diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
-rw-r--r-- | nixpkgs/pkgs/tools/security/age/default.nix | 28 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/cfssl/default.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/cowpatty/default.nix | 50 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/credential-detector/default.nix | 25 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/dorkscout/default.nix | 25 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/exploitdb/default.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/gitleaks/default.nix | 4 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/kubescape/default.nix | 28 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/nuclei/default.nix | 6 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/quill/default.nix | 6 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/scilla/default.nix | 9 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/sn0int/default.nix | 6 | ||||
-rw-r--r-- | nixpkgs/pkgs/tools/security/step-ca/default.nix | 7 |
16 files changed, 166 insertions, 48 deletions
diff --git a/nixpkgs/pkgs/tools/security/age/default.nix b/nixpkgs/pkgs/tools/security/age/default.nix index 20735c6e5782..fd59f9534fe7 100644 --- a/nixpkgs/pkgs/tools/security/age/default.nix +++ b/nixpkgs/pkgs/tools/security/age/default.nix @@ -1,17 +1,37 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, installShellFiles }: buildGoModule rec { pname = "age"; - version = "1.0.0-rc.3"; - vendorSha256 = "sha256-sXUbfxhPmJXO+KgV/dmWmsyV49Pb6CoJLbt50yVgEvI="; + version = "1.0.0"; + vendorSha256 = "sha256-cnFDs5Qos1KHn7TqaEgmt4sSzpjZor615euwxka14mY="; src = fetchFromGitHub { owner = "FiloSottile"; repo = "age"; rev = "v${version}"; - sha256 = "sha256-YXdCTK9/eMvcHWg7gQQiPlLWYx2OjbOJDDNdSYO09HU="; + sha256 = "sha256-MfyW8Yv8swKqA7Hl45l5Zn4wZrQmE661eHsKIywy36U="; }; + ldflags = [ + "-s" "-w" "-X main.Version=${version}" + ]; + + nativeBuildInputs = [ installShellFiles ]; + + preInstall = '' + installManPage doc/*.1 + ''; + + doInstallCheck = true; + installCheckPhase = '' + if [[ "$("$out/bin/${pname}" --version)" == "${version}" ]]; then + echo '${pname} smoke check passed' + else + echo '${pname} smoke check failed' + return 1 + fi + ''; + meta = with lib; { homepage = "https://age-encryption.org/"; description = "Modern encryption tool with small explicit keys"; diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock index c0610480c723..f1671500fe43 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock +++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - bundler-audit (0.8.0) + bundler-audit (0.9.0.1) bundler (>= 1.2.0, < 3) thor (~> 1.0) thor (1.1.0) @@ -13,4 +13,4 @@ DEPENDENCIES bundler-audit BUNDLED WITH - 2.1.4 + 2.2.20 diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix index ff4d6da80691..a740f40e4073 100644 --- a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix +++ b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix @@ -5,10 +5,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "00l8rs7cna0j3yh4s9sza0r88x7kjc7j4gp9yl378422k7i0r73v"; + sha256 = "05k19l5388248rd74cn2lm2ksci7fzmga74n835v7k31m4kbzw8v"; type = "gem"; }; - version = "0.8.0"; + version = "0.9.0.1"; }; thor = { groups = ["default"]; diff --git a/nixpkgs/pkgs/tools/security/cfssl/default.nix b/nixpkgs/pkgs/tools/security/cfssl/default.nix index 1e95d1d6f2f9..4b4e6cedc5cd 100644 --- a/nixpkgs/pkgs/tools/security/cfssl/default.nix +++ b/nixpkgs/pkgs/tools/security/cfssl/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "cfssl"; - version = "1.6.0"; + version = "1.6.1"; src = fetchFromGitHub { owner = "cloudflare"; repo = "cfssl"; rev = "v${version}"; - sha256 = "sha256-29HEaW5LCoHcuJrfVUN2hnsRtaSTrvIBo8ok2UJbfuQ="; + sha256 = "sha256-QY04MecjQTmrkPkWcLkXJWErtaw7esb6GnPIKGTJL34="; }; subPackages = [ diff --git a/nixpkgs/pkgs/tools/security/cowpatty/default.nix b/nixpkgs/pkgs/tools/security/cowpatty/default.nix index 4cd420650f3b..934b31a35da6 100644 --- a/nixpkgs/pkgs/tools/security/cowpatty/default.nix +++ b/nixpkgs/pkgs/tools/security/cowpatty/default.nix @@ -1,26 +1,48 @@ -{ lib, stdenv, fetchurl, openssl, libpcap +{ lib +, stdenv +, clang +, fetchFromGitHub +, installShellFiles +, openssl +, libpcap }: -with lib; - stdenv.mkDerivation rec { pname = "cowpatty"; - version = "4.6"; - - buildInputs = [ openssl libpcap ]; + version = "4.8"; - src = fetchurl { - url = "http://www.willhackforsushi.com/code/cowpatty/${version}/${pname}-${version}.tgz"; - sha256 = "1hivh3bq2maxvqzwfw06fr7h8bbpvxzah6mpibh3wb85wl9w2gyd"; + src = fetchFromGitHub { + owner = "joswr1ght"; + repo = pname; + rev = version; + sha256 = "0fvwwghhd7wsx0lw2dj9rdsjnirawnq3c6silzvhi0yfnzn5fs0s"; }; - installPhase = "make DESTDIR=$out BINDIR=/bin install"; + nativeBuildInputs = [ + clang + installShellFiles + ]; + + buildInputs = [ + openssl + libpcap + ]; + + makeFlags = [ + "DESTDIR=$(out)" + "BINDIR=/bin" + ]; + + postInstall = '' + installManPage cowpatty.1 + installManPage genpmk.1 + ''; - meta = { + meta = with lib; { description = "Offline dictionary attack against WPA/WPA2 networks"; - license = licenses.gpl2; - homepage = "https://www.willhackforsushi.com/?page_id=50"; - maintainers = with maintainers; [ nico202 ]; + homepage = "https://github.com/joswr1ght/cowpatty"; + license = licenses.bsd3; + maintainers = with maintainers; [ nico202 fab ]; platforms = platforms.linux; }; } diff --git a/nixpkgs/pkgs/tools/security/credential-detector/default.nix b/nixpkgs/pkgs/tools/security/credential-detector/default.nix new file mode 100644 index 000000000000..1e3497b0ca0e --- /dev/null +++ b/nixpkgs/pkgs/tools/security/credential-detector/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "credential-detector"; + version = "1.7.0"; + + src = fetchFromGitHub { + owner = "ynori7"; + repo = pname; + rev = "v${version}"; + sha256 = "1g5ja32rsf1b7y9gvmy29qz2ymyyvgh53wzd6vvknfla1df0slab"; + }; + + vendorSha256 = "1mn3sysvdz4b94804gns1yssk2q08djq3kq3cd1h7gm942zwrnq4"; + + meta = with lib; { + description = "Tool to detect potentially hard-coded credentials"; + homepage = "https://github.com/ynori7/credential-detector"; + license = licenses.mit; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/dorkscout/default.nix b/nixpkgs/pkgs/tools/security/dorkscout/default.nix new file mode 100644 index 000000000000..27cc5a0d4e1b --- /dev/null +++ b/nixpkgs/pkgs/tools/security/dorkscout/default.nix @@ -0,0 +1,25 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "dorkscout"; + version = "1.0"; + + src = fetchFromGitHub { + owner = "R4yGM"; + repo = pname; + rev = version; + sha256 = "0h2m458jxdm3xg0h2vb8yq1jc28jqwinv1pdqypdsbvsz48s0hxz"; + }; + + vendorSha256 = "05vn9hd5r8cy45b3ixjch17v38p08k8di8gclq0i9rkz9bvy1nph"; + + meta = with lib; { + description = "Tool to automate the work with Google dorks"; + homepage = "https://github.com/R4yGM/dorkscout"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix index d2fda127e8c7..a84de966b6f4 100644 --- a/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix +++ b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix @@ -9,13 +9,13 @@ buildPythonApplication rec { pname = "enum4linux-ng"; - version = "1.0.1"; + version = "1.1.0"; src = fetchFromGitHub { owner = "cddmp"; repo = pname; rev = "v${version}"; - sha256 = "1j6qrhrzc4f9crbii4dpgxipngjh5icrhljxf26a7662dd4f7l8q"; + sha256 = "0fk6hzmvxb5y3nb41qr6dssxhdahkh5nxhbx480x42fhnqpssir5"; }; propagatedBuildInputs = [ diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix index b112627656b1..911592736801 100644 --- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix +++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2021-09-03"; + version = "2021-09-10"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; rev = version; - sha256 = "sha256-9roj5/DfbbN98jy/aO1Ua4pTMxgr4UbqXFicN2ONQgE="; + sha256 = "sha256-OU9IchkouABYw0k4O4WBLu1aklLCH/S90IPMPLOZWY0="; }; installPhase = '' diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix index b8878cbbb873..16e1013c7c01 100644 --- a/nixpkgs/pkgs/tools/security/gitleaks/default.nix +++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "gitleaks"; - version = "7.6.0"; + version = "7.6.1"; src = fetchFromGitHub { owner = "zricethezav"; repo = pname; rev = "v${version}"; - sha256 = "sha256-XRpbbtQiF9EnGMICjyXXm2XjuR0jGC7UiY+UHIAMODM="; + sha256 = "sha256-52Wi3bQvKdHoJ1nVb4OVJ9wd8hDVF+6zlVSpsEai0Jw="; }; vendorSha256 = "sha256-86PspExE+T/IuCvpf6LAkWcCRlHPqP5VUbHAckEzALc="; diff --git a/nixpkgs/pkgs/tools/security/kubescape/default.nix b/nixpkgs/pkgs/tools/security/kubescape/default.nix new file mode 100644 index 000000000000..d3113af0cd08 --- /dev/null +++ b/nixpkgs/pkgs/tools/security/kubescape/default.nix @@ -0,0 +1,28 @@ +{ lib +, buildGoModule +, fetchFromGitHub +}: + +buildGoModule rec { + pname = "kubescape"; + version = "1.0.64"; + + src = fetchFromGitHub { + owner = "armosec"; + repo = pname; + rev = "v${version}"; + sha256 = "0vc673w40cgjw6jxlwg9ggwzb7yvmsqshihms6ahspc3qiwz56ah"; + }; + + vendorSha256 = "18mvv70g65pq1c7nn752j26d0vasx6cl2rqp5g1hg3cb61hjbn0n"; + + # One test is failing, disabling for now + doCheck = false; + + meta = with lib; { + description = "Tool for testing if Kubernetes is deployed securely"; + homepage = "https://github.com/armosec/kubescape"; + license = licenses.asl20; + maintainers = with maintainers; [ fab ]; + }; +} diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix index cae010c5a19f..d02ac5503afd 100644 --- a/nixpkgs/pkgs/tools/security/nuclei/default.nix +++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "2.5.0"; + version = "2.5.1"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = pname; rev = "v${version}"; - sha256 = "sha256-6mZ8XstophadNk/3zJe2n3WL4u34jjnWh9m2qrt06hw="; + sha256 = "sha256-SdN8M3Mr3bywpBUwIVOIctYdkueq/0no4wlI7Ft8Uws="; }; - vendorSha256 = "sha256-tJ9cdZloTSXoytmMJ+6S5XAKHYs16SZmbUwZdmVnDzc="; + vendorSha256 = "sha256-Tz96AXGMyHNHG/3JrmZvisOEty/tDhoK1ZUngDSXOcc="; modRoot = "./v2"; subPackages = [ diff --git a/nixpkgs/pkgs/tools/security/quill/default.nix b/nixpkgs/pkgs/tools/security/quill/default.nix index 9440823f4292..9f5465901b17 100644 --- a/nixpkgs/pkgs/tools/security/quill/default.nix +++ b/nixpkgs/pkgs/tools/security/quill/default.nix @@ -2,13 +2,13 @@ rustPlatform.buildRustPackage rec { pname = "quill"; - version = "0.2.4"; + version = "0.2.5"; src = fetchFromGitHub { owner = "dfinity"; repo = "quill"; rev = "v${version}"; - sha256 = "sha256-rR5VgdlJy6TQBmCHuKc7nPjznbeLjCmQdUJKjY0GsNI="; + sha256 = "sha256-lvINDtOG2mmz0ESxL11DQVZh3IcEiZYYMu5oN5Q9WKA="; }; ic = fetchFromGitHub { @@ -30,7 +30,7 @@ rustPlatform.buildRustPackage rec { export OPENSSL_LIB_DIR=${openssl.out}/lib ''; - cargoSha256 = "sha256-nLNuOqShOq01gVWoRCbsvfAd7B9VClUA8Hu8/UQNILg="; + cargoSha256 = "sha256-F2RMfHVFqCq9cb+9bjPWaRcQWKYIwwffWCssoQ6sSdU="; nativeBuildInputs = [ pkg-config protobuf ]; buildInputs = [ openssl ] diff --git a/nixpkgs/pkgs/tools/security/scilla/default.nix b/nixpkgs/pkgs/tools/security/scilla/default.nix index 1983aef17265..791792195830 100644 --- a/nixpkgs/pkgs/tools/security/scilla/default.nix +++ b/nixpkgs/pkgs/tools/security/scilla/default.nix @@ -5,17 +5,16 @@ buildGoModule rec { pname = "scilla"; - version = "20210118-${lib.strings.substring 0 7 rev}"; - rev = "74dd81492fef92b95765df1d0f629276a146a5a4"; + version = "1.1.1"; src = fetchFromGitHub { owner = "edoardottt"; repo = pname; - inherit rev; - sha256 = "10qvaigfarljydfb9vx2fb9nk293j4g9w2h9mr8xw6adbvl0qr9q"; + rev = "v${version}"; + sha256 = "sha256-xg8qnpYRdSGaFkjmQLbjMFIU419ASEHtFA8h8ads/50="; }; - vendorSha256 = "04wqsl4269gc3r6l9srqhcq19zarnyyab8k1shj3w6lkfcc61z25"; + vendorSha256 = "sha256-PFfzlqBuasTNeCNnu5GiGyQzBQkbe83q1EqCsWTor18="; meta = with lib; { description = "Information gathering tool for DNS, ports and more"; diff --git a/nixpkgs/pkgs/tools/security/sn0int/default.nix b/nixpkgs/pkgs/tools/security/sn0int/default.nix index 43a390104413..bdcfe6e28bac 100644 --- a/nixpkgs/pkgs/tools/security/sn0int/default.nix +++ b/nixpkgs/pkgs/tools/security/sn0int/default.nix @@ -9,16 +9,16 @@ rustPlatform.buildRustPackage rec { pname = "sn0int"; - version = "0.21.2"; + version = "0.22.0"; src = fetchFromGitHub { owner = "kpcyrd"; repo = pname; rev = "v${version}"; - sha256 = "sha256-BKdi/o/A0fJBlcKTDTCX7uGkK6QR0S9hIn0DI3CN5Gg="; + sha256 = "sha256-0BadgWZhP73WOVO18jtcdhsM0L7AM0TQ3PF7MNJM7M0="; }; - cargoSha256 = "sha256-MeMTXwb5v4iUJQSViOraXAck7n6VlIW2Qa0qNUZWu1g="; + cargoSha256 = "sha256-KYrJIOaFX2wTDj4KeHn3d8wBHfVevCKQK/bDglfLWAU="; nativeBuildInputs = [ pkg-config diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix index 9b645dcba927..85501ff18e6e 100644 --- a/nixpkgs/pkgs/tools/security/step-ca/default.nix +++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix @@ -42,10 +42,9 @@ buildGoModule rec { install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service ''; - # Tests fail on darwin with - # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered] - # probably some sandboxing issue - doCheck = stdenv.isLinux; + # Tests start http servers which need to bind to local addresses: + # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted + __darwinAllowLocalNetworking = true; meta = with lib; { description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH"; |