beyond-identity/default.nix Normal file
View file

@ -0,0 +1,89 @@
{ lib, stdenv, fetchurl, dpkg, buildFHSUserEnv
, glibc, glib, openssl, tpm2-tss
, gtk3, gnome, polkit, polkit_gnome
}:
let
pname = "beyond-identity";
version = "2.49.0-0";
libPath = lib.makeLibraryPath ([ glib glibc openssl tpm2-tss gtk3 gnome.gnome-keyring polkit polkit_gnome ]);
meta = with lib; {
description = "Passwordless MFA identities for workforces, customers, and developers";
homepage = "https://www.beyondidentity.com";
downloadPage = "https://app.byndid.com/downloads";
license = licenses.unfree;
maintainers = with maintainers; [ klden ];
platforms = [ "x86_64-linux" ];
};
beyond-identity = stdenv.mkDerivation {
inherit pname version meta;
src = fetchurl {
url = "https://packages.beyondidentity.com/public/linux-authenticator/deb/ubuntu/pool/focal/main/b/be/${pname}_${version}/${pname}_${version}_amd64.deb";
sha512 = "sha512-+9vwH1r5WW+MqyiwsAFInboaM7o2dc7zvRaKwHC/o2LOBugvUHmUzmZ6uSHilc9zQ5FcHUIIglhkASbFtsvPeA==";
};
nativeBuildInputs = [
dpkg
];
unpackPhase = ''
dpkg -x $src .
'';
installPhase = ''
mkdir -p $out/opt/beyond-identity
rm -rf usr/share/doc
# https://github.com/NixOS/nixpkgs/issues/42117
sed -i -e 's/auth_self/yes/g' usr/share/polkit-1/actions/com.beyondidentity.endpoint.stepup.policy
cp -ar usr/{bin,share} $out
cp -ar opt/beyond-identity/bin $out/opt/beyond-identity
ln -s $out/opt/beyond-identity/bin/* $out/bin/
'';
postFixup = ''
substituteInPlace \
$out/share/applications/com.beyondidentity.endpoint.BeyondIdentity.desktop \
--replace /usr/bin/ $out/bin/
substituteInPlace \
$out/share/applications/com.beyondidentity.endpoint.webserver.BeyondIdentity.desktop \
--replace /opt/ $out/opt/
substituteInPlace \
$out/opt/beyond-identity/bin/byndid-web \
--replace /opt/ $out/opt/
substituteInPlace \
$out/bin/beyond-identity \
--replace /opt/ $out/opt/ \
--replace /usr/bin/gtk-launch ${gtk3}/bin/gtk-launch
patchelf \
--set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
--set-rpath "${libPath}" \
--force-rpath \
$out/bin/byndid
'';
};
# /usr/bin/pkcheck is hardcoded in binary - we need FHS
in buildFHSUserEnv {
inherit meta;
name = pname;
targetPkgs = pkgs: [
beyond-identity
glib glibc openssl tpm2-tss
gtk3 gnome.gnome-keyring
polkit polkit_gnome
];
extraInstallCommands = ''
ln -s ${beyond-identity}/share $out
'';
runScript = "beyond-identity";
}

72
pkgs/tools/security/bitwarden/default.nix Normal file
View file

@ -0,0 +1,72 @@
{ atomEnv
, autoPatchelfHook
, dpkg
, fetchurl
, lib
, libsecret
, libxshmfence
, makeDesktopItem
, makeWrapper
, stdenv
, udev
, wrapGAppsHook
}:
stdenv.mkDerivation rec {
pname = "bitwarden";
version = "1.32.1";
src = fetchurl {
url = "https://github.com/bitwarden/desktop/releases/download/v${version}/Bitwarden-${version}-amd64.deb";
sha256 = "sha256-G1k8kf00EQVH/z2foH4NHCw82/eTi7BMMfkVtX6IfQo=";
};
desktopItem = makeDesktopItem {
name = "bitwarden";
exec = "bitwarden %U";
icon = "bitwarden";
comment = "A secure and free password manager for all of your devices";
desktopName = "Bitwarden";
categories = [ "Utility" ];
};
dontBuild = true;
dontConfigure = true;
dontPatchELF = true;
dontWrapGApps = true;
nativeBuildInputs = [ dpkg makeWrapper autoPatchelfHook wrapGAppsHook ];
buildInputs = [ libsecret libxshmfence ] ++ atomEnv.packages;
unpackPhase = "dpkg-deb -x $src .";
installPhase = ''
mkdir -p "$out/bin"
cp -R "opt" "$out"
cp -R "usr/share" "$out/share"
chmod -R g-w "$out"
# Desktop file
mkdir -p "$out/share/applications"
cp "${desktopItem}/share/applications/"* "$out/share/applications"
'';
runtimeDependencies = [
(lib.getLib udev)
];
postFixup = ''
makeWrapper $out/opt/Bitwarden/bitwarden $out/bin/bitwarden \
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ libsecret stdenv.cc.cc ] }" \
"''${gappsWrapperArgs[@]}"
'';
meta = with lib; {
description = "A secure and free password manager for all of your devices";
homepage = "https://bitwarden.com";
license = licenses.gpl3;
maintainers = with maintainers; [ kiwi ];
platforms = [ "x86_64-linux" ];
};
}

29
pkgs/tools/security/bmrsa/11.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, stdenv, fetchurl, unzip }:
stdenv.mkDerivation rec {
pname = "bmrsa";
version = "11";
src = fetchurl {
url = "mirror://sourceforge/bmrsa/bmrsa${version}.zip";
sha256 = "0ksd9xkvm9lkvj4yl5sl0zmydp1wn3xhc55b28gj70gi4k75kcl4";
};
nativeBuildInputs = [ unzip ];
unpackPhase = ''
mkdir bmrsa
cd bmrsa
unzip ${src}
sed -e 's/gcc/g++/' -i Makefile
mkdir -p $out/bin
echo -e 'install:\n\tcp bmrsa '$out'/bin' >> Makefile
'';
meta = with lib; {
description = "RSA utility";
homepage = "http://bmrsa.sourceforge.net/";
license = licenses.gpl1;
platforms = platforms.linux;
};
}

57
pkgs/tools/security/boofuzz/default.nix Normal file
View file

@ -0,0 +1,57 @@
{ stdenv
, lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "boofuzz";
version = "0.4.1";
src = fetchFromGitHub {
owner = "jtpereyda";
repo = pname;
rev = "v${version}";
sha256 = "sha256-mbxImm5RfYWq1JCCSvvG58Sxv2ad4BOh+RLvtNjQCKE=";
};
propagatedBuildInputs = with python3.pkgs; [
attrs
click
colorama
flask
funcy
future
psutil
pyserial
pydot
six
tornado
];
checkInputs = with python3.pkgs; [
mock
netifaces
pytest-bdd
pytestCheckHook
];
disabledTests = [
# Tests require socket access
"test_raw_l2"
"test_raw_l3"
];
pythonImportsCheck = [
"boofuzz"
];
meta = with lib; {
description = "Network protocol fuzzing tool";
homepage = "https://github.com/jtpereyda/boofuzz";
license = with licenses; [ gpl2Plus ];
maintainers = with maintainers; [ fab ];
# FAILED unit_tests/test_monitors.py::TestProcessMonitor::test_set_options_persistent
broken = (stdenv.isDarwin && stdenv.isx86_64);
};
}

32
pkgs/tools/security/bpb/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ stdenv
, lib
, rustPlatform
, fetchFromGitHub
, Security
}:
rustPlatform.buildRustPackage rec {
pname = "bpb";
version = "unstable-2018-07-27";
src = fetchFromGitHub {
owner = "withoutboats";
repo = "bpb";
rev = "b1ef5ca1d2dea0e2ec0b1616f087f110ea17adfa";
sha256 = "sVfM8tlAsF4uKLxl3g/nSYgOx+znHIdPalSIiCd18o4=";
};
cargoSha256 = "7cARRJWRxF1kMySX6KcB6nrVf8k1p/nr3OyAwNLmztc=";
# a nightly compiler is required unless we use this cheat code.
RUSTC_BOOTSTRAP = 1;
buildInputs = lib.optional stdenv.isDarwin Security;
meta = with lib; {
description = "Tool to automatically sign git commits, replacing gpg for that purpose";
homepage = "https://github.com/withoutboats/bpb";
license = licenses.mit;
maintainers = with maintainers; [ jtojnar ];
};
}

55
pkgs/tools/security/browserpass/default.nix Normal file
View file

@ -0,0 +1,55 @@
{ lib, buildGoModule, fetchFromGitHub, makeWrapper, gnupg }:
buildGoModule rec {
pname = "browserpass";
version = "3.0.10";
src = fetchFromGitHub {
owner = "browserpass";
repo = "browserpass-native";
rev = version;
sha256 = "8eAwUwcRTnhVDkQc3HsvTP0TqC4LfVrUelxdbJxe9t0=";
};
nativeBuildInputs = [ makeWrapper ];
vendorSha256 = "gWXcYyIp86b/Pn6vj7qBj/VZS9rTr4weVw0YWmg+36c=";
doCheck = false;
postPatch = ''
# Because this Makefile will be installed to be used by the user, patch
# variables to be valid by default
substituteInPlace Makefile \
--replace "PREFIX ?= /usr" ""
sed -i -e 's/SED =.*/SED = sed/' Makefile
sed -i -e 's/INSTALL =.*/INSTALL = install/' Makefile
'';
DESTDIR = placeholder "out";
postConfigure = ''
make configure
'';
buildPhase = ''
make
'';
installPhase = ''
make install
wrapProgram $out/bin/browserpass \
--suffix PATH : ${lib.makeBinPath [ gnupg ]}
# This path is used by our firefox wrapper for finding native messaging hosts
mkdir -p $out/lib/mozilla/native-messaging-hosts
ln -s $out/lib/browserpass/hosts/firefox/*.json $out/lib/mozilla/native-messaging-hosts
'';
meta = with lib; {
description = "Browserpass native client app";
homepage = "https://github.com/browserpass/browserpass-native";
license = licenses.isc;
maintainers = with maintainers; [ rvolosatovs infinisil ];
};
}

35
pkgs/tools/security/bruteforce-luks/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, stdenv, fetchFromGitHub, autoreconfHook, cryptsetup }:
stdenv.mkDerivation rec {
pname = "bruteforce-luks";
version = "1.4.0";
src = fetchFromGitHub {
sha256 = "0yyrda077avdapq1mvavgv5mvj2r94d6p01q56bbnaq4a3h5kfd6";
rev = version;
repo = "bruteforce-luks";
owner = "glv2";
};
nativeBuildInputs = [ autoreconfHook ];
buildInputs = [ cryptsetup ];
enableParallelBuilding = true;
doCheck = true;
meta = with lib; {
inherit (src.meta) homepage;
description = "Cracks passwords of LUKS encrypted volumes";
longDescription = ''
The program tries to decrypt at least one of the key slots by trying
all the possible passwords. It is especially useful if you know
something about the password (i.e. you forgot a part of your password but
still remember most of it). Finding the password of a volume without
knowing anything about it would take way too much time (unless the
password is really short and/or weak). It can also use a dictionary.
'';
license = licenses.gpl3Plus;
platforms = platforms.linux;
};
}

50
pkgs/tools/security/brutespray/default.nix Normal file
View file

@ -0,0 +1,50 @@
{ lib
, stdenv
, python3
, fetchFromGitHub
, makeWrapper
, medusa
}:
stdenv.mkDerivation rec {
pname = "brutespray";
version = "1.7.0";
src = fetchFromGitHub {
owner = "x90skysn3k";
repo = pname;
rev = "${pname}-${version}";
sha256 = "0lkm3fvx35ml5jh4ykjr2srq8qfajkmxwp4qfcn9xi58khk3asq3";
};
postPatch = ''
substituteInPlace brutespray.py \
--replace "/usr/share/brutespray" "$out/share/brutespray"
'';
dontBuild = true;
nativeBuildInputs = [ python3.pkgs.wrapPython makeWrapper ];
buildInputs = [ python3 ];
installPhase = ''
install -Dm0755 brutespray.py $out/bin/brutespray
patchShebangs $out/bin
patchPythonScript $out/bin/brutespray
wrapProgram $out/bin/brutespray \
--prefix PATH : ${lib.makeBinPath [ medusa ]}
mkdir -p $out/share/brutespray
cp -r wordlist/ $out/share/brutespray/wordlist
'';
meta = with lib; {
homepage = "https://github.com/x90skysn3k/brutespray";
description = "Tool to do brute-forcing from Nmap output";
longDescription = ''
This tool automatically attempts default credentials on found services
directly from Nmap output.
'';
license = licenses.mit;
maintainers = with maintainers; [ ma27 ];
};
}

2
pkgs/tools/security/bundler-audit/Gemfile Normal file
View file

@ -0,0 +1,2 @@
source 'https://rubygems.org'
gem 'bundler-audit'

16
pkgs/tools/security/bundler-audit/Gemfile.lock Normal file
View file

@ -0,0 +1,16 @@
GEM
remote: https://rubygems.org/
specs:
bundler-audit (0.9.0.1)
bundler (>= 1.2.0, < 3)
thor (~> 1.0)
thor (1.1.0)
PLATFORMS
ruby
DEPENDENCIES
bundler-audit
BUNDLED WITH
2.2.20

29
pkgs/tools/security/bundler-audit/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ bundlerEnv, ruby, lib, bundlerUpdateScript }:
bundlerEnv rec {
name = "${pname}-${version}";
pname = "bundler-audit";
version = (import ./gemset.nix).bundler-audit.version;
inherit ruby;
gemdir = ./.;
passthru.updateScript = bundlerUpdateScript "bundler-audit";
meta = with lib; {
description = "Patch-level verification for Bundler";
longDescription = ''
Features:
- Checks for vulnerable versions of gems in Gemfile.lock.
- Checks for insecure gem sources (http://).
- Allows ignoring certain advisories that have been manually worked around.
- Prints advisory information.
- Does not require a network connection.
'';
homepage = "https://github.com/rubysec/bundler-audit";
changelog = "https://github.com/rubysec/bundler-audit/blob/v${version}/ChangeLog.md";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ primeos nicknovitski ];
platforms = platforms.unix;
};
}

23
pkgs/tools/security/bundler-audit/gemset.nix Normal file
View file

@ -0,0 +1,23 @@
{
bundler-audit = {
dependencies = ["thor"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "05k19l5388248rd74cn2lm2ksci7fzmga74n835v7k31m4kbzw8v";
type = "gem";
};
version = "0.9.0.1";
};
thor = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "18yhlvmfya23cs3pvhr1qy38y41b6mhr5q9vwv5lrgk16wmf3jna";
type = "gem";
};
version = "1.1.0";
};
}

33
pkgs/tools/security/buttercup-desktop/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ lib, fetchurl, appimageTools }:
let
pname = "buttercup-desktop";
version = "2.14.2";
name = "${pname}-${version}";
src = fetchurl {
url = "https://github.com/buttercup/buttercup-desktop/releases/download/v${version}/Buttercup-linux-x86_64.AppImage";
sha256 = "sha256-ZZaolebDGqRk4BHP5PxFxBsMgOQAxUoIMTlhxM58k0Y=";
};
appimageContents = appimageTools.extractType2 { inherit name src; };
in appimageTools.wrapType2 {
inherit name src;
extraPkgs = pkgs: (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs) ++ [ pkgs.libsecret ];
extraInstallCommands = ''
mv $out/bin/${name} $out/bin/buttercup-desktop
install -m 444 -D ${appimageContents}/buttercup.desktop -t $out/share/applications
substituteInPlace $out/share/applications/buttercup.desktop \
--replace 'Exec=AppRun' 'Exec=buttercup-desktop'
cp -r ${appimageContents}/usr/share/icons $out/share
'';
meta = with lib; {
description = "Cross-Platform Passwords & Secrets Vault";
homepage = "https://buttercup.pw";
license = licenses.gpl3Only;
maintainers = with maintainers; [ wolfangaukang ];
platforms = [ "x86_64-linux" ];
};
}

41
pkgs/tools/security/cameradar/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib
, buildGoModule
, curl
, fetchFromGitHub
, pkg-config
}:
buildGoModule rec {
pname = "cameradar";
version = "5.0.2";
src = fetchFromGitHub {
owner = "Ullaakut";
repo = pname;
rev = "v${version}";
sha256 = "sha256-GOqmz/aiOLGMfs9rQBIEQSgBycPzhu8BohcAc2U+gBw=";
};
vendorSha256 = "sha256-AIi57DWMvAKl0PhuwHO/0cHoDKk5e0bJsqHYBka4NiU=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
curl
];
subPackages = [
"cmd/cameradar"
];
# At least one test is outdated
#doCheck = false;
meta = with lib; {
description = "RTSP stream access tool";
homepage = "https://github.com/Ullaakut/cameradar";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

25
pkgs/tools/security/cariddi/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "cariddi";
version = "1.1.7";
src = fetchFromGitHub {
owner = "edoardottt";
repo = pname;
rev = "v${version}";
sha256 = "sha256-OiGVdRgTaoMinwYh5vTPgOUAffX6RlawAaVtBvpWN8I=";
};
vendorSha256 = "sha256-zJ39tAq+ooROMHG1vC2m2rbq+wttxqYxAd2hLg5GtJM=";
meta = with lib; {
description = "Crawler for URLs and endpoints";
homepage = "https://github.com/edoardottt/cariddi";
license = with licenses; [ gpl3Plus ];
maintainers = with maintainers; [ fab ];
};
}

30
pkgs/tools/security/ccid/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, stdenv, fetchurl, pcsclite, pkg-config, libusb1, perl }:
stdenv.mkDerivation rec {
pname = "ccid";
version = "1.5.0";
src = fetchurl {
url = "https://ccid.apdu.fr/files/${pname}-${version}.tar.bz2";
sha256 = "sha256-gVSbNCJGnVA5ltA6Ou0u8TdbNZFn8Q1mvp44ROcpMi4=";
};
postPatch = ''
patchShebangs .
substituteInPlace src/Makefile.in --replace /bin/echo echo
'';
preConfigure = ''
configureFlagsArray+=("--enable-usbdropdir=$out/pcsc/drivers")
'';
nativeBuildInputs = [ pkg-config perl ];
buildInputs = [ pcsclite libusb1 ];
meta = with lib; {
description = "ccid drivers for pcsclite";
homepage = "https://ccid.apdu.fr/";
license = licenses.gpl2Plus;
platforms = platforms.unix;
};
}

23
pkgs/tools/security/ccrypt/default.nix Normal file
View file

@ -0,0 +1,23 @@
{lib, stdenv, fetchurl, perl}:
stdenv.mkDerivation rec {
pname = "ccrypt";
version = "1.11";
src = fetchurl {
url = "mirror://sourceforge/ccrypt/ccrypt-${version}.tar.gz";
sha256 = "0kx4a5mhmp73ljknl2lcccmw9z3f5y8lqw0ghaymzvln1984g75i";
};
nativeBuildInputs = [ perl ];
hardeningDisable = [ "format" ];
meta = {
homepage = "http://ccrypt.sourceforge.net/";
description = "Utility for encrypting and decrypting files and streams with AES-256";
license = lib.licenses.gpl2Plus;
maintainers = with lib.maintainers; [viric];
platforms = with lib.platforms; all;
};
}

31
pkgs/tools/security/cdk-go/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib
, stdenv
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "cdk-go";
version = "1.0.6";
src = fetchFromGitHub {
owner = "cdk-team";
repo = "CDK";
rev = "v${version}";
sha256 = "sha256-XzUSiE03ZbP75ewwBJFwZE0aKNlOFprezeD26japLD8=";
};
vendorSha256 = "sha256-mP49DmOHvS8ewQG7I1J5OEmAOkHEFJfAsEPeiaRBpWc=";
# At least one test is outdated
doCheck = false;
meta = with lib; {
description = "Container penetration toolkit";
homepage = "https://github.com/cdk-team/CDK";
license = with licenses; [ gpl2Only ];
maintainers = with maintainers; [ fab ];
mainProgram = "cdk";
broken = stdenv.isDarwin; # needs to update gopsutil to at least v3.21.3 to include https://github.com/shirou/gopsutil/pull/1042
};
}

25
pkgs/tools/security/certgraph/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "certgraph";
version = "20220513";
src = fetchFromGitHub {
owner = "lanrat";
repo = pname;
rev = version;
sha256 = "sha256-7tvPiJHZE9X7I79DFNF1ZAQiaAkrtrXiD2fY7AkbWMk=";
};
vendorSha256 = "sha256-ErTn7pUCtz6ip2kL8FCe+3Rhs876xtqto+z5nZqQ6cI=";
meta = with lib; {
description = "Intelligence tool to crawl the graph of certificate alternate names";
homepage = "https://github.com/lanrat/certgraph";
license = with licenses; [ gpl2Only ];
maintainers = with maintainers; [ fab ];
};
}

40
pkgs/tools/security/certipy/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "certipy";
version = "2.0.9";
src = fetchFromGitHub {
owner = "ly4k";
repo = "Certipy";
rev = version;
hash = "sha256-84nGRKZ0UlMDAZ1Wo5Hgy9XSAyEh0Tio9+3OZVFZG5k=";
};
propagatedBuildInputs = with python3.pkgs; [
asn1crypto
dnspython
dsinternals
impacket
ldap3
pyasn1
pycryptodome
];
# Project has no tests
doCheck = false;
pythonImportsCheck = [
"certipy"
];
meta = with lib; {
description = "Tool to enumerate and abuse misconfigurations in Active Directory Certificate Services";
homepage = "https://github.com/ly4k/Certipy";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

43
pkgs/tools/security/certmgr/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, buildGoPackage, fetchFromGitHub, fetchpatch }:
let
generic = { patches ? [] }:
buildGoPackage rec {
version = "1.6.4";
pname = "certmgr";
goPackagePath = "github.com/cloudflare/certmgr/";
src = fetchFromGitHub {
owner = "cloudflare";
repo = "certmgr";
rev = "v${version}";
sha256 = "0glvyp61ya21pdm2bsvq3vfhmmxc2998vxc6hiyc79ijsv9n6jqi";
};
inherit patches;
meta = with lib; {
homepage = "https://cfssl.org/";
description = "Cloudflare's certificate manager";
platforms = platforms.linux;
license = licenses.bsd2;
maintainers = with maintainers; [ johanot srhb ];
};
};
in
{
certmgr = generic {};
certmgr-selfsigned = generic {
# The following patch makes it possible to use a self-signed x509 cert
# for the cfssl apiserver.
# TODO: remove patch when PR is merged.
patches = [
(fetchpatch {
url = "https://github.com/cloudflare/certmgr/pull/51.patch";
sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs";
})
];
};
}

22
pkgs/tools/security/certstrap/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, buildGoPackage, fetchFromGitHub }:
buildGoPackage rec {
pname = "certstrap";
version = "1.2.0";
goPackagePath = "github.com/square/certstrap";
src = fetchFromGitHub {
owner = "square";
repo = "certstrap";
rev = "v${version}";
sha256 = "1ymchnn7c9g3pq7rw4lrwsd6z3wfjx90g7qgrw6r5hssl77mnscj";
};
meta = with lib; {
inherit (src.meta) homepage;
description = "Tools to bootstrap CAs, certificate requests, and signed certificates";
license = licenses.asl20;
maintainers = with maintainers; [ volth ];
};
}

8
pkgs/tools/security/cewl/Gemfile Normal file
View file

@ -0,0 +1,8 @@
source 'https://rubygems.org'
gem 'mime'
gem 'mime-types', ">=3.3.1"
gem 'mini_exiftool'
gem 'nokogiri'
gem 'rexml'
gem 'rubyzip'
gem 'spider'

31
pkgs/tools/security/cewl/Gemfile.lock Normal file
View file

@ -0,0 +1,31 @@
GEM
remote: https://rubygems.org/
specs:
mime (0.4.4)
mime-types (3.3.1)
mime-types-data (~> 3.2015)
mime-types-data (3.2021.0704)
mini_exiftool (2.10.2)
mini_portile2 (2.5.3)
nokogiri (1.11.7)
mini_portile2 (~> 2.5.0)
racc (~> 1.4)
racc (1.5.2)
rexml (3.2.5)
rubyzip (2.3.2)
spider (0.5.4)
PLATFORMS
ruby
DEPENDENCIES
mime
mime-types (>= 3.3.1)
mini_exiftool
nokogiri
rexml
rubyzip
spider
BUNDLED WITH
2.1.4

33
pkgs/tools/security/cewl/default.nix Normal file
View file

@ -0,0 +1,33 @@
{ stdenv, lib, fetchFromGitHub, bundlerEnv }:
let
rubyEnv = bundlerEnv {
name = "cewl-ruby-env";
gemdir = ./.;
};
in
stdenv.mkDerivation rec {
pname = "cewl";
version = "5.5.2";
src = fetchFromGitHub {
owner = "digininja";
repo = "CeWL";
rev = version;
sha256 = "sha256-5LTZUr3OMeu1NODhIgBiVqtQnUWYfZTm73q61vT3rXc=";
};
buildInputs = [ rubyEnv.wrappedRuby ];
installPhase = ''
mkdir -p $out/bin
cp *.rb $out/bin/
mv $out/bin/cewl.rb $out/bin/cewl
'';
meta = with lib; {
description = "Custom wordlist generator";
homepage = "https://digi.ninja/projects/cewl.php/";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ elohmeier ];
};
}

104
pkgs/tools/security/cewl/gemset.nix Normal file
View file

@ -0,0 +1,104 @@
{
mime = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0nskys7brz2bylhxiknl0z9i19w3wb1knf0h93in6mjq70jdw5cr";
type = "gem";
};
version = "0.4.4";
};
mime-types = {
dependencies = ["mime-types-data"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1zj12l9qk62anvk9bjvandpa6vy4xslil15wl6wlivyf51z773vh";
type = "gem";
};
version = "3.3.1";
};
mime-types-data = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0dlxwc75iy0dj23x824cxpvpa7c8aqcpskksrmb32j6m66h5mkcy";
type = "gem";
};
version = "3.2021.0704";
};
mini_exiftool = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0ir4wigpm6nkd3f40wcjdqrhjx3l60w1hwcg143is1a95ypnvqhr";
type = "gem";
};
version = "2.10.2";
};
mini_portile2 = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1ad0mli9rc0f17zw4ibp24dbj1y39zkykijsjmnzl4gwpg5s0j6k";
type = "gem";
};
version = "2.5.3";
};
nokogiri = {
dependencies = ["mini_portile2" "racc"];
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "1vrn31385ix5k9b0yalnlzv360isv6dincbcvi8psllnwz4sjxj9";
type = "gem";
};
version = "1.11.7";
};
racc = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "178k7r0xn689spviqzhvazzvxfq6fyjldxb3ywjbgipbfi4s8j1g";
type = "gem";
};
version = "1.5.2";
};
rexml = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "08ximcyfjy94pm1rhcx04ny1vx2sk0x4y185gzn86yfsbzwkng53";
type = "gem";
};
version = "3.2.5";
};
rubyzip = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0grps9197qyxakbpw02pda59v45lfgbgiyw48i0mq9f2bn9y6mrz";
type = "gem";
};
version = "2.3.2";
};
spider = {
groups = ["default"];
platforms = [];
source = {
remotes = ["https://rubygems.org"];
sha256 = "0fix7zhnvlfqg66bxwdpbsffbynzdnaifnxpakn07bjh3rdj75cx";
type = "gem";
};
version = "0.5.4";
};
}

56
pkgs/tools/security/cfripper/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "cfripper";
version = "1.12.0";
src = fetchFromGitHub {
owner = "Skyscanner";
repo = pname;
rev = "refs/tags/${version}";
hash = "sha256-qrZlCxNLO+q5n/FS/5b51QZVg4ZDwrgWpcKVp/JLTws=";
};
propagatedBuildInputs = with python3.pkgs; [
boto3
cfn-flip
click
pluggy
pycfmodel
pydash
pyyaml
setuptools
];
checkInputs = with python3.pkgs; [
moto
pytestCheckHook
];
postPatch = ''
substituteInPlace setup.py \
--replace "click~=7.1.1" "click" \
--replace "pluggy~=0.13.1" "pluggy" \
--replace "pydash~=4.7.6" "pydash"
'';
disabledTestPaths = [
# Tests are failing
"tests/test_boto3_client.py"
"tests/config/test_pluggy.py"
];
pythonImportsCheck = [
"cfripper"
];
meta = with lib; {
description = "Tool for analysing CloudFormation templates";
homepage = "https://github.com/Skyscanner/cfripper";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}

48
pkgs/tools/security/cfssl/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ lib, buildGoModule, fetchFromGitHub, go-rice }:
buildGoModule rec {
pname = "cfssl";
version = "1.6.1";
src = fetchFromGitHub {
owner = "cloudflare";
repo = "cfssl";
rev = "v${version}";
sha256 = "sha256-QY04MecjQTmrkPkWcLkXJWErtaw7esb6GnPIKGTJL34=";
};
subPackages = [
"cmd/cfssl"
"cmd/cfssljson"
"cmd/cfssl-bundle"
"cmd/cfssl-certinfo"
"cmd/cfssl-newkey"
"cmd/cfssl-scan"
"cmd/multirootca"
"cmd/mkbundle"
];
vendorSha256 = null;
doCheck = false;
nativeBuildInputs = [ go-rice ];
preBuild = ''
pushd cli/serve
rice embed-go
popd
'';
ldflags = [
"-s" "-w"
"-X github.com/cloudflare/cfssl/cli/version.version=v${version}"
];
meta = with lib; {
homepage = "https://cfssl.org/";
description = "Cloudflare's PKI and TLS toolkit";
license = licenses.bsd2;
maintainers = with maintainers; [ mbrgm ];
};
}

13
pkgs/tools/security/chipsec/compile-ko.diff Normal file
View file

@ -0,0 +1,13 @@
diff --git i/setup.py w/setup.py
index cfe2665..5795874 100755
--- i/setup.py
+++ w/setup.py
@@ -179,7 +179,7 @@ class build_ext(_build_ext):
driver_build_function = self._build_win_driver
self._build_win_compression()
- if not self.skip_driver:
+ if True:
driver_build_function()
def get_source_files(self):

73
pkgs/tools/security/chipsec/default.nix Normal file
View file

@ -0,0 +1,73 @@
{ lib
, stdenv
, fetchFromGitHub
, kernel ? null
, libelf
, nasm
, python3
, withDriver ? false
}:
python3.pkgs.buildPythonApplication rec {
pname = "chipsec";
version = "1.8.1";
disabled = !stdenv.isLinux;
src = fetchFromGitHub {
owner = "chipsec";
repo = "chipsec";
rev = version;
hash = "sha256-bK8wlwhP0pi8rOs8ysbSZ+0aZOaX4mckfH/p4OLGnes=";
};
patches = lib.optionals withDriver [ ./ko-path.diff ./compile-ko.diff ];
KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build";
nativeBuildInputs = [
libelf
nasm
];
checkInputs = with python3.pkgs; [
distro
pytestCheckHook
];
preBuild = lib.optionalString withDriver ''
export CHIPSEC_BUILD_LIB=$(mktemp -d)
mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux
'';
preInstall = lib.optionalString withDriver ''
mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux
mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \
$out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko
'';
setupPyBuildFlags = [
"--build-lib=$CHIPSEC_BUILD_LIB"
] ++ lib.optional (!withDriver) [
"--skip-driver"
];
pythonImportsCheck = [
"chipsec"
];
meta = with lib; {
description = "Platform Security Assessment Framework";
longDescription = ''
CHIPSEC is a framework for analyzing the security of PC platforms
including hardware, system firmware (BIOS/UEFI), and platform components.
It includes a security test suite, tools for accessing various low level
interfaces, and forensic capabilities. It can be run on Windows, Linux,
Mac OS X and UEFI shell.
'';
license = licenses.gpl2Only;
homepage = "https://github.com/chipsec/chipsec";
maintainers = with maintainers; [ johnazoidberg ];
platforms = [ "x86_64-linux" ] ++ lib.optional (!withDriver) "x86_64-darwin";
};
}

13
pkgs/tools/security/chipsec/ko-path.diff Normal file
View file

@ -0,0 +1,13 @@
diff --git c/chipsec/helper/linux/linuxhelper.py i/chipsec/helper/linux/linuxhelper.py
index c51b5e6..4be05ea 100644
--- c/chipsec/helper/linux/linuxhelper.py
+++ i/chipsec/helper/linux/linuxhelper.py
@@ -152,7 +152,7 @@ class LinuxHelper(Helper):
else:
a2 = "a2=0x{}".format(phys_mem_access_prot)
- driver_path = os.path.join(chipsec.file.get_main_dir(), "chipsec", "helper", "linux", "chipsec.ko" )
+ driver_path = os.path.join(chipsec.file.get_main_dir(), "drivers", "linux", "chipsec.ko" )
if not os.path.exists(driver_path):
driver_path += ".xz"
if not os.path.exists(driver_path):

36
pkgs/tools/security/chkrootkit/default.nix Normal file
View file

@ -0,0 +1,36 @@
{ lib, stdenv, fetchurl, makeWrapper, binutils-unwrapped }:
stdenv.mkDerivation rec {
pname = "chkrootkit";
version = "0.55";
src = fetchurl {
url = "ftp://ftp.pangeia.com.br/pub/seg/pac/${pname}-${version}.tar.gz";
sha256 = "sha256-qBwChuxEkxP5U3ASAqAOgbIE/Cz0PieFhaEcEqXgJYs=";
};
# TODO: a lazy work-around for linux build failure ...
makeFlags = [ "STATIC=" ];
nativeBuildInputs = [ makeWrapper ];
postPatch = ''
substituteInPlace chkrootkit \
--replace " ./" " $out/bin/"
'';
installPhase = ''
mkdir -p $out/sbin
cp check_wtmpx chkdirs chklastlog chkproc chkrootkit chkutmp chkwtmp ifpromisc strings-static $out/sbin
wrapProgram $out/sbin/chkrootkit \
--prefix PATH : "${lib.makeBinPath [ binutils-unwrapped ]}"
'';
meta = with lib; {
description = "Locally checks for signs of a rootkit";
homepage = "http://www.chkrootkit.org/";
license = licenses.bsd2;
platforms = with platforms; linux;
};
}

28
pkgs/tools/security/chntpw/00-chntpw-build-arch-autodetect.patch Normal file
View file

@ -0,0 +1,28 @@
--- chntpw-140201.orig/Makefile 2014-02-01 17:54:37.000000000 +0100
+++ chntpw-140201/Makefile 2022-04-21 00:14:45.000000000 +0200
@@ -6,24 +6,7 @@
# See INSTALL for more info.
#
-#SSLPATH=/usr/local/ssl
-OSSLPATH=/usr
-OSSLINC=$(OSSLPATH)/include
-
-CC=gcc
-
-# Force 32 bit
-CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall -m32
-OSSLLIB=$(OSSLPATH)/lib
-
-# 64 bit if default for compiler setup
-#CFLAGS= -DUSEOPENSSL -g -I. -I$(OSSLINC) -Wall
-#OSSLLIB=$(OSSLPATH)/lib64
-
-
-# This is to link with whatever we have, SSL crypto lib we put in static
-#LIBS=-L$(OSSLLIB) $(OSSLLIB)/libcrypto.a
-LIBS=-L$(OSSLLIB)
+CFLAGS= -DUSEOPENSSL -g -I. -Wall
all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static

20
pkgs/tools/security/chntpw/01-chntpw-install-target.patch Normal file
View file

@ -0,0 +1,20 @@
--- chntpw-140201/Makefile 2022-04-21 00:14:45.000000000 +0200
+++ chntpw-140201.new/Makefile 2022-04-21 09:15:42.000000000 +0200
@@ -6,10 +6,16 @@
# See INSTALL for more info.
#
+PREFIX ?= /usr
+
CFLAGS= -DUSEOPENSSL -g -I. -Wall
+BINARIES := chntpw cpnt reged samusrgrp sampasswd
-all: chntpw chntpw.static cpnt reged reged.static samusrgrp samusrgrp.static sampasswd sampasswd.static
+all: $(BINARIES)
+install: $(BINARIES)
+ mkdir -p $(PREFIX)/bin
+ cp $^ $(PREFIX)/bin
chntpw: chntpw.o ntreg.o edlib.o libsam.o
$(CC) $(CFLAGS) -o chntpw chntpw.o ntreg.o edlib.o libsam.o $(LIBS)

68
pkgs/tools/security/chntpw/default.nix Normal file
View file

@ -0,0 +1,68 @@
{ lib, stdenv, fetchurl, unzip, fetchpatch }:
stdenv.mkDerivation rec {
pname = "chntpw";
version = "140201";
src = fetchurl {
url = "http://pogostick.net/~pnh/ntpasswd/chntpw-source-${version}.zip";
sha256 = "1k1cxsj0221dpsqi5yibq2hr7n8xywnicl8yyaicn91y8h2hkqln";
};
nativeBuildInputs = [ unzip ];
patches = [
./00-chntpw-build-arch-autodetect.patch
./01-chntpw-install-target.patch
# Import various bug fixes from debian
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/04_get_abs_path";
sha256 = "17h0gaczqd5b792481synr1ny72frwslb779lm417pyrz6kh9q8n";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/06_correct_test_open_syscall";
sha256 = "00lg83bimbki988n71w54mmhjp9529r0ngm40d7fdmnc2dlpj3hd";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/07_detect_failure_to_write_key";
sha256 = "0pk6xnprh2pqyx4n4lw3836z6fqsw3mclkzppl5rhjaahriwxw4l";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/08_no_deref_null";
sha256 = "1g7pfmjaj0c2sm64s3api2kglj7jbgddjjd3r4drw6phwdkah0zs";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/09_improve_robustness";
sha256 = "1nszkdy01ixnain7cwdmfbhjngphw1300ifagc1wgl9wvghzviaa";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/11_improve_documentation";
sha256 = "0yql6hj72q7cq69rrspsjkpiipdhcwb0b9w5j8nhq40cnx9mgqgg";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/12_readonly_filesystem";
sha256 = "1kxcy7f2pl6fqgmjg8bnl3pl5wgiw5xnbyx12arinmqkkggp4fa4";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/13_write_to_hive";
sha256 = "1638lcyxjkrkmbr3n28byixny0qrxvkciw1xd97x48mj6bnwqrkv";
})
(fetchpatch {
url = "https://sources.debian.org/data/main/c/chntpw/140201-1/debian/patches/14_improve_description";
sha256 = "11y5kc4dh4zv24nkb0jw2zwlifx6nzsd4jbizn63l6dbpqgb25rs";
})
];
installPhase = ''
make install PREFIX=$out
'';
meta = with lib; {
homepage = "http://pogostick.net/~pnh/ntpasswd/";
description = "An utility to reset the password of any user that has a valid local account on a Windows system";
maintainers = with lib.maintainers; [ deepfire ];
license = licenses.gpl2;
platforms = lib.platforms.unix;
};
}

25
pkgs/tools/security/chopchop/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "chopchop";
version = "1.0.0";
src = fetchFromGitHub {
owner = "michelin";
repo = "ChopChop";
rev = "v${version}";
sha256 = "qSBQdcS6d0tctSHRbkY4T7s6Zj7xI2abaPUvNKh1M2E=";
};
vendorSha256 = "UxWARWOFp8AYKEdiJwRZNwFrphgMTJSZjnvktTNOsgU=";
meta = with lib; {
description = "CLI to search for sensitive services/files/folders";
homepage = "https://github.com/michelin/ChopChop";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}

38
pkgs/tools/security/chrome-token-signing/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ lib, mkDerivation, fetchFromGitHub, qmake, pcsclite, pkg-config, opensc }:
mkDerivation rec {
pname = "chrome-token-signing";
version = "1.1.5";
src = fetchFromGitHub {
owner = "open-eid";
repo = "chrome-token-signing";
rev = "v${version}";
sha256 = "sha256-wKy/RVR7jx5AkMJgHXsuV+jlzyfH5nDRggcIUgh2ML4=";
};
buildInputs = [ qmake pcsclite pkg-config ];
dontUseQmakeConfigure = true;
patchPhase = ''
substituteInPlace host-linux/ee.ria.esteid.json --replace /usr $out
# TODO: macos
substituteInPlace host-shared/PKCS11Path.cpp \
--replace opensc-pkcs11.so ${opensc}/lib/pkcs11/opensc-pkcs11.so
'';
installPhase = ''
install -D -t $out/bin host-linux/chrome-token-signing
# TODO: wire these up
install -D -t $out/etc/chromium/native-messaging-hosts host-linux/ee.ria.esteid.json
install -D -t $out/lib/mozilla/native-messaging-hosts host-linux/ff/ee.ria.esteid.json
'';
meta = with lib; {
description = "Chrome and Firefox extension for signing with your eID on the web";
homepage = "https://github.com/open-eid/chrome-token-signing/wiki";
license = licenses.lgpl21;
maintainers = [ maintainers.mmahut ];
platforms = platforms.linux;
};
}

43
pkgs/tools/security/clamav/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, stdenv, fetchurl, pkg-config, cmake
, zlib, bzip2, libiconv, libxml2, openssl, ncurses, curl, libmilter, pcre2
, libmspack, systemd, Foundation, json_c, check
, rustc, rust-bindgen, rustfmt, cargo, python3
}:
stdenv.mkDerivation rec {
pname = "clamav";
version = "0.105.0";
src = fetchurl {
url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz";
sha256 = "sha256-JwIDpUxFgEnbVPzZNoP/Wy2xkVHzY8SOgs7O/d4rNdQ=";
};
patches = [
# Flaky test, remove this when https://github.com/Cisco-Talos/clamav/issues/343 is fixed
./remove-freshclam-test.patch
./sample-cofiguration-file-install-location.patch
];
enableParallelBuilding = true;
nativeBuildInputs = [ cmake pkg-config rustc rust-bindgen rustfmt cargo python3 ];
buildInputs = [
zlib bzip2 libxml2 openssl ncurses curl libiconv libmilter pcre2 libmspack json_c check
] ++ lib.optional stdenv.isLinux systemd
++ lib.optional stdenv.isDarwin Foundation;
cmakeFlags = [
"-DSYSTEMD_UNIT_DIR=${placeholder "out"}/lib/systemd"
"-DAPP_CONFIG_DIRECTORY=/etc/clamav"
];
doCheck = true;
meta = with lib; {
homepage = "https://www.clamav.net";
description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats";
license = licenses.gpl2;
maintainers = with maintainers; [ robberer qknight fpletz globin ];
platforms = platforms.unix;
};
}

20
pkgs/tools/security/clamav/remove-freshclam-test.patch Normal file
View file

@ -0,0 +1,20 @@
diff --git a/unit_tests/CMakeLists.txt b/unit_tests/CMakeLists.txt
index 1460357ba..1194abc9d 100644
--- a/unit_tests/CMakeLists.txt
+++ b/unit_tests/CMakeLists.txt
@@ -371,15 +371,6 @@ if(ENABLE_APP)
set_property(TEST clamd_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
endif()
- add_test(NAME freshclam COMMAND ${PythonTest_COMMAND};freshclam_test.py
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
- set_property(TEST freshclam PROPERTY ENVIRONMENT ${ENVIRONMENT})
- if(Valgrind_FOUND)
- add_test(NAME freshclam_valgrind COMMAND ${PythonTest_COMMAND};freshclam_test.py
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
- set_property(TEST freshclam_valgrind PROPERTY ENVIRONMENT ${ENVIRONMENT} VALGRIND=${Valgrind_EXECUTABLE})
- endif()
-
add_test(NAME sigtool COMMAND ${PythonTest_COMMAND};sigtool_test.py
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
set_property(TEST sigtool PROPERTY ENVIRONMENT ${ENVIRONMENT})

29
pkgs/tools/security/clamav/sample-cofiguration-file-install-location.patch Normal file
View file

@ -0,0 +1,29 @@
diff --git a/etc/CMakeLists.txt b/etc/CMakeLists.txt
index 826fff1..3cefc34 100644
--- a/etc/CMakeLists.txt
+++ b/etc/CMakeLists.txt
@@ -6,14 +6,14 @@ install(
FILES
${CMAKE_CURRENT_SOURCE_DIR}/clamd.conf.sample
DESTINATION
- ${APP_CONFIG_DIRECTORY}
+ ${CMAKE_INSTALL_PREFIX}/${APP_CONFIG_DIRECTORY}
COMPONENT programs)
install(
FILES
${CMAKE_CURRENT_SOURCE_DIR}/freshclam.conf.sample
DESTINATION
- ${APP_CONFIG_DIRECTORY}
+ ${CMAKE_INSTALL_PREFIX}/${APP_CONFIG_DIRECTORY}
COMPONENT programs)
if(ENABLE_MILTER)
@@ -21,6 +21,6 @@ if(ENABLE_MILTER)
FILES
${CMAKE_CURRENT_SOURCE_DIR}/clamav-milter.conf.sample
DESTINATION
- ${APP_CONFIG_DIRECTORY}
+ ${CMAKE_INSTALL_PREFIX}/${APP_CONFIG_DIRECTORY}
COMPONENT programs)
endif()

41
pkgs/tools/security/clevis/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib, stdenv, fetchFromGitHub, meson, ninja, pkg-config, asciidoc
, makeWrapper, jansson, jose, cryptsetup, curl, libpwquality, luksmeta
, coreutils, tpm2-tools
}:
stdenv.mkDerivation rec {
pname = "clevis";
version = "18";
src = fetchFromGitHub {
owner = "latchset";
repo = pname;
rev = "v${version}";
sha256 = "sha256-m1UhyjD5ydSgCTBu6sECLlxFx0rnQxFnBA7frbdUqU8=";
};
postPatch = ''
for f in $(find src/ -type f); do
grep -q "/bin/cat" "$f" && substituteInPlace "$f" \
--replace '/bin/cat' '${coreutils}/bin/cat' || true
done
'';
postInstall = ''
# We wrap the main clevis binary entrypoint but not the sub-binaries.
wrapProgram $out/bin/clevis \
--prefix PATH ':' "${tpm2-tools}/bin:${jose}/bin:${placeholder "out"}/bin"
'';
nativeBuildInputs = [ meson ninja pkg-config asciidoc makeWrapper ];
buildInputs = [ jansson jose cryptsetup curl libpwquality luksmeta tpm2-tools ];
outputs = [ "out" "man" ];
meta = {
description = "Automated Encryption Framework";
homepage = "https://github.com/latchset/clevis";
maintainers = with lib.maintainers; [ fpletz ];
license = lib.licenses.gpl3Plus;
};
}

48
pkgs/tools/security/cliam/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ lib
, buildGoModule
, fetchFromGitHub
, installShellFiles
}:
buildGoModule rec {
pname = "cliam";
version = "1.0.0";
src = fetchFromGitHub {
owner = "securisec";
repo = pname;
rev = version;
hash = "sha256-bq7u6pknokyY4WwO1qMYPuY86UZlDgeYEa1AJpk8d+4=";
};
vendorSha256 = "sha256-aGBA97EvIUv9myqcrtltiVxh1/0VtrQy2j9GU6r197g=";
nativeBuildInputs = [
installShellFiles
];
ldflags = [
"-s"
"-w"
"-X github.com/securisec/cliam/cli/version.Version=${version}"
];
postBuild = ''
# should be called cliam
mv $GOPATH/bin/{cli,cliam}
'';
postInstall = ''
installShellCompletion --cmd cliam \
--bash <($out/bin/cliam completion bash) \
--fish <($out/bin/cliam completion fish) \
--zsh <($out/bin/cliam completion zsh)
'';
meta = with lib; {
description = "Cloud agnostic IAM permissions enumerator";
homepage = "https://github.com/securisec/cliam";
license = licenses.gpl3Only;
maintainers = with maintainers; [ fab ];
};
}

30
pkgs/tools/security/cloudbrute/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ buildGoModule
, fetchFromGitHub
, lib
}:
buildGoModule rec {
pname = "cloudbrute";
version = "1.0.7";
src = fetchFromGitHub {
owner = "0xsha";
repo = "CloudBrute";
rev = "v${version}";
sha256 = "05b9klddk8wvi78j47jyg9pix6qpxyr01l1m7k1j7598siazfv9g";
};
vendorSha256 = "0f3n0wrmg9d2qyn8hlnhf9lsfqd9443myzr04p48v68m8n83j6a9";
meta = with lib; {
description = "Cloud enumeration tool";
longDescription = ''
A tool to find a company (target) infrastructure, files, and apps on
the top cloud providers (Amazon, Google, Microsoft, DigitalOcean,
Alibaba, Vultr, Linode).
'';
homepage = "https://github.com/0xsha/CloudBrute";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

25
pkgs/tools/security/cloudlist/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "cloudlist";
version = "1.0.0";
src = fetchFromGitHub {
owner = "projectdiscovery";
repo = pname;
rev = "v${version}";
sha256 = "sha256-o5xJwbdYeFF3jWTy/zvswB9dFp/fxtgZB5a+c7cc2OQ=";
};
vendorSha256 = "sha256-rzbf/au2qrdoBowsw7DbeCcBbF42bqJDnuKC1sSFxho=";
meta = with lib; {
description = "Tool for listing assets from multiple cloud providers";
homepage = "https://github.com/projectdiscovery/cloudlist";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
}

69
pkgs/tools/security/cosign/default.nix Normal file
View file

@ -0,0 +1,69 @@
{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, installShellFiles, PCSC, pivKeySupport ? true, pkcs11Support ? true }:
buildGoModule rec {
pname = "cosign";
version = "1.9.0";
src = fetchFromGitHub {
owner = "sigstore";
repo = pname;
rev = "v${version}";
sha256 = "sha256-l+jM0GCjaqbaoIcjUgnIZJqSGIsirWMwJWPrilBdps8=";
};
buildInputs = lib.optional (stdenv.isLinux && pivKeySupport) (lib.getDev pcsclite)
++ lib.optionals (stdenv.isDarwin && pivKeySupport) [ PCSC ];
nativeBuildInputs = [ pkg-config installShellFiles ];
vendorSha256 = "sha256-mZeCQOnAVZrJmi9F+y7QPPXXl48f7HAjJCmri01hYew=";
subPackages = [
"cmd/cosign"
"cmd/cosign/webhook"
"cmd/sget"
];
tags = [] ++ lib.optionals pivKeySupport [ "pivkey" ] ++ lib.optionals pkcs11Support [ "pkcs11key" ];
ldflags = [
"-s"
"-w"
"-X sigs.k8s.io/release-utils/version.gitVersion=v${version}"
"-X sigs.k8s.io/release-utils/version.gitTreeState=clean"
];
postBuild = ''
# cmd/cosign/webhook should be called cosigned
mv $GOPATH/bin/{webhook,cosigned}
'';
preCheck = ''
# test all paths
unset subPackages
rm cmd/cosign/cli/fulcio/fulcioroots/fulcioroots_test.go # Require network access
rm pkg/cosign/kubernetes/webhook/validator_test.go # Require network access
rm pkg/cosign/tlog_test.go # Require network access
rm pkg/cosign/tuf/client_test.go # Require network access
'';
postInstall = ''
installShellCompletion --cmd cosign \
--bash <($out/bin/cosign completion bash) \
--fish <($out/bin/cosign completion fish) \
--zsh <($out/bin/cosign completion zsh)
installShellCompletion --cmd sget \
--bash <($out/bin/sget completion bash) \
--fish <($out/bin/sget completion fish) \
--zsh <($out/bin/sget completion zsh)
'';
meta = with lib; {
homepage = "https://github.com/sigstore/cosign";
changelog = "https://github.com/sigstore/cosign/releases/tag/v${version}";
description = "Container Signing CLI with support for ephemeral keys and Sigstore signing";
license = licenses.asl20;
maintainers = with maintainers; [ lesuisse jk ];
};
}

48
pkgs/tools/security/cowpatty/default.nix Normal file
View file

@ -0,0 +1,48 @@
{ lib
, stdenv
, clang
, fetchFromGitHub
, installShellFiles
, openssl
, libpcap
}:
stdenv.mkDerivation rec {
pname = "cowpatty";
version = "4.8";
src = fetchFromGitHub {
owner = "joswr1ght";
repo = pname;
rev = version;
sha256 = "0fvwwghhd7wsx0lw2dj9rdsjnirawnq3c6silzvhi0yfnzn5fs0s";
};
nativeBuildInputs = [
clang
installShellFiles
];
buildInputs = [
openssl
libpcap
];
makeFlags = [
"DESTDIR=$(out)"
"BINDIR=/bin"
];
postInstall = ''
installManPage cowpatty.1
installManPage genpmk.1
'';
meta = with lib; {
description = "Offline dictionary attack against WPA/WPA2 networks";
homepage = "https://github.com/joswr1ght/cowpatty";
license = licenses.bsd3;
maintainers = with maintainers; [ nico202 fab ];
platforms = platforms.linux;
};
}

43
pkgs/tools/security/crackxls/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ lib, stdenv, fetchFromGitHub, fetchpatch, pkg-config, autoconf, automake, openssl, libgsf, gmp }:
stdenv.mkDerivation rec {
pname = "crackxls";
version = "0.4";
src = fetchFromGitHub {
owner = "GavinSmith0123";
repo = "crackxls2003";
rev = "v${version}";
sha256 = "0q5jl7hcds3f0rhly3iy4fhhbyh9cdrfaw7zdrazzf1wswwhyssz";
};
patches = [
# Pull patch pending upstream inclusion for -fno-common support:
# https://github.com/GavinSmith0123/crackxls2003/pull/3
(fetchpatch {
name = "fno-common.patch";
url = "https://github.com/GavinSmith0123/crackxls2003/commit/613d6c1844f76c7b67671aaa265375fed56c2a56.patch";
sha256 = "1pk67x67d9wji576mc57z5bzqlf9ygvn9m1z47w12mad7qmj9h1n";
})
];
nativeBuildInputs = [ pkg-config autoconf automake ];
buildInputs = [ openssl libgsf gmp ];
# Avoid "-O5 -march=native"
makeFlags = [ "OPTIM_FLAGS=" ];
installPhase =
''
mkdir -p $out/bin
cp crackxls2003 $out/bin/
'';
meta = with lib; {
homepage = "https://github.com/GavinSmith0123/crackxls2003/";
description = "Used to break the encryption on old Microsoft Excel and Microsoft Word files";
platforms = platforms.linux;
license = licenses.gpl3;
};
}

25
pkgs/tools/security/credential-detector/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "credential-detector";
version = "1.7.0";
src = fetchFromGitHub {
owner = "ynori7";
repo = pname;
rev = "v${version}";
sha256 = "1g5ja32rsf1b7y9gvmy29qz2ymyyvgh53wzd6vvknfla1df0slab";
};
vendorSha256 = "1mn3sysvdz4b94804gns1yssk2q08djq3kq3cd1h7gm942zwrnq4";
meta = with lib; {
description = "Tool to detect potentially hard-coded credentials";
homepage = "https://github.com/ynori7/credential-detector";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
}

52
pkgs/tools/security/credslayer/default.nix Normal file
View file

@ -0,0 +1,52 @@
{ lib
, fetchFromGitHub
, python3
, wireshark-cli
}:
python3.pkgs.buildPythonApplication rec {
pname = "credslayer";
version = "0.1.2";
src = fetchFromGitHub {
owner = "ShellCode33";
repo = "CredSLayer";
rev = "v${version}";
sha256 = "1rbfy0h9c2gra1r2b39kngj3m7g177nmzzs5xy9np8lxixrh17pc";
};
propagatedBuildInputs = with python3.pkgs; [
pyshark
];
checkInputs = with python3.pkgs; [
wireshark-cli
pytestCheckHook
];
pytestFlagsArray = [ "tests/tests.py" ];
disabledTests = [
# Requires a telnet setup
"test_telnet"
# stdout has all the correct data, but the underlying test code fails
# functionally everything seems to be intact
"http_get_auth"
"test_http_post_auth"
"test_ntlmssp"
];
pythonImportsCheck = [ "credslayer" ];
postInstall = ''
wrapProgram $out/bin/credslayer \
--prefix PATH : "${lib.makeBinPath [ wireshark-cli ]}"
'';
meta = with lib; {
description = "Extract credentials and other useful info from network captures";
homepage = "https://github.com/ShellCode33/CredSLayer";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
};
}

27
pkgs/tools/security/crlfuzz/default.nix Normal file
View file

@ -0,0 +1,27 @@
{ buildGoModule
, fetchFromGitHub
, lib
}:
buildGoModule rec {
pname = "crlfuzz";
version = "1.4.1";
src = fetchFromGitHub {
owner = "dwisiswant0";
repo = pname;
rev = "v${version}";
sha256 = "sha256-rqhdxOQmZCRtq+IZygKLleb5GoKP2akyEc3rbGcnZmw=";
};
vendorSha256 = "sha256-yLtISEJWIKqCuZtQxReu/Vykw5etqgLpuXqOdtwBkqU=";
doCheck = true;
meta = with lib; {
description = "Tool to scan for CRLF vulnerability";
homepage = "https://github.com/dwisiswant0/crlfuzz";
license = with licenses; [ mit ];
maintainers = with maintainers; [ fab ];
};
}

42
pkgs/tools/security/crowbar/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ fetchFromGitHub
, freerdp
, nmap
, openvpn
, python3Packages
, lib
, tigervnc
}:
python3Packages.buildPythonApplication rec {
pname = "crowbar";
version = "unstable-2020-04-23";
src = fetchFromGitHub {
owner = "galkan";
repo = pname;
rev = "500d633ff5ddfcbc70eb6d0b4d2181e5b8d3c535";
sha256 = "05m9vywr9976pc7il0ak8nl26mklzxlcqx0p8rlfyx1q766myqzf";
};
propagatedBuildInputs = [ python3Packages.paramiko ];
patchPhase = ''
sed -i 's,/usr/bin/xfreerdp,${freerdp}/bin/xfreerdp,g' lib/main.py
sed -i 's,/usr/bin/vncviewer,${tigervnc}/bin/vncviewer,g' lib/main.py
sed -i 's,/usr/sbin/openvpn,${openvpn}/bin/openvpn,g' lib/main.py
sed -i 's,/usr/bin/nmap,${nmap}/bin/nmap,g' lib/nmap.py
'';
# Sanity check
checkPhase = ''
$out/bin/crowbar --help > /dev/null
'';
meta = with lib; {
homepage = "https://github.com/galkan/crowbar";
description = "A brute forcing tool that can be used during penetration tests";
license = licenses.mit;
maintainers = with maintainers; [ pamplemousse ];
};
}

30
pkgs/tools/security/crunch/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ lib, stdenv, fetchurl, which }:
stdenv.mkDerivation rec {
pname = "crunch";
version = "3.6";
src = fetchurl {
url = "mirror://sourceforge/crunch-wordlist/${pname}-${version}.tgz";
sha256 = "0mgy6ghjvzr26yrhj1bn73qzw6v9qsniskc5wqq1kk0hfhy6r3va";
};
buildInputs = [ which ];
preBuild = ''
substituteInPlace Makefile \
--replace '-g root -o root' "" \
--replace '-g wheel -o root' "" \
--replace 'sudo ' ""
'';
makeFlags = [ "PREFIX=$(out)" ];
meta = with lib; {
description = "Wordlist generator";
homepage = "https://sourceforge.net/projects/crunch-wordlist/";
platforms = platforms.unix;
license = with licenses; [ gpl2Only ];
maintainers = with maintainers; [ lnl7 ];
};
}

121
pkgs/tools/security/cryptomator/default.nix Normal file
View file

@ -0,0 +1,121 @@
{ lib, stdenv, fetchFromGitHub
, autoPatchelfHook
, fuse, jffi
, maven, jdk, jre, makeShellWrapper, glib, wrapGAppsHook
}:
let
pname = "cryptomator";
version = "1.6.10";
src = fetchFromGitHub {
owner = "cryptomator";
repo = "cryptomator";
rev = version;
sha256 = "sha256-klNkMCgXC0gGqNV7S5EObHYCcgN4SayeNHXF9bq+20s=";
};
# perform fake build to make a fixed-output derivation out of the files downloaded from maven central (120MB)
deps = stdenv.mkDerivation {
name = "cryptomator-${version}-deps";
inherit src;
nativeBuildInputs = [ jdk maven ];
buildInputs = [ jre ];
buildPhase = ''
while mvn -Plinux package -Dmaven.test.skip=true -Dmaven.repo.local=$out/.m2 -Dmaven.wagon.rto=5000; [ $? = 1 ]; do
echo "timeout, restart maven to continue downloading"
done
'';
# keep only *.{pom,jar,sha1,nbm} and delete all ephemeral files with lastModified timestamps inside
installPhase = ''
find $out/.m2 -type f -regex '.+\(\.lastUpdated\|resolver-status\.properties\|_remote\.repositories\)' -delete
find $out/.m2 -type f -iname '*.pom' -exec sed -i -e 's/\r\+$//' {} \;
'';
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "sha256-biQBP0rV94+Hoqte36Xmzm1XWtWC+1ne5lgpUj0GPak=";
doCheck = false;
};
in stdenv.mkDerivation rec {
inherit pname version src;
buildPhase = ''
VERSION=${version}
SEMVER_STR=${version}
mvn -Plinux package --offline -Dmaven.test.skip=true -Dmaven.repo.local=$(cp -dpR ${deps}/.m2 ./ && chmod +w -R .m2 && pwd)/.m2
'';
# This is based on the instructins in https://github.com/cryptomator/cryptomator/blob/develop/dist/linux/appimage/build.sh
installPhase = ''
mkdir -p $out/bin/ $out/share/cryptomator/libs/ $out/share/cryptomator/mods/
cp target/libs/* $out/share/cryptomator/libs/
cp target/mods/* target/cryptomator-*.jar $out/share/cryptomator/mods/
# The bundeled jffi.so dosn't work on nixos and causes a segmentation fault
# we thus replace it with a version build by nixos
rm $out/share/cryptomator/libs/jff*.jar
cp -f ${jffi}/share/java/jffi-complete.jar $out/share/cryptomator/libs/
makeShellWrapper ${jre}/bin/java $out/bin/cryptomator \
--add-flags "--class-path '$out/share/cryptomator/libs/*'" \
--add-flags "--module-path '$out/share/cryptomator/mods'" \
--add-flags "-Dcryptomator.logDir='~/.local/share/Cryptomator/logs'" \
--add-flags "-Dcryptomator.pluginDir='~/.local/share/Cryptomator/plugins'" \
--add-flags "-Dcryptomator.settingsPath='~/.config/Cryptomator/settings.json'" \
--add-flags "-Dcryptomator.ipcSocketPath='~/.config/Cryptomator/ipc.socket'" \
--add-flags "-Dcryptomator.mountPointsDir='~/.local/share/Cryptomator/mnt'" \
--add-flags "-Dcryptomator.showTrayIcon=false" \
--add-flags "-Dcryptomator.buildNumber='nix'" \
--add-flags "-Dcryptomator.appVersion='${version}'" \
--add-flags "-Djdk.gtk.version=3" \
--add-flags "-Xss20m" \
--add-flags "-Xmx512m" \
--add-flags "-Djavafx.embed.singleThread=true " \
--add-flags "-Dawt.useSystemAAFontSettings=on" \
--add-flags "--module org.cryptomator.desktop/org.cryptomator.launcher.Cryptomator" \
--prefix PATH : "$out/share/cryptomator/libs/:${lib.makeBinPath [ jre glib ]}" \
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ fuse ]}" \
--set JAVA_HOME "${jre.home}"
# install desktop entry and icons
cp -r ${src}/dist/linux/appimage/resources/AppDir/usr/* $out/
# The directory is read only when copied, enable read to install additional files
chmod +w -R $out/
cp ${src}/dist/linux/common/org.cryptomator.Cryptomator256.png $out/share/icons/hicolor/256x256/apps/org.cryptomator.Cryptomator.png
cp ${src}/dist/linux/common/org.cryptomator.Cryptomator512.png $out/share/icons/hicolor/512x512/apps/org.cryptomator.Cryptomator.png
cp ${src}/dist/linux/common/org.cryptomator.Cryptomator.svg $out/share/icons/hicolor/scalable/apps/org.cryptomator.Cryptomator.svg
cp ${src}/dist/linux/common/org.cryptomator.Cryptomator.desktop $out/share/applications/org.cryptomator.Cryptomator.desktop
cp ${src}/dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml $out/share/metainfo/org.cryptomator.Cryptomator.metainfo.xml
cp ${src}/dist/linux/common/application-vnd.cryptomator.vault.xml $out/share/mime/packages/application-vnd.cryptomator.vault.xml
'';
nativeBuildInputs = [
autoPatchelfHook
maven
makeShellWrapper
wrapGAppsHook
jdk
];
buildInputs = [ fuse jre glib jffi ];
meta = with lib; {
description = "Free client-side encryption for your cloud files";
homepage = "https://cryptomator.org";
sourceProvenance = with sourceTypes; [
fromSource
binaryBytecode # deps
];
license = licenses.gpl3Plus;
maintainers = with maintainers; [ bachp ];
platforms = platforms.linux;
};
}

21
pkgs/tools/security/ctmg/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ lib, stdenv, fetchzip }:
stdenv.mkDerivation rec {
pname = "ctmg";
version = "1.2";
src = fetchzip {
url = "https://git.zx2c4.com/ctmg/snapshot/ctmg-${version}.tar.xz";
sha256 = "1i4v8sriwjrmj3yizbl1ysckb711yl9qsn9x45jq0ij1apsydhyc";
};
installPhase = "install -D ctmg.sh $out/bin/ctmg";
meta = with lib; {
description = "An encrypted container manager for Linux using cryptsetup";
homepage = "https://git.zx2c4.com/ctmg/about/";
license = licenses.isc;
maintainers = with maintainers; [ mrVanDalo ];
platforms = platforms.linux;
};
}

84
pkgs/tools/security/cve-bin-tool/default.nix Normal file
View file

@ -0,0 +1,84 @@
{ lib
, buildPythonApplication
, fetchFromGitHub
, jsonschema
, plotly
, pytest
, pytest-xdist
, pytest-cov
, pytest-asyncio
, beautifulsoup4
, pyyaml
, isort
, py
, jinja2
, rpmfile
, reportlab
, zstandard
, rich
, aiohttp
, toml
, distro
# aiohttp[speedups]
, aiodns
, brotlipy
, cchardet
, pillow
, pytestCheckHook
}:
buildPythonApplication rec {
pname = "cve-bin-tool";
version = "3.0";
src = fetchFromGitHub {
owner = "intel";
repo = "cve-bin-tool";
rev = "v${version}";
sha256 = "1fmdnlhi03fdr4d4n7ydf6m0gx0cl77n3db8ldbs3m9zryblhzpr";
};
# Wants to open a sqlite database, access the internet, etc
doCheck = false;
propagatedBuildInputs = [
jsonschema
plotly
pytest
pytest-xdist
pytest-cov
pytest-asyncio
beautifulsoup4
pyyaml
isort
py
jinja2
rpmfile
reportlab
zstandard
rich
aiohttp
toml
distro
# aiohttp[speedups]
aiodns
brotlipy
cchardet
# needed by brotlipy
pillow
];
checkInputs = [
pytestCheckHook
];
pythonImportsCheck = [
"cve_bin_tool"
];
meta = with lib; {
description = "CVE Binary Checker Tool";
homepage = "https://github.com/intel/cve-bin-tool";
license = licenses.gpl3Only;
maintainers = teams.determinatesystems.members;
};
}

25
pkgs/tools/security/dalfox/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "dalfox";
version = "2.7.5";
src = fetchFromGitHub {
owner = "hahwul";
repo = pname;
rev = "v${version}";
sha256 = "sha256-MCKXhDhpFLZTf0CYS3W4+4FykTuBu7q3Dy+R7RNp11s=";
};
vendorSha256 = "sha256-GW2DgfHEKKWBfW5A7DYqhV2jP3FLDjzpYOMWSTNCN0Q=";
meta = with lib; {
description = "Tool for analysing parameter and XSS scanning";
homepage = "https://github.com/hahwul/dalfox";
license = licenses.mit;
maintainers = with maintainers; [ fab ];
};
}

30
pkgs/tools/security/deepsea/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ buildGoModule
, fetchFromGitHub
, lib
}:
buildGoModule rec {
pname = "deepsea";
version = "0.9";
src = fetchFromGitHub {
owner = "dsnezhkov";
repo = pname;
rev = "v${version}";
sha256 = "02s03sha8vwp7dsaw3z446pskhb6wmy0hyj0mhpbx58sf147rkig";
};
vendorSha256 = "0vpkzykfg1rq4qi1v5lsa0drpil9i6ccfw96k48ppi9hiwzpq94w";
meta = with lib; {
description = "Phishing tool for red teams and pentesters";
longDescription = ''
DeepSea phishing gear aims to help RTOs and pentesters with the
delivery of opsec-tight, flexible email phishing campaigns carried
out on the outside as well as on the inside of a perimeter.
'';
homepage = "https://github.com/dsnezhkov/deepsea";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ fab ];
};
}

37
pkgs/tools/security/dieharder/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ lib, stdenv, fetchurl, gsl
, dieharder, testers }:
stdenv.mkDerivation rec {
pname = "dieharder";
version = "3.31.1";
src = fetchurl {
url = "http://webhome.phy.duke.edu/~rgb/General/dieharder/dieharder-${version}.tgz";
hash = "sha256-bP8P+DlMVTVJrHQzNZzPyVX7JnlCYDFGIN+l5M1Lcn8=";
};
patches = [
# Include missing stdint.h header
./stdint.patch
];
# Workaround build failure on -fno-common toolchains:
# ld: include/dieharder/parse.h:21: multiple definition of `splitbuf';
# include/dieharder/parse.h:21: first defined here
NIX_CFLAGS_COMPILE = "-fcommon";
buildInputs = [ gsl ];
passthru = {
tests.version = testers.testVersion { package = dieharder; };
};
meta = with lib; {
broken = stdenv.isDarwin;
description = "A Random Number Generator test suite";
homepage = "https://webhome.phy.duke.edu/~rgb/General/dieharder.php";
license = licenses.gpl2Plus;
maintainers = with maintainers; [ zhaofengli ];
platforms = platforms.unix;
};
}

10
pkgs/tools/security/dieharder/stdint.patch Normal file
View file

@ -0,0 +1,10 @@
--- a/include/dieharder/libdieharder.h 2011-10-14 15:41:37.000000000 +0200
+++ b/include/dieharder/libdieharder.h 2015-03-27 16:34:40.978860858 +0100
@@ -13,6 +13,7 @@
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
+#include <stdint.h>
#include <sys/time.h>
/* This turns on uint macro in c99 */

25
pkgs/tools/security/dismap/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib
, buildGoModule
, fetchFromGitHub
}:
buildGoModule rec {
pname = "dismap";
version = "0.3";
src = fetchFromGitHub {
owner = "zhzyker";
repo = pname;
rev = "v${version}";
sha256 = "sha256-WaQdDcBvv4mHdPFAB+spC64YeT3jlfyMYNsTjBILjwA=";
};
vendorSha256 = "sha256-GnchyE2TswvjYlehhMYesZruTTwyTorfR+17K0RXXFY=";
meta = with lib; {
description = "Asset discovery and identification tools";
homepage = "https://github.com/zhzyker/dismap";
license = with licenses; [ gpl3Only ];
maintainers = with maintainers; [ fab ];
};
}

31
pkgs/tools/security/dnsenum/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib, stdenv, fetchFromGitHub, makeWrapper, perl, perlPackages }:
stdenv.mkDerivation rec {
pname = "dnsenum";
version = "1.2.4.2";
src = fetchFromGitHub {
owner = "fwaeytens";
repo = pname;
rev = version;
sha256 = "1bg1ljv6klic13wq4r53bg6inhc74kqwm3w210865b1v1n8wj60v";
};
propagatedBuildInputs = with perlPackages; [
perl NetDNS NetIP NetNetmask StringRandom XMLWriter NetWhoisIP WWWMechanize
];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
install -vD dnsenum.pl $out/bin/dnsenum
install -vD dns.txt -t $out/share
'';
meta = with lib; {
homepage = "https://github.com/fwaeytens/dnsenum";
description = "A tool to enumerate DNS information";
maintainers = with maintainers; [ c0bw3b ];
license = licenses.gpl2Plus;
platforms = platforms.all;
};
}

25
pkgs/tools/security/dnspeep/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ lib, rustPlatform, fetchFromGitHub, libpcap }:
rustPlatform.buildRustPackage rec {
pname = "dnspeep";
version = "0.1.3";
src = fetchFromGitHub {
owner = "jvns";
repo = pname;
rev = "v${version}";
sha256 = "sha256-QpUbHiMDQFRCTVyjrO9lfQQ62Z3qanv0j+8eEXjE3n4=";
};
cargoSha256 = "sha256-w81FewtyweuSNYNPNr2uxB0uB1JoN5t252CAG1pm4Z8=";
LIBPCAP_LIBDIR = lib.makeLibraryPath [ libpcap ];
LIBPCAP_VER = libpcap.version;
meta = with lib; {
description = "Spy on the DNS queries your computer is making";
homepage = "https://github.com/jvns/dnspeep";
license = licenses.mit;
maintainers = with maintainers; [ figsoda ];
};
}

47
pkgs/tools/security/dnsrecon/default.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib
, fetchFromGitHub
, python3
}:
python3.pkgs.buildPythonApplication rec {
pname = "dnsrecon";
version = "1.0.0";
format = "other";
src = fetchFromGitHub {
owner = "darkoperator";
repo = pname;
rev = version;
sha256 = "sha256-VRO5ugr/+iZh+hh3tVs/JNAr7GXao/HK43O3FlkbcSM=";
};
propagatedBuildInputs = with python3.pkgs; [
dnspython
netaddr
lxml
];
postPatch = ''
substituteInPlace dnsrecon.py \
--replace "namelist.txt" "../share/namelist.txt"
'';
installPhase = ''
runHook preInstall
install -vD dnsrecon.py $out/bin/dnsrecon
install -vD namelist.txt subdomains-*.txt -t $out/share
install -vd $out/${python3.sitePackages}/
cp -R lib tools msf_plugin $out/${python3.sitePackages}
runHook postInstall
'';
meta = with lib; {
description = "DNS Enumeration script";
homepage = "https://github.com/darkoperator/dnsrecon";
license = licenses.gpl2Only;
maintainers = with maintainers; [ c0bw3b fab ];
};
}

Some files were not shown because too many files have changed in this diff Show more