diff options
Diffstat (limited to 'pkgs/tools/security')
36 files changed, 163 insertions, 159 deletions
diff --git a/pkgs/tools/security/argocd-vault-plugin/default.nix b/pkgs/tools/security/argocd-vault-plugin/default.nix index bd6e4c15fa27d..934be7d099428 100644 --- a/pkgs/tools/security/argocd-vault-plugin/default.nix +++ b/pkgs/tools/security/argocd-vault-plugin/default.nix @@ -1,4 +1,9 @@ -{ buildGoModule, fetchFromGitHub, lib }: +{ buildGoModule +, fetchFromGitHub +, lib +, testers +, argocd-vault-plugin +}: buildGoModule rec { pname = "argocd-vault-plugin"; @@ -13,9 +18,23 @@ buildGoModule rec { vendorHash = "sha256-0PrGrcS8Gx0cVImGrlmXlycFgWCTLjg2ISi0OhYoPpw="; + ldflags = [ + "-X=github.com/argoproj-labs/argocd-vault-plugin/version.Version=v${version}" + "-X=github.com/argoproj-labs/argocd-vault-plugin/version.BuildDate=1970-01-01T00:00:00Z" + "-X=github.com/argoproj-labs/argocd-vault-plugin/version.CommitSHA=unknown" + ]; + # integration tests require filesystem and network access for credentials doCheck = false; + doInstallCheck = true; + + passthru.tests.version = testers.testVersion { + package = argocd-vault-plugin; + command = "argocd-vault-plugin version"; + version = "argocd-vault-plugin v${version} (unknown) BuildDate: 1970-01-01T00:00:00Z"; + }; + meta = with lib; { homepage = "https://argocd-vault-plugin.readthedocs.io"; changelog = "https://github.com/argoproj-labs/argocd-vault-plugin/releases/tag/v${version}"; diff --git a/pkgs/tools/security/bkcrack/default.nix b/pkgs/tools/security/bkcrack/default.nix index e2ed76743c4cf..6345cbdc96028 100644 --- a/pkgs/tools/security/bkcrack/default.nix +++ b/pkgs/tools/security/bkcrack/default.nix @@ -2,22 +2,20 @@ , stdenv , fetchFromGitHub , cmake -, openmp }: stdenv.mkDerivation rec { pname = "bkcrack"; - version = "1.5.0"; + version = "1.6.0"; src = fetchFromGitHub { owner = "kimci86"; repo = pname; rev = "v${version}"; - hash = "sha256-iyx4mOTr6MHECk9S9zrIAE5pt+cxWnOKS7iQPUyWfzs="; + hash = "sha256-VfPRX9lOPyen8CujiBtTCbD5e7xd9X2OQ1uZ6JWKwtY="; }; nativeBuildInputs = [ cmake ]; - buildInputs = [ openmp ]; postInstall = '' mkdir -p $out/bin $out/share/licenses/bkcrack diff --git a/pkgs/tools/security/cdxgen/default.nix b/pkgs/tools/security/cdxgen/default.nix index 162ef7abb6420..60622a4fdd8c7 100644 --- a/pkgs/tools/security/cdxgen/default.nix +++ b/pkgs/tools/security/cdxgen/default.nix @@ -5,16 +5,16 @@ buildNpmPackage rec { pname = "cdxgen"; - version = "9.10.2"; + version = "9.11.1"; src = fetchFromGitHub { owner = "AppThreat"; repo = pname; rev = "v${version}"; - sha256 = "sha256-d4abSPP0dLi5xzq1CYxi1MSKogrQ+YcZjmlUEr5+oBQ="; + sha256 = "sha256-UrwC6T0XJeEETMtwphLWAnN7grWPI/O4aa3IKrWMhOM="; }; - npmDepsHash = "sha256-KLI6wJrP2s2UWkSC5zmFuC2sa2owRgAhnR4UVrI0ThY="; + npmDepsHash = "sha256-RbHauQkggFlIoIgDdC7A4Y/O4viTsDWNB2MPeDi8oZc="; dontNpmBuild = true; diff --git a/pkgs/tools/security/cloudhunter/default.nix b/pkgs/tools/security/cloudhunter/default.nix index 109bd5a9df7aa..206879d537592 100644 --- a/pkgs/tools/security/cloudhunter/default.nix +++ b/pkgs/tools/security/cloudhunter/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "cloudhunter"; - version = "0.7.0"; + version = "0.7.1"; format = "other"; src = fetchFromGitHub { owner = "belane"; repo = "CloudHunter"; rev = "refs/tags/v${version}"; - hash = "sha256-yRl3x1dboOcoPeKxpUEhDk8OJx1hynEJRHL9/Su8OyA="; + hash = "sha256-7iT4vr0kcNXEyJJdBbJsllIcbZRGY3T5t/FjEONkuq0="; }; postPatch = '' diff --git a/pkgs/tools/security/cnquery/default.nix b/pkgs/tools/security/cnquery/default.nix index 158629f1cd109..9c6803ecd840e 100644 --- a/pkgs/tools/security/cnquery/default.nix +++ b/pkgs/tools/security/cnquery/default.nix @@ -5,18 +5,18 @@ buildGoModule rec { pname = "cnquery"; - version = "9.13.0"; + version = "9.14.0"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnquery"; rev = "v${version}"; - hash = "sha256-jJayS4zGnbQBY/Z7rk4Xx0nHjCdAYCDs/FDYPVBxcqE="; + hash = "sha256-/Lawxl+jMJKSOKi5yxc+d7Gro69rLCB7nyYPmLtNGoU="; }; subPackages = [ "apps/cnquery" ]; - vendorHash = "sha256-AHVmvmTn2MlL+aVBUQs4PA3k8w9/QQRD57DvSpSq09I="; + vendorHash = "sha256-T7pD88v2sF7w/t5O+sekn1oy/uvA6LytYptLXrd+X4c="; meta = with lib; { description = "cloud-native, graph-based asset inventory"; diff --git a/pkgs/tools/security/cnspec/default.nix b/pkgs/tools/security/cnspec/default.nix index 2eee5568fea47..0a8426c38a72c 100644 --- a/pkgs/tools/security/cnspec/default.nix +++ b/pkgs/tools/security/cnspec/default.nix @@ -5,17 +5,17 @@ buildGoModule rec { pname = "cnspec"; - version = "9.14.0"; + version = "10.0.1"; src = fetchFromGitHub { owner = "mondoohq"; repo = "cnspec"; rev = "refs/tags/v${version}"; - hash = "sha256-9MIIxWfETi2DX1DYPALL+JoC4r3yKJpeSFIx+hrGKiM="; + hash = "sha256-CzTHEOQ6QTL5M6lS8BgRhf3OXBC/Pa+HabsRrlxQGcU="; }; proxyVendor = true; - vendorHash = "sha256-Yii2sDfYqIzQAUaMotT87Wa5g3skxWllq6yGlkPDbLg="; + vendorHash = "sha256-7Ro2qRU+ULLLrVT0VpJkwBOQ6EQSgMLiJRRK9IMuXZs="; subPackages = [ "apps/cnspec" diff --git a/pkgs/tools/security/crackmapexec/default.nix b/pkgs/tools/security/crackmapexec/default.nix index 85b987d78c7c3..7db3c804f911c 100644 --- a/pkgs/tools/security/crackmapexec/default.nix +++ b/pkgs/tools/security/crackmapexec/default.nix @@ -35,7 +35,7 @@ python3.pkgs.buildPythonApplication rec { pypsrp pywerview requests - requests_ntlm + requests-ntlm termcolor terminaltables xmltodict diff --git a/pkgs/tools/security/exploitdb/default.nix b/pkgs/tools/security/exploitdb/default.nix index 0e2e74d0787fb..a1dbd2ada9edb 100644 --- a/pkgs/tools/security/exploitdb/default.nix +++ b/pkgs/tools/security/exploitdb/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "exploitdb"; - version = "2023-12-22"; + version = "2024-01-24"; src = fetchFromGitLab { owner = "exploit-database"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-NuukzG+l83YhIgVASLKCkE3FrS6+z8uURTxZyhT/RuA="; + hash = "sha256-3nwF/3xospyxxH6BvOU9DYBi8Fkw4oERGDZJPKMgSXM="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/faraday-cli/default.nix b/pkgs/tools/security/faraday-cli/default.nix index cebe1540c605b..b0ee2015555c4 100644 --- a/pkgs/tools/security/faraday-cli/default.nix +++ b/pkgs/tools/security/faraday-cli/default.nix @@ -5,16 +5,20 @@ python3.pkgs.buildPythonApplication rec { pname = "faraday-cli"; - version = "2.1.9"; - format = "setuptools"; + version = "2.1.10"; + pyproject = true; src = fetchFromGitHub { owner = "infobyte"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-8D1oYYqf0R41DPYtorcvykZ99p6P6Diwe7PgEN378pU="; + hash = "sha256-7Yg2m0xHpBPZ58gJodSYO8vXaxSlr4GK1Lin63WozOE="; }; + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ arrow click diff --git a/pkgs/tools/security/ghauri/default.nix b/pkgs/tools/security/ghauri/default.nix index fb230dc68d270..6e7ddeb3cd968 100644 --- a/pkgs/tools/security/ghauri/default.nix +++ b/pkgs/tools/security/ghauri/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "ghauri"; - version = "1.1.8"; + version = "1.3"; format = "setuptools"; src = fetchFromGitHub { owner = "r0oth3x49"; repo = "ghauri"; rev = "refs/tags/${version}"; - hash = "sha256-WEWiWu8U7DmRjj42BEBXA3CHTyJh2Apz59ImFrmQXEk="; + hash = "sha256-CZhkb8GmXXSA5QqhW7IAirwsxQg6YNFT3RHrGsyqAbk="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/govulncheck/default.nix b/pkgs/tools/security/govulncheck/default.nix index 1b7ee6cf015da..746c72a017e8b 100644 --- a/pkgs/tools/security/govulncheck/default.nix +++ b/pkgs/tools/security/govulncheck/default.nix @@ -6,13 +6,13 @@ buildGoModule rec { pname = "govulncheck"; - version = "1.0.1"; + version = "1.0.2"; src = fetchFromGitHub { owner = "golang"; repo = "vuln"; rev = "refs/tags/v${version}"; - hash = "sha256-cewQ03dK/k3mXevE09M01Yox/3ZWP6IrG0H4QsZMzy8="; + hash = "sha256-vTHP7I3r7EAt4puh7bonKj6A94j169tKWgTfxASWyo0="; }; patches = [ @@ -23,7 +23,7 @@ buildGoModule rec { }) ]; - vendorHash = "sha256-r9XshbgVA5rppJF46SFYPad344ZHMLWTHTnL6vbIFH8="; + vendorHash = "sha256-Jg2Nx63Xak149111jbBP6SgK3hze21Dx5qcDKXCqa48="; subPackages = [ "cmd/govulncheck" diff --git a/pkgs/tools/security/graphw00f/default.nix b/pkgs/tools/security/graphw00f/default.nix index caa7586d37f6b..7f1d5ede3e718 100644 --- a/pkgs/tools/security/graphw00f/default.nix +++ b/pkgs/tools/security/graphw00f/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "graphw00f"; - version = "1.1.8"; + version = "1.1.15"; format = "other"; src = fetchFromGitHub { owner = "dolevf"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-stTCUHt9UCu1QuxDPB8a26LsrHNttyoVd0tmS7e2t2Y="; + hash = "sha256-wAymwT2PRyX7m/yh6BAa8YNkH7pE69bKHKZ15phuUJo="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/grype/default.nix b/pkgs/tools/security/grype/default.nix index de617344becca..1e0f050d4a4cf 100644 --- a/pkgs/tools/security/grype/default.nix +++ b/pkgs/tools/security/grype/default.nix @@ -7,13 +7,13 @@ buildGoModule rec { pname = "grype"; - version = "0.74.0"; + version = "0.74.2"; src = fetchFromGitHub { owner = "anchore"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-M/PBsCZPMh2RSrTWqe5XjErVrSi39DbQpqSzbKXA/wI="; + hash = "sha256-ZqYyVNaVLBh/IixUB72+EVvUUiovi+pexkIVYNsNLVY="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -28,7 +28,7 @@ buildGoModule rec { proxyVendor = true; - vendorHash = "sha256-h/rpDF1weo54DSHRM3eV//+WjSOI24zo1YmpTa3MRnE="; + vendorHash = "sha256-60xkcrMwgDs8ATRdPbDUZQlBaMMleQ3x+1oX2h13tZU="; nativeBuildInputs = [ installShellFiles diff --git a/pkgs/tools/security/hfinger/default.nix b/pkgs/tools/security/hfinger/default.nix index 2c584f35ff4fe..8d3d7e25d33fc 100644 --- a/pkgs/tools/security/hfinger/default.nix +++ b/pkgs/tools/security/hfinger/default.nix @@ -6,14 +6,14 @@ python3.pkgs.buildPythonApplication rec { pname = "hfinger"; - version = "0.2.1"; + version = "0.2.2"; disabled = python3.pythonOlder "3.3"; src = fetchFromGitHub { owner = "CERT-Polska"; repo = pname; - rev = "v${version}"; - sha256 = "sha256-QKnrprDDBq+D8N1brkqgcfK4E+6ssvgPtRaSxkF0C84="; + rev = "refs/tags/v${version}"; + sha256 = "sha256-gxwirAqtY4R3KDHyNmDIknABO+SFuoDua9nm1UyXbxA="; }; propagatedBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/ioc-scan/default.nix b/pkgs/tools/security/ioc-scan/default.nix index 0fea93dc50813..e080426162a6f 100644 --- a/pkgs/tools/security/ioc-scan/default.nix +++ b/pkgs/tools/security/ioc-scan/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "ioc-scan"; - version = "1.5.0"; + version = "1.5.4"; format = "setuptools"; src = fetchFromGitHub { owner = "cisagov"; repo = "ioc-scanner"; rev = "refs/tags/v${version}"; - hash = "sha256-dRrLd41HVVHJse7nkem8Cy+ltfJRnJiWrX/WShMfcOw="; + hash = "sha256-LQljpIlTDy1uxuwj1WyygwrB5hQ7dib1ViB+SEhRJ6Y="; }; postPatch = '' diff --git a/pkgs/tools/security/ioccheck/default.nix b/pkgs/tools/security/ioccheck/default.nix index fc457e0c7fd42..2f25aa4ea8978 100644 --- a/pkgs/tools/security/ioccheck/default.nix +++ b/pkgs/tools/security/ioccheck/default.nix @@ -13,7 +13,7 @@ let owner = "carpedm20"; repo = "emoji"; rev = "v${version}"; - sha256 = "sha256-vKQ51RP7uy57vP3dOnHZRSp/Wz+YDzeLUR8JnIELE/I="; + hash = "sha256-vKQ51RP7uy57vP3dOnHZRSp/Wz+YDzeLUR8JnIELE/I="; }; }; @@ -26,29 +26,35 @@ let owner = "tweepy"; repo = "tweepy"; rev = "v${version}"; - sha256 = "0k4bdlwjna6f1k19jki4xqgckrinkkw8b9wihzymr1l04rwd05nw"; + hash = "sha256-3BbQeCaAhlz9h5GnhficNubJHu4kTpnCDM4oKzlti0w="; }; doCheck = false; }; }; }; -in -with py.pkgs; - -buildPythonApplication rec { +in py.pkgs.buildPythonApplication rec { pname = "ioccheck"; version = "unstable-2021-09-29"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "ranguli"; - repo = pname; + repo = "ioccheck"; rev = "db02d921e2519b77523a200ca2d78417802463db"; hash = "sha256-qf5tHIpbj/BfrzUST+EzohKh1hUg09KwF+vT0tj1+FE="; }; nativeBuildInputs = with py.pkgs; [ poetry-core + pythonRelaxDepsHook + ]; + + pythonRelaxDeps = [ + "backoff" + "pyfiglet" + "tabulate" + "termcolor" + "vt-py" ]; propagatedBuildInputs = with py.pkgs; [ @@ -73,11 +79,7 @@ buildPythonApplication rec { postPatch = '' # Can be removed with the next release substituteInPlace pyproject.toml \ - --replace '"hurry.filesize" = "^0.9"' "" \ - --replace 'vt-py = ">=0.6.1,<0.8.0"' 'vt-py = ">=0.6.1"' \ - --replace 'backoff = "^1.10.0"' 'backoff = ">=1.10.0"' \ - --replace 'termcolor = "^1.1.0"' 'termcolor = "*"' \ - --replace 'tabulate = "^0.8.9"' 'tabulate = "*"' + --replace '"hurry.filesize" = "^0.9"' "" ''; pythonImportsCheck = [ diff --git a/pkgs/tools/security/keepwn/default.nix b/pkgs/tools/security/keepwn/default.nix index 9720e14d7a506..bb856c80710b8 100644 --- a/pkgs/tools/security/keepwn/default.nix +++ b/pkgs/tools/security/keepwn/default.nix @@ -6,20 +6,27 @@ python3.pkgs.buildPythonApplication rec { pname = "keepwn"; - version = "0.1"; - format = "setuptools"; + version = "0.3"; + pyproject = true; src = fetchFromGitHub { owner = "Orange-Cyberdefense"; repo = "KeePwn"; rev = "refs/tags/${version}"; - hash = "sha256-s+r6QEUzkzCbs5j1G+PVgDx8cvnmQzEQ1MHAakG+skA="; + hash = "sha256-haKWuoTtyC9vIise+gznruHEwMIDz1W6euihLLKnSdc="; }; + nativeBuildInputs = with python3.pkgs; [ + setuptools + ]; + propagatedBuildInputs = with python3.pkgs; [ chardet impacket lxml + pefile + pykeepass + python-magic termcolor ]; diff --git a/pkgs/tools/security/mkp224o/default.nix b/pkgs/tools/security/mkp224o/default.nix index 2ac4304d6d2eb..d6ee40e6f5eab 100644 --- a/pkgs/tools/security/mkp224o/default.nix +++ b/pkgs/tools/security/mkp224o/default.nix @@ -2,13 +2,13 @@ stdenv.mkDerivation rec { pname = "mkp224o"; - version = "1.6.1"; + version = "1.7.0"; src = fetchFromGitHub { owner = "cathugger"; repo = "mkp224o"; rev = "v${version}"; - sha256 = "sha256-+TJ137DmgaFZX+/N6VwXJwfVCoTWtC8NqfXfYJC8UHo="; + sha256 = "sha256-OL3xhoxIS1OqfVp0QboENFdNH/e1Aq1R/MFFM9LNFbQ="; }; buildCommand = diff --git a/pkgs/tools/security/naabu/default.nix b/pkgs/tools/security/naabu/default.nix index 8569b957db2d5..7d3981222f914 100644 --- a/pkgs/tools/security/naabu/default.nix +++ b/pkgs/tools/security/naabu/default.nix @@ -6,16 +6,16 @@ buildGoModule rec { pname = "naabu"; - version = "2.2.0"; + version = "2.2.1"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "naabu"; rev = "refs/tags/v${version}"; - hash = "sha256-he9SJ4lCFNV3DvwqYR7lcWPIPwLIpJDWWnnei069k1k="; + hash = "sha256-z81LL+tx15Zo6OWj4gRSodo7Dk763M+QQ5kYgjrWO3Q="; }; - vendorHash = "sha256-fVqPRDycT9ImBkHakNrby0uXPWrXXatTk8QQSi2OnV0="; + vendorHash = "sha256-nwrqxlbvr9FZXJpzmcn0IBEtlJfeYCy8DJsBvxEgj6k="; buildInputs = [ libpcap @@ -27,6 +27,11 @@ buildGoModule rec { "cmd/naabu/" ]; + ldflags = [ + "-w" + "-s" + ]; + meta = with lib; { description = "Fast SYN/CONNECT port scanner"; longDescription = '' diff --git a/pkgs/tools/security/nitrokey-app2/default.nix b/pkgs/tools/security/nitrokey-app2/default.nix index 15e756a7053b1..d56e882cb09ee 100644 --- a/pkgs/tools/security/nitrokey-app2/default.nix +++ b/pkgs/tools/security/nitrokey-app2/default.nix @@ -1,21 +1,26 @@ { lib -, python3 +, buildPythonApplication , fetchFromGitHub -, wrapQtAppsHook +, pythonOlder +, pyside6 +, poetry-core +, pynitrokey +, pyudev +, qt-material }: -python3.pkgs.buildPythonApplication rec { +buildPythonApplication rec { pname = "nitrokey-app2"; - version = "2.1.4"; + version = "2.1.5"; pyproject = true; - disabled = python3.pythonOlder "3.9"; + disabled = pythonOlder "3.9"; src = fetchFromGitHub { owner = "Nitrokey"; repo = "nitrokey-app2"; rev = "v${version}"; - hash = "sha256-loOCa6XlLx1YEfqR0SUUalVIEPCoYsNEHFo2MIKexeA="; + hash = "sha256-mR13zUgCdNS09EnpGLrnOnoIn3p6ZM/0fHKg0OUMWj4="; }; # https://github.com/Nitrokey/nitrokey-app2/issues/152 @@ -23,36 +28,20 @@ python3.pkgs.buildPythonApplication rec { # pythonRelaxDepsHook does not work here, because it runs in postBuild and # only modifies the dependencies in the built distribution. postPatch = '' - substituteInPlace pyproject.toml --replace "pynitrokey ==" "pynitrokey >=" + substituteInPlace pyproject.toml --replace 'pynitrokey = "' 'pynitrokey = ">=' ''; - # The pyproject.toml file seems to be incomplete and does not generate - # resources (i.e. run pyrcc5 and pyuic5) but the Makefile does. - preBuild = '' - make build-ui - ''; - - nativeBuildInputs = with python3.pkgs; [ - flit-core - pyqt5 - wrapQtAppsHook + nativeBuildInputs = [ + poetry-core ]; - dontWrapQtApps = true; - - propagatedBuildInputs = with python3.pkgs; [ + propagatedBuildInputs = [ pynitrokey pyudev - pyqt5 - pyqt5-stubs + pyside6 qt-material ]; - preFixup = '' - wrapQtApp "$out/bin/nitrokeyapp" \ - --set-default CRYPTOGRAPHY_OPENSSL_NO_LEGACY 1 - ''; - pythonImportsCheck = [ "nitrokeyapp" ]; diff --git a/pkgs/tools/security/nsjail/default.nix b/pkgs/tools/security/nsjail/default.nix index a92aa5f210413..23b938a83f9a9 100644 --- a/pkgs/tools/security/nsjail/default.nix +++ b/pkgs/tools/security/nsjail/default.nix @@ -18,6 +18,8 @@ stdenv.mkDerivation rec { buildInputs = [ libnl protobuf protobufc ]; enableParallelBuilding = true; + env.NIX_CFLAGS_COMPILE = toString [ "-Wno-error" ]; + preBuild = '' makeFlagsArray+=(USER_DEFINES='-DNEWUIDMAP_PATH=${shadow}/bin/newuidmap -DNEWGIDMAP_PATH=${shadow}/bin/newgidmap') ''; diff --git a/pkgs/tools/security/nuclei/default.nix b/pkgs/tools/security/nuclei/default.nix index 6deca949204fe..4c56d061754e5 100644 --- a/pkgs/tools/security/nuclei/default.nix +++ b/pkgs/tools/security/nuclei/default.nix @@ -5,16 +5,16 @@ buildGoModule rec { pname = "nuclei"; - version = "3.1.5"; + version = "3.1.7"; src = fetchFromGitHub { owner = "projectdiscovery"; repo = "nuclei"; rev = "refs/tags/v${version}"; - hash = "sha256-U6FEVlW7fr2COyPASja42M3hJX6eAo4pH3kyl9APfG0="; + hash = "sha256-O7GWH65zOKK9mPlap5BL302ow/ruXOz8CxUjaHfIj3w="; }; - vendorHash = "sha256-/Pw1m8cWYDPCS7EcveqDdmRQtP7R3sr3hvLLw/FBftU="; + vendorHash = "sha256-mwqDoX79cnG6zPncN1l5uAdOSbyAVWzw2dV+2rnBsqw="; subPackages = [ "cmd/nuclei/" diff --git a/pkgs/tools/security/osv-scanner/default.nix b/pkgs/tools/security/osv-scanner/default.nix index 5d48ceb67e9ea..2ce9241d18acc 100644 --- a/pkgs/tools/security/osv-scanner/default.nix +++ b/pkgs/tools/security/osv-scanner/default.nix @@ -6,16 +6,16 @@ }: buildGoModule rec { pname = "osv-scanner"; - version = "1.5.0"; + version = "1.6.1"; src = fetchFromGitHub { owner = "google"; repo = pname; rev = "v${version}"; - hash = "sha256-wWycONThNIqiSbpsopsc9AbAxOToWkTiNzkJ2I8Z0t4="; + hash = "sha256-ddzdOk2sHNzjCM4cLJY+H9h13MjamlC1RYcnOcDGV4M="; }; - vendorHash = "sha256-CiRvryjBp3nUrPRxNqM88p4856yT+BuIsjvYuE+DmqI="; + vendorHash = "sha256-9cE4UcQipJYwQDZA4jlcV68BBTgft7oRVlngg/PAmWI="; subPackages = [ "cmd/osv-scanner" @@ -24,7 +24,7 @@ buildGoModule rec { ldflags = [ "-s" "-w" - "-X main.version=${version}" + "-X github.com/google/osv-scanner/internal/version.OSVVersion=${version}" "-X main.commit=n/a" "-X main.date=1970-01-01T00:00:00Z" ]; diff --git a/pkgs/tools/security/pass2csv/default.nix b/pkgs/tools/security/pass2csv/default.nix index 95649695bfffb..6a1d4f5a27f45 100644 --- a/pkgs/tools/security/pass2csv/default.nix +++ b/pkgs/tools/security/pass2csv/default.nix @@ -7,12 +7,12 @@ buildPythonApplication rec { pname = "pass2csv"; - version = "1.0.0"; + version = "1.1.0"; format = "pyproject"; src = fetchPypi { inherit pname version; - sha256 = "sha256-a/PQl/nqdj9xOM2hfAIiLuGy5F4KmEWFJihZ4gilaJw="; + sha256 = "sha256-sJX09gyyqCszjypRnJj40BzRl8xW963hSbuGDekxGdA="; }; nativeBuildInputs = [ diff --git a/pkgs/tools/security/sn0int/default.nix b/pkgs/tools/security/sn0int/default.nix index 397f7eb832e7c..66f89f77e8eae 100644 --- a/pkgs/tools/security/sn0int/default.nix +++ b/pkgs/tools/security/sn0int/default.nix @@ -1,10 +1,12 @@ { lib , fetchFromGitHub , rustPlatform -, libsodium , libseccomp -, sqlite +, libsodium , pkg-config +, pkgs +, sqlite +, stdenv }: rustPlatform.buildRustPackage rec { @@ -26,8 +28,11 @@ rustPlatform.buildRustPackage rec { buildInputs = [ libsodium - libseccomp sqlite + ] ++ lib.optionals stdenv.isLinux [ + libseccomp + ] ++ lib.optionals stdenv.isDarwin [ + pkgs.darwin.apple_sdk.frameworks.Security ]; # One of the dependencies (chrootable-https) tries to read "/etc/resolv.conf" @@ -40,6 +45,6 @@ rustPlatform.buildRustPackage rec { changelog = "https://github.com/kpcyrd/sn0int/releases/tag/v${version}"; license = with licenses; [ gpl3Plus ]; maintainers = with maintainers; [ fab xrelkd ]; - platforms = platforms.linux; + platforms = platforms.linux ++ platforms.darwin; }; } diff --git a/pkgs/tools/security/sslscan/default.nix b/pkgs/tools/security/sslscan/default.nix index 6f5999978a107..529b1bb1683e6 100644 --- a/pkgs/tools/security/sslscan/default.nix +++ b/pkgs/tools/security/sslscan/default.nix @@ -6,13 +6,13 @@ stdenv.mkDerivation rec { pname = "sslscan"; - version = "2.1.2"; + version = "2.1.3"; src = fetchFromGitHub { owner = "rbsec"; repo = "sslscan"; rev = "refs/tags/${version}"; - hash = "sha256-6teCWzv9DXhGSBjyIurRW3ymSTwMUlbJGjuXmsqpkUc="; + hash = "sha256-oLlMeFVicDwr2XjCX/0cBMTXLKB8js50646uAf3tP9k="; }; buildInputs = [ openssl ]; diff --git a/pkgs/tools/security/step-cli/default.nix b/pkgs/tools/security/step-cli/default.nix index 53a0a44588a2a..4ba73b2ac2e54 100644 --- a/pkgs/tools/security/step-cli/default.nix +++ b/pkgs/tools/security/step-cli/default.nix @@ -5,13 +5,13 @@ buildGoModule rec { pname = "step-cli"; - version = "0.25.1"; + version = "0.25.2"; src = fetchFromGitHub { owner = "smallstep"; repo = "cli"; rev = "refs/tags/v${version}"; - hash = "sha256-Lltlvr/Hvh2W8MiB5WC3RmQcHg6kRPau7Fvvaqm60MQ="; + hash = "sha256-umo0f4cXxnxg3xH1aHeJE2brUT9w+Gp+0Qzq4zIQ8oI="; }; ldflags = [ @@ -25,7 +25,7 @@ buildGoModule rec { rm command/certificate/remote_test.go ''; - vendorHash = "sha256-dhJrDhMnPb985W3YP7+W8GHuMpkkZJcxks27TThj2YE="; + vendorHash = "sha256-R9UJHXs35/yvwlqu1iR3lJN/w8DWMqw48Kc+7JKfD7I="; meta = with lib; { description = "A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc"; diff --git a/pkgs/tools/security/sudo/default.nix b/pkgs/tools/security/sudo/default.nix index 0f1cc974b4b3b..996baca2567f7 100644 --- a/pkgs/tools/security/sudo/default.nix +++ b/pkgs/tools/security/sudo/default.nix @@ -12,13 +12,13 @@ , withSssd ? false }: -stdenv.mkDerivation rec { +stdenv.mkDerivation (finalAttrs: { pname = "sudo"; - version = "1.9.15p4"; + version = "1.9.15p5"; src = fetchurl { - url = "https://www.sudo.ws/dist/${pname}-${version}.tar.gz"; - hash = "sha256-LiDsmGXu7qExbG9J7GrEZ4hptonU2QtEJDv0iH1t1TI="; + url = "https://www.sudo.ws/dist/sudo-${finalAttrs.version}.tar.gz"; + hash = "sha256-VY0QuaGZH7O5+n+nsH7EQFt677WzywsIcdvIHjqI5Vg="; }; prePatch = '' @@ -85,5 +85,6 @@ stdenv.mkDerivation rec { license = with licenses; [ sudo bsd2 bsd3 zlib ]; maintainers = with maintainers; [ delroth ]; platforms = platforms.linux; + mainProgram = "sudo"; }; -} +}) diff --git a/pkgs/tools/security/tell-me-your-secrets/default.nix b/pkgs/tools/security/tell-me-your-secrets/default.nix index c01308e0de6e3..a85a62fdfcc37 100644 --- a/pkgs/tools/security/tell-me-your-secrets/default.nix +++ b/pkgs/tools/security/tell-me-your-secrets/default.nix @@ -6,7 +6,7 @@ python3.pkgs.buildPythonApplication rec { pname = "tell-me-your-secrets"; version = "2.4.2"; - format = "pyproject"; + pyproject = true; src = fetchFromGitHub { owner = "valayDave"; @@ -17,6 +17,7 @@ python3.pkgs.buildPythonApplication rec { pythonRelaxDeps = [ "gitignore-parser" + "pandas" ]; nativeBuildInputs = with python3.pkgs; [ diff --git a/pkgs/tools/security/trueseeing/default.nix b/pkgs/tools/security/trueseeing/default.nix index 8284a802bd88e..8ab38a9a44d2d 100644 --- a/pkgs/tools/security/trueseeing/default.nix +++ b/pkgs/tools/security/trueseeing/default.nix @@ -15,22 +15,20 @@ python3.pkgs.buildPythonApplication rec { hash = "sha256-g5OqdnPtGGV4wBwPRAjH3lweguwlfVcgpNLlq54OHKA="; }; - postPatch = '' - substituteInPlace pyproject.toml \ - --replace "attrs~=21.4" "attrs>=21.4" - ''; - nativeBuildInputs = with python3.pkgs; [ flit-core + pythonRelaxDepsHook ]; + pythonRelaxDeps = true; + propagatedBuildInputs = with python3.pkgs; [ attrs - ipython jinja2 lxml pypubsub pyyaml + termcolor ]; # Project has no tests diff --git a/pkgs/tools/security/trufflehog/default.nix b/pkgs/tools/security/trufflehog/default.nix index 1c711222ac511..606620deae555 100644 --- a/pkgs/tools/security/trufflehog/default.nix +++ b/pkgs/tools/security/trufflehog/default.nix @@ -7,16 +7,16 @@ buildGoModule rec { pname = "trufflehog"; - version = "3.63.8"; + version = "3.63.11"; src = fetchFromGitHub { owner = "trufflesecurity"; repo = "trufflehog"; rev = "refs/tags/v${version}"; - hash = "sha256-vXHMTuYANVUigYKEYwfT9JwqoEYFIPbNkylqj3H+88E="; + hash = "sha256-potMA/fLiwH0TZNwXJSC+SFRG8qxXe2drdk6Aj+4GUQ="; }; - vendorHash = "sha256-ikWC5QhLgPmXq304EhSrOBYBg2IeUDIBRVt9TuyOqsA="; + vendorHash = "sha256-hzSGhq10n09C2lTeJr3oO+KyeTLqpuNXfn7NukGf0ck="; ldflags = [ "-s" diff --git a/pkgs/tools/security/trustymail/default.nix b/pkgs/tools/security/trustymail/default.nix index eb384ce162539..88d321708886f 100644 --- a/pkgs/tools/security/trustymail/default.nix +++ b/pkgs/tools/security/trustymail/default.nix @@ -5,14 +5,14 @@ python3.pkgs.buildPythonApplication rec { pname = "trustymail"; - version = "0.8.1"; + version = "0.8.3"; format = "setuptools"; src = fetchFromGitHub { owner = "cisagov"; repo = pname; rev = "refs/tags/v${version}"; - hash = "sha256-hKiQWAOzUjmoCcEH9OTgkgU7s1V+Vv3+93OLkqDRDoU="; + hash = "sha256-aFXz78Gviki0yIcnn2EgR3mHmt0wMoY5u6RoT6zQc1Y="; }; postPatch = '' diff --git a/pkgs/tools/security/vals/default.nix b/pkgs/tools/security/vals/default.nix index 8f25dc1a211aa..55fffe9fd2bf2 100644 --- a/pkgs/tools/security/vals/default.nix +++ b/pkgs/tools/security/vals/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "vals"; - version = "0.32.0"; + version = "0.33.0"; src = fetchFromGitHub { rev = "v${version}"; owner = "variantdev"; repo = pname; - sha256 = "sha256-UBN0QMrYyYm7O1MrduGmXOSLZ5Qwjq0LMgvWhoVwzGI="; + sha256 = "sha256-ZF73oLe/2s+zsMNElgjnVT7GCsH4VSP1IWTy647JZyw="; }; - vendorHash = "sha256-2gS4m+eQSrXcMtT/7AzPW5KcGww8gSJm2doyBa6pLHQ="; + vendorHash = "sha256-1wlwG0YaLcoLEh5t1hAfgQ+8EMfMDQn430nWGsuFTqs="; ldflags = [ "-s" diff --git a/pkgs/tools/security/vaultwarden/webvault.nix b/pkgs/tools/security/vaultwarden/webvault.nix index 81709fd2511de..3e4180cc05b23 100644 --- a/pkgs/tools/security/vaultwarden/webvault.nix +++ b/pkgs/tools/security/vaultwarden/webvault.nix @@ -7,14 +7,15 @@ }: let - version = "2024.1.0"; + version = "2024.1.1b"; bw_web_builds = fetchFromGitHub { owner = "dani-garcia"; repo = "bw_web_builds"; rev = "v${version}"; - hash = "sha256-pR5fgpLcxnqURouandGIHRIfc3sn3QcfpU6mF6AxpeA="; + hash = "sha256-jdr+3sIFdKmi0CI3TyFv+wCbhOBJECKQtx+X5EZjRsQ="; }; + in buildNpmPackage rec { pname = "vaultwarden-webvault"; inherit version; @@ -23,10 +24,10 @@ in buildNpmPackage rec { owner = "bitwarden"; repo = "clients"; rev = "web-v${lib.removeSuffix "b" version}"; - hash = "sha256-lDDy1b1yfw3nZrwEEkpvh6xYucgn20XHsGACc45eb2w="; + hash = "sha256-695iCkFhPEyyI4ekbjsdWpxgPy+bX392/X30HyL4F4Y="; }; - npmDepsHash = "sha256-RR8Ua41D9SXymiPuabOnIab3byu8DR63rOfdeTaQpy4="; + npmDepsHash = "sha256-IJ5JVz9hHu3NOzFJAyzfhsMfPQgYQGntDEDuBMI/iZc="; postPatch = '' ln -s ${bw_web_builds}/{patches,resources} .. @@ -65,6 +66,7 @@ in buildNpmPackage rec { meta = with lib; { description = "Integrates the web vault into vaultwarden"; homepage = "https://github.com/dani-garcia/bw_web_builds"; + changelog = "https://github.com/dani-garcia/bw_web_builds/releases/tag/v${version}"; platforms = platforms.all; license = licenses.gpl3Plus; maintainers = with maintainers; [ dotlambda msteen mic92 ]; diff --git a/pkgs/tools/security/websploit/default.nix b/pkgs/tools/security/websploit/default.nix deleted file mode 100644 index b8db06427f863..0000000000000 --- a/pkgs/tools/security/websploit/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ lib, buildPythonApplication, fetchFromGitHub -, requests, scapy }: - -buildPythonApplication rec { - pname = "websploit"; - version = "4.0.4"; - - src = fetchFromGitHub { - owner = "f4rih"; - repo = pname; - rev = version; - sha256 = "LpDfJmH2FbL37Fk86CAC/bxFqM035DBN6c6FPfGpaIw="; - }; - - propagatedBuildInputs = [ - requests - scapy - ]; - - # Project has no tests - doCheck = false; - - meta = with lib; { - description = "A high level MITM framework"; - homepage = "https://github.com/f4rih/websploit"; - license = licenses.mit; - maintainers = with maintainers; [ emilytrau ]; - }; -} diff --git a/pkgs/tools/security/zeekscript/default.nix b/pkgs/tools/security/zeekscript/default.nix index c1ab0cb4a190c..eb7d097c5d744 100644 --- a/pkgs/tools/security/zeekscript/default.nix +++ b/pkgs/tools/security/zeekscript/default.nix @@ -5,12 +5,12 @@ python3.pkgs.buildPythonApplication rec { pname = "zeekscript"; - version = "1.2.1"; - format = "pyproject"; + version = "1.2.8"; + pyproject = true; src = fetchPypi { inherit pname version; - hash = "sha256-LogI9sJHvLN5WHJGdW47D09XZInKln/I2hNmG62d1JU="; + hash = "sha256-v0PJY0Ahxa4k011AwtWSIAWBXvt3Aybrd382j1SIT6M="; }; postPatch = '' |