diff options
author | Frederik Rietdijk <fridh@fridh.nl> | 2019-05-25 12:38:00 +0200 |
---|---|---|
committer | Frederik Rietdijk <fridh@fridh.nl> | 2019-05-25 12:38:00 +0200 |
commit | b2ab860db3996f28236c9ed92f08831dd6c6c5ef (patch) | |
tree | 750213b30b0ba839b1bef5116695df92976a2032 /pkgs/tools/security | |
parent | dae72e7e7dab5ae89d382471f4cccb888a5458e9 (diff) | |
parent | fa05f332ebdf880abf147ad481288b704deb1367 (diff) |
Merge master into staging-next
Diffstat (limited to 'pkgs/tools/security')
-rw-r--r-- | pkgs/tools/security/dnsenum/default.nix | 31 | ||||
-rw-r--r-- | pkgs/tools/security/dnsrecon/default.nix | 44 | ||||
-rw-r--r-- | pkgs/tools/security/fierce/default.nix | 23 | ||||
-rw-r--r-- | pkgs/tools/security/fprintd/default.nix | 12 | ||||
-rw-r--r-- | pkgs/tools/security/libmodsecurity/default.nix | 10 | ||||
-rw-r--r-- | pkgs/tools/security/monkeysphere/default.nix | 12 | ||||
-rw-r--r-- | pkgs/tools/security/monkeysphere/monkeysphere.patch | 21 | ||||
-rw-r--r-- | pkgs/tools/security/nmap/default.nix | 14 | ||||
-rw-r--r-- | pkgs/tools/security/opensc/default.nix | 19 | ||||
-rw-r--r-- | pkgs/tools/security/passff-host/default.nix | 9 | ||||
-rw-r--r-- | pkgs/tools/security/theharvester/default.nix | 13 |
11 files changed, 154 insertions, 54 deletions
diff --git a/pkgs/tools/security/dnsenum/default.nix b/pkgs/tools/security/dnsenum/default.nix new file mode 100644 index 000000000000..d764e8a71ae6 --- /dev/null +++ b/pkgs/tools/security/dnsenum/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + pname = "dnsenum"; + version = "1.2.4.2"; + + src = fetchFromGitHub { + owner = "fwaeytens"; + repo = pname; + rev = version; + sha256 = "1bg1ljv6klic13wq4r53bg6inhc74kqwm3w210865b1v1n8wj60v"; + }; + + propagatedBuildInputs = with perlPackages; [ + perl NetDNS NetIP NetNetmask StringRandom XMLWriter NetWhoisIP WWWMechanize + ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + install -vD dnsenum.pl $out/bin/dnsenum + install -vD dns.txt -t $out/share + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/fwaeytens/dnsenum"; + description = "A tool to enumerate DNS information"; + maintainers = with maintainers; [ c0bw3b globin ]; + license = licenses.gpl2Plus; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/security/dnsrecon/default.nix b/pkgs/tools/security/dnsrecon/default.nix new file mode 100644 index 000000000000..06270723f4d0 --- /dev/null +++ b/pkgs/tools/security/dnsrecon/default.nix @@ -0,0 +1,44 @@ +{ stdenv, fetchFromGitHub, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "dnsrecon"; + version = "0.9.1"; + + src = fetchFromGitHub { + owner = "darkoperator"; + repo = pname; + rev = version; + sha256 = "1ysf8wx287psfk89r0i2vgnrjvxdj44s6nhf6sva59jbwvr9lghy"; + }; + + format = "other"; + + pythonPath = with python3.pkgs; [ + dns netaddr lxml + ]; + + postPatch = '' + substituteInPlace dnsrecon.py \ + --replace "namelist.txt" "../share/namelist.txt" \ + --replace "0.9.0" "${version}" + ''; + + installPhase = '' + runHook preInstall + + install -vD dnsrecon.py $out/bin/dnsrecon + install -vD namelist.txt subdomains-*.txt -t $out/share + install -vd $out/${python3.sitePackages}/ + cp -R lib tools msf_plugin $out/${python3.sitePackages} + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "DNS Enumeration Script"; + homepage = "https://github.com/darkoperator/dnsrecon"; + license = licenses.gpl2; + platforms = platforms.all; + maintainers = with maintainers; [ c0bw3b globin ]; + }; +} diff --git a/pkgs/tools/security/fierce/default.nix b/pkgs/tools/security/fierce/default.nix new file mode 100644 index 000000000000..abc1bacd212b --- /dev/null +++ b/pkgs/tools/security/fierce/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchFromGitHub, python3 }: + +python3.pkgs.buildPythonApplication rec { + pname = "fierce"; + version = "1.3.0"; + + src = fetchFromGitHub { + owner = "mschwager"; + repo = pname; + rev = version; + sha256 = "0cdp9rpabazyfnks30rsf3qfdi40z1bkspxk4ds9bm82kpq33jxy"; + }; + + propagatedBuildInputs = [ python3.pkgs.dns ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/mschwager/fierce"; + description = "DNS reconnaissance tool for locating non-contiguous IP space"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ c0bw3b globin ]; + platforms = platforms.all; + }; +} diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix index 65eec89a09fc..b43be1a69240 100644 --- a/pkgs/tools/security/fprintd/default.nix +++ b/pkgs/tools/security/fprintd/default.nix @@ -1,8 +1,9 @@ -{ stdenv, fetchurl, pkgconfig, intltool -, libfprint, glib, dbus-glib, polkit, nss, pam, systemd }: +{ thinkpad ? false +, stdenv, fetchurl, pkgconfig, intltool, libfprint-thinkpad ? null +, libfprint ? null, glib, dbus-glib, polkit, nss, pam, systemd }: stdenv.mkDerivation rec { - name = "fprintd-${version}"; + pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad"; version = "0.8.1"; src = fetchurl { @@ -10,7 +11,10 @@ stdenv.mkDerivation rec { sha256 = "124s0g9syvglgsmqnavp2a8c0zcq8cyaph8p8iyvbla11vfizs9l"; }; - buildInputs = [ libfprint glib dbus-glib polkit nss pam systemd ]; + buildInputs = [ glib dbus-glib polkit nss pam systemd ] + ++ stdenv.lib.optional thinkpad libfprint-thinkpad + ++ stdenv.lib.optional (!thinkpad) libfprint; + nativeBuildInputs = [ pkgconfig intltool ]; configureFlags = [ "--with-systemdsystemunitdir=$(out)/lib/systemd/system" "--localstatedir=/var" ]; diff --git a/pkgs/tools/security/libmodsecurity/default.nix b/pkgs/tools/security/libmodsecurity/default.nix index 3bf906fb4c12..b3dc1270fb9c 100644 --- a/pkgs/tools/security/libmodsecurity/default.nix +++ b/pkgs/tools/security/libmodsecurity/default.nix @@ -4,19 +4,19 @@ stdenv.mkDerivation rec { name = "libmodsecurity-${version}"; - version = "3.0.2"; + version = "3.0.3"; src = fetchFromGitHub { owner = "SpiderLabs"; repo = "ModSecurity"; fetchSubmodules = true; rev = "v${version}"; - sha256 = "0jhyqsvcjxq9ybndcinc08awknrg3sbkaby5w3qw03aqbfjkpywc"; + sha256 = "00g2407g2679zv73q67zd50z0f1g1ij734ssv2pp77z4chn5dzib"; }; - nativeBuildInputs = [ autoreconfHook pkgconfig ]; + nativeBuildInputs = [ autoreconfHook pkgconfig doxygen ]; - buildInputs = [ doxygen perl valgrind curl geoip libxml2 lmdb lua pcre yajl]; + buildInputs = [ perl valgrind curl geoip libxml2 lmdb lua pcre yajl ]; configureFlags = [ "--enable-static" @@ -26,6 +26,8 @@ stdenv.mkDerivation rec { "--with-yajl=${yajl}" ]; + enableParallelBuilding = true; + meta = with stdenv.lib; { description = '' ModSecurity v3 library component. diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix index af507dbf993b..ed1cda8030f2 100644 --- a/pkgs/tools/security/monkeysphere/default.nix +++ b/pkgs/tools/security/monkeysphere/default.nix @@ -2,7 +2,7 @@ , perl, libassuan, libgcrypt , perlPackages, lockfileProgs, gnupg, coreutils # For the tests: -, bash, openssh, which, socat, cpio, hexdump, openssl +, bash, openssh, which, socat, cpio, hexdump, procps, openssl }: let @@ -14,14 +14,14 @@ let }); in stdenv.mkDerivation rec { name = "monkeysphere-${version}"; - version = "0.43"; + version = "0.44"; # The patched OpenSSH binary MUST NOT be used (except in the check phase): disallowedRequisites = [ opensshUnsafe ]; src = fetchurl { url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz"; - sha256 = "18i7qpvp5qb7mmd0z5rqai550rya9l3nbsq2hamwkl3smqsjdqc0"; + sha256 = "1ah7hy8r9gj96pni8azzjb85454qky5l17m3pqn37854l6grgika"; }; patches = [ ./monkeysphere.patch ]; @@ -33,7 +33,7 @@ in stdenv.mkDerivation rec { nativeBuildInputs = [ makeWrapper ]; buildInputs = [ perl libassuan libgcrypt ] ++ stdenv.lib.optional doCheck - ([ gnupg opensshUnsafe which socat cpio hexdump lockfileProgs ] ++ + ([ gnupg opensshUnsafe which socat cpio hexdump procps lockfileProgs ] ++ (with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ])); makeFlags = '' @@ -60,7 +60,7 @@ in stdenv.mkDerivation rec { postFixup = let wrapperArgs = runtimeDeps: "--prefix PERL5LIB : " - + (with perlPackages; makePerlPath [ + + (with perlPackages; makePerlPath [ # Optional (only required for keytrans) CryptOpenSSLRSA CryptOpenSSLBignum ]) @@ -73,7 +73,7 @@ in stdenv.mkDerivation rec { (wrapMonkeysphere runtimeDeps) programs; in wrapPrograms [ gnupg ] [ "monkeysphere-authentication" "monkeysphere-host" ] - + wrapPrograms [ lockfileProgs ] [ "monkeysphere" ] + + wrapPrograms [ gnupg lockfileProgs ] [ "monkeysphere" ] + '' # These 4 programs depend on the program name ($0): for program in openpgp2pem openpgp2spki openpgp2ssh pem2openpgp; do diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch index 0a05635d6a80..8cdd85017b93 100644 --- a/pkgs/tools/security/monkeysphere/monkeysphere.patch +++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch @@ -10,15 +10,6 @@ diff --git a/Makefile b/Makefile -e 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' \ -e 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):' -diff --git a/src/share/checkperms b/src/share/checkperms ---- a/src/share/checkperms -+++ b/src/share/checkperms -@@ -1,4 +1,4 @@ --#!/usr/bin/perl -T -+#!/usr/bin/perl - - # checkperms: ensure as best we can that a given file can only be - # modified by the given user (or the superuser, naturally). This diff --git a/src/share/keytrans b/src/share/keytrans --- a/src/share/keytrans +++ b/src/share/keytrans @@ -28,17 +19,5 @@ diff --git a/src/share/keytrans b/src/share/keytrans # keytrans: this is an RSA key translation utility; it is capable of # transforming RSA keys (both public keys and secret keys) between -diff --git a/tests/basic b/tests/basic ---- a/tests/basic -+++ b/tests/basic -@@ -343,7 +340,7 @@ if [ "$MONKEYSPHERE_TEST_USE_ED25519" = true ]; then - echo "### generating ed25519 key for testuser..." - # from the imported secret key - USER_FPR=8A4B353B4CBA6F30625498BAE00B5EEEBA79B482 -- gpg --quick-add-key "$USER_FPR" ed25519 auth 2d -+ gpg --no-tty --quick-add-key "$USER_FPR" ed25519 auth 2d - else - echo "### generating standard monkeysphere key for testuser..." - monkeysphere gen-subkey -- 2.16.3 diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix index bd5930909659..3bc5758aad44 100644 --- a/pkgs/tools/security/nmap/default.nix +++ b/pkgs/tools/security/nmap/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, libpcap, pkgconfig, openssl, lua5_3 +{ stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3 , graphicalSupport ? false , libX11 ? null , gtk2 ? null @@ -27,7 +27,17 @@ in stdenv.mkDerivation rec { sha256 = "063fg8adx23l4irrh5kn57hsmi1xvjkar4vm4k6g94ppan4hcyw4"; }; - patches = ./zenmap.patch; + patches = [ ./zenmap.patch ] + ++ optionals stdenv.cc.isClang [( + # Fixes a compile error due an ambiguous reference to bind(2) in + # nping/EchoServer.cc, which is otherwise resolved to std::bind. + # Also fixes a missing include. + # https://github.com/nmap/nmap/pull/1363 + fetchpatch { + url = "https://github.com/nmap/nmap/commit/5bbe66f1bd8cbd3718f5805139e2e8139e6849bb.diff"; + sha256 = "088r8ylpc9hachsxs4r17cqfa1ncyspbjvkc573lill7rk1r9m0s"; + } + )]; prePatch = optionalString stdenv.isDarwin '' substituteInPlace libz/configure \ diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix index 5170805e3f64..769b87fa8d31 100644 --- a/pkgs/tools/security/opensc/default.nix +++ b/pkgs/tools/security/opensc/default.nix @@ -1,7 +1,7 @@ { stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, zlib, readline, openssl -, libiconv, pcsclite, libassuan, libXt +, libiconv, pcsclite, libassuan, libXt, fetchpatch , docbook_xsl, libxslt, docbook_xml_dtd_412 -, Carbon, PCSC +, Carbon, PCSC, buildPackages , withApplePCSC ? stdenv.isDarwin }: @@ -16,9 +16,17 @@ stdenv.mkDerivation rec { sha256 = "10575gb9l38cskq7swyjp0907wlziyxg4ppq33ndz319dsx69d87"; }; - nativeBuildInputs = [ pkgconfig ]; + patches = [ + (fetchpatch { + name = "CVE-2019-6502.patch"; + url = "https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9.patch"; + sha256 = "1y42lmz8i9w99hgpakdncnv8f94cqjfabz0v4xg6wfz9akl3ff7d"; + }) + ]; + + nativeBuildInputs = [ pkgconfig autoreconfHook ]; buildInputs = [ - autoreconfHook zlib readline openssl libassuan + zlib readline openssl libassuan libXt libxslt libiconv docbook_xml_dtd_412 ] ++ stdenv.lib.optional stdenv.isDarwin Carbon @@ -43,6 +51,8 @@ stdenv.mkDerivation rec { else "${stdenv.lib.getLib pcsclite}/lib/libpcsclite${stdenv.hostPlatform.extensions.sharedLibrary}" }" + (stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform) + "XSLTPROC=${buildPackages.libxslt}/bin/xsltproc") ]; PCSC_CFLAGS = stdenv.lib.optionalString withApplePCSC @@ -58,5 +68,6 @@ stdenv.mkDerivation rec { homepage = https://github.com/OpenSC/OpenSC/wiki; license = licenses.lgpl21Plus; platforms = platforms.all; + maintainers = [ maintainers.erictapen ]; }; } diff --git a/pkgs/tools/security/passff-host/default.nix b/pkgs/tools/security/passff-host/default.nix index 1bb621eab362..a97bc57ad45f 100644 --- a/pkgs/tools/security/passff-host/default.nix +++ b/pkgs/tools/security/passff-host/default.nix @@ -2,24 +2,21 @@ stdenv.mkDerivation rec { name = "passff-host-${version}"; - version = "1.0.2"; + version = "1.2.1"; src = fetchFromGitHub { owner = "passff"; repo = "passff-host"; rev = version; - sha256 = "1zks34rg9i8vphjrj1h80y5rijadx33z911qxa7pslf7ahmjqdv3"; + sha256 = "0ydfwvhgnw5c3ydx2gn5d7ys9g7cxlck57vfddpv6ix890v21451"; }; buildInputs = [ python3 ]; patchPhase = '' - sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py + sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py ''; - preBuild = "cd src"; - postBuild = "cd .."; - installPhase = '' install -D bin/testing/passff.py $out/share/passff-host/passff.py cp bin/testing/passff.json $out/share/passff-host/passff.json diff --git a/pkgs/tools/security/theharvester/default.nix b/pkgs/tools/security/theharvester/default.nix index 0c0cf29f977f..4a1e92e6104a 100644 --- a/pkgs/tools/security/theharvester/default.nix +++ b/pkgs/tools/security/theharvester/default.nix @@ -1,21 +1,20 @@ -{ stdenv, makeWrapper, python2Packages, fetchFromGitHub }: +{ stdenv, fetchFromGitHub, makeWrapper, python3Packages }: stdenv.mkDerivation rec { pname = "theHarvester"; - version = "2.7.1"; - name = "${pname}-${version}"; + version = "3.0.6"; src = fetchFromGitHub { owner = "laramies"; - repo = "${pname}"; - rev = "25553762d2d93a39083593adb08a34d5f5142c60"; - sha256 = "0gnm598y6paz0knwvdv1cx0w6ngdbbpzkdark3q5vs66yajv24w4"; + repo = pname; + rev = version; + sha256 = "0f33a7sfb5ih21yp1wspb03fxsls1m14yizgrw0srfirm2a6aa0c"; }; nativeBuildInputs = [ makeWrapper ]; # add dependencies - propagatedBuildInputs = [ python2Packages.requests ]; + propagatedBuildInputs = with python3Packages; [ requests beautifulsoup4 plotly ]; installPhase = '' # create dirs |