NixOS for Pentesting Overview #81418
Comments
JoshuaFern
added
the
0.kind: packaging request
|
|
|
dsniff is obsolete in the age of allegedely working switches? I thought overloading a switch still works sometimes… |
|
I tried (unsuccessfully) to upstream I believe that among the objections was the fact that I wasn't handling the Python bindings correctly, so that'll probably need cleaning up. |
|
Thanks for your contribution. @Ma27 |
|
I packaged dex2jar in for my nur repo ( There is also maybe we are lucky with other packages in NUR. |
|
It's not a comprehensive list, however I'm happy to add any particular packages people request. If I added absolutely everything to the list it would be well over 2500 items long ;) I added sleuthkit and autopsy to the list, thanks. |
|
You're absolutely right, but sleuthkit and autopsy are two staple DF tools that shouldn't miss on any list. Thank you for adding them ;) |
|
Edit: looks like it defaults to fernflower which is apparrently what intellij idea uses. |
|
Could we add |
|
#67413 is a discussion to get angr on nix. |
|
And BTW, ZAProxy is already available: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/networking/zap/default.nix. |
|
OP updated, now with expanding categories! |
|
Thanks @xrelkd |
|
Zap seems to be broken, I opened a ticket #87106 Also, in the OP Zap should probably be under Web Applications, not Passwords. |
|
I think some packages are not useful to have in nixpkgs, maybe creating pentest overlay would be good, where we can have all different packages. |
|
I set up a little tool to show which of the Kali packages by category are installable through nix: https://jjjollyjim.github.io/arewehackersyet/index.html It relies on the mappings being made manually: PR here if you find one that actually is packaged. You could also import default.nix to install the sets of packages yourself, though not many of them exist yet :) |
Great stuff, could you add this issue to the introduction text? |
|
good idea, done :) |
|
Hello all, as I haven't find much time to update and maintain the tracker, there is a new one made by @pyrox0 Here is the link : https://pyrox0.github.io/arewehackersyet/ Feel free to update the link, mentioned here as I will soon archive my project. |
Might want to add ffuf to that tracker because it's definitely in the repo already. I've got it installed myself. |
ffuf doesn't appear in the kali packages list that use in the tracker, therefore it's not included. The tracker specifically looks at all the kali linux metapackages that can be used to install groups of tools, and none beyond that(though that's something to look more into at some point) |
|
Also see #352041 — we definitely need some more tooling related to this. |
|
Parrot is absolutely not more common than Kali. If you would like to make a similar tracker for Parrot packages(or adapt the one linked above for Parrot), you're welcome to, but considering Kali is practically an industry standard(pretty much every guide I've ever seen uses Kali, my university only uses Kali, etc), I don't see it as being as valuable as having the Kali tracker. Same situation with BlackArch, it's just way more niche and way less used. Also, I'd assume the package sets 95% overlap between kali and blackarch/parrot. |
Parrot and BlackArch both have ffuf in their repositories, which is why I mentioned it. Also, you're wrong about Kali not having it in theirs. The complete overlooking of tools like ffuf along with Evil-WinRM (which is in the Kali repos too by the way despite not showing up on this tracker) and others leads me to believe that this is based on an outdated Kali tooling list from years ago that hasn't been updated to get with the times. Also need to see Havoc on this tracker so I can close #352041, speaking of getting with the times. |
As I mentioned, this is based on the Kali Metapackages, which do not have every single package. They only track ones that are installed by those metapackages. If you would like to contribute to the tracker the time and effort to track every single kali package that isn't in those metapackages, you're welcome to, but I do not have the time or energy to do so. Also, if you had seen the repo, you'd see that I've updated the kali packages list a week ago, and the lack of updates was why I adopted the tracker in the first place. Feel free to ask kali to add more packages to those metapackages, though! |
|
Btw, for some reason we missing
But it still tool which people use, right? Am I missing something? |
It's still available as There are alternatives like XSStrike (used by Hack the Box Academy in the CPTS XSS module) and PwnXSS (used by EC-Council in CEHv12 Module 14) that aren't in the repositories at all and need to be. I happen to have the following custom package for PwnXSS already working on my end (as an embedded call to mkDerivation in my configuration.nix, alongside CUPP which is also absolutely necessary despite not being in the nixpkgs repository), so supporting PwnXSS should be as easy as copying and pasting this into the tree: {
pkgs ? import <nixpkgs> {},
stdenv ? pkgs.stdenv,
...
}:
stdenv.mkDerivation rec {
pname = "pwnxss";
version = "0.5.0";
format = "pyproject";
src = builtins.fetchGit {
url = "https://github.com/Pwn0Sec/PwnXSS";
ref = "master";
};
propagatedBuildInputs = with pkgs; [
(python3.withPackages(pypkgs: [
pypkgs.wrapPython
pypkgs.beautifulsoup4
pypkgs.requests
]))
];
buildInputs = propagatedBuildInputs;
nativeBuildInputs = propagatedBuildInputs;
pythonPath = with pkgs.python3Packages; [ beautifulsoup4 requests ];
pwnxssExecutable = placeholder "out" + "/bin/pwnxss";
installPhase = ''
# Base directories
install -dm755 $out/share/pwnxss
install -dm755 $out/bin
# Copy files
cp -a --no-preserve=ownership * "$out/share/pwnxss"
# Use wrapper script to allow execution from anywhere
cat > $out/bin/pwnxss << EOF
#!${pkgs.bash}/bin/bash
cd $out/share/pwnxss
python pwnxss.py \$@
EOF
chmod a+x $out/bin/pwnxss
'';
}On the bright side: at least MITRE uses nix-shell for eCTF… |
and others
NixOS for Pentesting
This represents an effort to bring Security and Forensics software to NixOS, so that it can become a viable alternative to projects like Kali Linux and BlackArch.
Expect updates here to any progress we may be making. Contributions are welcome.
Exploitation
armitagenot maintainedbackdoor-factorynot maintainedcisco-auditing-toolnot maintained, no upstream sourcecisco-global-exploiternot maintained, no upstream sourcecisco-ocsnot maintainedjboss-autopwnnot maintainedshellnoobnot maintainedForensics
dumpzillanot maintainedpdfidnot maintainedpdgmailnot maintainedpeepdfnot maintainedHardware
Information Gathering
amapnot maintainedautomaternot maintainedcdpsnarfnot maintaineddmitrynot maintaineddnmapnot maintainednbtscan-unixwiznot maintainedspartanot maintainedsslcauditnot maintainedsublist3rnot maintainedtwofinot maintainedunicornscannot maintainedMaintaining Access
intersectnot maintainedPasswords
findmyhashnot maintainedgpp-decryptnot maintainedwebscarabnot maintainedReporting
cutycaptnot maintainednipper-ng)not maintainedrdpynot maintainedSniffing & Spoofing
fikednot maintainedhamster-sidejacknot maintainedhexinjectnot maintainedismtpnot maintainedisr-evilgradenot maintainedohrwurmnot maintainedprotos-sipnot maintainedrebindnot maintainedrtpbreaknot maintainedrtpinsertsoundnot maintainedrtpmixsoundnot maintainedsctpscannot maintainedsiparmyknifenot maintainedsniffjokenot maintainedvoiphoppernot maintainedwifi-honeynot maintainedxspynot maintainedStress Testing
mdk3not maintainedrtpfloodnot maintainedVulnerability Analysis
bbqsqlnot maintainedbednot maintainedhexorbasenot maintained, source no longer availableoscannernot maintainedpowerfuzzernot maintainedsfuzzsource not availablesidguessersource not availablesqlninjanot maintainedsqlsusnot maintainedtnscmd10gnot maintainedunix-privesc-checknot maintainedWeb Applications
arachninot maintained, superseded by Codename SCNRblindelephantnot maintained, Python 2deblazenot maintaineddirbusternot maintainedfimapnot maintainedgrabbernot maintainedskipfishnot maintaineduniscannot maintainedw3afnot maintainedwebshagnot maintainedwebslayernot maintainedWireless
ghost-phishernot maintainedgiskismetnot maintainedgr-scannot maintainedmftermnot maintainedrtlsdr-scannernot maintainedspooftoophnot maintainedAlso see: Are We Hackers Yet?
Why?
We live in a digital age where high-tech network attacks are rampant, it's critical to regularly scan for vulnerabilities and undergo penetration testing at least once a year to ensure our security practices are working. The only real way to have solid defensive security is to approach it from the mindset of an offensive attacker.
The text was updated successfully, but these errors were encountered: