diff --git a/pkgs/tools/security/doona/default.nix b/pkgs/tools/security/doona/default.nix
new file mode 100644
index 0000000000000..5e1233f308c3f
--- /dev/null
+++ b/pkgs/tools/security/doona/default.nix
@@ -0,0 +1,36 @@
+{ fetchFromGitHub
+, stdenv
+, perl
+}:
+
+stdenv.mkDerivation rec {
+  pname = "doona";
+  version = "unstable-2019-03-08";
+
+  src = fetchFromGitHub {
+    owner = "wireghoul";
+    repo = pname;
+    rev = "master";
+    sha256 = "0x9irwrw5x2ia6ch6gshadrlqrgdi1ivkadmr7j4m75k04a7nvz1";
+  };
+
+  buildInputs = [ perl ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -r ${src}/bedmod $out/bin/bedmod
+    cp ${src}/doona.pl $out/bin/doona
+    chmod +x $out/bin/doona
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = "https://github.com/wireghoul/doona";
+    description = "A fork of the Bruteforce Exploit Detector Tool (BED)";
+    longDescription = ''
+      A fork of the Bruteforce Exploit Detector Tool (BED).
+      BED is a program which is designed to check daemons for potential buffer overflows, format string bugs etc.
+    '';
+    license = licenses.gpl2;
+    maintainers = with maintainers; [ pamplemousse ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a2649c3eabbc2..eec4fb4133d74 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -955,6 +955,8 @@ in
 
   dpt-rp1-py = callPackage ../tools/misc/dpt-rp1-py { };
 
+  doona = callPackage ../tools/security/doona { };
+
   ecdsautils = callPackage ../tools/security/ecdsautils { };
 
   sedutil = callPackage ../tools/security/sedutil { };