diff options
Diffstat (limited to 'pkgs/tools/security')
25 files changed, 613 insertions, 88 deletions
diff --git a/pkgs/tools/security/ecdsautils/default.nix b/pkgs/tools/security/ecdsautils/default.nix index 6c126673259a0..6bdac96811a08 100644 --- a/pkgs/tools/security/ecdsautils/default.nix +++ b/pkgs/tools/security/ecdsautils/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation { description = "Tiny collection of programs used for ECDSA (keygen, sign, verify)"; homepage = "https://github.com/tcatm/ecdsautils/"; license = with licenses; [ mit bsd2 ]; - maintainers = with maintainers; [ andir ]; + maintainers = with maintainers; [ ]; platforms = platforms.unix; }; } diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index e50be528e5b89..50dbebf23c22a 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2022-01-14"; + version = "2022-01-20"; src = fetchFromGitHub { owner = "offensive-security"; repo = pname; rev = version; - sha256 = "sha256-/Id3cAz+upJPHzNcTnbO02AehS6R9YTz9Ff+1fc7NJs="; + sha256 = "sha256-tcoohr9ENRG+WFRJ3KG5NBpwatksV0TQ4HoEypqMjVo="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/firefox_decrypt/default.nix b/pkgs/tools/security/firefox_decrypt/default.nix new file mode 100644 index 0000000000000..3ca0774e22ead --- /dev/null +++ b/pkgs/tools/security/firefox_decrypt/default.nix @@ -0,0 +1,45 @@ +{ lib +, fetchFromGitHub +, stdenvNoCC +, nss +, wrapPython +}: + +stdenvNoCC.mkDerivation rec { + pname = "firefox_decrypt"; + version = "unstable-2021-12-29"; + + src = fetchFromGitHub { + owner = "unode"; + repo = pname; + rev = "a3daadc09603a6cf8c4b7e49a59776340bc885e7"; + sha256 = "0g219zqbdnhh9j09d9a0b81vr6j44zzk13ckl5fzkr10gqndiscc"; + }; + + nativeBuildInputs = [ wrapPython ]; + + buildInputs = [ nss ]; + + installPhase = '' + runHook preInstall + + install -Dm 0755 firefox_decrypt.py "$out/bin/firefox_decrypt" + + runHook postInstall + ''; + + makeWrapperArgs = [ "--prefix" "LD_LIBRARY_PATH" ":" (lib.makeLibraryPath [ nss ]) ]; + + postFixup = '' + wrapPythonPrograms + ''; + + passthru.updateScript = ./update.sh; + + meta = with lib; { + homepage = "https://github.com/unode/firefox_decrypt"; + description = "A tool to extract passwords from profiles of Mozilla Firefox and derivates"; + license = licenses.gpl3Plus; + maintainers = with maintainers; [ schnusch ]; + }; +} diff --git a/pkgs/tools/security/firefox_decrypt/update.sh b/pkgs/tools/security/firefox_decrypt/update.sh new file mode 100755 index 0000000000000..a56807f0ba0c4 --- /dev/null +++ b/pkgs/tools/security/firefox_decrypt/update.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p common-updater-scripts git jq nix nix-prefetch-git +git_url='https://github.com/unode/firefox_decrypt.git' +git_branch='master' +git_dir='/var/tmp/firefox_decrypt.git' +nix_file="$(dirname "${BASH_SOURCE[0]}")/default.nix" +pkg='firefox_decrypt' + +set -euo pipefail + +info() { + if [ -t 2 ]; then + set -- '\033[32m%s\033[39m\n' "$@" + else + set -- '%s\n' "$@" + fi + printf "$@" >&2 +} + +old_rev=$(nix-instantiate --eval --strict --json -A "$pkg.src.rev" | jq -r) +old_version=$(nix-instantiate --eval --strict --json -A "$pkg.version" | jq -r) +today=$(LANG=C date -u +'%Y-%m-%d') + +info "fetching $git_url..." +if [ ! -d "$git_dir" ]; then + git init --initial-branch="$git_branch" "$git_dir" + git -C "$git_dir" remote add origin "$git_url" +fi +git -C "$git_dir" fetch origin "$git_branch" + +# use latest commit before today, we should not call the version *today* +# because there might still be commits coming +# use the day of the latest commit we picked as version +new_rev=$(git -C "$git_dir" log -n 1 --format='format:%H' --before="${today}T00:00:00Z" "origin/$git_branch") +new_version="unstable-$(git -C "$git_dir" log -n 1 --format='format:%cs' "$new_rev")" +info "latest commit before $today: $new_rev" + +if [ "$new_rev" = "$old_rev" ]; then + info "$pkg is up-to-date." + exit +fi + +new_sha256=$(nix-prefetch-git --rev "$new_rev" "$git_dir" | jq -r .sha256) +update-source-version "$pkg" \ + "$new_version" \ + "$new_sha256" \ + --rev="$new_rev" +git add "$nix_file" +git commit --verbose --message "$pkg: $old_version -> $new_version" diff --git a/pkgs/tools/security/gau/default.nix b/pkgs/tools/security/gau/default.nix index 95d5f228c8037..d744b8b5daa05 100644 --- a/pkgs/tools/security/gau/default.nix +++ b/pkgs/tools/security/gau/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "gau"; - version = "2.0.6"; + version = "2.0.8"; src = fetchFromGitHub { owner = "lc"; repo = pname; rev = "v${version}"; - sha256 = "sha256-d9Cfd2KD+ymGnzOjlVQkSm3XBamoJIUKQLnRZzSDBtk="; + sha256 = "sha256-GkPAv6JrgzlblSw4oIvPvNSboOmvZCMKyFwAMD3W0fQ="; }; vendorSha256 = "sha256-u5ketxHPwZN2mV0uTgwJbY+ImusGZ9GTTmFAGvdH5yA="; diff --git a/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch b/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch new file mode 100644 index 0000000000000..b3106802bd5c5 --- /dev/null +++ b/pkgs/tools/security/ghidra/0001-Use-protobuf-gradle-plugin.patch @@ -0,0 +1,130 @@ +From 913e74b8682f77da94ed7b7d459482b9b23a5d88 Mon Sep 17 00:00:00 2001 +From: roblabla <unfiltered@roblab.la> +Date: Tue, 28 Dec 2021 14:20:30 +0100 +Subject: [PATCH] Use protobuf gradle plugin + +--- + Ghidra/Debug/Debugger-gadp/build.gradle | 76 +++---------------------- + build.gradle | 6 ++ + 2 files changed, 15 insertions(+), 67 deletions(-) + +diff --git a/Ghidra/Debug/Debugger-gadp/build.gradle b/Ghidra/Debug/Debugger-gadp/build.gradle +index 1b4922f66..3d2ef8856 100644 +--- a/Ghidra/Debug/Debugger-gadp/build.gradle ++++ b/Ghidra/Debug/Debugger-gadp/build.gradle +@@ -23,42 +23,19 @@ apply from: "${rootProject.projectDir}/gradle/javaTestProject.gradle" + apply from: "${rootProject.projectDir}/gradle/distributableGhidraModule.gradle" + + apply plugin: 'eclipse' +-eclipse.project.name = 'Debug Debugger-gadp' ++apply plugin: 'com.google.protobuf' + +-configurations { +- allProtocArtifacts +- protocArtifact +-} ++eclipse.project.name = 'Debug Debugger-gadp' + + def platform = getCurrentPlatformName() + +-dependencies { +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:windows-x86_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:linux-x86_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:linux-aarch_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:osx-x86_64@exe' +- allProtocArtifacts 'com.google.protobuf:protoc:3.17.3:osx-aarch_64@exe' +- +- if (isCurrentWindows()) { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:windows-x86_64@exe' +- } +- if (isCurrentLinux()) { +- if (platform.endsWith("x86_64")) { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:linux-x86_64@exe' +- } +- else { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:linux-aarch_64@exe' +- } +- } +- if (isCurrentMac()) { +- if (platform.endsWith("x86_64")) { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:osx-x86_64@exe' +- } +- else { +- protocArtifact 'com.google.protobuf:protoc:3.17.3:osx-aarch_64@exe' +- } +- } ++buildscript { ++ dependencies { ++ classpath 'com.google.protobuf:protobuf-gradle-plugin:0.8.18' ++ } ++} + ++dependencies { + api 'com.google.protobuf:protobuf-java:3.17.3' + api project(':Framework-AsyncComm') + api project(':Framework-Debugging') +@@ -68,43 +45,8 @@ dependencies { + testImplementation project(path: ':Framework-Debugging', configuration: 'testArtifacts') + } + +-/*protobuf { ++protobuf { + protoc { + artifact = 'com.google.protobuf:protoc:3.17.3' + } +-}*/ +- +-task generateProto { +- ext.srcdir = file("src/main/proto") +- ext.src = fileTree(srcdir) { +- include "**/*.proto" +- } +- ext.outdir = file("build/generated/source/proto/main/java") +- outputs.dir(outdir) +- inputs.files(src) +- dependsOn(configurations.protocArtifact) +- doLast { +- def exe = configurations.protocArtifact.first() +- if (!isCurrentWindows()) { +- exe.setExecutable(true) +- } +- exec { +- commandLine exe, "--java_out=$outdir", "-I$srcdir" +- args src +- } +- } + } +- +-tasks.compileJava.dependsOn(tasks.generateProto) +-tasks.eclipse.dependsOn(tasks.generateProto) +-rootProject.tasks.prepDev.dependsOn(tasks.generateProto) +- +-sourceSets { +- main { +- java { +- srcDir tasks.generateProto.outdir +- } +- } +-} +-zipSourceSubproject.dependsOn generateProto +- +diff --git a/build.gradle b/build.gradle +index dce3a5149..7a2e637ce 100644 +--- a/build.gradle ++++ b/build.gradle +@@ -76,6 +76,12 @@ if (flatRepo.isDirectory()) { + jcenter() + flatDir name: "flat", dirs:["$flatRepo"] + } ++ buildscript { ++ repositories { ++ mavenLocal() ++ mavenCentral() ++ } ++ } + } + } + else { +-- +2.33.1 + diff --git a/pkgs/tools/security/ghidra/build.nix b/pkgs/tools/security/ghidra/build.nix new file mode 100644 index 0000000000000..2e5311696d160 --- /dev/null +++ b/pkgs/tools/security/ghidra/build.nix @@ -0,0 +1,177 @@ +{ stdenv +, fetchzip +, fetchurl +, fetchFromGitHub +, lib +, gradle +, perl +, makeWrapper +, openjdk11 +, unzip +, makeDesktopItem +, autoPatchelfHook +, icoutils +, xcbuild +, protobuf3_17 +, libredirect +}: + +let + pkg_path = "$out/lib/ghidra"; + pname = "ghidra"; + version = "10.1.1"; + + src = fetchFromGitHub { + owner = "NationalSecurityAgency"; + repo = "Ghidra"; + rev = "Ghidra_${version}_build"; + sha256 = "sha256-0hj9IVvTxgStCbfnTzqeKD+Q5GnGowDsIkMvk2GqJqY="; + }; + + desktopItem = makeDesktopItem { + name = "ghidra"; + exec = "ghidra"; + icon = "ghidra"; + desktopName = "Ghidra"; + genericName = "Ghidra Software Reverse Engineering Suite"; + categories = "Development;"; + }; + + # postPatch scripts. + # Tells ghidra to use our own protoc binary instead of the prebuilt one. + fixProtoc = '' + cat >>Ghidra/Debug/Debugger-gadp/build.gradle <<HERE +protobuf { + protoc { + path = '${protobuf3_17}/bin/protoc' + } +} +HERE + ''; + + # Adds a gradle step that downloads all the dependencies to the gradle cache. + addResolveStep = '' + cat >>build.gradle <<HERE +task resolveDependencies { + doLast { + project.rootProject.allprojects.each { subProject -> + subProject.buildscript.configurations.each { configuration -> + resolveConfiguration(subProject, configuration, "buildscript config \''${configuration.name}") + } + subProject.configurations.each { configuration -> + resolveConfiguration(subProject, configuration, "config \''${configuration.name}") + } + } + } +} +void resolveConfiguration(subProject, configuration, name) { + if (configuration.canBeResolved) { + logger.info("Resolving project {} {}", subProject.name, name) + configuration.resolve() + } +} +HERE + ''; + + # fake build to pre-download deps into fixed-output derivation + # Taken from mindustry derivation. + deps = stdenv.mkDerivation { + pname = "${pname}-deps"; + inherit version src; + + patches = [ ./0001-Use-protobuf-gradle-plugin.patch ]; + postPatch = fixProtoc + addResolveStep; + + nativeBuildInputs = [ gradle perl ] ++ lib.optional stdenv.isDarwin xcbuild; + buildPhase = '' + export GRADLE_USER_HOME=$(mktemp -d) + + # First, fetch the static dependencies. + gradle --no-daemon --info -Dorg.gradle.java.home=${openjdk11} -I gradle/support/fetchDependencies.gradle init + + # Then, fetch the maven dependencies. + gradle --no-daemon --info -Dorg.gradle.java.home=${openjdk11} resolveDependencies + ''; + # perl code mavenizes pathes (com.squareup.okio/okio/1.13.0/a9283170b7305c8d92d25aff02a6ab7e45d06cbe/okio-1.13.0.jar -> com/squareup/okio/okio/1.13.0/okio-1.13.0.jar) + installPhase = '' + find $GRADLE_USER_HOME/caches/modules-2 -type f -regex '.*\.\(jar\|pom\)' \ + | perl -pe 's#(.*/([^/]+)/([^/]+)/([^/]+)/[0-9a-f]{30,40}/([^/\s]+))$# ($x = $2) =~ tr|\.|/|; "install -Dm444 $1 \$out/maven/$x/$3/$4/$5" #e' \ + | sh + cp -r dependencies $out/dependencies + ''; + outputHashAlgo = "sha256"; + outputHashMode = "recursive"; + outputHash = "sha256-Yxf6g908+fRRUh40PrwNUCTvxzlvSmwzE8R+3ZkRIvs="; + }; + +in stdenv.mkDerivation rec { + inherit pname version src; + + nativeBuildInputs = [ + gradle unzip makeWrapper icoutils + ] ++ lib.optional stdenv.isDarwin xcbuild; + + dontStrip = true; + + patches = [ ./0001-Use-protobuf-gradle-plugin.patch ]; + postPatch = fixProtoc; + + buildPhase = (lib.optionalString stdenv.isDarwin '' + export HOME=$(mktemp -d) + + # construct a dummy /etc/passwd file - something attempts to determine + # the user's "real" home using this + DUMMY_PASSWD=$(realpath ../dummy-passwd) + cat > $DUMMY_PASSWD <<EOF + $(whoami)::$(id -u):$(id -g)::$HOME:$SHELL + EOF + + export NIX_REDIRECTS=/etc/passwd=$DUMMY_PASSWD + export DYLD_INSERT_LIBRARIES=${libredirect}/lib/libredirect.dylib + '') + '' + + export GRADLE_USER_HOME=$(mktemp -d) + + ln -s ${deps}/dependencies dependencies + + sed -i "s#mavenLocal()#mavenLocal(); maven { url '${deps}/maven' }#g" build.gradle + + gradle --offline --no-daemon --info -Dorg.gradle.java.home=${openjdk11} buildGhidra + ''; + + installPhase = '' + mkdir -p "${pkg_path}" "$out/share/applications" + + ZIP=build/dist/$(ls build/dist) + echo $ZIP + unzip $ZIP -d ${pkg_path} + f=("${pkg_path}"/*) + mv "${pkg_path}"/*/* "${pkg_path}" + rmdir "''${f[@]}" + + ln -s ${desktopItem}/share/applications/* $out/share/applications + + icotool -x "Ghidra/RuntimeScripts/Windows/support/ghidra.ico" + rm ghidra_4_40x40x32.png + for f in ghidra_*.png; do + res=$(basename "$f" ".png" | cut -d"_" -f3 | cut -d"x" -f1-2) + mkdir -pv "$out/share/icons/hicolor/$res/apps" + mv "$f" "$out/share/icons/hicolor/$res/apps/ghidra.png" + done; + ''; + + postFixup = '' + mkdir -p "$out/bin" + ln -s "${pkg_path}/ghidraRun" "$out/bin/ghidra" + wrapProgram "${pkg_path}/support/launch.sh" \ + --prefix PATH : ${lib.makeBinPath [ openjdk11 ]} + ''; + + meta = with lib; { + description = "A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission"; + homepage = "https://ghidra-sre.org/"; + platforms = [ "x86_64-linux" "x86_64-darwin" ]; + license = licenses.asl20; + }; + +} diff --git a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix index 36a3c07faa800..1e46df40f85fd 100644 --- a/pkgs/tools/security/gnupg-pkcs11-scd/default.nix +++ b/pkgs/tools/security/gnupg-pkcs11-scd/default.nix @@ -3,11 +3,11 @@ stdenv.mkDerivation rec { pname = "gnupg-pkcs11-scd"; - version = "0.9.2"; + version = "0.10.0"; src = fetchurl { url = "https://github.com/alonbl/${pname}/releases/download/${pname}-${version}/${pname}-${version}.tar.bz2"; - sha256 = "1mfh9zjbahjd788rq1mzx009pd7p1sq62sbz586rd7szif7pkpgx"; + sha256 = "sha256-Kb8p53gPkhxtOhH2COKwSDwbtRDFr6hHMJAkndV8Ukk="; }; buildInputs = [ pkcs11helper pkg-config openssl ]; diff --git a/pkgs/tools/security/gopass/default.nix b/pkgs/tools/security/gopass/default.nix index 3555f65c40d03..c2350f507240a 100644 --- a/pkgs/tools/security/gopass/default.nix +++ b/pkgs/tools/security/gopass/default.nix @@ -59,7 +59,7 @@ buildGoModule rec { description = "The slightly more awesome Standard Unix Password Manager for Teams. Written in Go"; homepage = "https://www.gopass.pw/"; license = licenses.mit; - maintainers = with maintainers; [ andir rvolosatovs ]; + maintainers = with maintainers; [ rvolosatovs ]; changelog = "https://github.com/gopasspw/gopass/raw/v${version}/CHANGELOG.md"; longDescription = '' diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index d0f085ba9247f..49dc002133d3e 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -2,23 +2,44 @@ buildGoModule rec { pname = "grype"; - version = "0.31.1"; + version = "0.32.0"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "v${version}"; - sha256 = "sha256-3V8qBgRIogZNisUshhs9Va9cbZ5D2hBJwqXPvqSmEWw="; + sha256 = "sha256-jn28IusHgHHFFrvqZLIvbqCFMhMQ5K/gqC4hVQLffY0="; + # populate values that require us to use git. By doing this in postFetch we + # can delete .git afterwards and maintain better reproducibility of the src. + leaveDotGit = true; + postFetch = '' + cd "$out" + commit="$(git rev-parse HEAD)" + source_date_epoch=$(git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad) + substituteInPlace "$out/internal/version/build.go" \ + --replace 'gitCommit = valueNotProvided' "gitCommit = \"$commit\"" \ + --replace 'buildDate = valueNotProvided' "buildDate = \"$source_date_epoch\"" + find "$out" -name .git -print0 | xargs -0 rm -rf + ''; }; - - vendorSha256 = "sha256-/Z0tRzd7v84h8TSfbT4EqwyHWpAb30VNr4EDrNlHyd4="; + vendorSha256 = "sha256-05/xFjgiqbXy7Y2LTGHcXtvusGgfZ/TwLQHaO8rIjvc="; nativeBuildInputs = [ installShellFiles ]; ldflags = [ - "-s" "-w" "-X github.com/anchore/grype/internal/version.version=${version}" + "-s" + "-w" + "-X github.com/anchore/grype/internal/version.version=${version}" + "-X github.com/anchore/grype/internal/version.gitTreeState=clean" ]; + preBuild = '' + # grype version also displays the version of the syft library used + # we need to grab it from the go.sum and add an ldflag for it + SYFTVERSION="$(grep "github.com/anchore/syft" go.sum -m 1 | awk '{print $2}')" + ldflags+=" -X github.com/anchore/grype/internal/version.syftVersion=$SYFTVERSION" + ''; + # Tests require a running Docker instance doCheck = false; diff --git a/pkgs/tools/security/jwt-cli/default.nix b/pkgs/tools/security/jwt-cli/default.nix index 01e093e8f171a..77e5ce08913e5 100644 --- a/pkgs/tools/security/jwt-cli/default.nix +++ b/pkgs/tools/security/jwt-cli/default.nix @@ -2,16 +2,16 @@ rustPlatform.buildRustPackage rec { pname = "jwt-cli"; - version = "5.0.1"; + version = "5.0.2"; src = fetchFromGitHub { owner = "mike-engel"; repo = pname; rev = version; - sha256 = "08yynwmn1kzanabiqzysyk9jbn0zyjjlilj4b4j5m29hfykq1jvf"; + sha256 = "0w7fqmh8gihknvdamnq1n519253d4lxrpv378jajca9x906rqy1r"; }; - cargoSha256 = "19rbmiy71hgybzfwpz4msqqgl98qv9c3x06mjcpmixq4qhgxz616"; + cargoSha256 = "0b7m23azy8cb8d5wkawnw6nv8k7lfnfwc06swmbkfvg8vcxfsacs"; buildInputs = lib.optional stdenv.isDarwin Security; diff --git a/pkgs/tools/security/keycard-cli/default.nix b/pkgs/tools/security/keycard-cli/default.nix index 93384df9b42ed..7e28bb7c0bfcd 100644 --- a/pkgs/tools/security/keycard-cli/default.nix +++ b/pkgs/tools/security/keycard-cli/default.nix @@ -1,4 +1,4 @@ -{ lib, buildGoPackage, fetchFromGitHub, pkg-config, pcsclite }: +{ lib, stdenv, buildGoPackage, fetchFromGitHub, pkg-config, pcsclite }: buildGoPackage rec { pname = "keycard-cli"; @@ -26,5 +26,6 @@ buildGoPackage rec { homepage = "https://keycard.status.im"; license = licenses.mpl20; maintainers = [ maintainers.zimbatm ]; + broken = stdenv.isDarwin; # never built on Hydra https://hydra.nixos.org/job/nixpkgs/trunk/keycard-cli.x86_64-darwin }; } diff --git a/pkgs/tools/security/knockpy/default.nix b/pkgs/tools/security/knockpy/default.nix index eedd436dc2dfa..5b4a2cbc33b30 100644 --- a/pkgs/tools/security/knockpy/default.nix +++ b/pkgs/tools/security/knockpy/default.nix @@ -6,13 +6,12 @@ python3.pkgs.buildPythonApplication rec { pname = "knockpy"; version = "5.2.0"; - disabled = python3.pythonOlder "3.6"; src = fetchFromGitHub { owner = "guelfoweb"; repo = "knock"; rev = version; - sha256 = "sha256-QPOIpgJt+09zRvSavRxuVEN+GGk4Z1CYCXti37YaO7o="; + hash = "sha256-QPOIpgJt+09zRvSavRxuVEN+GGk4Z1CYCXti37YaO7o="; }; propagatedBuildInputs = with python3.pkgs; [ @@ -27,7 +26,9 @@ python3.pkgs.buildPythonApplication rec { # Project has no tests doCheck = false; - pythonImportsCheck = [ "knockpy" ]; + pythonImportsCheck = [ + "knockpy" + ]; meta = with lib; { description = "Tool to scan subdomains"; diff --git a/pkgs/tools/security/kubescape/default.nix b/pkgs/tools/security/kubescape/default.nix index 774ef8a01aaba..a604cbb80f96e 100644 --- a/pkgs/tools/security/kubescape/default.nix +++ b/pkgs/tools/security/kubescape/default.nix @@ -6,20 +6,20 @@ buildGoModule rec { pname = "kubescape"; - version = "1.0.139"; + version = "2.0.141"; src = fetchFromGitHub { owner = "armosec"; repo = pname; rev = "v${version}"; - sha256 = "sha256-CsIdr/+orDTGdEs4R069+PF3ZKuXx8uLxEsymFOLfOY="; + hash = "sha256-4HVxPM+2SaFrhZiaRKwNuultE2df58aJMm9YSwbJBPM="; }; nativeBuildInputs = [ installShellFiles ]; - vendorSha256 = "sha256-nUMbHoF7xqSpyfb+v7+ZaKzYOalpNcrFxcaRUw2W49s="; + vendorSha256 = "sha256-1TupDdiG8hnbAM+JJRTJWCYQBGN/o+C3H2e0w9muYog="; ldflags = [ "-s" diff --git a/pkgs/tools/security/maigret/default.nix b/pkgs/tools/security/maigret/default.nix index cf8a03e8123e8..316fbad81ba25 100644 --- a/pkgs/tools/security/maigret/default.nix +++ b/pkgs/tools/security/maigret/default.nix @@ -5,13 +5,13 @@ python3.pkgs.buildPythonApplication rec { pname = "maigret"; - version = "0.4.0"; + version = "0.4.1"; src = fetchFromGitHub { owner = "soxoj"; repo = pname; rev = "v${version}"; - sha256 = "1jvfi3d7b1x4x1h0hz193n541fa0qgp7lynd6j0w050cgg753hpz"; + sha256 = "0igfxg238awdn1ly8s3r655yi3gpxink7g2hr6xb0c1nrm7z0kad"; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/metasploit/Gemfile b/pkgs/tools/security/metasploit/Gemfile index 22b2cb70e0ed6..4e770c3ead145 100644 --- a/pkgs/tools/security/metasploit/Gemfile +++ b/pkgs/tools/security/metasploit/Gemfile @@ -1,4 +1,4 @@ # frozen_string_literal: true source "https://rubygems.org" -gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.24" +gem "metasploit-framework", git: "https://github.com/rapid7/metasploit-framework", ref: "refs/tags/6.1.25" diff --git a/pkgs/tools/security/metasploit/Gemfile.lock b/pkgs/tools/security/metasploit/Gemfile.lock index 38c9bda143495..d7be1df5a86ee 100644 --- a/pkgs/tools/security/metasploit/Gemfile.lock +++ b/pkgs/tools/security/metasploit/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: https://github.com/rapid7/metasploit-framework - revision: 0991344df7a2b343b99e83507bf217137f11801d - ref: refs/tags/6.1.24 + revision: 4a1ba0f9095d5c6e954ba58bc71d02feefc411a5 + ref: refs/tags/6.1.25 specs: - metasploit-framework (6.1.24) + metasploit-framework (6.1.25) actionpack (~> 6.0) activerecord (~> 6.0) activesupport (~> 6.0) @@ -19,12 +19,11 @@ GIT em-http-request eventmachine faker - faraday (= 1.8.0) + faraday faye-websocket filesize hrr_rb_ssh-ed25519 http-cookie - io-console (= 0.5.9) irb jsobfu json @@ -129,13 +128,13 @@ GEM arel-helpers (2.14.0) activerecord (>= 3.1.0, < 8) aws-eventstream (1.2.0) - aws-partitions (1.547.0) - aws-sdk-core (3.125.2) + aws-partitions (1.549.0) + aws-sdk-core (3.125.5) aws-eventstream (~> 1, >= 1.0.2) aws-partitions (~> 1, >= 1.525.0) aws-sigv4 (~> 1.1) jmespath (~> 1.0) - aws-sdk-ec2 (1.291.0) + aws-sdk-ec2 (1.294.0) aws-sdk-core (~> 3, >= 3.125.0) aws-sigv4 (~> 1.1) aws-sdk-iam (1.65.0) @@ -153,17 +152,17 @@ GEM bcrypt (3.1.16) bcrypt_pbkdf (1.1.0) bindata (2.4.10) - bson (4.13.0) + bson (4.14.0) builder (3.2.4) concurrent-ruby (1.0.5) cookiejar (0.3.3) crass (1.0.6) daemons (1.4.1) - dnsruby (1.61.7) + dnsruby (1.61.9) simpleidn (~> 0.1) domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - ed25519 (1.2.4) + ed25519 (1.3.0) em-http-request (1.1.7) addressable (>= 2.3.4) cookiejar (!= 0.3.1) @@ -176,25 +175,29 @@ GEM eventmachine (1.2.7) faker (2.19.0) i18n (>= 1.6, < 2) - faraday (1.8.0) + faraday (1.9.3) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) - faraday-httpclient (~> 1.0.1) + faraday-httpclient (~> 1.0) + faraday-multipart (~> 1.0) faraday-net_http (~> 1.0) - faraday-net_http_persistent (~> 1.1) + faraday-net_http_persistent (~> 1.0) faraday-patron (~> 1.0) faraday-rack (~> 1.0) - multipart-post (>= 1.2, < 3) + faraday-retry (~> 1.0) ruby2_keywords (>= 0.0.4) faraday-em_http (1.0.0) faraday-em_synchrony (1.0.0) faraday-excon (1.1.0) faraday-httpclient (1.0.1) + faraday-multipart (1.0.3) + multipart-post (>= 1.2, < 3) faraday-net_http (1.0.1) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) + faraday-retry (1.0.3) faye-websocket (0.11.1) eventmachine (>= 0.12.0) websocket-driver (>= 0.5.1) @@ -215,7 +218,7 @@ GEM httpclient (2.8.3) i18n (1.8.11) concurrent-ruby (~> 1.0) - io-console (0.5.9) + io-console (0.5.11) irb (1.3.6) reline (>= 0.2.5) jmespath (1.5.0) @@ -264,7 +267,7 @@ GEM mini_portile2 (2.7.1) minitest (5.15.0) mqtt (0.5.0) - msgpack (1.4.2) + msgpack (1.4.3) multi_json (1.15.0) multipart-post (2.1.1) mustermann (1.1.1) @@ -275,11 +278,11 @@ GEM network_interface (0.0.2) nexpose (7.3.0) nio4r (2.5.8) - nokogiri (1.13.0) + nokogiri (1.13.1) mini_portile2 (~> 2.7.0) racc (~> 1.4) nori (2.6.0) - octokit (4.21.0) + octokit (4.22.0) faraday (>= 0.9) sawyer (~> 0.8.0, >= 0.5.3) openssl-ccm (1.2.2) @@ -373,7 +376,7 @@ GEM rex-text rexml (3.2.5) rkelly-remix (0.0.7) - ruby-macho (2.5.1) + ruby-macho (3.0.0) ruby-rc4 (0.1.5) ruby2_keywords (0.0.5) ruby_smb (3.0.0) @@ -419,7 +422,7 @@ GEM websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) win32api (0.1.0) - windows_error (0.1.2) + windows_error (0.1.3) winrm (2.3.6) builder (>= 2.1.2) erubi (~> 1.8) diff --git a/pkgs/tools/security/metasploit/default.nix b/pkgs/tools/security/metasploit/default.nix index 727518fe81df9..d9a508640ca94 100644 --- a/pkgs/tools/security/metasploit/default.nix +++ b/pkgs/tools/security/metasploit/default.nix @@ -15,13 +15,13 @@ let }; in stdenv.mkDerivation rec { pname = "metasploit-framework"; - version = "6.1.24"; + version = "6.1.25"; src = fetchFromGitHub { owner = "rapid7"; repo = "metasploit-framework"; rev = version; - sha256 = "sha256-eCnudckLCiE6L2EC/IHqbXdOrGBkSmWZHyHFvvFUqQ4="; + sha256 = "sha256-lfTueN3s7wsyQRrulsx7TKVMhOu6//4Z6DDjR/Lm6Vw="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/pkgs/tools/security/metasploit/gemset.nix b/pkgs/tools/security/metasploit/gemset.nix index a9bcf2c227f4d..56bc013871441 100644 --- a/pkgs/tools/security/metasploit/gemset.nix +++ b/pkgs/tools/security/metasploit/gemset.nix @@ -104,30 +104,30 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1fi4irlxam3bmvafm6iiqj0vlzqg10vc4bzznl4c5w6zmg0lzp6b"; + sha256 = "02d86hv5jfs27hszd9d92q31dz3wl3s1racimkhb7nx8xg0l9ldj"; type = "gem"; }; - version = "1.547.0"; + version = "1.549.0"; }; aws-sdk-core = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1jp8nz18r9skri118haqy0slqmr5bwjw7xvrghcmj9lx409f0m6p"; + sha256 = "1i6835n7d2ss3k3ljwbw8by0fagymk0122ill3i9ipghz21xpqld"; type = "gem"; }; - version = "3.125.2"; + version = "3.125.5"; }; aws-sdk-ec2 = { groups = ["default"]; platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1awg6wdq5nqlxq5zqj2h06898d9b24ci3jnczpss9pqgis4g0w0n"; + sha256 = "0rzbd111n7pgzpgjabcxi2mpnkxf3fcxkvy4rqidyf80m4633gwy"; type = "gem"; }; - version = "1.291.0"; + version = "1.294.0"; }; aws-sdk-iam = { groups = ["default"]; @@ -204,10 +204,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ir2fml3d6gjzqhiqpxl8rqmgrp5lqrx8xdwz9cmcnxhfzmqgxbp"; + sha256 = "0vfwqzd89542xm8sc1ni6jvjy6wgycnri67q7agxnc5jmwawmcgf"; type = "gem"; }; - version = "4.13.0"; + version = "4.14.0"; }; builder = { groups = ["default"]; @@ -264,10 +264,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1pbhj4xmj4262in6c1nwl5ssw0qypg8ysjrrkwn2akkzbxzy9rfq"; + sha256 = "0v8jfxamsdvs8rdl28ylcp5xphb03kmf5f1aqrnr2020ras618kc"; type = "gem"; }; - version = "1.61.7"; + version = "1.61.9"; }; domain_name = { groups = ["default"]; @@ -284,10 +284,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1f5kr8za7hvla38fc0n9jiv55iq62k5bzclsa5kdb14l3r4w6qnw"; + sha256 = "0zb2dr2ihb1qiknn5iaj1ha1w9p7lj9yq5waasndlfadz225ajji"; type = "gem"; }; - version = "1.2.4"; + version = "1.3.0"; }; em-http-request = { groups = ["default"]; @@ -344,10 +344,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0afhlqgby2cizcwgh7h2sq5f77q01axjbdl25bsvfwsry9n7gyyi"; + sha256 = "0y32gj994ll3zlcqjmwp78r7s03iiwayij6fz2pjpkfywgvp71s6"; type = "gem"; }; - version = "1.8.0"; + version = "1.9.3"; }; faraday-em_http = { groups = ["default"]; @@ -389,6 +389,16 @@ }; version = "1.0.1"; }; + faraday-multipart = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "03qfi9020ynf7hkdiaq01sd2mllvw7fg4qiin3pk028b4wv23j3j"; + type = "gem"; + }; + version = "1.0.3"; + }; faraday-net_http = { groups = ["default"]; platforms = []; @@ -429,6 +439,16 @@ }; version = "1.0.0"; }; + faraday-retry = { + groups = ["default"]; + platforms = []; + source = { + remotes = ["https://rubygems.org"]; + sha256 = "153i967yrwnswqgvnnajgwp981k9p50ys1h80yz3q94rygs59ldd"; + type = "gem"; + }; + version = "1.0.3"; + }; faye-websocket = { groups = ["default"]; platforms = []; @@ -554,10 +574,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0pmafwxh8z1apnk7bb1ibnbhfrgb1jgilxm4j8d0fcqlc2ggmbja"; + sha256 = "0r9kxrf9jccrr329pa3s37rf16vy426cbqmfwxkav1fidwvih93y"; type = "gem"; }; - version = "0.5.9"; + version = "0.5.11"; }; irb = { groups = ["default"]; @@ -664,12 +684,12 @@ platforms = []; source = { fetchSubmodules = false; - rev = "0991344df7a2b343b99e83507bf217137f11801d"; - sha256 = "03m9akqvxi913ycnajk4c2n4wxvdxa0zq0k15wx222hbr5sywabq"; + rev = "4a1ba0f9095d5c6e954ba58bc71d02feefc411a5"; + sha256 = "0p79wvr4gqrhx0czxzxsxf24r9acgg69dvhs84r0pvzcvmwfxx4m"; type = "git"; url = "https://github.com/rapid7/metasploit-framework"; }; - version = "6.1.24"; + version = "6.1.25"; }; metasploit-model = { groups = ["default"]; @@ -756,10 +776,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "06iajjyhx0rvpn4yr3h1hc4w4w3k59bdmfhxnjzzh76wsrdxxrc6"; + sha256 = "14kg9wdfls7s63lds9blrd77n8mx780bzyh05dj8kn0aimw3l9dx"; type = "gem"; }; - version = "1.4.2"; + version = "1.4.3"; }; multi_json = { groups = ["default"]; @@ -857,10 +877,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1cvx23d8z1nf5nsr5cv55m5dhr3f1bnvgdfqqfnjvhcd8cfnkgcd"; + sha256 = "1zqzawia52cdcmi55lp7v8jmiqyw7pcpwsksqlnirwfm3f7bnf11"; type = "gem"; }; - version = "1.13.0"; + version = "1.13.1"; }; nori = { groups = ["default"]; @@ -877,10 +897,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0ak64rb48d8z98nw6q70r6i0i3ivv61iqla40ss5l79491qfnn27"; + sha256 = "1nmdd7klyinvrrv2mggwwmc99ykaq7i379j00i37hvvaqx4giifj"; type = "gem"; }; - version = "4.21.0"; + version = "4.22.0"; }; openssl-ccm = { groups = ["default"]; @@ -1307,10 +1327,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "1jgmhj4srl7cck1ipbjys6q4klcs473gq90bm59baw4j1wpfaxch"; + sha256 = "0sg0kzqrldx9mlpvymif3dcgz8j8q1nc8jaszrd03nfh5bvp3fd5"; type = "gem"; }; - version = "2.5.1"; + version = "3.0.0"; }; ruby-rc4 = { groups = ["default"]; @@ -1567,10 +1587,10 @@ platforms = []; source = { remotes = ["https://rubygems.org"]; - sha256 = "0kbcv9j5sc7pvjzf1dkp6h69i6lmj205zyy2arxcfgqg11bsz2kp"; + sha256 = "1dy35rfdmj6pfhdicix1kcgpj5y7844a43i6bnklngn7b1wmy3av"; type = "gem"; }; - version = "0.1.2"; + version = "0.1.3"; }; winrm = { groups = ["default"]; diff --git a/pkgs/tools/security/pass2csv/default.nix b/pkgs/tools/security/pass2csv/default.nix index 50de7dc7e8212..1817d63f1ee6e 100644 --- a/pkgs/tools/security/pass2csv/default.nix +++ b/pkgs/tools/security/pass2csv/default.nix @@ -6,12 +6,12 @@ buildPythonApplication rec { pname = "pass2csv"; - version = "0.3.1"; + version = "0.3.2"; format = "pyproject"; src = fetchPypi { inherit pname version; - sha256 = "sha256-qY094A5F7W2exGcsS9AJuO5RrBcAn0cCrJquOc6zGZM="; + sha256 = "03a11bd0b0905737f4adb21d87aa1653d84cc1d9b5dcfdfb8a29092245d65db8"; }; propagatedBuildInputs = [ diff --git a/pkgs/tools/security/proxmark3/proxmark3-rrg.nix b/pkgs/tools/security/proxmark3/proxmark3-rrg.nix index 34352f74b55f1..c473ccf02a5c3 100644 --- a/pkgs/tools/security/proxmark3/proxmark3-rrg.nix +++ b/pkgs/tools/security/proxmark3/proxmark3-rrg.nix @@ -7,13 +7,13 @@ mkDerivation rec { pname = "proxmark3-rrg"; - version = "4.14434"; + version = "4.14831"; src = fetchFromGitHub { owner = "RfidResearchGroup"; repo = "proxmark3"; rev = "v${version}"; - sha256 = "sha256-QscV/RxycpU8ypP1Pv6eKtQrOVC+oikass4tvxUszMI="; + sha256 = "sha256-s0D04V6vlGW7SVkJwzMKaVfXQoT3Wi0lu7RC61Es89A="; }; nativeBuildInputs = [ pkg-config gcc-arm-embedded ]; diff --git a/pkgs/tools/security/rucredstash/default.nix b/pkgs/tools/security/rucredstash/default.nix new file mode 100644 index 0000000000000..14ecfa085fbd2 --- /dev/null +++ b/pkgs/tools/security/rucredstash/default.nix @@ -0,0 +1,30 @@ +{ lib, rustPlatform, fetchFromGitHub, pkg-config, openssl, stdenv, Security }: + +rustPlatform.buildRustPackage rec { + pname = "rucredstash"; + version = "0.9.0"; + + src = fetchFromGitHub { + owner = "psibi"; + repo = "rucredstash"; + rev = "v${version}"; + sha256 = "1jwsj2y890nxpgmlfbr9hms2raspp5h89ykzsh014mf7lb3yxzwg"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ openssl ] + ++ lib.optional stdenv.isDarwin Security; + + # Disable tests since it requires network access and relies on the + # presence of certain AWS infrastructure + doCheck = false; + + cargoSha256 = "0qnfrwpdvjksc97iiwn1r6fyqaqn0q3ckbdzswf9flvwshqzb6ih"; + + meta = with lib; { + description = "Rust port for credstash. Manages credentials securely in AWS cloud"; + homepage = "https://github.com/psibi/rucredstash"; + license = licenses.mit; + maintainers = with maintainers; [ psibi ]; + }; +} diff --git a/pkgs/tools/security/scorecard/default.nix b/pkgs/tools/security/scorecard/default.nix index e08ff55bc18b2..8fd4276427b1f 100644 --- a/pkgs/tools/security/scorecard/default.nix +++ b/pkgs/tools/security/scorecard/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "scorecard"; - version = "3.2.1"; + version = "4.0.1"; src = fetchFromGitHub { owner = "ossf"; repo = pname; rev = "v${version}"; - sha256 = "sha256-MVFhw/r1sws82oofV4LHmiSlKxyYd8abYq8oFiB0HH8="; + sha256 = "sha256-xZBK2gIIxuvO2fuSYyWitO1xT8ItfBVqt2JRJoyH+gg="; # populate values otherwise taken care of by goreleaser, # unfortunately these require us to use git. By doing # this in postFetch we can delete .git afterwards and @@ -27,7 +27,7 @@ buildGoModule rec { find "$out" -name .git -print0 | xargs -0 rm -rf ''; }; - vendorSha256 = "sha256-WrM2aE0z6SnfoPEBqgn1TO6sSGPMrQvL6+ddvOS2w1k="; + vendorSha256 = "sha256-SXBdtwYEslR871wLwCCHD7hsM/riHswyKrIilrsLqns="; # Install completions post-install nativeBuildInputs = [ installShellFiles ]; diff --git a/pkgs/tools/security/solo2-cli/default.nix b/pkgs/tools/security/solo2-cli/default.nix new file mode 100644 index 0000000000000..e3518799504e5 --- /dev/null +++ b/pkgs/tools/security/solo2-cli/default.nix @@ -0,0 +1,48 @@ +{ lib +, stdenv +, rustPlatform +, fetchFromGitHub +, installShellFiles +, pkg-config +, pcsclite +, udev +, PCSC +, IOKit +, CoreFoundation +, AppKit +}: + +rustPlatform.buildRustPackage rec { + pname = "solo2-cli"; + version = "0.1.1"; + + src = fetchFromGitHub { + owner = "solokeys"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-3GIK0boxGD4Xa5OskP1535zCQyhMQ/oXbgThRivJzww="; + }; + + cargoSha256 = "sha256-MYxVegXUVeZ4AzDz+Si5TtTjUDEPTO0Nh008rgLtsLw="; + + nativeBuildInputs = [ installShellFiles pkg-config ]; + + buildInputs = [ ] + ++ lib.optionals stdenv.isLinux [ pcsclite udev ] + ++ lib.optionals stdenv.isDarwin [ PCSC IOKit CoreFoundation AppKit ]; + + postInstall = '' + installShellCompletion target/*/release/solo2.{bash,fish,zsh} + ''; + + doCheck = true; + + buildFeatures = [ "cli" ]; + + meta = with lib; { + description = "A CLI tool for managing SoloKeys' Solo2 USB security keys."; + homepage = "https://github.com/solokeys/solo2-cli"; + license = with licenses; [ asl20 mit ]; # either at your option + maintainers = with maintainers; [ lukegb ]; + }; +} diff --git a/pkgs/tools/security/volatility/default.nix b/pkgs/tools/security/volatility/default.nix index 4abbbd2d1d1f1..9c73f8a001958 100644 --- a/pkgs/tools/security/volatility/default.nix +++ b/pkgs/tools/security/volatility/default.nix @@ -1,6 +1,6 @@ -{ lib, fetchFromGitHub, pythonPackages }: +{ lib, fetchFromGitHub, python2Packages }: -pythonPackages.buildPythonApplication rec { +python2Packages.buildPythonApplication rec { pname = "volatility"; version = "2.6.1"; @@ -13,7 +13,7 @@ pythonPackages.buildPythonApplication rec { doCheck = false; - propagatedBuildInputs = with pythonPackages; [ pycrypto distorm3 pillow ]; + propagatedBuildInputs = with python2Packages; [ pycrypto distorm3 pillow ]; meta = with lib; { homepage = "https://www.volatilityfoundation.org/"; |