Merge master into staging-next

author: Frederik Rietdijk <fridh@fridh.nl> 2019-05-25 12:38:00 +0200
committer: Frederik Rietdijk <fridh@fridh.nl> 2019-05-25 12:38:00 +0200
commit: b2ab860db3996f28236c9ed92f08831dd6c6c5ef (patch)
tree: 750213b30b0ba839b1bef5116695df92976a2032 /pkgs/tools/security
parent: dae72e7e7dab5ae89d382471f4cccb888a5458e9 (diff)
parent: fa05f332ebdf880abf147ad481288b704deb1367 (diff)
11 files changed, 154 insertions, 54 deletions
diff --git a/pkgs/tools/security/dnsenum/default.nix b/pkgs/tools/security/dnsenum/default.nix
new file mode 100644
index 000000000000..d764e8a71ae6
--- /dev/null
+++ b/pkgs/tools/security/dnsenum/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, fetchFromGitHub, makeWrapper, perl, perlPackages }:
+
+stdenv.mkDerivation rec {
+  pname = "dnsenum";
+  version = "1.2.4.2";
+
+  src = fetchFromGitHub {
+    owner = "fwaeytens";
+    repo = pname;
+    rev = version;
+    sha256 = "1bg1ljv6klic13wq4r53bg6inhc74kqwm3w210865b1v1n8wj60v";
+  };
+
+  propagatedBuildInputs = with perlPackages; [
+    perl NetDNS NetIP NetNetmask StringRandom XMLWriter NetWhoisIP WWWMechanize
+  ];
+  nativeBuildInputs = [ makeWrapper ];
+
+  installPhase = ''
+    install -vD dnsenum.pl $out/bin/dnsenum
+    install -vD dns.txt -t $out/share
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = "https://github.com/fwaeytens/dnsenum";
+    description = "A tool to enumerate DNS information";
+    maintainers = with maintainers; [ c0bw3b globin ];
+    license = licenses.gpl2Plus;
+    platforms = platforms.all;
+  };
+}
diff --git a/pkgs/tools/security/dnsrecon/default.nix b/pkgs/tools/security/dnsrecon/default.nix
new file mode 100644
index 000000000000..06270723f4d0
--- /dev/null
+++ b/pkgs/tools/security/dnsrecon/default.nix
@@ -0,0 +1,44 @@
+{ stdenv, fetchFromGitHub, python3 }:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "dnsrecon";
+  version = "0.9.1";
+
+  src = fetchFromGitHub {
+    owner = "darkoperator";
+    repo = pname;
+    rev = version;
+    sha256 = "1ysf8wx287psfk89r0i2vgnrjvxdj44s6nhf6sva59jbwvr9lghy";
+  };
+
+  format = "other";
+
+  pythonPath = with python3.pkgs; [
+    dns netaddr lxml
+  ];
+
+  postPatch = ''
+    substituteInPlace dnsrecon.py \
+      --replace "namelist.txt" "../share/namelist.txt" \
+      --replace "0.9.0" "${version}"
+  '';
+
+  installPhase = ''
+    runHook preInstall
+
+    install -vD dnsrecon.py $out/bin/dnsrecon
+    install -vD namelist.txt subdomains-*.txt -t $out/share
+    install -vd $out/${python3.sitePackages}/
+    cp -R lib tools msf_plugin $out/${python3.sitePackages}
+
+    runHook postInstall
+  '';
+
+  meta = with stdenv.lib; {
+    description = "DNS Enumeration Script";
+    homepage = "https://github.com/darkoperator/dnsrecon";
+    license = licenses.gpl2;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ c0bw3b globin ];
+  };
+}
diff --git a/pkgs/tools/security/fierce/default.nix b/pkgs/tools/security/fierce/default.nix
new file mode 100644
index 000000000000..abc1bacd212b
--- /dev/null
+++ b/pkgs/tools/security/fierce/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, fetchFromGitHub, python3 }:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "fierce";
+  version = "1.3.0";
+
+  src = fetchFromGitHub {
+    owner = "mschwager";
+    repo = pname;
+    rev = version;
+    sha256 = "0cdp9rpabazyfnks30rsf3qfdi40z1bkspxk4ds9bm82kpq33jxy";
+  };
+
+  propagatedBuildInputs = [ python3.pkgs.dns ];
+
+  meta = with stdenv.lib; {
+    homepage = "https://github.com/mschwager/fierce";
+    description = "DNS reconnaissance tool for locating non-contiguous IP space";
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ c0bw3b globin ];
+    platforms = platforms.all;
+  };
+}
diff --git a/pkgs/tools/security/fprintd/default.nix b/pkgs/tools/security/fprintd/default.nix
index 65eec89a09fc..b43be1a69240 100644
--- a/pkgs/tools/security/fprintd/default.nix
+++ b/pkgs/tools/security/fprintd/default.nix
@@ -1,8 +1,9 @@
-{ stdenv, fetchurl, pkgconfig, intltool
-, libfprint, glib, dbus-glib, polkit, nss, pam, systemd }:
+{ thinkpad ? false
+, stdenv, fetchurl, pkgconfig, intltool, libfprint-thinkpad ? null
+, libfprint ? null, glib, dbus-glib, polkit, nss, pam, systemd }:
 
 stdenv.mkDerivation rec {
-  name = "fprintd-${version}";
+  pname = "fprintd" + stdenv.lib.optionalString thinkpad "-thinkpad";
   version = "0.8.1";
 
   src = fetchurl {
@@ -10,7 +11,10 @@ stdenv.mkDerivation rec {
     sha256 = "124s0g9syvglgsmqnavp2a8c0zcq8cyaph8p8iyvbla11vfizs9l";
   };
 
-  buildInputs = [ libfprint glib dbus-glib polkit nss pam systemd ];
+  buildInputs = [ glib dbus-glib polkit nss pam systemd ]
+    ++ stdenv.lib.optional thinkpad libfprint-thinkpad
+    ++ stdenv.lib.optional (!thinkpad) libfprint;
+
   nativeBuildInputs = [ pkgconfig intltool ];
 
   configureFlags = [ "--with-systemdsystemunitdir=$(out)/lib/systemd/system" "--localstatedir=/var" ];
diff --git a/pkgs/tools/security/libmodsecurity/default.nix b/pkgs/tools/security/libmodsecurity/default.nix
index 3bf906fb4c12..b3dc1270fb9c 100644
--- a/pkgs/tools/security/libmodsecurity/default.nix
+++ b/pkgs/tools/security/libmodsecurity/default.nix
@@ -4,19 +4,19 @@
 
 stdenv.mkDerivation rec {
   name = "libmodsecurity-${version}";
-  version = "3.0.2";
+  version = "3.0.3";
 
   src = fetchFromGitHub {
     owner = "SpiderLabs";
     repo = "ModSecurity";
     fetchSubmodules = true;
     rev = "v${version}";
-    sha256 = "0jhyqsvcjxq9ybndcinc08awknrg3sbkaby5w3qw03aqbfjkpywc";
+    sha256 = "00g2407g2679zv73q67zd50z0f1g1ij734ssv2pp77z4chn5dzib";
   };
 
-  nativeBuildInputs = [ autoreconfHook pkgconfig ];
+  nativeBuildInputs = [ autoreconfHook pkgconfig doxygen ];
 
-  buildInputs = [ doxygen perl valgrind curl geoip libxml2 lmdb lua pcre yajl];
+  buildInputs = [ perl valgrind curl geoip libxml2 lmdb lua pcre yajl ];
 
   configureFlags = [
     "--enable-static"
@@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
     "--with-yajl=${yajl}"
   ];
 
+  enableParallelBuilding = true;
+
   meta = with stdenv.lib; {
     description = ''
       ModSecurity v3 library component.
diff --git a/pkgs/tools/security/monkeysphere/default.nix b/pkgs/tools/security/monkeysphere/default.nix
index af507dbf993b..ed1cda8030f2 100644
--- a/pkgs/tools/security/monkeysphere/default.nix
+++ b/pkgs/tools/security/monkeysphere/default.nix
@@ -2,7 +2,7 @@
 , perl, libassuan, libgcrypt
 , perlPackages, lockfileProgs, gnupg, coreutils
 # For the tests:
-, bash, openssh, which, socat, cpio, hexdump, openssl
+, bash, openssh, which, socat, cpio, hexdump, procps, openssl
 }:
 
 let
@@ -14,14 +14,14 @@ let
   });
 in stdenv.mkDerivation rec {
   name = "monkeysphere-${version}";
-  version = "0.43";
+  version = "0.44";
 
   # The patched OpenSSH binary MUST NOT be used (except in the check phase):
   disallowedRequisites = [ opensshUnsafe ];
 
   src = fetchurl {
     url = "http://archive.monkeysphere.info/debian/pool/monkeysphere/m/monkeysphere/monkeysphere_${version}.orig.tar.gz";
-    sha256 = "18i7qpvp5qb7mmd0z5rqai550rya9l3nbsq2hamwkl3smqsjdqc0";
+    sha256 = "1ah7hy8r9gj96pni8azzjb85454qky5l17m3pqn37854l6grgika";
   };
 
   patches = [ ./monkeysphere.patch ];
@@ -33,7 +33,7 @@ in stdenv.mkDerivation rec {
   nativeBuildInputs = [ makeWrapper ];
   buildInputs = [ perl libassuan libgcrypt ]
     ++ stdenv.lib.optional doCheck
-      ([ gnupg opensshUnsafe which socat cpio hexdump lockfileProgs ] ++
+      ([ gnupg opensshUnsafe which socat cpio hexdump procps lockfileProgs ] ++
       (with perlPackages; [ CryptOpenSSLRSA CryptOpenSSLBignum ]));
 
   makeFlags = ''
@@ -60,7 +60,7 @@ in stdenv.mkDerivation rec {
   postFixup =
     let wrapperArgs = runtimeDeps:
           "--prefix PERL5LIB : "
-          + (with perlPackages; makePerlPath [
+          + (with perlPackages; makePerlPath [ # Optional (only required for keytrans)
               CryptOpenSSLRSA
               CryptOpenSSLBignum
             ])
@@ -73,7 +73,7 @@ in stdenv.mkDerivation rec {
           (wrapMonkeysphere runtimeDeps)
           programs;
     in wrapPrograms [ gnupg ] [ "monkeysphere-authentication" "monkeysphere-host" ]
-      + wrapPrograms [ lockfileProgs ] [ "monkeysphere" ]
+      + wrapPrograms [ gnupg lockfileProgs ] [ "monkeysphere" ]
       + ''
         # These 4 programs depend on the program name ($0):
         for program in openpgp2pem openpgp2spki openpgp2ssh pem2openpgp; do
diff --git a/pkgs/tools/security/monkeysphere/monkeysphere.patch b/pkgs/tools/security/monkeysphere/monkeysphere.patch
index 0a05635d6a80..8cdd85017b93 100644
--- a/pkgs/tools/security/monkeysphere/monkeysphere.patch
+++ b/pkgs/tools/security/monkeysphere/monkeysphere.patch
@@ -10,15 +10,6 @@ diff --git a/Makefile b/Makefile
  	-e 's:__SYSCONFDIR_PREFIX__:$(ETCPREFIX):' \
  	-e 's:__SYSDATADIR_PREFIX__:$(LOCALSTATEDIR):'
  
-diff --git a/src/share/checkperms b/src/share/checkperms
---- a/src/share/checkperms
-+++ b/src/share/checkperms
-@@ -1,4 +1,4 @@
--#!/usr/bin/perl -T
-+#!/usr/bin/perl
- 
- # checkperms: ensure as best we can that a given file can only be
- # modified by the given user (or the superuser, naturally).  This
 diff --git a/src/share/keytrans b/src/share/keytrans
 --- a/src/share/keytrans
 +++ b/src/share/keytrans
@@ -28,17 +19,5 @@ diff --git a/src/share/keytrans b/src/share/keytrans
  
  # keytrans: this is an RSA key translation utility; it is capable of
  # transforming RSA keys (both public keys and secret keys) between
-diff --git a/tests/basic b/tests/basic
---- a/tests/basic
-+++ b/tests/basic
-@@ -343,7 +340,7 @@ if [ "$MONKEYSPHERE_TEST_USE_ED25519" = true ]; then
-     echo "### generating ed25519 key for testuser..."
-     # from the imported secret key
-     USER_FPR=8A4B353B4CBA6F30625498BAE00B5EEEBA79B482
--    gpg --quick-add-key "$USER_FPR" ed25519 auth 2d
-+    gpg --no-tty --quick-add-key "$USER_FPR" ed25519 auth 2d
- else
-     echo "### generating standard monkeysphere key for testuser..."
-     monkeysphere gen-subkey
 -- 
 2.16.3
diff --git a/pkgs/tools/security/nmap/default.nix b/pkgs/tools/security/nmap/default.nix
index bd5930909659..3bc5758aad44 100644
--- a/pkgs/tools/security/nmap/default.nix
+++ b/pkgs/tools/security/nmap/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libpcap, pkgconfig, openssl, lua5_3
+{ stdenv, fetchurl, fetchpatch, libpcap, pkgconfig, openssl, lua5_3
 , graphicalSupport ? false
 , libX11 ? null
 , gtk2 ? null
@@ -27,7 +27,17 @@ in stdenv.mkDerivation rec {
     sha256 = "063fg8adx23l4irrh5kn57hsmi1xvjkar4vm4k6g94ppan4hcyw4";
   };
 
-  patches = ./zenmap.patch;
+  patches = [ ./zenmap.patch ]
+    ++ optionals stdenv.cc.isClang [(
+      # Fixes a compile error due an ambiguous reference to bind(2) in
+      # nping/EchoServer.cc, which is otherwise resolved to std::bind.
+      # Also fixes a missing include.
+      # https://github.com/nmap/nmap/pull/1363
+      fetchpatch {
+        url = "https://github.com/nmap/nmap/commit/5bbe66f1bd8cbd3718f5805139e2e8139e6849bb.diff";
+        sha256 = "088r8ylpc9hachsxs4r17cqfa1ncyspbjvkc573lill7rk1r9m0s";
+      }
+    )];
 
   prePatch = optionalString stdenv.isDarwin ''
     substituteInPlace libz/configure \
diff --git a/pkgs/tools/security/opensc/default.nix b/pkgs/tools/security/opensc/default.nix
index 5170805e3f64..769b87fa8d31 100644
--- a/pkgs/tools/security/opensc/default.nix
+++ b/pkgs/tools/security/opensc/default.nix
@@ -1,7 +1,7 @@
 { stdenv, fetchFromGitHub, autoreconfHook, pkgconfig, zlib, readline, openssl
-, libiconv, pcsclite, libassuan, libXt
+, libiconv, pcsclite, libassuan, libXt, fetchpatch
 , docbook_xsl, libxslt, docbook_xml_dtd_412
-, Carbon, PCSC
+, Carbon, PCSC, buildPackages
 , withApplePCSC ? stdenv.isDarwin
 }:
 
@@ -16,9 +16,17 @@ stdenv.mkDerivation rec {
     sha256 = "10575gb9l38cskq7swyjp0907wlziyxg4ppq33ndz319dsx69d87";
   };
 
-  nativeBuildInputs = [ pkgconfig ];
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-6502.patch";
+      url = "https://github.com/OpenSC/OpenSC/commit/0d7967549751b7032f22b437106b41444aff0ba9.patch";
+      sha256 = "1y42lmz8i9w99hgpakdncnv8f94cqjfabz0v4xg6wfz9akl3ff7d";
+    })
+  ];
+
+  nativeBuildInputs = [ pkgconfig autoreconfHook ];
   buildInputs = [
-    autoreconfHook zlib readline openssl libassuan
+    zlib readline openssl libassuan
     libXt libxslt libiconv docbook_xml_dtd_412
   ]
   ++ stdenv.lib.optional stdenv.isDarwin Carbon
@@ -43,6 +51,8 @@ stdenv.mkDerivation rec {
       else
         "${stdenv.lib.getLib pcsclite}/lib/libpcsclite${stdenv.hostPlatform.extensions.sharedLibrary}"
       }"
+    (stdenv.lib.optionalString (stdenv.hostPlatform != stdenv.buildPlatform)
+      "XSLTPROC=${buildPackages.libxslt}/bin/xsltproc")
   ];
 
   PCSC_CFLAGS = stdenv.lib.optionalString withApplePCSC
@@ -58,5 +68,6 @@ stdenv.mkDerivation rec {
     homepage = https://github.com/OpenSC/OpenSC/wiki;
     license = licenses.lgpl21Plus;
     platforms = platforms.all;
+    maintainers = [ maintainers.erictapen ];
   };
 }
diff --git a/pkgs/tools/security/passff-host/default.nix b/pkgs/tools/security/passff-host/default.nix
index 1bb621eab362..a97bc57ad45f 100644
--- a/pkgs/tools/security/passff-host/default.nix
+++ b/pkgs/tools/security/passff-host/default.nix
@@ -2,24 +2,21 @@
 
 stdenv.mkDerivation rec {
   name = "passff-host-${version}";
-  version = "1.0.2";
+  version = "1.2.1";
 
   src = fetchFromGitHub {
     owner = "passff";
     repo = "passff-host";
     rev = version;
-    sha256 = "1zks34rg9i8vphjrj1h80y5rijadx33z911qxa7pslf7ahmjqdv3";
+    sha256 = "0ydfwvhgnw5c3ydx2gn5d7ys9g7cxlck57vfddpv6ix890v21451";
   };
 
   buildInputs = [ python3 ];
 
   patchPhase = ''
-    sed -i 's#COMMAND      = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py
+    sed -i 's#COMMAND = "pass"#COMMAND = "${pass}/bin/pass"#' src/passff.py
   '';
 
-  preBuild = "cd src";
-  postBuild = "cd ..";
-
   installPhase = ''
     install -D bin/testing/passff.py $out/share/passff-host/passff.py
     cp bin/testing/passff.json $out/share/passff-host/passff.json
diff --git a/pkgs/tools/security/theharvester/default.nix b/pkgs/tools/security/theharvester/default.nix
index 0c0cf29f977f..4a1e92e6104a 100644
--- a/pkgs/tools/security/theharvester/default.nix
+++ b/pkgs/tools/security/theharvester/default.nix
@@ -1,21 +1,20 @@
-{ stdenv, makeWrapper, python2Packages, fetchFromGitHub }:
+{ stdenv, fetchFromGitHub, makeWrapper, python3Packages }:
 
 stdenv.mkDerivation rec {
   pname = "theHarvester";
-  version = "2.7.1";
-  name = "${pname}-${version}";
+  version = "3.0.6";
 
   src = fetchFromGitHub {
     owner = "laramies";
-    repo = "${pname}";
-    rev = "25553762d2d93a39083593adb08a34d5f5142c60";
-    sha256 = "0gnm598y6paz0knwvdv1cx0w6ngdbbpzkdark3q5vs66yajv24w4";
+    repo = pname;
+    rev = version;
+    sha256 = "0f33a7sfb5ih21yp1wspb03fxsls1m14yizgrw0srfirm2a6aa0c";
   };
 
   nativeBuildInputs = [ makeWrapper ];
 
   # add dependencies
-  propagatedBuildInputs = [ python2Packages.requests ];
+  propagatedBuildInputs = with python3Packages; [ requests beautifulsoup4 plotly ];
 
   installPhase = ''
     # create dirs
author	Frederik Rietdijk <fridh@fridh.nl>	2019-05-25 12:38:00 +0200
committer	Frederik Rietdijk <fridh@fridh.nl>	2019-05-25 12:38:00 +0200
commit	b2ab860db3996f28236c9ed92f08831dd6c6c5ef (patch)
tree	750213b30b0ba839b1bef5116695df92976a2032 /pkgs/tools/security
parent	dae72e7e7dab5ae89d382471f4cccb888a5458e9 (diff)
parent	fa05f332ebdf880abf147ad481288b704deb1367 (diff)