Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NixOS for Pentesting Overview #81418

Open
JoshuaFern opened this issue Mar 1, 2020 · 91 comments
Open

NixOS for Pentesting Overview #81418

JoshuaFern opened this issue Mar 1, 2020 · 91 comments
Assignees
@D3vil0p3r @octodi
Labels
0.kind: packaging request 5. scope: tracking Long-lived issue tracking long-term fixes or multiple sub-problems

Comments

@JoshuaFern
Copy link
Member

JoshuaFern commented Mar 1, 2020
edited by fabaff
Loading

NixOS for Pentesting

This represents an effort to bring Security and Forensics software to NixOS, so that it can become a viable alternative to projects like Kali Linux and BlackArch.

Expect updates here to any progress we may be making. Contributions are welcome.

Exploitation
Forensics
Hardware
Information Gathering
Maintaining Access
Passwords
Reporting
Sniffing & Spoofing
Stress Testing
Vulnerability Analysis
Web Applications
Wireless

Also see: Are We Hackers Yet?

Why?

We live in a digital age where high-tech network attacks are rampant, it's critical to regularly scan for vulnerabilities and undergo penetration testing at least once a year to ensure our security practices are working. The only real way to have solid defensive security is to approach it from the mindset of an offensive attacker.
@dhess
Copy link
Contributor

dhess commented Mar 2, 2020

radare2 is in nixpkgs.

@7c6f434c
Copy link
Member

7c6f434c commented Mar 2, 2020

dsniff is obsolete in the age of allegedely working switches? I thought overloading a switch still works sometimes…

@dhess
Copy link
Contributor

dhess commented Mar 2, 2020

I tried (unsuccessfully) to upstream libprelude to nixpkgs a few years ago. If anyone wants to try again, there's a working derivation here:

https://github.com/hackworthltd/hacknix/blob/master/pkgs/development/libraries/libprelude/default.nix

I believe that among the objections was the fact that I wasn't handling the Python bindings correctly, so that'll probably need cleaning up.

@Ma27 Ma27 mentioned this issue Mar 7, 2020
Merged
10 tasks
@JoshuaFern
Copy link
Member Author

Thanks for your contribution. @Ma27

@makefu
Copy link
Contributor

makefu commented Mar 10, 2020

I packaged dex2jar in for my nur repo ( nix-shell -p pkgs.nur.repos.makefu.dex2jar ) https://github.com/makefu/nur-packages/blob/master/dex2jar/default.nix

There is also drozer ( https://github.com/makefu/nur-packages/blob/master/drozer/default.nix ) and beef ( https://github.com/makefu/nur-packages/tree/master/beef ) however i am unsure how far i went to package these tools and if all functionality is working. They seem to build at least.

maybe we are lucky with other packages in NUR.

This was referenced Mar 10, 2020
Closed
Merged
@devhell
Copy link
Contributor

devhell commented Mar 11, 2020
edited
Loading

You're missing sleuthkit and autopsy in your list. ;-)

However, sleuthkit is in nixpkgs, but autopsy is not.

@JoshuaFern
Copy link
Member Author

It's not a comprehensive list, however I'm happy to add any particular packages people request. If I added absolutely everything to the list it would be well over 2500 items long ;)

I added sleuthkit and autopsy to the list, thanks.

@devhell
Copy link
Contributor

devhell commented Mar 12, 2020

You're absolutely right, but sleuthkit and autopsy are two staple DF tools that shouldn't miss on any list. Thank you for adding them ;)

@deliciouslytyped
Copy link
Contributor

deliciouslytyped commented Apr 5, 2020
edited
Loading

enjarify may be more reliable than dex2jar, and bytecode-viewer is a good frontend / is bundled with procyon (and or cfr? I dont remember) which was a pretty good decompiler - or at least I had better luck than with others, even on old code - though FWIW it seems to be just a jar file and runs fine with java -jar

Edit: looks like it defaults to fernflower which is apparrently what intellij idea uses.

@xrelkd
Copy link
Contributor

xrelkd commented Apr 15, 2020

Could we add sn0int into this list?
sn0int is a Information Gathering tool.
The PR #85282 has been created.
Thank you!

@Pamplemousse
Copy link
Member

#67413 is a discussion to get angr on nix.
As of now, it is available as a nur repository .

@Pamplemousse
Copy link
Member

And BTW, ZAProxy is already available: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/networking/zap/default.nix.

@JoshuaFern
Copy link
Member Author

OP updated, now with expanding categories!

This was referenced Apr 20, 2020
Merged
Merged
Merged
@JoshuaFern
Copy link
Member Author

Thanks @xrelkd
OP updated.

This was referenced Apr 20, 2020
Merged
Merged
@helinko
Copy link
Contributor

helinko commented May 6, 2020

Zap seems to be broken, I opened a ticket #87106

Also, in the OP Zap should probably be under Web Applications, not Passwords.

@offlinehacker
Copy link
Contributor

I think some packages are not useful to have in nixpkgs, maybe creating pentest overlay would be good, where we can have all different packages.

@Mic92
Copy link
Member

Mic92 commented May 9, 2020
edited
Loading

I have frida and keystone in my NUR packages. Keystone is a disassembler required for tools like gef

@JJJollyjim
Copy link
Member

JJJollyjim commented May 20, 2020
edited
Loading

I set up a little tool to show which of the Kali packages by category are installable through nix: https://jjjollyjim.github.io/arewehackersyet/index.html

It relies on the mappings being made manually: PR here if you find one that actually is packaged.

You could also import default.nix to install the sets of packages yourself, though not many of them exist yet :)

@makefu makefu mentioned this issue May 20, 2020
Merged
10 tasks
@makefu
Copy link
Contributor

makefu commented May 20, 2020

I set up a little tool to show which of the Kali packages by category are installable through nix: https://jjjollyjim.github.io/arewehackersyet/index.html

Great stuff, could you add this issue to the introduction text?

@JJJollyjim
Copy link
Member

good idea, done :)

@shard77
Copy link
Member

shard77 commented Jun 3, 2024

I would love to help with this effort. Where can I find where help is needed?

I think it would be a great idea to package some of those tools: https://ericzimmerman.github.io/#!index.md and https://github.com/Yamato-Security/hayabusa

@fabaff fabaff mentioned this issue Jun 7, 2024
Merged
13 tasks
@fabaff
Copy link
Member

fabaff commented Jun 7, 2024

Where can I find where help is needed?

Some open tasks can be found in the collapsed section which hides a fair amount of comments.

@fabaff fabaff mentioned this issue Jun 7, 2024
Merged
13 tasks
@litchipi
Copy link
Contributor

I wasn't able to use john to crack a yescrypt hash some days ago, apparently it has to rely on the system's libxcrypt integration in order to work.
I tried a bunch of manipulations and overrides, but wasn't able to make it work.
Any idea how we could improve the support ?

@Tochiaha Tochiaha mentioned this issue Jun 11, 2024
Draft
13 tasks
@CherryKitten
Copy link
Member

I wasn't able to use john to crack a yescrypt hash some days ago, apparently it has to rely on the system's libxcrypt integration in order to work. I tried a bunch of manipulations and overrides, but wasn't able to make it work. Any idea how we could improve the support ?

I literally just submitted a PR two days ago to update john to a more recent rolling release, as the nixpkgs version is 5 years old

#318620

maybe try building from that PR branch and check if your problem is solved there?

This was referenced Jun 13, 2024
Merged
Merged
Merged
Merged
Merged
@heywoodlh heywoodlh mentioned this issue Jun 16, 2024
Merged
13 tasks
@fabaff fabaff mentioned this issue Jun 16, 2024
Merged
13 tasks
@RoGreat RoGreat mentioned this issue Jun 18, 2024
Closed
This was referenced Jun 18, 2024
Merged
Merged
Merged
@Arcayr
Copy link
Contributor

Arcayr commented Jun 21, 2024

just informing everyone that mitm6 is now orphaned, and burpsuite - while not orphaned - has only an inactive maintainer presently. feel free to pick up maintainership of either.

@fabaff fabaff mentioned this issue Jun 22, 2024
Merged
13 tasks
@D3vil0p3r
Copy link
Member

@emilytrau can you review the following please? They are still open for long time:
#278529
#287904
#288126
#289850
#290280

This was referenced Sep 6, 2024
Merged
Merged
Merged
This was referenced Sep 17, 2024
Merged
Merged
@exploitoverload exploitoverload mentioned this issue Sep 18, 2024
Merged
13 tasks
@fabaff fabaff mentioned this issue Sep 25, 2024
Merged
13 tasks
@exploitoverload exploitoverload mentioned this issue Sep 26, 2024
Open
13 tasks
@D3vil0p3r
Copy link
Member

Hello guys, in order to have more organized pentesting tools in NixOS, I created a module that installs tools based on the set security roles that fit your needs (i.e., Network Specialist, OSINT Specialist, Web Pentester, and so on). I created a PR for it. Can you give a look please? #345300

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@D3vil0p3r D3vil0p3r

@octodi octodi

Labels
0.kind: packaging request 5. scope: tracking Long-lived issue tracking long-term fixes or multiple sub-problems
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests