1 files changed, 43 insertions, 0 deletions

diff --git a/pkgs/tools/security/cipherscan/default.nix b/pkgs/tools/security/cipherscan/default.nix
new file mode 100644
index 000000000000..e75b53b257d1
--- /dev/null
+++ b/pkgs/tools/security/cipherscan/default.nix
@@ -0,0 +1,43 @@
+{ stdenv, lib, fetchFromGitHub, pkgconfig, openssl, makeWrapper, python, coreutils }:
+
+stdenv.mkDerivation rec {
+  name = "cipherscan-${version}";
+  version = "2015-12-17";
+  src = fetchFromGitHub {
+    owner = "jvehent";
+    repo = "cipherscan";
+    rev = "18b0d1b952d027d20e38f07329817873ec077d26";
+    sha256 = "0b6fkfm2y8w04am4krspmapcc5ngn603n5rlwyjly92z2dawc7h8";
+  };
+  buildInputs = [ makeWrapper python ];
+  patches = [ ./path.patch ];
+  buildPhase = ''
+    substituteInPlace cipherscan \
+      --replace "@OPENSSLBIN@" \
+                "${openssl}/bin/openssl" \
+      --replace "@TIMEOUTBIN@" \
+                "${coreutils}/bin/timeout" \
+      --replace "@READLINKBIN@" \
+                "${coreutils}/bin/readlink"
+
+    substituteInPlace analyze.py \
+      --replace "@OPENSSLBIN@" \
+                "${openssl}/bin/openssl"
+  '';
+  installPhase = ''
+    mkdir -p $out/bin
+
+    cp cipherscan $out/bin
+    cp openssl.cnf $out/bin
+    cp analyze.py $out/bin
+
+    wrapProgram $out/bin/analyze.py --set PYTHONPATH "$PYTHONPATH"
+  '';
+  meta = with lib; {
+    description = "Very simple way to find out which SSL ciphersuites are supported by a target";
+    homepage = "https://github.com/jvehent/cipherscan";
+    license = licenses.mpl;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ cstrahan ];
+  };
+}