Bug#1067431: brutespray: Update the package to version > 2
Hi (cc pkg-security-tools), a new release of brutespray just went live, 2.2.3. Version 2 is a rewrite in Go so we have to manage go dependencies. I made a list of dependencies needed to be packaged so brutespray v2 can be uploaded - see below. This is kinda of call for help for those interested in brutespray :-) In Debian! -- github.com/emersion/go-imap v1.2.1 `--> golang-github-emersion-go-imap-dev 1.2.1-1 github.com/hirochachacha/go-smb2 v1.1.0 `--> golang-github-hirochachacha-go-smb2-dev 1.1.0-2 github.com/jlaffaye/ftp v0.2.0 `--> golang-github-jlaffaye-ftp-dev 0.2.0-1 github.com/lib/pq v1.10.9 `--> golang-github-lib-pq-dev 1.10.9-2 github.com/mitchellh/go-vnc v0.0.0-20150629162542-723ed9867aed `--> golang-github-mitchellh-go-vnc-dev 0.0~git20150629.723ed98-2 Might require newer version --- github.com/go-sql-driver/mysql v1.8.1 `--> golang-github-go-sql-driver-mysql-dev 1.7.1-2 github.com/gosnmp/gosnmp v1.37.0 `--> golang-github-soniah-gosnmp-dev 1.35.0-1 go.mongodb.org/mongo-driver v1.15.0 `--> golang-mongodb-mongo-driver-dev 1.12.1+ds1-2 golang.org/x/crypto v0.24.0 `--> golang-golang-x-crypto-dev 1:0.23.0-1 New packages github.com/knadh/go-pop3 v1.0.0 github.com/multiplay/go-ts3 v1.2.0 github.com/pterm/pterm v0.12.79 github.com/sijms/go-ora/v2 v2.8.19 github.com/tomatome/grdp v0.1.0 github.com/wenerme/astgo v0.0.0-20230926205800-1b5bc38663fa gosrc.io/xmpp v0.5.1 Cheers, Charles signature.asc Description: PGP signature
Bug#1067431: brutespray: Update the package to version > 2
Source: brutespray Severity: wishlist X-Debbugs-Cc: stefne...@gmail.com, charlesmel...@riseup.net, sop...@offensive-security.com User: de...@kali.org Usertags: origin-kali Hello Upstream has released new versions of brutespray. They have rewritten the tool in Golang. They asked me to update it in Kali [1]. I have updated the package for Kali [2]. I chose to embed 9 Golang dependencies in debian/vendor as the packages don't exist in Debian. But I don't think it is acceptable for a Debian package, or at least the debian/copyright needs to be fixed. It would be great if you could update the package in Debian. Thanks. Sophie [1] https://bugs.kali.org/view.php?id=4035 [2] https://gitlab.com/kalilinux/packages/brutespray -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 6.6.15-amd64 (SMP w/16 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
Bug#1067431: brutespray: Update the package to version > 2
Hi, Sophie. On Thu, Mar 21, 2024 at 03:47:36PM +0100, Sophie Brun wrote: > Upstream has released new versions of brutespray. They have rewritten the > tool in Golang. I saw it and started to track which dependencies were necessary to go through the NEW queue [1], but the upstream was releasing a new version every day so I was just waiting a bit for things to cool down before trying to package everything. > They asked me to update it in Kali [1]. > > I have updated the package for Kali [2]. I chose to embed 9 Golang > dependencies in debian/vendor as the packages don't exist in Debian. But I > don't think it is acceptable for a Debian package, or at least the > debian/copyright needs to be fixed. Yeah, I think we have to package the go dependencies aside from brutespray :-( Though I was wondering if we should keep them under the umbrella of the security team or the go team (I tend to keep under the go team, what do you think?). > It would be great if you could update the package in Debian. Now that it seems to have slowed down the releases, I'll check what you have done in kali and start to package the go dependencies. If you'd like to help, just let me know :-) Question: do you know if the v2 has feature/api compatibility with the python one? > Thanks. > > Sophie Cheers, Charles [1] https://salsa.debian.org/debian-brasilia-team/docs/-/issues/157 signature.asc Description: PGP signature
Bug#1067431: brutespray: Update the package to version > 2
Hi Carlos, Yeah, I think we have to package the go dependencies aside from brutespray :-( Though I was wondering if we should keep them under the umbrella of the security team or the go team (I tend to keep under the go team, what do you think?). Yes I think the go dependencies should be maintained under the go team. Question: do you know if the v2 has feature/api compatibility with the python one? I don't know. Sophie
