diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
52 files changed, 810 insertions, 298 deletions
diff --git a/nixpkgs/pkgs/tools/security/badtouch/default.nix b/nixpkgs/pkgs/tools/security/badtouch/default.nix new file mode 100644 index 000000000000..ea74bbb4fc35 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/badtouch/default.nix @@ -0,0 +1,50 @@ +{ lib +, stdenv +, fetchFromGitHub +, installShellFiles +, libcap +, openssl +, pkg-config +, rustPlatform +, Security +, zlib +}: + +rustPlatform.buildRustPackage rec { + pname = "badtouch"; + version = "0.7.3"; + + src = fetchFromGitHub { + owner = "kpcyrd"; + repo = pname; + rev = "v${version}"; + sha256 = "05dzwx9y8zh0y9zd4mibp02255qphc6iqy916fkm3ahaw0rg84h3"; + }; + + cargoSha256 = "0mmglgz037dk3g7qagf1dyss5hvvsdy0m5m1h6c3rk5bp5kjzg87"; + + nativeBuildInputs = [ + installShellFiles + pkg-config + ]; + + buildInputs = [ + libcap + zlib + openssl + ] ++ lib.optional stdenv.isDarwin Security; + + postInstall = '' + installManPage docs/${pname}.1 + ''; + + # Tests requires access to httpin.org + doCheck = false; + + meta = with lib; { + description = "Scriptable network authentication cracker"; + homepage = "https://github.com/kpcyrd/badtouch"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/bettercap/default.nix b/nixpkgs/pkgs/tools/security/bettercap/default.nix index 1383de79feb5..e50de9fcfcda 100644 --- a/nixpkgs/pkgs/tools/security/bettercap/default.nix +++ b/nixpkgs/pkgs/tools/security/bettercap/default.nix @@ -10,16 +10,16 @@ buildGoModule rec { pname = "bettercap"; - version = "2.30.2"; + version = "2.31.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-5CAWMW0u/8BUn/8JJBApyHGH+/Tz8hzAmSChoT2gFr8="; + sha256 = "sha256-PmS4ox1ZaHrBGJAdNByott61rEvfmR1ZJ12ut0MGtrc="; }; - vendorSha256 = "sha256-fApxHxdzEEc+M+U5f0271VgrkXTGkUD75BpDXpVYd5k="; + vendorSha256 = "sha256-3j64Z4BQhAbUtoHJ6IT1SCsKxSeYZRxSO3K2Nx9Vv4w="; doCheck = false; @@ -30,10 +30,12 @@ buildGoModule rec { meta = with lib; { description = "A man in the middle tool"; longDescription = '' - BetterCAP is a powerful, flexible and portable tool created to perform various types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic in realtime, sniff for credentials and much more. + BetterCAP is a powerful, flexible and portable tool created to perform various + types of MITM attacks against a network, manipulate HTTP, HTTPS and TCP traffic + in realtime, sniff for credentials and much more. ''; homepage = "https://www.bettercap.org/"; - license = with licenses; gpl3; + license = with licenses; [ gpl3Only ]; maintainers = with maintainers; [ y0no ]; }; } diff --git a/nixpkgs/pkgs/tools/security/chipsec/compile-ko.diff b/nixpkgs/pkgs/tools/security/chipsec/compile-ko.diff new file mode 100644 index 000000000000..0ab2c80a6251 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chipsec/compile-ko.diff @@ -0,0 +1,13 @@ +diff --git i/setup.py w/setup.py +index cfe2665..5795874 100755 +--- i/setup.py ++++ w/setup.py +@@ -179,7 +179,7 @@ class build_ext(_build_ext): + driver_build_function = self._build_win_driver + self._build_win_compression() + +- if not self.skip_driver: ++ if True: + driver_build_function() + + def get_source_files(self): diff --git a/nixpkgs/pkgs/tools/security/chipsec/default.nix b/nixpkgs/pkgs/tools/security/chipsec/default.nix index 7e00c0b07cf7..fbb9c421e353 100644 --- a/nixpkgs/pkgs/tools/security/chipsec/default.nix +++ b/nixpkgs/pkgs/tools/security/chipsec/default.nix @@ -1,29 +1,54 @@ -{ stdenv, lib, fetchFromGitHub, python2Packages, nasm, libelf -, kernel ? null, withDriver ? false }: -python2Packages.buildPythonApplication rec { +{ lib +, stdenv +, fetchFromGitHub +, kernel ? null +, libelf +, nasm +, python3 +, withDriver ? false +}: + +python3.pkgs.buildPythonApplication rec { pname = "chipsec"; - version = "1.5.1"; + version = "1.6.1"; + disabled = !stdenv.isLinux; src = fetchFromGitHub { owner = "chipsec"; repo = "chipsec"; rev = version; - sha256 = "1rxr9i08a22m15slvlkrhnki30jixi2ds096kmmc2nqzfr9yibmb"; + sha256 = "01sp24z63r3nqxx57zc4873b8i5dqipy7yrxzrwjns531vznhiy2"; }; - disabled = !stdenv.isLinux; + patches = lib.optionals withDriver [ ./ko-path.diff ./compile-ko.diff ]; + + KSRC = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; nativeBuildInputs = [ - nasm libelf + libelf + nasm ]; - setupPyBuildFlags = lib.optional (!withDriver) "--skip-driver"; + checkInputs = [ + python3.pkgs.distro + python3.pkgs.pytestCheckHook + ]; + + preBuild = lib.optionalString withDriver '' + export CHIPSEC_BUILD_LIB=$(mktemp -d) + mkdir -p $CHIPSEC_BUILD_LIB/chipsec/helper/linux + ''; + + preInstall = lib.optionalString withDriver '' + mkdir -p $out/${python3.pkgs.python.sitePackages}/drivers/linux + mv $CHIPSEC_BUILD_LIB/chipsec/helper/linux/chipsec.ko \ + $out/${python3.pkgs.python.sitePackages}/drivers/linux/chipsec.ko + ''; - checkPhase = "python setup.py build " - + lib.optionalString (!withDriver) "--skip-driver " - + "test"; + setupPyBuildFlags = [ "--build-lib=$CHIPSEC_BUILD_LIB" ] + ++ lib.optional (!withDriver) "--skip-driver"; - KERNEL_SRC_DIR = lib.optionalString withDriver "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + pythonImportsCheck = [ "chipsec" ]; meta = with lib; { description = "Platform Security Assessment Framework"; @@ -34,7 +59,7 @@ python2Packages.buildPythonApplication rec { interfaces, and forensic capabilities. It can be run on Windows, Linux, Mac OS X and UEFI shell. ''; - license = licenses.gpl2; + license = licenses.gpl2Only; homepage = "https://github.com/chipsec/chipsec"; maintainers = with maintainers; [ johnazoidberg ]; platforms = if withDriver then [ "x86_64-linux" ] else platforms.all; diff --git a/nixpkgs/pkgs/tools/security/chipsec/ko-path.diff b/nixpkgs/pkgs/tools/security/chipsec/ko-path.diff new file mode 100644 index 000000000000..ad26d232d964 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/chipsec/ko-path.diff @@ -0,0 +1,13 @@ +diff --git c/chipsec/helper/linux/linuxhelper.py i/chipsec/helper/linux/linuxhelper.py +index c51b5e6..4be05ea 100644 +--- c/chipsec/helper/linux/linuxhelper.py ++++ i/chipsec/helper/linux/linuxhelper.py +@@ -152,7 +152,7 @@ class LinuxHelper(Helper): + else: + a2 = "a2=0x{}".format(phys_mem_access_prot) + +- driver_path = os.path.join(chipsec.file.get_main_dir(), "chipsec", "helper", "linux", "chipsec.ko" ) ++ driver_path = os.path.join(chipsec.file.get_main_dir(), "drivers", "linux", "chipsec.ko" ) + if not os.path.exists(driver_path): + driver_path += ".xz" + if not os.path.exists(driver_path): diff --git a/nixpkgs/pkgs/tools/security/clamav/default.nix b/nixpkgs/pkgs/tools/security/clamav/default.nix index bad5f3f476e3..bbad0ab1f2f2 100644 --- a/nixpkgs/pkgs/tools/security/clamav/default.nix +++ b/nixpkgs/pkgs/tools/security/clamav/default.nix @@ -5,11 +5,11 @@ stdenv.mkDerivation rec { pname = "clamav"; - version = "0.103.1"; + version = "0.103.2"; src = fetchurl { url = "https://www.clamav.net/downloads/production/${pname}-${version}.tar.gz"; - sha256 = "sha256-cwjEe4myaK87nzYUBSiSekn/PmM6nJwKrCcS2BBW4lc="; + sha256 = "sha256-1LXQrGZiYuQjoyb7VHeMqnxpYk1sP5VCiV/rhHgnG9I="; }; # don't install sample config files into the absolute sysconfdir folder diff --git a/nixpkgs/pkgs/tools/security/clevis/default.nix b/nixpkgs/pkgs/tools/security/clevis/default.nix index 36b5ab47304c..7f26dcabb7db 100644 --- a/nixpkgs/pkgs/tools/security/clevis/default.nix +++ b/nixpkgs/pkgs/tools/security/clevis/default.nix @@ -4,13 +4,13 @@ stdenv.mkDerivation rec { pname = "clevis"; - version = "15"; + version = "16"; src = fetchFromGitHub { owner = "latchset"; repo = pname; rev = "v${version}"; - sha256 = "0wfgd2v1r47ckh5qp60b903191fx0fa27zyadxlsb8riqszhmwvz"; + sha256 = "sha256-DWrxk+Nb2ptF5nCaXYvRY8hAFa/n+6OGdKWO+Sq61yk="; }; nativeBuildInputs = [ meson ninja pkg-config asciidoc ]; diff --git a/nixpkgs/pkgs/tools/security/cosign/default.nix b/nixpkgs/pkgs/tools/security/cosign/default.nix index c0ef3b7400a9..eb33d7dbb5f1 100644 --- a/nixpkgs/pkgs/tools/security/cosign/default.nix +++ b/nixpkgs/pkgs/tools/security/cosign/default.nix @@ -1,25 +1,35 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ stdenv, lib, buildGoModule, fetchFromGitHub, pcsclite, pkg-config, PCSC }: buildGoModule rec { pname = "cosign"; - version = "0.2.0"; + version = "0.3.1"; src = fetchFromGitHub { owner = "sigstore"; repo = pname; rev = "v${version}"; - sha256 = "1zwb2q62ngb2zh1hasvq7r7pmrjlpgfhs5raibbhkxbk5kayvmii"; + sha256 = "1gfzard6bh78xxgjk14c9zmdplppkcjqxhvfazcbv8qppjl2pbbd"; }; - vendorSha256 = "0nwbjaps4z5fhiknbj9pybxb6kgwb1vf2qhy0mzpycprf04q6g0v"; + buildInputs = + lib.optional stdenv.isLinux (lib.getDev pcsclite) + ++ lib.optionals stdenv.isDarwin [ PCSC ]; + + nativeBuildInputs = [ pkg-config ]; + + vendorSha256 = "15163v484rv08rn439y38r9spyqn3lf4q4ly8xr18nnf4bs3h6y2"; subPackages = [ "cmd/cosign" ]; + preBuild = '' + buildFlagsArray+=("-ldflags" "-s -w -X github.com/sigstore/cosign/cmd/cosign/cli.gitVersion=v${version}") + ''; + meta = with lib; { homepage = "https://github.com/sigstore/cosign"; changelog = "https://github.com/sigstore/cosign/releases/tag/v${version}"; description = "Container Signing CLI with support for ephemeral keys and Sigstore signing"; license = licenses.asl20; - maintainers = with maintainers; [ lesuisse ]; + maintainers = with maintainers; [ lesuisse jk ]; }; } diff --git a/nixpkgs/pkgs/tools/security/cryptomator/default.nix b/nixpkgs/pkgs/tools/security/cryptomator/default.nix index c866a527768f..ec18a5ed10ce 100644 --- a/nixpkgs/pkgs/tools/security/cryptomator/default.nix +++ b/nixpkgs/pkgs/tools/security/cryptomator/default.nix @@ -6,20 +6,20 @@ let pname = "cryptomator"; - version = "1.5.13"; + version = "1.5.15"; src = fetchFromGitHub { owner = "cryptomator"; repo = "cryptomator"; rev = version; - sha256 = "1s9jl3nl6yfjzmilz9b8azk8592nd39xflzfdf38v6s4iiq86r8j"; + sha256 = "06n7wda7gfalvsg1rlcm51ss73nlbhh95z6zq18yvn040clkzkij"; }; icons = fetchFromGitHub { owner = "cryptomator"; repo = "cryptomator-linux"; rev = version; - sha256 = "1x6h6wp6yxnj576874xj3d2jm8jmb7918wprqvlz4sryxhlcssa7"; + sha256 = "1sqbx858zglv0xkpjya0cpbkxf2hkj1xvxhnir3176y2xyjv6aib"; }; # perform fake build to make a fixed-output derivation out of the files downloaded from maven central (120MB) @@ -44,7 +44,7 @@ let outputHashAlgo = "sha256"; outputHashMode = "recursive"; - outputHash = "06q8bqdz3c4i84wxl9z5861zwdsw8jzcvsbgxqrnh8rwi7500sa7"; + outputHash = "195ysv9l861y9d1lvmvi7wmk172ynlba9n233blpaigq88cjn208"; }; in stdenv.mkDerivation rec { @@ -75,7 +75,7 @@ in stdenv.mkDerivation rec { --set JAVA_HOME "${jre.home}" # install desktop entry and icons - cp -r ${icons}/resources/appimage/AppDir/usr $out/ + cp -r ${icons}/resources/appimage/AppDir/usr/* $out/ ''; nativeBuildInputs = [ autoPatchelfHook maven makeWrapper wrapGAppsHook jdk ]; diff --git a/nixpkgs/pkgs/tools/security/dnsx/default.nix b/nixpkgs/pkgs/tools/security/dnsx/default.nix index 35f033cb983f..b294bb6281be 100644 --- a/nixpkgs/pkgs/tools/security/dnsx/default.nix +++ b/nixpkgs/pkgs/tools/security/dnsx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "dnsx"; - version = "1.0.1"; + version = "1.0.3"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "dnsx"; rev = "v${version}"; - sha256 = "1pgq21pbnz2dm272zrhd455njj5vg4kywpd230acj675nlgir6y1"; + sha256 = "sha256-k71Pw6XdOFMUf7w7QAAxqQkmkCINl+3KApkIPRyAQLM="; }; - vendorSha256 = "0j2cqvskzxbyfrvsv4gm4qwfjm0digizcg157z5iignnknddajax"; + vendorSha256 = "sha256-YA0XZSXmpAcNEFutrBbQE8DN7v5hcva0fscemEMLewU="; meta = with lib; { description = "Fast and multi-purpose DNS toolkit"; diff --git a/nixpkgs/pkgs/tools/security/earlybird/default.nix b/nixpkgs/pkgs/tools/security/earlybird/default.nix new file mode 100644 index 000000000000..30916acda720 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/earlybird/default.nix @@ -0,0 +1,26 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: +buildGoModule { + pname = "earlybird"; + version = "1.25.0"; + + src = fetchFromGitHub { + owner = "americanexpress"; + repo = "earlybird"; + # According to the GitHub repo, the latest version *is* 1.25.0, but they + # tagged it as "refs/heads/main-2" + rev = "4f365f1c02972dc0a68a196a262912d9c4325b21"; + sha256 = "UZXHYBwBmb9J1HrE/htPZcKvZ+7mc+oXnUtzgBmBgN4="; + }; + + vendorSha256 = "oSHBR1EvK/1+cXqGNCE9tWn6Kd/BwNY3m5XrKCAijhA="; + + meta = with lib; { + description = "A sensitive data detection tool capable of scanning source code repositories for passwords, key files, and more"; + homepage = "https://github.com/americanexpress/earlybird"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/enpass/data.json b/nixpkgs/pkgs/tools/security/enpass/data.json index 7a52e260eb92..bb74f73fb757 100644 --- a/nixpkgs/pkgs/tools/security/enpass/data.json +++ b/nixpkgs/pkgs/tools/security/enpass/data.json @@ -1,8 +1,8 @@ { "amd64": { - "path": "pool/main/e/enpass/enpass_6.5.1.723_amd64.deb", - "sha256": "d9bb408fa2253ce44ab5396898f7db13291ce23ae58964f4a27ade38bd5067bf", - "version": "6.5.1.723" + "path": "pool/main/e/enpass/enpass_6.6.1.809_amd64.deb", + "sha256": "b1b9bd67653c3163bd80b340150ecf123552cbe4af23c350fbadea8ffd7939ba", + "version": "6.6.1.809" }, "i386": { "path": "pool/main/e/enpass/enpass_5.6.9_i386.deb", diff --git a/nixpkgs/pkgs/tools/security/ffuf/default.nix b/nixpkgs/pkgs/tools/security/ffuf/default.nix index 6af8b6fcba9e..9c8beeab3d90 100644 --- a/nixpkgs/pkgs/tools/security/ffuf/default.nix +++ b/nixpkgs/pkgs/tools/security/ffuf/default.nix @@ -1,25 +1,21 @@ -{ buildGoModule +{ lib +, buildGoModule , fetchFromGitHub -, lib }: buildGoModule rec { pname = "ffuf"; - version = "1.2.1"; + version = "1.3.0"; src = fetchFromGitHub { owner = pname; repo = pname; rev = "v${version}"; - sha256 = "sha256-XSdFLfSYDdKI7BYo9emYanvZeSFGxiNLYxuw5QKAyRc="; + sha256 = "sha256-0ckpEiXxen2E9IzrsmKoEKagoJ5maAbH1tHKgQjoCjo="; }; vendorSha256 = "sha256-szT08rIozAuliOmge5RFX4NeVrJ2pCVyfotrHuvc0UU="; - # tests don't pass due to an issue with the memory addresses - # https://github.com/ffuf/ffuf/issues/367 - doCheck = false; - meta = with lib; { description = "Fast web fuzzer written in Go"; longDescription = '' diff --git a/nixpkgs/pkgs/tools/security/flare-floss/default.nix b/nixpkgs/pkgs/tools/security/flare-floss/default.nix new file mode 100644 index 000000000000..954dd07d6ab8 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/flare-floss/default.nix @@ -0,0 +1,46 @@ +{ lib +, python2 +, fetchFromGitHub +}: +python2.pkgs.buildPythonPackage rec { + pname = "flare-floss"; + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "fireeye"; + repo = "flare-floss"; + rev = "v${version}"; + sha256 = "GMOA1+qM2A/Qw33kOTIINEvjsfqjWQWBXHNemh3IK8w="; + }; + + propagatedBuildInputs = with python2.pkgs; [ + pyyaml + simplejson + tabulate + vivisect + plugnplay + viv-utils + enum34 + ]; + + checkInputs = [ + python2.pkgs.pytestCheckHook + ]; + + disabledTests = [ + # test data is in a submodule + "test_main" + ]; + + pythonImportsCheck = [ + "floss" + "floss.plugins" + ]; + + meta = with lib; { + description = "Automatically extract obfuscated strings from malware"; + homepage = "https://github.com/fireeye/flare-floss"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/ghidra/default.nix b/nixpkgs/pkgs/tools/security/ghidra/default.nix index 66112332663a..140ced9ff4ba 100644 --- a/nixpkgs/pkgs/tools/security/ghidra/default.nix +++ b/nixpkgs/pkgs/tools/security/ghidra/default.nix @@ -23,14 +23,13 @@ let }; in stdenv.mkDerivation rec { - pname = "ghidra"; - version = "9.2.2"; - versiondate = "20201229"; + version = "9.2.3"; + versiondate = "20210325"; src = fetchzip { url = "https://www.ghidra-sre.org/ghidra_${version}_PUBLIC_${versiondate}.zip"; - sha256 = "1xahkwiqdcwxssah16hhgrmyam49cb341xp5ysycj1h0kkm8p53s"; + sha256 = "sha256-/rQ3JeOR/D+HxzkJ+nV+pd/7V81+tCyTOndwpXI05hg="; }; nativeBuildInputs = [ @@ -72,7 +71,7 @@ in stdenv.mkDerivation rec { homepage = "https://ghidra-sre.org/"; platforms = [ "x86_64-linux" "x86_64-darwin" ]; license = licenses.asl20; - maintainers = with maintainers; [ ck3d govanify ]; + maintainers = with maintainers; [ ck3d govanify mic92 ]; }; } diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix index 9e34b07121fa..c47afcd8e0f7 100644 --- a/nixpkgs/pkgs/tools/security/gitleaks/default.nix +++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "gitleaks"; - version = "7.3.0"; + version = "7.4.1"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "sha256-IJaumIFuIhrvXZ45uz8RUxAuprnWdv2lNzxNUascvVc="; + sha256 = "sha256-GoHntsyxrMzLHlyKC3JxCkLoquIjOtidcG7hTNTYGuI="; }; vendorSha256 = "sha256-Cc4DJPpOMHxDcH22S7znYo7QHNRXv8jOJhznu09kaE4="; diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index 13bbdbb99d47..7323d092472f 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "grype"; - version = "0.9.0"; + version = "0.11.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-X67TEHKmKKuTFGo55ZVkYVNw4f/d8aU2b/FQsq1OIJg="; + sha256 = "sha256-E1tJ9hEJ4GaL+S4dz6aGq3nJPpdtx0/Tfb1RzgJSe8M="; }; - vendorSha256 = "sha256-SGO8RKSOK0PHqSIJfTdcuAmqMtFuo9MBdiEylDUpOFo="; + vendorSha256 = "sha256-LUyrX/rm01tCPT6Ua6hphhf+4ycNn4tLONRyH3iTrZ4="; propagatedBuildInputs = [ docker ]; diff --git a/nixpkgs/pkgs/tools/security/hfinger/default.nix b/nixpkgs/pkgs/tools/security/hfinger/default.nix new file mode 100644 index 000000000000..8116c222d077 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/hfinger/default.nix @@ -0,0 +1,36 @@ +{ lib +, fetchFromGitHub +, python3 +, wireshark-cli +}: + +python3.pkgs.buildPythonApplication rec { + pname = "hfinger"; + version = "0.2.1"; + disabled = python3.pythonOlder "3.3"; + + src = fetchFromGitHub { + owner = "CERT-Polska"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-QKnrprDDBq+D8N1brkqgcfK4E+6ssvgPtRaSxkF0C84="; + }; + + propagatedBuildInputs = with python3.pkgs; [ + fnvhash + python_magic + ] ++ [ + wireshark-cli + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "hfinger" ]; + + meta = with lib; { + description = "Fingerprinting tool for HTTP requests"; + homepage = "https://github.com/CERT-Polska/hfinger"; + license = with licenses; [ gpl3Only ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/honeytrap/default.nix b/nixpkgs/pkgs/tools/security/honeytrap/default.nix new file mode 100644 index 000000000000..735d5d69bd8a --- /dev/null +++ b/nixpkgs/pkgs/tools/security/honeytrap/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: +buildGoModule { + pname = "honeytrap"; + version = "unstable-2020-12-10"; + + src = fetchFromGitHub { + owner = "honeytrap"; + repo = "honeytrap"; + rev = "affd7b21a5aa1b57f086e6871753cb98ce088d76"; + sha256 = "y1SWlBFgX3bFoSRGJ45DdC1DoIK5BfO9Vpi2h57wWtU="; + }; + + # Otherwise, will try to install a "scripts" binary; it's only used in + # dockerize.sh, which we don't care about. + subPackages = [ "." ]; + + vendorSha256 = "W8w66weYzCpZ+hmFyK2F6wdFz6aAZ9UxMhccNy1X1R8="; + + meta = with lib; { + description = "Advanced Honeypot framework"; + homepage = "https://github.com/honeytrap/honeytrap"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/httpx/default.nix b/nixpkgs/pkgs/tools/security/httpx/default.nix index bff9e03bc6f4..e8ddf6bb0bc5 100644 --- a/nixpkgs/pkgs/tools/security/httpx/default.nix +++ b/nixpkgs/pkgs/tools/security/httpx/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "httpx"; - version = "1.0.3"; + version = "1.0.5"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "httpx"; rev = "v${version}"; - sha256 = "15ihc5926kbai16i59c7bmvgd162qq9dpd52g4vrp7dq4jrz155m"; + sha256 = "sha256-E7HGE+ZVUF6AK+4qVsO2t+/B8hRMd14/bZW2WXA6p6E="; }; - vendorSha256 = "0fg93vhwpx113fpw8qg4ram4bdh6a8x3a36pr1c962s4vhrabwy2"; + vendorSha256 = "sha256-VBxGapvC2QE/0slsAiCBzmwOSMeGepZU0pYVDepSrwg="; meta = with lib; { description = "Fast and multi-purpose HTTP toolkit"; diff --git a/nixpkgs/pkgs/tools/security/keybase/gui.nix b/nixpkgs/pkgs/tools/security/keybase/gui.nix index cfc282c303cd..8894a77a86a4 100644 --- a/nixpkgs/pkgs/tools/security/keybase/gui.nix +++ b/nixpkgs/pkgs/tools/security/keybase/gui.nix @@ -1,4 +1,4 @@ -{ stdenv, lib, fetchurl, alsaLib, atk, cairo, cups, udev +{ stdenv, lib, fetchurl, alsaLib, atk, cairo, cups, udev, libdrm, mesa , dbus, expat, fontconfig, freetype, gdk-pixbuf, glib, gtk3, libappindicator-gtk3 , libnotify, nspr, nss, pango, systemd, xorg, autoPatchelfHook, wrapGAppsHook , runtimeShell, gsettings-desktop-schemas }: @@ -53,6 +53,8 @@ stdenv.mkDerivation rec { xorg.libXrender xorg.libXtst xorg.libxcb + libdrm + mesa.out ]; runtimeDependencies = [ diff --git a/nixpkgs/pkgs/tools/security/ldeep/default.nix b/nixpkgs/pkgs/tools/security/ldeep/default.nix index db4d14ba3ed7..82d0456a05b7 100644 --- a/nixpkgs/pkgs/tools/security/ldeep/default.nix +++ b/nixpkgs/pkgs/tools/security/ldeep/default.nix @@ -10,11 +10,11 @@ buildPythonApplication rec { pname = "ldeep"; - version = "1.0.10"; + version = "1.0.11"; src = fetchPypi { inherit pname version; - sha256 = "sha256-/7mcmAj69NmuiK+xlQijAk39sMLDX8kHatmSI6XYbwE="; + sha256 = "sha256-MYVC8fxLW85n8uZVMhb2Zml1lQ8vW9gw/eRLcmemQx4="; }; propagatedBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix index 2222316a7426..03aed8c50e06 100644 --- a/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix +++ b/nixpkgs/pkgs/tools/security/libmodsecurity/default.nix @@ -4,14 +4,14 @@ stdenv.mkDerivation rec { pname = "libmodsecurity"; - version = "3.0.3"; + version = "3.0.4"; src = fetchFromGitHub { owner = "SpiderLabs"; repo = "ModSecurity"; fetchSubmodules = true; rev = "v${version}"; - sha256 = "00g2407g2679zv73q67zd50z0f1g1ij734ssv2pp77z4chn5dzib"; + sha256 = "07vry10cdll94sp652hwapn0ppjv3mb7n2s781yhy7hssap6f2vp"; }; nativeBuildInputs = [ autoreconfHook pkg-config doxygen ]; diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile b/nixpkgs/pkgs/tools/security/metasploit/Gemfile index 150f00e92b45..ced514767e33 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.38" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.0.41" diff --git a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock index c64e2b31aff5..c5ccfc5a9d0a 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 4c7a221f3d186b0cd65d2a765533fda54f0848f4 - ref: refs/tags/6.0.38 + revision: 451fe6ffdb90fffe3df6b788e6410217a511a3f4 + ref: refs/tags/6.0.41 specs: - metasploit-framework (6.0.38) + metasploit-framework (6.0.41) actionpack (~> 5.2.2) activerecord (~> 5.2.2) activesupport (~> 5.2.2) @@ -27,12 +27,12 @@ GIT jsobfu json metasm - metasploit-concern - metasploit-credential - metasploit-model - metasploit-payloads (= 2.0.41) - metasploit_data_models - metasploit_payloads-mettle (= 1.0.8) + metasploit-concern (~> 3.0.0) + metasploit-credential (~> 4.0.0) + metasploit-model (~> 3.1.0) + metasploit-payloads (= 2.0.43) + metasploit_data_models (~> 4.1.0) + metasploit_payloads-mettle (= 1.0.9) mqtt msgpack nessus_rest @@ -123,13 +123,13 @@ GEM arel-helpers (2.12.0) activerecord (>= 3.1.0, < 7) aws-eventstream (1.1.1) - aws-partitions (1.441.0) - aws-sdk-core (3.113.1) + aws-partitions (1.446.0) + aws-sdk-core (3.114.0) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.239.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-ec2 (1.232.0) + aws-sdk-ec2 (1.234.0) aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) aws-sdk-iam (1.52.0) @@ -138,7 +138,7 @@ GEM aws-sdk-kms (1.43.0) aws-sdk-core (~> 3, >= 3.112.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.93.0) + aws-sdk-s3 (1.93.1) aws-sdk-core (~> 3, >= 3.112.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.1) @@ -146,7 +146,7 @@ GEM aws-eventstream (~> 1, >= 1.0.2) bcrypt (3.1.16) bcrypt_pbkdf (1.1.0) - bindata (2.4.8) + bindata (2.4.9) bson (4.12.0) builder (3.2.4) concurrent-ruby (1.0.5) @@ -168,11 +168,15 @@ GEM eventmachine (1.2.7) faker (2.17.0) i18n (>= 1.6, < 2) - faraday (1.3.0) + faraday (1.4.1) + faraday-excon (~> 1.1) faraday-net_http (~> 1.0) + faraday-net_http_persistent (~> 1.1) multipart-post (>= 1.2, < 3) - ruby2_keywords + ruby2_keywords (>= 0.0.4) + faraday-excon (1.1.0) faraday-net_http (1.0.1) + faraday-net_http_persistent (1.1.0) faye-websocket (0.11.0) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) @@ -190,7 +194,7 @@ GEM jsobfu (0.4.2) rkelly-remix json (2.5.1) - loofah (2.9.0) + loofah (2.9.1) crass (~> 1.0.2) nokogiri (>= 1.5.9) metasm (1.0.4) @@ -212,8 +216,8 @@ GEM activemodel (~> 5.2.2) activesupport (~> 5.2.2) railties (~> 5.2.2) - metasploit-payloads (2.0.41) - metasploit_data_models (4.1.2) + metasploit-payloads (2.0.43) + metasploit_data_models (4.1.3) activerecord (~> 5.2.2) activesupport (~> 5.2.2) arel-helpers @@ -223,7 +227,7 @@ GEM railties (~> 5.2.2) recog (~> 2.0) webrick - metasploit_payloads-mettle (1.0.8) + metasploit_payloads-mettle (1.0.9) method_source (1.0.0) mini_portile2 (2.5.0) minitest (5.14.4) @@ -238,7 +242,7 @@ GEM network_interface (0.0.2) nexpose (7.3.0) nio4r (2.5.7) - nokogiri (1.11.2) + nokogiri (1.11.3) mini_portile2 (~> 2.5.0) racc (~> 1.4) octokit (4.20.0) @@ -330,15 +334,15 @@ GEM rex-socket rex-text rex-struct2 (0.1.3) - rex-text (0.2.33) + rex-text (0.2.34) rex-zip (0.1.4) rex-text - rexml (3.2.4) + rexml (3.2.5) rkelly-remix (0.0.7) ruby-macho (2.5.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.4) - ruby_smb (2.0.7) + ruby_smb (2.0.8) bindata openssl-ccm openssl-cmac diff --git a/nixpkgs/pkgs/tools/security/metasploit/default.nix b/nixpkgs/pkgs/tools/security/metasploit/default.nix index 5dce17ff190b..27bbaf2b7c9c 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/default.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/default.nix @@ -8,13 +8,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.0.38"; + version = "6.0.41"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-/e1BWhkM4A+xrvDS6Z01sND9aOZDn+cL0RIcAgT5oZs="; + sha256 = "sha256-6oaTc3UQayZ/ThurwFXdI1prwriz/XVS9zoeD427mj8="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix index 49fedb7a84a2..ed2c124450c7 100644 --- a/nixpkgs/pkgs/tools/security/metasploit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/metasploit/gemset.nix @@ -114,30 +114,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "07i9mqbh19pd25wd3laxv1bcmzcpriw54g0x3mqzkn600h8f3lg9"; + sha256 = "1n7cr44r7fvmc3rpk5kwwsz34ym2cmih76ij5xh2w1mmfyh3bgry"; type = "gem"; }; - version = "1.441.0"; + version = "1.446.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0i3x8p9gymc9977dcdkz5ca6mrmh7ym6p2mrscbh49nfd9gi5zg0"; + sha256 = "09asbdcg96l165kq4hrks0hsk4hwr16h1qx22az4m7ld0ylvz3jc"; type = "gem"; }; - version = "3.113.1"; + version = "3.114.0"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0n7hi66zpm8mgfgf32gw7c9p4rv09q9kipsr01l5l2n2d69k67q5"; + sha256 = "1rlq8vifcmz24v1aw8vj2czqj4dnf00smm5ndfpaxz5k6550lbz4"; type = "gem"; }; - version = "1.232.0"; + version = "1.234.0"; }; aws-sdk-iam = { groups = ["default"]; @@ -164,10 +164,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0iy2f9z43pc6fgwmga2cz8nf9gy2pwcw4jib141vp8z8dhylqj94"; + sha256 = "1x424hn32ipwxy21bhqn2wziz890w2gdr1xsli9lv2rrs1ibpnq7"; type = "gem"; }; - version = "1.93.0"; + version = "1.93.1"; }; aws-sigv4 = { groups = ["default"]; @@ -204,10 +204,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1bmlqjb5h1ry6wm2d903d6yxibpqzzxwqczvlicsqv0vilaca5ic"; + sha256 = "16z30ca74h1mr452jnj1csv6yfnmdxsz0m1xpjf3svwybrx25rng"; type = "gem"; }; - version = "2.4.8"; + version = "2.4.9"; }; bson = { groups = ["default"]; @@ -344,10 +344,20 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1hmssd8pj4n7yq4kz834ylkla8ryyvhaap6q9nzymp93m1xq21kz"; + sha256 = "0q646m07lfahakx5jdq77j004rcgfj6lkg13c0f84993gi78dhvi"; type = "gem"; }; - version = "1.3.0"; + version = "1.4.1"; + }; + faraday-excon = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0h09wkb0k0bhm6dqsd47ac601qiaah8qdzjh8gvxfd376x1chmdh"; + type = "gem"; + }; + version = "1.1.0"; }; faraday-net_http = { groups = ["default"]; @@ -359,6 +369,16 @@ }; version = "1.0.1"; }; + faraday-net_http_persistent = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "0l2c835wl7gv34xp49fhd1bl4czkpw2g3ahqsak2251iqv5589ka"; + type = "gem"; + }; + version = "1.1.0"; + }; faye-websocket = { groups = ["default"]; platforms = []; @@ -474,10 +494,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0bzwvxvilx7w1p3pg028ks38925y9i0xm870lm7s12w7598hiyck"; + sha256 = "1w9mbii8515p28xd4k72f3ab2g6xiyq15497ys5r8jn6m355lgi7"; type = "gem"; }; - version = "2.9.0"; + version = "2.9.1"; }; metasm = { groups = ["default"]; @@ -514,12 +534,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "4c7a221f3d186b0cd65d2a765533fda54f0848f4"; - sha256 = "16x1z420470js45yg7s3wrlgvl5h6nfyklphmsqhzq0c35d43vgx"; + rev = "451fe6ffdb90fffe3df6b788e6410217a511a3f4"; + sha256 = "0gwspf6hy7isyx97bzdkp316nni3vmaw1aqv9rzjcsqhfmrr71pa"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.0.38"; + version = "6.0.41"; }; metasploit-model = { groups = ["default"]; @@ -536,30 +556,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1nnb6kidfm39qyhv694m7skbvmsp5sjw52633v89zq0ym4y5wld5"; + sha256 = "1rr6g3gqjsvdjkqfbgpc3wfzpq367dk9zn3rzm8h9kd09hy3i760"; type = "gem"; }; - version = "2.0.41"; + version = "2.0.43"; }; metasploit_data_models = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1kzlvq20ml4b5lr1qbrkmivdi37mxi8fasdqg4yla2libfbdz008"; + sha256 = "0li8lphplsmv9x1f14c22w95gjx2lscas3x5py7x7kc05pfv33bg"; type = "gem"; }; - version = "4.1.2"; + version = "4.1.3"; }; metasploit_payloads-mettle = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0nq6wxsaghj0yqwn988z71d9f0qwglcrliwkgqr9f16vbbv33p36"; + sha256 = "07l2ahb4c5ay6s5vbcfmipmya2qdj8i29blxk9vdmvs27yzkc8jk"; type = "gem"; }; - version = "1.0.8"; + version = "1.0.9"; }; method_source = { groups = ["default"]; @@ -696,10 +716,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0b51df8fwadak075cvi17w0nch6qz1r66564qp29qwfj67j9qp0p"; + sha256 = "19d78mdg2lbz9jb4ph6nk783c9jbsdm8rnllwhga6pd53xffp6x0"; type = "gem"; }; - version = "1.11.2"; + version = "1.11.3"; }; octokit = { groups = ["default"]; @@ -1096,10 +1116,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1933p6fri27d2gscws43k1v8jw1821l5j4yfi9z97ch5l80mv1zr"; + sha256 = "01g6jr73c3hbqhmzlc80jlqz2cwn9bq1j3cc19fpkq3hdg89drjp"; type = "gem"; }; - version = "0.2.33"; + version = "0.2.34"; }; rex-zip = { groups = ["default"]; @@ -1116,10 +1136,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1mkvkcw9fhpaizrhca0pdgjcrbns48rlz4g6lavl5gjjq3rk2sq3"; + sha256 = "08ximcyfjy94pm1rhcx04ny1vx2sk0x4y185gzn86yfsbzwkng53"; type = "gem"; }; - version = "3.2.4"; + version = "3.2.5"; }; rkelly-remix = { groups = ["default"]; @@ -1166,10 +1186,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0px84i3d9kqb40ff7nk3k7hb3w3kk80w5zsgi61svgddp1dbzh1n"; + sha256 = "0bg7xxw5cww4wy7vhr54i07ni82sh4qq465fir7az5z0hf36b1kg"; type = "gem"; }; - version = "2.0.7"; + version = "2.0.8"; }; rubyntlm = { groups = ["default"]; diff --git a/nixpkgs/pkgs/tools/security/nsjail/001-fix-bison-link-error.patch b/nixpkgs/pkgs/tools/security/nsjail/001-fix-bison-link-error.patch new file mode 100644 index 000000000000..427cea5b02b6 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/nsjail/001-fix-bison-link-error.patch @@ -0,0 +1,30 @@ +From 8e309a0af0851ab54ca7c6d51b6f3d19ee42c8ee Mon Sep 17 00:00:00 2001 +From: Evangelos Foutras <evangelos@foutrelis.com> +Date: Wed, 17 Mar 2021 16:36:40 +0200 +Subject: [PATCH] Replace YYUSE call with void cast in src/parser.y + +The YYUSE macro was renamed to YY_USE in bison 3.7.5; we might as well +avoid using it altogether and cast the unused variable to void instead. + +Fixes the following linker error: + +/usr/bin/ld: kafel/libkafel.a(libkafel.o): in function `kafel_yyerror': +arm_syscalls.c:(.text+0x6984): undefined reference to `YYUSE' +--- + src/parser.y | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/parser.y b/src/parser.y +index e0f109c..0e01373 100644 +--- a/kafel/src/parser.y ++++ b/kafel/src/parser.y +@@ -420,8 +420,8 @@ const_def + + void yyerror(YYLTYPE * loc, struct kafel_ctxt* ctxt, yyscan_t scanner, + const char *msg) { ++ (void)scanner; /* suppress unused-parameter warning */ + if (!ctxt->lexical_error) { +- YYUSE(scanner); + if (loc->filename != NULL) { + append_error(ctxt, "%s:%d:%d: %s", loc->filename, loc->first_line, loc->first_column, msg); + } else { diff --git a/nixpkgs/pkgs/tools/security/nsjail/default.nix b/nixpkgs/pkgs/tools/security/nsjail/default.nix index d48564ce95b0..568113368a08 100644 --- a/nixpkgs/pkgs/tools/security/nsjail/default.nix +++ b/nixpkgs/pkgs/tools/security/nsjail/default.nix @@ -4,7 +4,7 @@ stdenv.mkDerivation rec { pname = "nsjail"; - version = "3.0"; + version = "3.0"; # Bumping? Remove the bison patch. src = fetchFromGitHub { owner = "google"; @@ -18,6 +18,11 @@ stdenv.mkDerivation rec { buildInputs = [ libnl protobuf protobufc ]; enableParallelBuilding = true; + patches = [ + # To remove after bumping 3.0 + ./001-fix-bison-link-error.patch + ]; + preBuild = '' makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap') ''; diff --git a/nixpkgs/pkgs/tools/security/ntlmrecon/default.nix b/nixpkgs/pkgs/tools/security/ntlmrecon/default.nix new file mode 100644 index 000000000000..d24d4ed4d683 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/ntlmrecon/default.nix @@ -0,0 +1,35 @@ +{ lib +, fetchFromGitHub +, python3 +}: + +python3.pkgs.buildPythonApplication rec { + pname = "ntlmrecon"; + version = "0.4"; + disabled = python3.pythonOlder "3.6"; + + src = fetchFromGitHub { + owner = "pwnfoo"; + repo = "NTLMRecon"; + rev = "v-${version}"; + sha256 = "0rrx49li2l9xlcax84qxjf60nbzp3fgq77c36yqmsp0pc9i89ah6"; + }; + + propagatedBuildInputs = with python3.pkgs; [ + colorama + iptools + requests + termcolor + ]; + + # Project has no tests + doCheck = false; + pythonImportsCheck = [ "ntlmrecon" ]; + + meta = with lib; { + description = "Information enumerator for NTLM authentication enabled web endpoints"; + homepage = "https://github.com/pwnfoo/NTLMRecon"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nwipe/default.nix b/nixpkgs/pkgs/tools/security/nwipe/default.nix index d87be0c29749..81ed9849bef0 100644 --- a/nixpkgs/pkgs/tools/security/nwipe/default.nix +++ b/nixpkgs/pkgs/tools/security/nwipe/default.nix @@ -1,22 +1,42 @@ -{ lib, stdenv, fetchFromGitHub, ncurses, parted, automake, autoconf, pkg-config }: +{ lib +, stdenv +, autoreconfHook +, fetchFromGitHub +, ncurses +, parted +, pkg-config +}: stdenv.mkDerivation rec { - version = "0.28"; pname = "nwipe"; + version = "0.30"; + src = fetchFromGitHub { owner = "martijnvanbrummelen"; repo = "nwipe"; rev = "v${version}"; - sha256 = "1aw905lmn1vm6klqn3q7445dwmwbjhcmwnkygpq9rddacgig1gdx"; + sha256 = "sha256-cNZMFnk4L95jKTyGEUN3DlAChUNZlIjDdZqkkwPjehE="; }; - nativeBuildInputs = [ automake autoconf pkg-config ]; - buildInputs = [ ncurses parted ]; - preConfigure = "sh init.sh || :"; + + nativeBuildInputs = [ + autoreconfHook + pkg-config + ]; + + buildInputs = [ + ncurses + parted + ]; + + preConfigure = '' + sh init.sh || : + ''; + meta = with lib; { description = "Securely erase disks"; homepage = "https://github.com/martijnvanbrummelen/nwipe"; - license = licenses.gpl2; - maintainers = [ maintainers.woffs ]; + license = licenses.gpl2Only; + maintainers = with maintainers; [ woffs ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/0001-Fix-installation-with-Nix.patch b/nixpkgs/pkgs/tools/security/pass/extensions/0001-Fix-installation-with-Nix.patch deleted file mode 100644 index 55822f170d14..000000000000 --- a/nixpkgs/pkgs/tools/security/pass/extensions/0001-Fix-installation-with-Nix.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 611cb2de31a460789c44615d3a52b8d24dbd6fdd Mon Sep 17 00:00:00 2001 -From: Maximilian Bosch <maximilian@mbosch.me> -Date: Fri, 4 Dec 2020 21:53:52 +0100 -Subject: [PATCH] Fix installation with Nix - ---- - Makefile | 2 +- - setup.py | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile b/Makefile -index 2febf4e..8feab91 100644 ---- a/Makefile -+++ b/Makefile -@@ -7,7 +7,7 @@ all: - @echo - - install: -- @python3 setup.py install --root="$(DESTDIR)" --optimize=1 --skip-build -+ @python3 setup.py install --root="$(DESTDIR)" --optimize=1 --skip-build --prefix= - @echo - @echo "pass-import is installed succesfully" - @echo -diff --git a/setup.py b/setup.py -index b30870c..d9fedbc 100644 ---- a/setup.py -+++ b/setup.py -@@ -15,8 +15,8 @@ with Path('pass_import', '__about__.py').open() as file: - with open('README.md') as file: - long_description = file.read() - --share = Path(sys.prefix, 'share') --lib = Path('/usr', 'lib', 'password-store', 'extensions') -+share = Path('/share') -+lib = Path('/lib', 'password-store', 'extensions') - if '--user' in sys.argv: - lib = Path.home() / '.password-store' / 'extensions' - if 'XDG_DATA_HOME' in os.environ: --- -2.28.0 - diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/default.nix b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix index 1f41a6924821..96c252156de8 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/default.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/default.nix @@ -7,9 +7,7 @@ with pkgs; pythonPackages = python3Packages; }; pass-checkup = callPackage ./checkup.nix {}; - pass-import = callPackage ./import.nix { - pythonPackages = python3Packages; - }; + pass-import = callPackage ./import.nix {}; pass-otp = callPackage ./otp.nix {}; pass-tomb = callPackage ./tomb.nix {}; pass-update = callPackage ./update.nix {}; diff --git a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix index 11b4eecd14d9..be2492112c3f 100644 --- a/nixpkgs/pkgs/tools/security/pass/extensions/import.nix +++ b/nixpkgs/pkgs/tools/security/pass/extensions/import.nix @@ -1,17 +1,12 @@ -{ lib, stdenv, fetchFromGitHub, pythonPackages, makeWrapper, fetchpatch }: - -let - pythonEnv = pythonPackages.python.withPackages (p: [ - p.defusedxml - p.setuptools - p.pyaml - p.pykeepass - p.filemagic - p.cryptography - p.secretstorage - ]); - -in stdenv.mkDerivation rec { +{ lib +, fetchFromGitHub +, fetchpatch +, python3Packages +, gnupg +, pass +}: + +python3Packages.buildPythonApplication rec { pname = "pass-import"; version = "3.1"; @@ -22,26 +17,43 @@ in stdenv.mkDerivation rec { sha256 = "sha256-nH2xAqWfMT+Brv3z9Aw6nbvYqArEZjpM28rKsRPihqA="; }; - patches = [ ./0001-Fix-installation-with-Nix.patch ]; - - nativeBuildInputs = [ makeWrapper ]; - - buildInputs = [ pythonEnv ]; - - makeFlags = [ "DESTDIR=${placeholder "out"}" ]; - - postInstall = '' - wrapProgram $out/bin/pimport \ - --prefix PATH : "${pythonEnv}/bin" \ - --prefix PYTHONPATH : "$out/${pythonPackages.python.sitePackages}" - wrapProgram $out/lib/password-store/extensions/import.bash \ - --prefix PATH : "${pythonEnv}/bin" \ - --prefix PYTHONPATH : "$out/${pythonPackages.python.sitePackages}" + # by default, tries to install scripts/pimport, which is a bash wrapper around "python -m pass_import ..." + # This is a better way to do the same, and takes advantage of the existing Nix python environments + patches = [ + # from https://github.com/roddhjav/pass-import/pull/138 + (fetchpatch { + name = "pass-import-pr-138-pimport-entrypoint.patch"; + url = "https://github.com/roddhjav/pass-import/commit/ccdb6995bee6436992dd80d7b3101f0eb94c59bb.patch"; + sha256 = "sha256-CO8PyWxa4eLuTQBB+jKTImFPlPn+1yt6NBsIp+SPk94="; + }) + ]; + + propagatedBuildInputs = with python3Packages; [ + cryptography + defusedxml + pyaml + pykeepass + python_magic # similar API to "file-magic", but already in nixpkgs. + secretstorage + ]; + + checkInputs = [ + gnupg + pass + python3Packages.pytestCheckHook + ]; + + disabledTests = [ + "test_import_gnome_keyring" # requires dbus, which pytest doesn't support + ]; + postCheck = '' + $out/bin/pimport --list-exporters --list-importers ''; meta = with lib; { description = "Pass extension for importing data from existing password managers"; homepage = "https://github.com/roddhjav/pass-import"; + changelog = "https://github.com/roddhjav/pass-import/blob/v${version}/CHANGELOG.rst"; license = licenses.gpl3Plus; maintainers = with maintainers; [ lovek323 fpletz tadfisher ]; platforms = platforms.unix; diff --git a/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix b/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix index a53e03c3c1e3..55e19b94813f 100644 --- a/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix +++ b/nixpkgs/pkgs/tools/security/passphrase2pgp/default.nix @@ -1,14 +1,14 @@ -{ lib, pandoc, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub }: buildGoModule rec { pname = "passphrase2pgp"; - version = "1.1.0"; + version = "1.2.0"; src = fetchFromGitHub { owner = "skeeto"; repo = pname; rev = "v${version}"; - hash = "sha256-Nje77tn55CKRU6igEA/6IquDhXVVQAdiez6nmN49di4"; + hash = "sha256-VNOoYYnHsSgiSbVxlBwYUq0JsLa4BwZQSvMVSiyB6rg="; }; vendorSha256 = "sha256-7q5nwkj4TP7VgHmV9YBbCB11yTPL7tK4gD+uN4Vw3Cs"; diff --git a/nixpkgs/pkgs/tools/security/pcsclite/default.nix b/nixpkgs/pkgs/tools/security/pcsclite/default.nix index 2a75c409305e..71bd13c4a729 100644 --- a/nixpkgs/pkgs/tools/security/pcsclite/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsclite/default.nix @@ -1,4 +1,15 @@ -{ lib, stdenv, fetchurl, pkg-config, udev, dbus, perl, python3, IOKit }: +{ stdenv +, lib +, fetchurl +, autoreconfHook +, pkg-config +, perl +, python3 +, dbus +, polkit +, systemd +, IOKit +}: stdenv.mkDerivation rec { pname = "pcsclite"; @@ -13,14 +24,23 @@ stdenv.mkDerivation rec { patches = [ ./no-dropdir-literals.patch ]; + postPatch = '' + sed -i configure.ac \ + -e "s@polkit_policy_dir=.*@polkit_policy_dir=$bin/share/polkit-1/actions@" + ''; + configureFlags = [ + "--enable-confdir=/etc" # The OS should care on preparing the drivers into this location "--enable-usbdropdir=/var/lib/pcsc/drivers" - "--enable-confdir=/etc" - ] ++ lib.optional stdenv.isLinux - "--with-systemdsystemunitdir=\${out}/etc/systemd/system" - ++ lib.optional (!stdenv.isLinux) - "--disable-libsystemd"; + ] + ++ (if stdenv.isLinux then [ + "--enable-ipcdir=/run/pcscd" + "--enable-polkit" + "--with-systemdsystemunitdir=${placeholder "bin"}/lib/systemd/system" + ] else [ + "--disable-libsystemd" + ]); postConfigure = '' sed -i -re '/^#define *PCSCLITE_HP_DROPDIR */ { @@ -33,10 +53,12 @@ stdenv.mkDerivation rec { moveToOutput bin/pcsc-spy "$dev" ''; - nativeBuildInputs = [ pkg-config perl ]; + enableParallelBuilding = true; + + nativeBuildInputs = [ autoreconfHook pkg-config perl ]; buildInputs = [ python3 ] - ++ lib.optionals stdenv.isLinux [ udev dbus ] + ++ lib.optionals stdenv.isLinux [ dbus polkit systemd ] ++ lib.optionals stdenv.isDarwin [ IOKit ]; meta = with lib; { diff --git a/nixpkgs/pkgs/tools/security/pcsctools/default.nix b/nixpkgs/pkgs/tools/security/pcsctools/default.nix index 613388fc6a30..51813526de15 100644 --- a/nixpkgs/pkgs/tools/security/pcsctools/default.nix +++ b/nixpkgs/pkgs/tools/security/pcsctools/default.nix @@ -1,18 +1,33 @@ -{ stdenv, lib, fetchurl, makeWrapper, pkg-config, udev, dbus, pcsclite -, wget, coreutils, perlPackages +{ stdenv +, lib +, fetchurl +, makeWrapper +, pkg-config +, systemd +, dbus +, pcsclite +, wget +, coreutils +, perlPackages }: -let deps = lib.makeBinPath [ wget coreutils ]; - -in stdenv.mkDerivation rec { - name = "pcsc-tools-1.5.7"; +stdenv.mkDerivation rec { + pname = "pcsc-tools"; + version = "1.5.7"; src = fetchurl { - url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${name}.tar.bz2"; + url = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/${pname}-${version}.tar.bz2"; sha256 = "17b9jxvcxmn007lavan20l25v4jvm6dqc4x9dlqzbg6mjs28zsp0"; }; - buildInputs = [ udev dbus perlPackages.perl pcsclite ]; + postPatch = '' + substituteInPlace ATR_analysis \ + --replace /usr/local/pcsc /etc/pcsc \ + --replace /usr/share/pcsc $out/share/pcsc + ''; + + buildInputs = [ dbus perlPackages.perl pcsclite ] + ++ lib.optional stdenv.isLinux systemd; nativeBuildInputs = [ makeWrapper pkg-config ]; @@ -24,14 +39,16 @@ in stdenv.mkDerivation rec { wrapProgram $out/bin/ATR_analysis \ --set PERL5LIB "${with perlPackages; makePerlPath [ pcscperl ]}" wrapProgram $out/bin/pcsc_scan \ - --set PATH "$out/bin:${deps}" + --prefix PATH : "$out/bin:${lib.makeBinPath [ coreutils wget ]}" + + install -Dm444 -t $out/share/pcsc smartcard_list.txt ''; meta = with lib; { description = "Tools used to test a PC/SC driver, card or reader"; homepage = "http://ludovic.rousseau.free.fr/softwares/pcsc-tools/"; license = licenses.gpl2Plus; - maintainers = with maintainers; [ ]; + maintainers = with maintainers; [ peterhoeg ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/prs/default.nix b/nixpkgs/pkgs/tools/security/prs/default.nix index 2d96c89970ec..1b705241458f 100644 --- a/nixpkgs/pkgs/tools/security/prs/default.nix +++ b/nixpkgs/pkgs/tools/security/prs/default.nix @@ -1,6 +1,7 @@ { lib , rustPlatform , fetchFromGitLab +, installShellFiles , pkg-config , python3 , dbus @@ -12,16 +13,16 @@ rustPlatform.buildRustPackage rec { pname = "prs"; - version = "0.2.7"; + version = "0.2.9"; src = fetchFromGitLab { owner = "timvisee"; repo = "prs"; rev = "v${version}"; - sha256 = "sha256-1Jrgf5UW6k0x3q6kQIB6Q7moOhConEnUU9r+21W5Uu8="; + sha256 = "sha256-9qaRhTfdppU72w8jDwD1e8ABuGG+9GyrRIUVsry4Vos="; }; - cargoSha256 = "sha256-N3pLW/OGeurrl+AlwdfbZ3T7WzEOAuyUMdIR164Xp7k="; + cargoSha256 = "sha256-j+kyllMcYj7/Ig5ho548L1wW+TtuQOc/zkxT6SNNN6w="; postPatch = '' # The GPGME backend is recommended @@ -31,10 +32,16 @@ rustPlatform.buildRustPackage rec { done ''; - nativeBuildInputs = [ gpgme pkg-config python3 ]; + nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ]; buildInputs = [ dbus glib gpgme gtk3 libxcb ]; + postInstall = '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + meta = with lib; { description = "Secure, fast & convenient password manager CLI using GPG and git to sync"; homepage = "https://gitlab.com/timvisee/prs"; diff --git a/nixpkgs/pkgs/tools/security/sops/default.nix b/nixpkgs/pkgs/tools/security/sops/default.nix index ec1ade20a19a..1cf89143925a 100644 --- a/nixpkgs/pkgs/tools/security/sops/default.nix +++ b/nixpkgs/pkgs/tools/security/sops/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "sops"; - version = "3.7.0"; + version = "3.7.1"; src = fetchFromGitHub { rev = "v${version}"; owner = "mozilla"; repo = pname; - sha256 = "1a0v1jgbz8n3dymzr2shg2ms9sxjwaci209ldzq8v4g737v10zgm"; + sha256 = "0z3jcyl245yjszzjf2h6l1dwa092vxzvfmnivmwi6jvpsdcv33h1"; }; - vendorSha256 = "1qaml2h3c8fhmi8ahp2fmd0hagqp5xqaf8jxjh4mfmbv2is3yz1l"; + vendorSha256 = "1mnwgsbpi56ql0lbpn7dkaps96x9b1lmhlk5cd6d40da7xj616n7"; doCheck = false; diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix index f3c9990a3c74..84fe06e6c19c 100644 --- a/nixpkgs/pkgs/tools/security/step-ca/default.nix +++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -2,29 +2,43 @@ , lib , fetchFromGitHub , buildGoModule +, coreutils , pcsclite , PCSC , pkg-config +, hsmSupport ? true }: buildGoModule rec { pname = "step-ca"; - version = "0.15.6"; + version = "0.15.11"; src = fetchFromGitHub { owner = "smallstep"; repo = "certificates"; rev = "v${version}"; - sha256 = "0n26692ph4q4cmrqammfazmx1k9p2bydwqc57q4hz5ni6jd31zbz"; + sha256 = "wFRs3n6V0z2keNVtqFw1q5jpA6BvNK5EftsNhichfsY="; }; - vendorSha256 = "0w0phyqymcg2h2jjasxmkf4ryn4y1bqahcy94rs738cqr5ifyfbg"; + vendorSha256 = "f1NdszqYYx6X1HqwqG26jjfjXq1gDXLOrh64ccKRQ90="; - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = lib.optionals hsmSupport [ pkg-config ]; buildInputs = - lib.optional stdenv.isLinux (lib.getDev pcsclite) - ++ lib.optional stdenv.isDarwin PCSC; + lib.optionals (hsmSupport && stdenv.isLinux) [ pcsclite ] + ++ lib.optionals (hsmSupport && stdenv.isDarwin) [ PCSC ]; + + postPatch = '' + substituteInPlace systemd/step-ca.service --replace "/bin/kill" "${coreutils}/bin/kill" + ''; + + preBuild = '' + ${lib.optionalString (!hsmSupport) "export CGO_ENABLED=0"} + ''; + + postInstall = '' + install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service + ''; # Tests fail on darwin with # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered] @@ -35,7 +49,7 @@ buildGoModule rec { description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; homepage = "https://smallstep.com/certificates/"; license = licenses.asl20; - maintainers = with maintainers; [ cmcdragonkai ]; + maintainers = with maintainers; [ cmcdragonkai mohe2015 ]; platforms = platforms.linux ++ platforms.darwin; }; } diff --git a/nixpkgs/pkgs/tools/security/tor/default.nix b/nixpkgs/pkgs/tools/security/tor/default.nix index 0291d7bb3aa9..2e1e1ae2a67b 100644 --- a/nixpkgs/pkgs/tools/security/tor/default.nix +++ b/nixpkgs/pkgs/tools/security/tor/default.nix @@ -30,11 +30,11 @@ let in stdenv.mkDerivation rec { pname = "tor"; - version = "0.4.5.6"; + version = "0.4.5.7"; src = fetchurl { url = "https://dist.torproject.org/${pname}-${version}.tar.gz"; - sha256 = "0cz78pjw2bc3kl3ziip1nhhbq89crv315rf1my3zmmgd9xws7jr2"; + sha256 = "0x7hhl0svfc4yh9xvq7kkzgmwjcw1ak9i0794wjg4biy2fmclzs4"; }; outputs = [ "out" "geoip" ]; diff --git a/nixpkgs/pkgs/tools/security/traitor/default.nix b/nixpkgs/pkgs/tools/security/traitor/default.nix new file mode 100644 index 000000000000..8718c92cd3d7 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/traitor/default.nix @@ -0,0 +1,30 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "traitor"; + version = "0.0.3"; + + src = fetchFromGitHub { + owner = "liamg"; + repo = pname; + rev = "v${version}"; + sha256 = "0mffh4k87ybl0mpglgi2yfwksygrh62mcmkcmfcbszlh5pagsch1"; + }; + + vendorSha256 = null; + + meta = with lib; { + description = "Automatic Linux privilege escalation"; + longDescription = '' + Automatically exploit low-hanging fruit to pop a root shell. Traitor packages + up a bunch of methods to exploit local misconfigurations and vulnerabilities + (including most of GTFOBins) in order to pop a root shell. + ''; + homepage = "https://github.com/liamg/traitor"; + license = with licenses; [ mit ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch b/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch index 774a14f72bab..391eb1ad589d 100644 --- a/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch +++ b/nixpkgs/pkgs/tools/security/trousers/allow-non-tss-config-file-owner.patch @@ -7,10 +7,10 @@ diff -ur trousers-0.3.11.2.orig/src/tcsd/tcsd_conf.c trousers-0.3.11.2/src/tcsd/ +#ifndef ALLOW_NON_TSS_CONFIG_FILE /* make sure user/group TSS owns the conf file */ - if (pw->pw_uid != stat_buf.st_uid || grp->gr_gid != stat_buf.st_gid) { + if (stat_buf.st_uid != 0 || grp->gr_gid != stat_buf.st_gid) { LogError("TCSD config file (%s) must be user/group %s/%s", tcsd_config_file, @@ -775,6 +776,7 @@ - LogError("TCSD config file (%s) must be mode 0600", tcsd_config_file); + LogError("TCSD config file (%s) must be mode 0640", tcsd_config_file); return TCSERR(TSS_E_INTERNAL_ERROR); } +#endif diff --git a/nixpkgs/pkgs/tools/security/trousers/default.nix b/nixpkgs/pkgs/tools/security/trousers/default.nix index c7a11e16f390..16536409b5e6 100644 --- a/nixpkgs/pkgs/tools/security/trousers/default.nix +++ b/nixpkgs/pkgs/tools/security/trousers/default.nix @@ -1,17 +1,15 @@ -{ lib, stdenv, fetchurl, openssl, pkg-config }: +{ lib, stdenv, fetchurl, openssl, pkg-config, autoreconfHook }: stdenv.mkDerivation rec { pname = "trousers"; - version = "0.3.14"; + version = "0.3.15"; src = fetchurl { url = "mirror://sourceforge/trousers/trousers/${version}/${pname}-${version}.tar.gz"; - sha256 = "0iwgsbrbb7nfqgl61x8aailwxm8akxh9gkcwxhsvf50x4qx72l6f"; + sha256 = "0zy7r9cnr2gvwr2fb1q4fc5xnvx405ymcbrdv7qsqwl3a4zfjnqy"; }; - sourceRoot = "."; - - nativeBuildInputs = [ pkg-config ]; + nativeBuildInputs = [ pkg-config autoreconfHook ]; buildInputs = [ openssl ]; patches = [ ./allow-non-tss-config-file-owner.patch ]; diff --git a/nixpkgs/pkgs/tools/security/vault/default.nix b/nixpkgs/pkgs/tools/security/vault/default.nix index f8e831ef2c3b..e04ab9df08c8 100644 --- a/nixpkgs/pkgs/tools/security/vault/default.nix +++ b/nixpkgs/pkgs/tools/security/vault/default.nix @@ -2,13 +2,13 @@ buildGoPackage rec { pname = "vault"; - version = "1.7.0"; + version = "1.7.1"; src = fetchFromGitHub { owner = "hashicorp"; repo = "vault"; rev = "v${version}"; - sha256 = "1lsz8fyjcxamvs9n3m974q2jxhv828fb5p6qx8wlqdaahqgrc8qg"; + sha256 = "0ncy99gw2pp5v2qbbgvri7qlirjj8qsvgjmjqyx3gddlpzpyiz3q"; }; goPackagePath = "github.com/hashicorp/vault"; diff --git a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix index fc8b2865f253..40ce05331f96 100644 --- a/nixpkgs/pkgs/tools/security/vault/vault-bin.nix +++ b/nixpkgs/pkgs/tools/security/vault/vault-bin.nix @@ -1,26 +1,26 @@ { lib, stdenv, fetchurl, unzip }: let - version = "1.7.0"; + version = "1.7.1"; sources = let base = "https://releases.hashicorp.com/vault/${version}"; in { x86_64-linux = fetchurl { url = "${base}/vault_${version}_linux_amd64.zip"; - sha256 = "0d8wqxqilv1jdf4dl7w2jp3lfh0w0rawidmhjlj3ykpg6l3gblma"; + sha256 = "021qa8jcqwy27q83lvamvv5zqnkwk5y0jsb8al5yxpgzxqnmsyb1"; }; i686-linux = fetchurl { url = "${base}/vault_${version}_linux_386.zip"; - sha256 = "128r0phm5i1cpayz0ia8qsmnk1ia3qylidy9f8iwk3l8r834s4yd"; + sha256 = "02hhxpa8craa91nfgvwziswisfdnqw4gbwrxyxr753v1y00y1sz8"; }; x86_64-darwin = fetchurl { url = "${base}/vault_${version}_darwin_amd64.zip"; - sha256 = "01vxjv95his8jqin2cwcw691wdwn6p876rp021bmvr6diw6clkrp"; + sha256 = "141zzfwrjdjv8ymrdc4mxs2f4cphdir4xjaa40s571ri38in33zh"; }; aarch64-linux = fetchurl { url = "${base}/vault_${version}_linux_arm64.zip"; - sha256 = "0ahdv14fz7ybl11b61z7j13nbjd6hp6fcpc5bk6y8lh4qj8x0pzg"; + sha256 = "1plrmmy86zb2ij49dk2mwn364i2n83ch4gjz5pln2d4wjx21gpaq"; }; }; diff --git a/nixpkgs/pkgs/tools/security/wprecon/default.nix b/nixpkgs/pkgs/tools/security/wprecon/default.nix new file mode 100644 index 000000000000..401692bdf67d --- /dev/null +++ b/nixpkgs/pkgs/tools/security/wprecon/default.nix @@ -0,0 +1,27 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "wprecon"; + version = "1.6.3a"; + + src = fetchFromGitHub { + owner = "blackbinn"; + repo = pname; + rev = version; + sha256 = "0gqi4799ha3mf8r7ini0wj4ilkfsh80vnnxijfv9a343r6z5w0dn"; + }; + + vendorSha256 = "1sab58shspll96rqy1rp659s0yikqdcx59z9b88d6p4w8a98ns87"; + + meta = with lib; { + description = "WordPress vulnerability recognition tool"; + homepage = "https://github.com/blackbinn/wprecon"; + # License Zero Noncommercial Public License 2.0.1 + # https://github.com/blackbinn/wprecon/blob/master/LICENSE + license = with licenses; [ unfree ]; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/xorex/default.nix b/nixpkgs/pkgs/tools/security/xorex/default.nix new file mode 100644 index 000000000000..84919f548262 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/xorex/default.nix @@ -0,0 +1,38 @@ +{ lib +, python3 +, fetchFromGitHub +}: +python3.pkgs.buildPythonApplication rec { + pname = "xorex"; + version = "0.3.0"; + format = "other"; + + src = fetchFromGitHub { + owner = "Neo23x0"; + repo = "xorex"; + rev = version; + sha256 = "rBsOSXWnHRhpLmq20XBuGx8gGBM8ouMyOISkbzUcvE4="; + }; + + installPhase = '' + runHook preInstall + + mkdir -p $out/bin + chmod +x xorex.py + mv xorex.py $out/bin/xorex + + runHook postInstall + ''; + + propagatedBuildInputs = with python3.pkgs; [ + colorama + pefile + ]; + + meta = with lib; { + description = "XOR Key Extractor"; + homepage = "https://github.com/Neo23x0/xorex"; + license = licenses.asl20; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yarGen/default.nix b/nixpkgs/pkgs/tools/security/yarGen/default.nix new file mode 100644 index 000000000000..8a2d51b8e197 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/yarGen/default.nix @@ -0,0 +1,58 @@ +{ lib +, python3 +, fetchFromGitHub +, fetchpatch +}: +python3.pkgs.buildPythonApplication rec { + pname = "yarGen"; + version = "0.23.4"; + format = "other"; + + src = fetchFromGitHub { + owner = "Neo23x0"; + repo = "yarGen"; + rev = version; + sha256 = "6PJNAeeLAyUlZcIi0g57sO1Ex6atn7JhbK9kDbNrZ6A="; + }; + + patches = [ + # https://github.com/Neo23x0/yarGen/pull/33 + (fetchpatch { + name = "use-built-in-scandir.patch"; + url = "https://github.com/Neo23x0/yarGen/commit/cae14ac8efeb5536885792cae99d1d0f7fb6fde3.patch"; + sha256 = "0z6925r7n1iysld5c8li5nkm1dbxg8j7pn0626a4vic525vf8ndl"; + }) + # https://github.com/Neo23x0/yarGen/pull/34 + (fetchpatch { + name = "use-cwd-for-abspath.patch"; + url = "https://github.com/Neo23x0/yarGen/commit/441dafb702149f5728c2c6736fc08741a46deb26.patch"; + sha256 = "lNp3oC2BM7tBzN4AetvPr+xJLz6KkZxQmsldeZaxJQU="; + }) + ]; + + postPatch = '' + substituteInPlace yarGen.py \ + --replace "./3rdparty/strings.xml" "$out/share/yarGen/3rdparty/strings.xml" + ''; + + installPhase = '' + runHook preInstall + + install -Dt "$out/bin" yarGen.py + install -Dt "$out/share/yarGen/3rdparty" 3rdparty/strings.xml + + runHook postInstall + ''; + + propagatedBuildInputs = with python3.pkgs; [ + pefile + lxml + ]; + + meta = with lib; { + description = "A generator for YARA rules"; + homepage = "https://github.com/Neo23x0/yarGen"; + license = licenses.bsd3; + maintainers = teams.determinatesystems.members; + }; +} diff --git a/nixpkgs/pkgs/tools/security/yara/default.nix b/nixpkgs/pkgs/tools/security/yara/default.nix index 844004c3b9e5..506bf0f719d7 100644 --- a/nixpkgs/pkgs/tools/security/yara/default.nix +++ b/nixpkgs/pkgs/tools/security/yara/default.nix @@ -6,8 +6,11 @@ , pkg-config , protobufc , withCrypto ? true, openssl -, enableMagic ? true, file , enableCuckoo ? true, jansson +, enableDex ? true +, enableDotNet ? true +, enableMacho ? true +, enableMagic ? true, file }: stdenv.mkDerivation rec { @@ -46,14 +49,18 @@ stdenv.mkDerivation rec { configureFlags = [ (lib.withFeature withCrypto "crypto") - (lib.enableFeature enableMagic "magic") (lib.enableFeature enableCuckoo "cuckoo") + (lib.enableFeature enableDex "dex") + (lib.enableFeature enableDotNet "dotnet") + (lib.enableFeature enableMacho "macho") + (lib.enableFeature enableMagic "magic") ]; meta = with lib; { description = "The pattern matching swiss knife for malware researchers"; homepage = "http://Virustotal.github.io/yara/"; license = licenses.asl20; + maintainers = with maintainers; [ fab ]; platforms = platforms.all; }; } diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix index d4f3e1567caa..305f5a4fe799 100644 --- a/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix +++ b/nixpkgs/pkgs/tools/security/yubikey-agent/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "yubikey-agent"; - version = "0.1.3"; + version = "unstable-2021-02-18"; src = fetchFromGitHub { owner = "FiloSottile"; repo = pname; - rev = "v${version}"; - sha256 = "07gix5wrakn4z846zhvl66lzwx58djrfnn6m8v7vc69l9jr3kihr"; + rev = "8cadc13d107757f8084d9d2b93ea64ff0c1748e8"; + sha256 = "1lklgq9qkqil5s0g56wbhs0vpr9c1bd4ir7bkrjwqj75ygxim8ml"; }; buildInputs = @@ -25,7 +25,7 @@ buildGoModule rec { substituteInPlace main.go --replace 'notify-send' ${libnotify}/bin/notify-send ''; - vendorSha256 = "128mlsagj3im6h0p0ndhzk29ya47g19im9dldx3nmddf2jlccj2h"; + vendorSha256 = "1zx1w2is61471v4dlmr4wf714zqsc8sppik671p7s4fis5vccsca"; doCheck = false; @@ -42,7 +42,7 @@ buildGoModule rec { # See https://github.com/FiloSottile/yubikey-agent/pull/43 + lib.optionalString stdenv.isLinux '' mkdir -p $out/lib/systemd/user - substitute ${./yubikey-agent.service} $out/lib/systemd/user/yubikey-agent.service \ + substitute contrib/systemd/user/yubikey-agent.service $out/lib/systemd/user/yubikey-agent.service \ --replace 'ExecStart=yubikey-agent' "ExecStart=$out/bin/yubikey-agent" ''; diff --git a/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service b/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service deleted file mode 100644 index 7a91f902544e..000000000000 --- a/nixpkgs/pkgs/tools/security/yubikey-agent/yubikey-agent.service +++ /dev/null @@ -1,35 +0,0 @@ -[Unit] -Description=Seamless ssh-agent for YubiKeys -Documentation=https://filippo.io/yubikey-agent - -[Service] -ExecStart=yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock -ExecReload=/bin/kill -HUP $MAINPID -ProtectSystem=strict -ProtectKernelLogs=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -ProtectControlGroups=yes -ProtectClock=yes -ProtectHostname=yes -PrivateTmp=yes -PrivateDevices=yes -PrivateUsers=yes -IPAddressDeny=any -RestrictAddressFamilies=AF_UNIX -RestrictNamespaces=yes -RestrictRealtime=yes -RestrictSUIDSGID=yes -LockPersonality=yes -CapabilityBoundingSet= -SystemCallFilter=@system-service -SystemCallFilter=~@privileged @resources -SystemCallErrorNumber=EPERM -SystemCallArchitectures=native -NoNewPrivileges=yes -KeyringMode=private -UMask=0177 -RuntimeDirectory=yubikey-agent - -[Install] -WantedBy=default.target |