about summary refs log tree commit diff
path: root/nixpkgs/pkgs/tools/security
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/tools/security')
-rw-r--r--nixpkgs/pkgs/tools/security/age/default.nix28
-rw-r--r--nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock4
-rw-r--r--nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/cfssl/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/cowpatty/default.nix50
-rw-r--r--nixpkgs/pkgs/tools/security/credential-detector/default.nix25
-rw-r--r--nixpkgs/pkgs/tools/security/dorkscout/default.nix25
-rw-r--r--nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/exploitdb/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/gitleaks/default.nix4
-rw-r--r--nixpkgs/pkgs/tools/security/kubescape/default.nix28
-rw-r--r--nixpkgs/pkgs/tools/security/nuclei/default.nix6
-rw-r--r--nixpkgs/pkgs/tools/security/quill/default.nix6
-rw-r--r--nixpkgs/pkgs/tools/security/scilla/default.nix9
-rw-r--r--nixpkgs/pkgs/tools/security/sn0int/default.nix6
-rw-r--r--nixpkgs/pkgs/tools/security/step-ca/default.nix7
16 files changed, 166 insertions, 48 deletions
diff --git a/nixpkgs/pkgs/tools/security/age/default.nix b/nixpkgs/pkgs/tools/security/age/default.nix
index 20735c6e5782..fd59f9534fe7 100644
--- a/nixpkgs/pkgs/tools/security/age/default.nix
+++ b/nixpkgs/pkgs/tools/security/age/default.nix
@@ -1,17 +1,37 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
 
 buildGoModule rec {
   pname = "age";
-  version = "1.0.0-rc.3";
-  vendorSha256 = "sha256-sXUbfxhPmJXO+KgV/dmWmsyV49Pb6CoJLbt50yVgEvI=";
+  version = "1.0.0";
+  vendorSha256 = "sha256-cnFDs5Qos1KHn7TqaEgmt4sSzpjZor615euwxka14mY=";
 
   src = fetchFromGitHub {
     owner = "FiloSottile";
     repo = "age";
     rev = "v${version}";
-    sha256 = "sha256-YXdCTK9/eMvcHWg7gQQiPlLWYx2OjbOJDDNdSYO09HU=";
+    sha256 = "sha256-MfyW8Yv8swKqA7Hl45l5Zn4wZrQmE661eHsKIywy36U=";
   };
 
+  ldflags = [
+    "-s" "-w" "-X main.Version=${version}"
+  ];
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  preInstall = ''
+    installManPage doc/*.1
+  '';
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    if [[ "$("$out/bin/${pname}" --version)" == "${version}" ]]; then
+      echo '${pname} smoke check passed'
+    else
+      echo '${pname} smoke check failed'
+      return 1
+    fi
+  '';
+
   meta = with lib; {
     homepage = "https://age-encryption.org/";
     description = "Modern encryption tool with small explicit keys";
diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock
index c0610480c723..f1671500fe43 100644
--- a/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock
+++ b/nixpkgs/pkgs/tools/security/bundler-audit/Gemfile.lock
@@ -1,7 +1,7 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    bundler-audit (0.8.0)
+    bundler-audit (0.9.0.1)
       bundler (>= 1.2.0, < 3)
       thor (~> 1.0)
     thor (1.1.0)
@@ -13,4 +13,4 @@ DEPENDENCIES
   bundler-audit
 
 BUNDLED WITH
-   2.1.4
+   2.2.20
diff --git a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix
index ff4d6da80691..a740f40e4073 100644
--- a/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix
+++ b/nixpkgs/pkgs/tools/security/bundler-audit/gemset.nix
@@ -5,10 +5,10 @@
     platforms = [];
     source = {
       remotes = ["https://rubygems.org"];
-      sha256 = "00l8rs7cna0j3yh4s9sza0r88x7kjc7j4gp9yl378422k7i0r73v";
+      sha256 = "05k19l5388248rd74cn2lm2ksci7fzmga74n835v7k31m4kbzw8v";
       type = "gem";
     };
-    version = "0.8.0";
+    version = "0.9.0.1";
   };
   thor = {
     groups = ["default"];
diff --git a/nixpkgs/pkgs/tools/security/cfssl/default.nix b/nixpkgs/pkgs/tools/security/cfssl/default.nix
index 1e95d1d6f2f9..4b4e6cedc5cd 100644
--- a/nixpkgs/pkgs/tools/security/cfssl/default.nix
+++ b/nixpkgs/pkgs/tools/security/cfssl/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "cfssl";
-  version = "1.6.0";
+  version = "1.6.1";
 
   src = fetchFromGitHub {
     owner = "cloudflare";
     repo = "cfssl";
     rev = "v${version}";
-    sha256 = "sha256-29HEaW5LCoHcuJrfVUN2hnsRtaSTrvIBo8ok2UJbfuQ=";
+    sha256 = "sha256-QY04MecjQTmrkPkWcLkXJWErtaw7esb6GnPIKGTJL34=";
   };
 
   subPackages = [
diff --git a/nixpkgs/pkgs/tools/security/cowpatty/default.nix b/nixpkgs/pkgs/tools/security/cowpatty/default.nix
index 4cd420650f3b..934b31a35da6 100644
--- a/nixpkgs/pkgs/tools/security/cowpatty/default.nix
+++ b/nixpkgs/pkgs/tools/security/cowpatty/default.nix
@@ -1,26 +1,48 @@
-{ lib, stdenv, fetchurl, openssl, libpcap
+{ lib
+, stdenv
+, clang
+, fetchFromGitHub
+, installShellFiles
+, openssl
+, libpcap
 }:
 
-with lib;
-
 stdenv.mkDerivation rec {
   pname = "cowpatty";
-  version = "4.6";
-
-  buildInputs = [ openssl libpcap ];
+  version = "4.8";
 
-  src = fetchurl {
-    url = "http://www.willhackforsushi.com/code/cowpatty/${version}/${pname}-${version}.tgz";
-    sha256 = "1hivh3bq2maxvqzwfw06fr7h8bbpvxzah6mpibh3wb85wl9w2gyd";
+  src = fetchFromGitHub {
+    owner = "joswr1ght";
+    repo = pname;
+    rev = version;
+    sha256 = "0fvwwghhd7wsx0lw2dj9rdsjnirawnq3c6silzvhi0yfnzn5fs0s";
   };
 
-  installPhase = "make DESTDIR=$out BINDIR=/bin install";
+  nativeBuildInputs = [
+    clang
+    installShellFiles
+  ];
+
+  buildInputs = [
+    openssl
+    libpcap
+  ];
+
+  makeFlags = [
+    "DESTDIR=$(out)"
+    "BINDIR=/bin"
+  ];
+
+  postInstall = ''
+    installManPage cowpatty.1
+    installManPage genpmk.1
+  '';
 
-  meta = {
+  meta = with lib; {
     description = "Offline dictionary attack against WPA/WPA2 networks";
-    license = licenses.gpl2;
-    homepage = "https://www.willhackforsushi.com/?page_id=50";
-    maintainers = with maintainers; [ nico202 ];
+    homepage = "https://github.com/joswr1ght/cowpatty";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ nico202 fab ];
     platforms = platforms.linux;
   };
 }
diff --git a/nixpkgs/pkgs/tools/security/credential-detector/default.nix b/nixpkgs/pkgs/tools/security/credential-detector/default.nix
new file mode 100644
index 000000000000..1e3497b0ca0e
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/credential-detector/default.nix
@@ -0,0 +1,25 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "credential-detector";
+  version = "1.7.0";
+
+  src = fetchFromGitHub {
+    owner = "ynori7";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "1g5ja32rsf1b7y9gvmy29qz2ymyyvgh53wzd6vvknfla1df0slab";
+  };
+
+  vendorSha256 = "1mn3sysvdz4b94804gns1yssk2q08djq3kq3cd1h7gm942zwrnq4";
+
+  meta = with lib; {
+    description = "Tool to detect potentially hard-coded credentials";
+    homepage = "https://github.com/ynori7/credential-detector";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/nixpkgs/pkgs/tools/security/dorkscout/default.nix b/nixpkgs/pkgs/tools/security/dorkscout/default.nix
new file mode 100644
index 000000000000..27cc5a0d4e1b
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/dorkscout/default.nix
@@ -0,0 +1,25 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "dorkscout";
+  version = "1.0";
+
+  src = fetchFromGitHub {
+    owner = "R4yGM";
+    repo = pname;
+    rev = version;
+    sha256 = "0h2m458jxdm3xg0h2vb8yq1jc28jqwinv1pdqypdsbvsz48s0hxz";
+  };
+
+  vendorSha256 = "05vn9hd5r8cy45b3ixjch17v38p08k8di8gclq0i9rkz9bvy1nph";
+
+  meta = with lib; {
+    description = "Tool to automate the work with Google dorks";
+    homepage = "https://github.com/R4yGM/dorkscout";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix
index d2fda127e8c7..a84de966b6f4 100644
--- a/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix
+++ b/nixpkgs/pkgs/tools/security/enum4linux-ng/default.nix
@@ -9,13 +9,13 @@
 
 buildPythonApplication rec {
   pname = "enum4linux-ng";
-  version = "1.0.1";
+  version = "1.1.0";
 
   src = fetchFromGitHub {
     owner = "cddmp";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1j6qrhrzc4f9crbii4dpgxipngjh5icrhljxf26a7662dd4f7l8q";
+    sha256 = "0fk6hzmvxb5y3nb41qr6dssxhdahkh5nxhbx480x42fhnqpssir5";
   };
 
   propagatedBuildInputs = [
diff --git a/nixpkgs/pkgs/tools/security/exploitdb/default.nix b/nixpkgs/pkgs/tools/security/exploitdb/default.nix
index b112627656b1..911592736801 100644
--- a/nixpkgs/pkgs/tools/security/exploitdb/default.nix
+++ b/nixpkgs/pkgs/tools/security/exploitdb/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "exploitdb";
-  version = "2021-09-03";
+  version = "2021-09-10";
 
   src = fetchFromGitHub {
     owner = "offensive-security";
     repo = pname;
     rev = version;
-    sha256 = "sha256-9roj5/DfbbN98jy/aO1Ua4pTMxgr4UbqXFicN2ONQgE=";
+    sha256 = "sha256-OU9IchkouABYw0k4O4WBLu1aklLCH/S90IPMPLOZWY0=";
   };
 
   installPhase = ''
diff --git a/nixpkgs/pkgs/tools/security/gitleaks/default.nix b/nixpkgs/pkgs/tools/security/gitleaks/default.nix
index b8878cbbb873..16e1013c7c01 100644
--- a/nixpkgs/pkgs/tools/security/gitleaks/default.nix
+++ b/nixpkgs/pkgs/tools/security/gitleaks/default.nix
@@ -5,13 +5,13 @@
 
 buildGoModule rec {
   pname = "gitleaks";
-  version = "7.6.0";
+  version = "7.6.1";
 
   src = fetchFromGitHub {
     owner = "zricethezav";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-XRpbbtQiF9EnGMICjyXXm2XjuR0jGC7UiY+UHIAMODM=";
+    sha256 = "sha256-52Wi3bQvKdHoJ1nVb4OVJ9wd8hDVF+6zlVSpsEai0Jw=";
   };
 
   vendorSha256 = "sha256-86PspExE+T/IuCvpf6LAkWcCRlHPqP5VUbHAckEzALc=";
diff --git a/nixpkgs/pkgs/tools/security/kubescape/default.nix b/nixpkgs/pkgs/tools/security/kubescape/default.nix
new file mode 100644
index 000000000000..d3113af0cd08
--- /dev/null
+++ b/nixpkgs/pkgs/tools/security/kubescape/default.nix
@@ -0,0 +1,28 @@
+{ lib
+, buildGoModule
+, fetchFromGitHub
+}:
+
+buildGoModule rec {
+  pname = "kubescape";
+  version = "1.0.64";
+
+  src = fetchFromGitHub {
+    owner = "armosec";
+    repo = pname;
+    rev = "v${version}";
+    sha256 = "0vc673w40cgjw6jxlwg9ggwzb7yvmsqshihms6ahspc3qiwz56ah";
+  };
+
+  vendorSha256 = "18mvv70g65pq1c7nn752j26d0vasx6cl2rqp5g1hg3cb61hjbn0n";
+
+  # One test is failing, disabling for now
+  doCheck = false;
+
+  meta = with lib; {
+    description = "Tool for testing if Kubernetes is deployed securely";
+    homepage = "https://github.com/armosec/kubescape";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/nixpkgs/pkgs/tools/security/nuclei/default.nix b/nixpkgs/pkgs/tools/security/nuclei/default.nix
index cae010c5a19f..d02ac5503afd 100644
--- a/nixpkgs/pkgs/tools/security/nuclei/default.nix
+++ b/nixpkgs/pkgs/tools/security/nuclei/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "nuclei";
-  version = "2.5.0";
+  version = "2.5.1";
 
   src = fetchFromGitHub {
     owner = "projectdiscovery";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-6mZ8XstophadNk/3zJe2n3WL4u34jjnWh9m2qrt06hw=";
+    sha256 = "sha256-SdN8M3Mr3bywpBUwIVOIctYdkueq/0no4wlI7Ft8Uws=";
   };
 
-  vendorSha256 = "sha256-tJ9cdZloTSXoytmMJ+6S5XAKHYs16SZmbUwZdmVnDzc=";
+  vendorSha256 = "sha256-Tz96AXGMyHNHG/3JrmZvisOEty/tDhoK1ZUngDSXOcc=";
 
   modRoot = "./v2";
   subPackages = [
diff --git a/nixpkgs/pkgs/tools/security/quill/default.nix b/nixpkgs/pkgs/tools/security/quill/default.nix
index 9440823f4292..9f5465901b17 100644
--- a/nixpkgs/pkgs/tools/security/quill/default.nix
+++ b/nixpkgs/pkgs/tools/security/quill/default.nix
@@ -2,13 +2,13 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "quill";
-  version = "0.2.4";
+  version = "0.2.5";
 
   src = fetchFromGitHub {
     owner = "dfinity";
     repo = "quill";
     rev = "v${version}";
-    sha256 = "sha256-rR5VgdlJy6TQBmCHuKc7nPjznbeLjCmQdUJKjY0GsNI=";
+    sha256 = "sha256-lvINDtOG2mmz0ESxL11DQVZh3IcEiZYYMu5oN5Q9WKA=";
   };
 
   ic = fetchFromGitHub {
@@ -30,7 +30,7 @@ rustPlatform.buildRustPackage rec {
     export OPENSSL_LIB_DIR=${openssl.out}/lib
   '';
 
-  cargoSha256 = "sha256-nLNuOqShOq01gVWoRCbsvfAd7B9VClUA8Hu8/UQNILg=";
+  cargoSha256 = "sha256-F2RMfHVFqCq9cb+9bjPWaRcQWKYIwwffWCssoQ6sSdU=";
 
   nativeBuildInputs = [ pkg-config protobuf ];
   buildInputs = [ openssl ]
diff --git a/nixpkgs/pkgs/tools/security/scilla/default.nix b/nixpkgs/pkgs/tools/security/scilla/default.nix
index 1983aef17265..791792195830 100644
--- a/nixpkgs/pkgs/tools/security/scilla/default.nix
+++ b/nixpkgs/pkgs/tools/security/scilla/default.nix
@@ -5,17 +5,16 @@
 
 buildGoModule rec {
   pname = "scilla";
-  version = "20210118-${lib.strings.substring 0 7 rev}";
-  rev = "74dd81492fef92b95765df1d0f629276a146a5a4";
+  version = "1.1.1";
 
   src = fetchFromGitHub {
     owner = "edoardottt";
     repo = pname;
-    inherit rev;
-    sha256 = "10qvaigfarljydfb9vx2fb9nk293j4g9w2h9mr8xw6adbvl0qr9q";
+    rev = "v${version}";
+    sha256 = "sha256-xg8qnpYRdSGaFkjmQLbjMFIU419ASEHtFA8h8ads/50=";
   };
 
-  vendorSha256 = "04wqsl4269gc3r6l9srqhcq19zarnyyab8k1shj3w6lkfcc61z25";
+  vendorSha256 = "sha256-PFfzlqBuasTNeCNnu5GiGyQzBQkbe83q1EqCsWTor18=";
 
   meta = with lib; {
     description = "Information gathering tool for DNS, ports and more";
diff --git a/nixpkgs/pkgs/tools/security/sn0int/default.nix b/nixpkgs/pkgs/tools/security/sn0int/default.nix
index 43a390104413..bdcfe6e28bac 100644
--- a/nixpkgs/pkgs/tools/security/sn0int/default.nix
+++ b/nixpkgs/pkgs/tools/security/sn0int/default.nix
@@ -9,16 +9,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "sn0int";
-  version = "0.21.2";
+  version = "0.22.0";
 
   src = fetchFromGitHub {
     owner = "kpcyrd";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-BKdi/o/A0fJBlcKTDTCX7uGkK6QR0S9hIn0DI3CN5Gg=";
+    sha256 = "sha256-0BadgWZhP73WOVO18jtcdhsM0L7AM0TQ3PF7MNJM7M0=";
   };
 
-  cargoSha256 = "sha256-MeMTXwb5v4iUJQSViOraXAck7n6VlIW2Qa0qNUZWu1g=";
+  cargoSha256 = "sha256-KYrJIOaFX2wTDj4KeHn3d8wBHfVevCKQK/bDglfLWAU=";
 
   nativeBuildInputs = [
     pkg-config
diff --git a/nixpkgs/pkgs/tools/security/step-ca/default.nix b/nixpkgs/pkgs/tools/security/step-ca/default.nix
index 9b645dcba927..85501ff18e6e 100644
--- a/nixpkgs/pkgs/tools/security/step-ca/default.nix
+++ b/nixpkgs/pkgs/tools/security/step-ca/default.nix
@@ -42,10 +42,9 @@ buildGoModule rec {
     install -Dm444 -t $out/lib/systemd/system systemd/step-ca.service
   '';
 
-  # Tests fail on darwin with
-  # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted [recovered]
-  # probably some sandboxing issue
-  doCheck = stdenv.isLinux;
+  # Tests start http servers which need to bind to local addresses:
+  # panic: httptest: failed to listen on a port: listen tcp6 [::1]:0: bind: operation not permitted
+  __darwinAllowLocalNetworking = true;
 
   meta = with lib; {
     description = "A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 02:36:28 +0000