-
-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NixOS for Pentesting Overview #81418
Comments
|
dsniff is obsolete in the age of allegedely working switches? I thought overloading a switch still works sometimes… |
I tried (unsuccessfully) to upstream I believe that among the objections was the fact that I wasn't handling the Python bindings correctly, so that'll probably need cleaning up. |
Thanks for your contribution. @Ma27 |
I packaged dex2jar in for my nur repo ( There is also maybe we are lucky with other packages in NUR. |
It's not a comprehensive list, however I'm happy to add any particular packages people request. If I added absolutely everything to the list it would be well over 2500 items long ;) I added sleuthkit and autopsy to the list, thanks. |
You're absolutely right, but sleuthkit and autopsy are two staple DF tools that shouldn't miss on any list. Thank you for adding them ;) |
Edit: looks like it defaults to fernflower which is apparrently what intellij idea uses. |
Could we add |
#67413 is a discussion to get angr on nix. |
And BTW, ZAProxy is already available: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/networking/zap/default.nix. |
OP updated, now with expanding categories! |
Thanks @xrelkd |
Zap seems to be broken, I opened a ticket #87106 Also, in the OP Zap should probably be under Web Applications, not Passwords. |
I think some packages are not useful to have in nixpkgs, maybe creating pentest overlay would be good, where we can have all different packages. |
I set up a little tool to show which of the Kali packages by category are installable through nix: https://jjjollyjim.github.io/arewehackersyet/index.html It relies on the mappings being made manually: PR here if you find one that actually is packaged. You could also import default.nix to install the sets of packages yourself, though not many of them exist yet :) |
Great stuff, could you add this issue to the introduction text? |
good idea, done :) |
just informing everyone that |
Hello guys, in order to have more organized pentesting tools in NixOS, I created a module that installs tools based on the set security roles that fit your needs (i.e., Network Specialist, OSINT Specialist, Web Pentester, and so on). I created a PR for it. Can you give a look please? #345300 |
NixOS for Pentesting
This represents an effort to bring Security and Forensics software to NixOS, so that it can become a viable alternative to projects like Kali Linux and BlackArch.
Expect updates here to any progress we may be making. Contributions are welcome.
Exploitation
armitagenot maintainedbackdoor-factorynot maintainedcisco-auditing-toolnot maintained, no upstream sourcecisco-global-exploiternot maintained, no upstream sourcecisco-ocsnot maintainedjboss-autopwnnot maintainedshellnoobnot maintainedForensics
dumpzillanot maintainedpdfidnot maintainedpdgmailnot maintainedpeepdfnot maintainedHardware
Information Gathering
amapnot maintainedautomaternot maintainedcdpsnarfnot maintaineddmitrynot maintaineddnmapnot maintainednbtscan-unixwiznot maintainedspartanot maintainedsslcauditnot maintainedsublist3rnot maintainedtwofinot maintainedunicornscannot maintainedMaintaining Access
intersectnot maintainedPasswords
findmyhashnot maintainedgpp-decryptnot maintainedwebscarabnot maintainedReporting
cutycaptnot maintainednipper-ng)not maintainedrdpynot maintainedSniffing & Spoofing
fikednot maintainedhamster-sidejacknot maintainedhexinjectnot maintainedismtpnot maintainedisr-evilgradenot maintainedohrwurmnot maintainedprotos-sipnot maintainedrebindnot maintainedrtpbreaknot maintainedrtpinsertsoundnot maintainedrtpmixsoundnot maintainedsctpscannot maintainedsiparmyknifenot maintainedsniffjokenot maintainedvoiphoppernot maintainedwifi-honeynot maintainedxspynot maintainedStress Testing
mdk3not maintainedrtpfloodnot maintainedVulnerability Analysis
bbqsqlnot maintainedbednot maintainedhexorbasenot maintained, source no longer availableoscannernot maintainedpowerfuzzernot maintainedsfuzzsource not availablesidguessersource not availablesqlninjanot maintainedsqlsusnot maintainedtnscmd10gnot maintainedunix-privesc-checknot maintainedWeb Applications
arachninot maintained, superseded by Codename SCNRblindelephantnot maintained, Python 2deblazenot maintaineddirbusternot maintainedfimapnot maintainedgrabbernot maintainedskipfishnot maintaineduniscannot maintainedw3afnot maintainedwebshagnot maintainedwebslayernot maintainedWireless
ghost-phishernot maintainedgiskismetnot maintainedgr-scannot maintainedmftermnot maintainedrtlsdr-scannernot maintainedspooftoophnot maintainedAlso see: Are We Hackers Yet?
Why?
We live in a digital age where high-tech network attacks are rampant, it's critical to regularly scan for vulnerabilities and undergo penetration testing at least once a year to ensure our security practices are working. The only real way to have solid defensive security is to approach it from the mindset of an offensive attacker.
The text was updated successfully, but these errors were encountered: