Bug#1054871: ITP: legba -- A fast multi protocol credential bruteforcer/sprayer/enumerator
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Samuel Henrique Severity: wishlist * Package name: legba Version : 0.2.0 Upstream Contact: Simone Margaritelli * URL : https://github.com/evilsocket/legba * License : GPL-3.0 Programming Lang: Rust Description : A fast multi protocol credential bruteforcer/sprayer/enumerator Legba is a multiprotocol credentials bruteforcer / password sprayer and enumerator built with Rust and the Tokio asynchronous runtime in order to achieve better performances and stability while consuming less resources than similar tools. I plan to maintain this package under the pkg-security[0] and/or rust team[1]. [0] https://tracker.debian.org/teams/pkg-security/ [1] In case it ends up being easier to maintain under the rust team, due to the way Rust crates are packaged. -- Samuel Henrique
Bug#1026333: rustup on Debian
These two bugs are related, I don't know if the owners want them merged so I'm sending this to at least link them together for the readers. https://bugs.debian.org/955208 https://bugs.debian.org/1026333 Cheers, -- Samuel Henrique
Bug#1026778: ITP: check-jsonschema -- A CLI for jsonschema validation
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Samuel Henrique X-Debbugs-Cc: samuel...@debian.org Severity: wishlist * Package name: check-jsonschema Version : 0.19.2 Upstream Contact: Stephen Rosen * URL : https://github.com/python-jsonschema/check-jsonschema * License : Apache-2.0 Programming Lang: Python Description : A CLI for jsonschema validation A JSON Schema CLI built on python-jsonschema. The schema may be specified as a local or remote (HTTP or HTTPS) file. Remote files are automatically downloaded and cached if possible. I will maintain this file under the Python team. Thank you, -- Samuel Henrique
Bug#1008007: O: ieee-data -- OUI and IAB listings
Hello all, Thanks for cc'ing me Bastian, I didn't see this bug was open. > On Tue, 21 Jun 2022 14:51:16 + Ileana Dumitrescu > wrote: > > I intend to adopt the orphaned package ieee-data: Provide the > > Organizationally Unique Identifier (OUI) and Individual Address Block (IAB) > > listings of identifiers assigned by IEEE Standards Association. > > > > Ileana Dumitrescu > > Luciano has orphaned the ieee-data and Ilena has voiced her intend to adopt > the package. > As you are listed as Uploader I would like to have your opinion if you are > okay with that or > if you would like to maintain the package. I will possibly sponsor Ilena's > upload when I have > not received your feedback in a week or so. I have pushed a commit making myself the new maintainer, as I was already taking care of the package for a while now. I'm gonna resolve this bug as the package is not really orphan. Nonetheless, I'm always open to co-maintain packages with other people. Do you have changes pending to be merged in salsa, Ileana? I've got that understanding from Bastian's email but there's no open MR or patches in BTS. Thanks, -- Samuel Henrique
Bug#930966: ITP: pwnat -- allows clients behind NATs to communicate
I have reviewed the packaging of Nilson Silva but it got blocked as I'm not sure this package is a good fit for our official repos. I could find issues on upstream's Github where people are talking about how the method pwnat uses is outdated (upstream even wrote a replacement, called slipstream)[0]. pwnat doesn't work with new routers (as of at least 2017), it might not work with CGNAT, and it relies on the fact that the IP address 3.3.3.3 is unreachable (I'm not sure if a host on 3.3.3.3 would break pwnat or not, but ISPs might be blocking this too now). Some links for those issues: https://github.com/samyk/pwnat/issues/18#issuecomment-703373953 https://github.com/samyk/pwnat/issues/17#issue-619482494 https://github.com/samyk/pwnat/issues/10#issuecomment-282223632 Since I didn't went all the way into the rabbit hole when doing my analysis, I could be wrong and in fact pwnat will work in most of the cases, if that's the case, please reply to this bug with details. Thanks, [0] https://github.com/samyk/slipstream -- Samuel Henrique
Bug#1008813: ITP: cargo-strip -- subcommand that reduces the size of Rust binaries
Hello all, >> subcommand that reduces the size of Rust binaries >> As of Rust 1.59, the charge command is now able to remove a binary. >> This can be activated in your Cargo.toml. > "the charge command is now able to remove a binary". You mean like `rm > /usr/local/bin/foobar`? I /think/ that's not what you wanted to express? That means Rust >= 1.59 has that feature bundled into it, so cargo-strip is not needed anymore. I've spoken to Josenilson and explained that considering the next Debian stable will be shipped with Rust >= 1.59, we should not package cargo-strip. https://blog.rust-lang.org/2022/02/24/Rust-1.59.0.html#creating-stripped-binaries Cheers, -- Samuel Henrique
Bug#1000277: ITP: python-wcmatch -- wildcard match library
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Samuel Henrique X-Debbugs-Cc: samuel...@debian.org Severity: wishlist * Package name: python-wcmatch Version : 8.3 Upstream Author : Isaac Muse * URL : https://github.com/facelessuser/wcmatch * License : MIT Programming Lang: Python Description : wildcard match library Wildcard Match provides an enhanced fnmatch, glob, and pathlib library in order to provide file matching and globbing that more closely follows the features found in Bash. In some ways these libraries are similar to Python's builtin libraries as they provide a similar interface to match, filter, and glob the file system. But they also include a number of features found in Bash's globbing such as backslash escaping, brace expansion, extended glob pattern groups, etc. They also add a number of new useful functions as well, such as globmatch which functions like fnmatch, but for paths. Wildcard Match also adds a file search utility called wcmatch that is built on top of fnmatch and globmatch. It was originally written for Rummage, but split out into this project to be used by other projects that may find its approach useful. This package is a build-dep of ansible-lint 5.x and it will be maintained under the Debian Python Team at https://salsa.debian.org/python-team/packages/python-wcmatch -- Samuel Henrique
Bug#1000276: ITP: python-bracex -- brace expanding library
Package: wnpp X-Debbugs-Cc: debian-de...@lists.debian.org Owner: Samuel Henrique X-Debbugs-Cc: samuel...@debian.org Severity: wishlist * Package name: python-bracex Version : 2.2.1 Upstream Author : Isaac Muse * URL : https://github.com/facelessuser/bracex * License : MIT Programming Lang: Python Description : brace expanding library Bracex is a brace expanding library (à la Bash) for Python. Brace expanding is used to generate arbitrary strings. Bracex actually follows pretty closely to how Bash processes braces. It is not a 1:1 implementation of how Bash handles braces, but generally, it follows very closely. Almost all of the test cases are run through Bash first, then our implementation is compared against the results Bash gives. There are a few cases where we have purposely deviated. For instance, we are not handling Bash's command line inputs, so we are not giving special meaning to back ticks and quotes at this time. On the command line Bracex can handle more expansions than Bash itself. This package is a build-dep of ansible-lint 5.x and it will be maintained under the Debian Python Team at https://salsa.debian.org/python-team/packages/python-bracex -- Samuel Henrique
Bug#994594: ITP: time-decode -- timestamp decoder and converter
> > Hello Jan, .** Maintainenace plan > I suggest to maintain time-decode inside the pkg-security-team's > repository on salsa, since most of the packages related to forensics > live there. However, I am looking for a sponsor for this package - > ideally a member of the pkg-security-team. > I can sponsor for you, just let me know when the package is ready for a review (or if you need help with anything) :) Thank you >
Bug#990302: ITP: bulk-extractor -- A stream-based forensics tool for triage and cross-evidence analysis, which scans the media and extracts recognizable content
Hello Jan, This would be a great package to have it on Debian, I usually do a quick review to see if I spot any noticeable issues before I do a deep dive on it (which I would to during this weekend), and I notice an issue on d/rules, there are some commands doing: "test -d foo || git clone bar" This is an issue because it goes against our policy of not using network during the build process[0], you can read a recent discussion about it on LWN as well[1]: "For packages in the main archive, no required targets may attempt network access, except, via the loopback interface, to services on the build host that have been started by the build." In order to fix this issue you have two options: 1) Package those projects separately and add them to B-D. 2) Repack the upstream tarball and vendor/bundle them in. You would usually prefer option 1 when the libraries could be reused by other packages and option 2 when they are likely to only be used by your package (usually means the same upstream). But sometimes, even if the library could be used by another package in the future (but it's not currently), you can go with option 1 if it makes more sense. Beware that there is not a clear consensus on this matter so some arguing might be needed (even though we have examples of packages vendoring libraries which are already available in a standalone manner on main). Looking at the three libraries we are talking about: simsong/be13_api simsong/dfxml (watchout cause it looks like this one has just been moved to a different repo) nbeebe/sceadan It looks like it's totally fine to vendor be13_api and dfxml, it seems like sceadan is generic enough to be used by other projects but I didn't do a proper check. I suggest you consider the options here and let us know what you think it's best. Oh, and since you are in contact with upstream, this sort of issue is sometimes solved by upstream providing a release tarball that includes the submodules. The issue is that as far as I know Github does not provide this feature, so they have to use a script to generate the tarball and attach it to the release. This makes the tarball easier to be worked on/packaged by other distros as well[2], but it's also easy for us to workaround so this is a tradeoff between bothering upstream vs repacking on our side. Considering upstream is focused on a rewrite of bulk_extractor, it might be a good idea to repack it ourselves, I just wanted to let you know so you're aware of the ideal fix for this if it happens again in the future. Thanks for your work! [0] https://www.debian.org/doc/debian-policy/ch-source.html#main-building-script-debian-rules [1] https://lwn.net/Articles/700465/ [2] And I guess it's also easier for users who wants to build it themselves, as plain git clone will not checkout the submodules. -- Samuel Henrique
Bug#856179: ITP: polybar -- fast and easy-to-use status bar
Hello Antoine, On Mon, 2 Mar 2020 at 20:13, Antoine Beaupré wrote: > I tried the package available here: > > https://salsa.debian.org/debian/polybar > > It works well! One unfortunate problem I have found, however, is that it > requires the siji font to work in its default configuration. That font > is not available in Debian right now (#894413) but worse, even if it > would be, it's a bitmap font which requires enabling those across the > board (`rm /etc/fonts/conf.d/70-no-bitmaps.conf`) which, in turns, means > that bitmap fonts *will* be used everywhere. I briefly discussed with upstream about having a default config for polybar in here: https://github.com/polybar/polybar/issues/2016#issuecomment-589976084 And the summary is that there is no such thing as a default configuration right now, we are shipping an example config file that is not supposed to be used by people as it contains specifics from the machine used to build the package, this also means that the package is non-reproducible at this point. Upstream seems to be interested in having an option to autogenerate a config file at runtime if none is found, the user is currently supposed to either have the file or generate it using upstream: https://github.com/polybar/polybar#configuration You do raise a valid point, I agree that we should make the example config as working out-of-the-box as possible, There are multiple ways we can approach this issue: A) Patch the example file with some font that comes on Debian per default, this will not solve the reprobuild issue and the file will probably still be broken for some users, but at least is closer to a working one. B) Provide a config generator and mention it in the docs, can be upstream's one, assuming that it will not require the user to install the build-deps. Solves the reprobuild issue as we can ship a hardcoded non-working example. C) Provide a hardcoded generic example, it will have to omit some functionality but at least they can be commented out so the user might fill in with their specs. D) Wait for upstream to add a feature to auto generate the config when none is found. A new issue has to be created to track this, as the other one was more about the config location. It will also take an unknown amount of time until someone works on that. I believe either B,C or D would properly solve the issue but I don't mind doing A meanwhile. In case you would like to have A, could you suggest a font that comes preinstalled that worked for you? I'm afraid we're gonna have to rely on some extra font and add it to the package's Recommends because the font has to have the needed symbols. I appreciate input/help towards any of those solutions. > Also note that I previously mentioned the problems with that font in > this bug report... I have missed that, thanks for the heads up. Regards, -- Samuel Henrique
Bug#951539: ITP: bruteforce-wallet -- Try to find a password of a encrypted wallet file
Hello Sam, I'm gonna assume that the full description of the package addresses the issue of describing which wallets does it works with and sponsor the upload for Francisco. Please feel free to suggest a change to the short description, if you think that should be changed as well (we can always change it later). Regards, -- Samuel Henrique
Bug#951621: ITP: xow - Linux driver for the Xbox One wireless dongle
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org * Package name: xow * URL : https://github.com/medusalix/xow * License : GPL-2+ and Custom_LIcense Programming Lang: C Description : xow is a Linux user mode driver for the Xbox One wireless dongle. It communicates with the dongle via libusb and provides joystick input through the uinput kernel module. The input mapping is based on existing kernel drivers like xpad. This package will go into the non-free section as there's a blob for the Mediatek chipset: firmware.bin For more info about the blob, see issue at: https://github.com/medusalix/xow/issues/15 This blob is licensed under a custom license from Mediatek, as also described in the issue. -- Samuel Henrique
Bug#856179: ITP: polybar -- fast and easy-to-use status bar
Control: owner -1 ! On Mon, 27 Jan 2020 at 13:41, Jason Pleau wrote: > > I pushed what I had here: https://gitlab.com/jpleau/polybar/ > > It's not targetting debian (simply because I'm using ubuntu these > days). Feel free to take whatever you find useful Thanks for that Jason, I pushed the current state of the packaging to salsa. I will be doing the upload the the NEW queue soon, I just want to do some extra checks and tests to confirm everything is ok. Regards, -- Samuel Henrique
Bug#856179: ITP: polybar -- fast and easy-to-use status bar
Hello Jason, > Feel free to take over the ITP and the packaging. I had deleted the > repo because I wanted to start over when I decided not to split the > libraries and I forgot to re-create and push what I had so far. I'll > try to have it on salsa over the weekend. Great, I managed to get a working deb package, but there are still some things like d/copyright and documentation fixes missing. After I get your changes I will merge them together and then finish what's missing. I'm aiming to get it in the NEW queue in a week, so hopefully it will get accepted before the end of February (and it can hit Ubuntu 20.04). If it's of any concern for you, I don't mind about how you send/publish your work or how polished it is, you can just send me the debian folder if it's easier for you, I'm sure it will be useful anyway. Regards, -- Samuel Henrique
Bug#856179: ITP: polybar -- fast and easy-to-use status bar
Hello Jason, I'm interested in having polybar packaged on Debian, I can see that you closed the ITP of the other two libs libxpp and i3ipcpp stating that they are no longer needed, and that the repository for polybar's packaging on salsa is not available anymore. Do you have update0s on its packaging? I'd be happy to help or takeover from where you stopped (if you have given up). >From reading the discussion, I'm tempted to not split polybar's libs into different packages. I assume that's the current direction you're going as well. Regards, -- Samuel Henrique
Bug#947974: ITP: light - control display backlight controllers and LEDs
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org * Package name: light * URL : https://github.com/haikarainen/light * License : GPL-3 Programming Lang: C Description : Light is a useful tool to control display brightness in lightweight desktops or window managers that do not have bundled applications for this purpose. . Most modern laptops have moved away from hardware controlled brightness and require software control. Light works where other software has proven to be unreliable, e.g. xbacklight. It can even be used from the console as it does not rely on X. . Light has features like setting a minimum brightness value, as well as saving and restoring the brightness at reboot and startup. -- Samuel Henrique
Bug#910338: ITP: mdk4 - poc tool to exploit common IEEE 802.11 protocol weaknesses
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages-extra * Package name: mdk4 * URL : https://github.com/aircrack-ng/mdk4 * License : GPL2+ Programming Lang: C Description : This package contains a proof-of-concept tool to exploit common IEEE 802.11 protocol weaknesses. . MDK4 is a new version of MDK3. MDK4 is a Wi-Fi testing tool from E7mer of 360PegasusTeam, ASPj of k2wrlz, it uses the osdep library from the aircrack-ng project to inject frames on several operating systems. Features: * Supports two WiFi card (one for receiving data, another for injecting data). * Supports block the specified ESSID/BSSID/Station MAC in command option. * Supports both 2.4 to 5GHz (Linux). * Supports IDS Evasion (Ghosting, Fragmenting, Does not fully work with every driver). * Supports packet fuzz testing. I intend to maintain this package under the Debian Security Tools Packaging Team (pkg-security). -- Samuel Henrique
Bug#887747: ITP: gnome-shell-extension-easyscreencast -- video recording extension for the GNOME shell
Hello, > > I want to comply with the team, although the wiki says nothing about > > either control.in or dh --with-gnome, which docs should I read? > > Oh, I apologize that we haven't documented that very well at all! > > Basically, copy your debian/control to debian/control.in > > Set these fields: > Maintainer: Debian GNOME Maintainers > > Uploaders: Samuel Henrique , @GNOME_TEAM@ "@GNOME_TEAM@" is not filled with the fakeroot command, I had to remove it. > Add --with gnome to your dh line in debian/rules > > Runfakeroot debian/rules cleanto update debian/control > > Feel free to visit #debian-gnome if you have more questions. I suppose I also have to add gnome-pkg-tool to build-deps, right?! I will upload the package as it is, without the GNOME_TEAM, this can be fixed later. Thanks -- Samuel Henrique
Bug#887747: ITP: gnome-shell-extension-easyscreencast -- video recording extension for the GNOME shell
Hello Jeremy, > I gave you access to the shell-extensions subgroup instead of to the > entire GNOME team on Salsa since I think that better reflects what > you're working on. Thanks for that, > Could you please update your repo to follow the Debian GNOME layout? > [1] I see that there are extensions that don't follow our patterns so > maybe don't copy from them for this. :) > > I didn't look at your repo closely but 2 examples are we use > debian/control.in (and dh --with gnome) and we need a debian/gbp.conf. > > I am not subscribed to the pkg-gnome-maintainers list since it's > really noisy for me since I am already subscribed to Tracker. I am > subscribed to debian-gtk-gn...@lists.debian.org . > > [1] https://wiki.debian.org/Gnome/Git I want to comply with the team, although the wiki says nothing about either control.in or dh --with-gnome, which docs should I read? Thanks, -- Samuel Henrique
Bug#887747: ITP: gnome-shell-extension-easyscreencast -- video recording extension for the GNOME shell
Hello, >> It is almost ready at salsa[0], it just need a final review of d/copyright >> to check if there were new copyright holders added on the new release. I did >> not committed under gnome's team organization, but I can do so if asked (I >> didn't because I don't know if this is what the team wants). > If you want the package to be under team maintenance, you should. Just asked for access on gnome-team at salsa, I will commit under the shell-extensions subgroup and them upload to NEW. >> Please let me know if you've made any progress on your package, if you want >> to do any changes on top of mine or if you want to co-maintain it. >> If there's no opinions against, I will do the upload soon. > Please go ahead. Thank you for taking care of it. Thank you for your quick reply Ghislain :) -- Samuel Henrique
Bug#887747: ITP: gnome-shell-extension-easyscreencast -- video recording extension for the GNOME shell
Hello everyone, I see that the last email here is from January 21th, so I decided to myself package gnome-shell-extension-easyscreencast, It is almost ready at salsa[0], it just need a final review of d/copyright to check if there were new copyright holders added on the new release. I did not committed under gnome's team organization, but I can do so if asked (I didn't because I don't know if this is what the team wants). Please let me know if you've made any progress on your package, if you want to do any changes on top of mine or if you want to co-maintain it. If there's no opinions against, I will do the upload soon. Thanks, [0]https://salsa.debian.org/debian/gnome-shell-extension-easyscreencast -- Samuel Henrique
Bug#905998: ITP: o-saft - OWASP SSL advanced forensic tool
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: o-saft * URL : https://github.com/OWASP/O-Saft * License : GPL2 Programming Lang: Python Description : A tool that lists information about remote target's SSL certificate and tests the remote target according given list of ciphers. Features: * working in closed environments, i.e. without internet connection * checking availability of ciphers independent of installed library * checking for all possible ciphers (up to 65535 per SSL protocol) * needs just perl without modules for checking ciphers and protocols * mainly same results on all platforms I intend to maintain this package under the Debian Security Tools Packaging Team (pkg-security). -- Samuel Henrique
Bug#905997: ITP: smbmap - handy SMB enumeration tool
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: smbmap * URL : https://github.com/ShawnDEvans/smbmap * License : GPL3+ Programming Lang: Python Description : SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive data across large networks. I intend to maintain this package under the Debian Security Tools Packaging Team (pkg-security). -- Samuel Henrique
Bug#905810: ITP: python-smoke-zephyr - Python utility collection
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: python-smoke-zephyr * URL : https://github.com/zeroSteiner/smoke-zephyr * License : BSD-3-clause Programming Lang: Python Description : Python utility collection This package is a build dependency of termineter ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905806) -- Samuel Henrique
Bug#905808: ITP: python-crcelk - Implementation of the CRC algorithm
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: python-crcelk * URL : https://github.com/zeroSteiner/crcelk/ * License : MIT Programming Lang: Python Description : Updated fork of the crcmoose module for recent versions of python. it provides a pure python implementation of the crc algorithm and allows for variants to easily be defined by providing their parameters such as width, starting polynomial, etc. This package is a dependency of termineter ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905806) -- Samuel Henrique
Bug#905806: ITP: termineter - Smart meter testing framework
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: termineter * URL : https://github.com/securestate/termineter * License : BSD-3-clause Programming Lang: Python Description : Python framework which provides a platform for the security testing of smart meters. It implements the C1218 and C1219 protocols for communication over an optical interface. Currently supported are Meters using C1219-2007 with 7-bit character sets. This is the most common configuration found in North America. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface. I intend to maintain this package under the Debian Security Tools Packaging Team (pkg-security). -- Samuel Henrique
Bug#904416: ITP: mfoc - MIFARE Classic offline cracker
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: mfoc * URL : https://github.com/nfc-tools/mfoc * License : GPL-2+, BSD-2-clause Programming Lang: C Description : This package includes the mfoc program which cracks the encryption keys of the MIFARE Classic chip and dumps the chip's memory contents to a file. I intend to maintain this package under the Debian Security Tools Packaging Team (pkg-security). -- Samuel Henrique
Bug#904154: ITP: mfcuk - Mifare Classic DarkSide Key Recovery Tool
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: mfcuk * URL : https://github.com/nfc-tools/mfcuk <https://github.com/joswr1ght/cowpatty> * License : GPL-2+ Programming Lang: C Description : Toolkit containing samples and various tools based on and around libnfc and crapto1, with emphasis on Mifare Classic NXP/Philips RFID cards. Special emphasis of the toolkit is on the following: 1) mifare classic weakness demonstration/exploitation 2) demonstrate use of libnfc (and ACR122 readers) 3) demonstrate use of Crapto1 implementation to confirm internal workings and to verify theoretical/practical weaknesses/attacks. I intend to maintain this package under the Debian Security Tools Packaging Team (pkg-security). -- Samuel Henrique
Bug#904064: ITP: responder - LLMNR, NBT-NS and MDNS poisoner
> > * URL : https://github.com/SpiderLabs/Responder > The correct URL for the upstream is: https://github.com/lgandx/Responder -- Samuel Henrique
Bug#904064: ITP: responder - LLMNR, NBT-NS and MDNS poisoner
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: responder * URL : https://github.com/SpiderLabs/Responder <https://github.com/joswr1ght/cowpatty> * License : GPL-3+ Programming Lang: Python Description : Responder an LLMNR, NBT-NS and MDNS poisoner. It will answer to *specific* NBT-NS (NetBIOS Name Service) queries based on their name suffix. By default, the tool will only answer to File Server Service request, which is for SMB. I intend to maintain this package under the Debian Security Tools Packaging Team (pkg-security). -- Samuel Henrique
Bug#902484: ITP: cowpatty - Brute-force dictionary attack against WPA-PSK
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist User: samuel...@debian.org Usertags: gsoc2018-portkalipackages * Package name: cowpatty * URL : https://github.com/joswr1ght/cowpatty * License : BSD-3-clause Programming Lang: C Description : Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Many enterprise networks deploy PSK-based authentication mechanisms for WPA/WPA2 since it is much easier than establishing the necessary RADIUS, supplicant and certificate authority architecture needed for WPA-Enterprise authentication. Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed. I intend to maintain this package under the pkg-security team. -- Samuel Henrique
Bug#833397: RFP: commix -- Automated All-in-One OS Command Injection and Exploitation Tool
I was going to package commix until i realized that it Depends on metasploit-framework (at least the Kali package does). This is a note for anyone wanting to package commix, you either have to drop that dependency (which probably isn't doable) or package metasploit-framework*. * I will probably package metasploit-framework, if i succeed i'll package commix too (if nobody steps ahead). -- Samuel Henrique
Bug#893766: ITP wig -- WebApp Information Gatherer
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist * Package name: prochunter Upstream Author : Jesper Kückelhahn * URL : https://github.com/jekyc/wig <https://psypanda.github.io/hashID/> * License : BSD-2-clause Programming Lang: Python 3 Description : web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications. The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score being calculated for each detected CMS and its versions. Each detected CMS is displayed along with the most probable version(s) of it. The score calculation is based on weights and the amount of "hits" for a given checksum. wig also tries to guess the operating system on the server based on the 'server' and 'x-powered-by' headers. A database containing known header values for different operating systems is included in wig, which allows wig to guess Microsoft Windows versions and Linux distribution and version. I intend to maintain this package under the pkg-security team. This package is also intended to be part of my application to this years GSOC project https://wiki.debian.org/SummerOfCode2018/Projects#SummerOfCode2018.2FProjects.2FPortKaliPackages.Port_Kali_Packages_to_Debian -- Samuel Henrique
Bug#881414: ITP prochunter -- find hidden processes on Linux
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist * Package name: prochunter Upstream Author : nowayout * URL : https://gitlab.com/nowayout/prochunter <https://psypanda.github.io/hashID/> * License : GPLv2 Programming Lang: Python, C Description : Find hidden process with all userspace and most of the kernelspace rootkits Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the task_struct list and creates /sys/kernel/proc_hunter/set entry. A python script that invokes the kernel function and diffs the module output with processes list collected from userspace (/proc walking). I intend to maintain this package under the pkg-security team. -- Samuel Henrique
Bug#880908: ITP: python-pluginbase -- A simple but flexible plugin system for Python
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist * Package name: python-pluginbase Version : 0.5.0 Upstream Author : Armin Ronacher * URL : https://github.com/mitsuhiko/pluginbase <https://psypanda.github.io/hashID/> * License : BSD-3-clause, special-license Programming Lang: Python Description : Support library for building plugins systems PluginBase is a module for Python that enables the development of flexible plugin systems in Python. I intend to maintain this on the python-modules team, and i'm packaging it because it's a build-dep of wafw00f (#834145), which is being packaged as an effort to get kali packages within debian. -- Samuel Henrique
Bug#834145: ITP: wafw00f -- Identify and fingerprint Web Application Firewall (WAF)
This package has a dependency on python-pluginbase, which i already start packaging on collab[1], but it may need some time because i'm affraid we will have a licensing problem, i still have to confirm that: " We kindly ask you to only use these themes in an unmodified manner just for Flask and Flask-related products, not for unrelated projects. If you like the visual style and want to use it for your own projects, please consider making some larger changes to the themes (such as changing font faces, sizes, colors or margins)." If anyone want's to help, please feel free to contact me. I asked to join the python team, but got no response, that's why i decided to package it on collab under my maintenance, although i should probably just directly contact some active member of the python team. [1]https://anonscm.debian.org/git/collab-maint/python-pluginbase.git/ Samuel Henrique 2016-08-12 10:46 GMT-03:00 Samuel Henrique : > Package: wnpp > Owner: "Samuel Henrique" > Severity: wishlist > > * Package name: wafw00f > Version : 0.9.4 > Upstream Author : Sandro Gauci > > * URL : https://github.com/EnableSecurity/wafw00f > <https://psypanda.github.io/hashID/> > * License : BSD-3-clause > Programming Lang: Python > Description : identify and fingerprint Web Application Firewall > (WAF) > > WAFW00F does the following: > >- Sends a *normal* HTTP request and analyses the response; this >identifies a number of WAF solutions >- If that is not successful, it sends a number of (potentially >malicious) HTTP requests and uses simple logic to deduce which WAF it is >- If that is also not successful, it analyses the responses previously >returned and uses another simple algorithm to guess if a WAF or security >solution is actively responding to our attacks > > I intend to maintain this as a part of the pkg-security team, as this is > part > of an effort to get kali packages within debian. > > I also will discuss with the team if there's any problem in packaging > 0.9.4 (marked as pre-release) or if i will have to package some previously > released version. > > Samuel Henrique O. P. [samueloph] >
Bug#819195: OXM in Debian
Hi Ritesh, I was not aware of that, from what i understood, the current version (r80) doesn't work, but the newest release is still working, right? As i do not have a timeline for a new upload, please feel free to go ahead, but wouldn't be better to fill a RC bug instead?. And thanks for warning me. Samuel Henrique
Bug#819195: Co-maintenance?
Hi all, I'm interested in maintaining openxenmanager, however the package is very outdated and it needs some work to get in shape, i wouldn't like to maintain it alone, if there's someone willing to work together on this, please reply here. Samuel Henrique
Bug#836796: ITP: mdk3 -- Proof-of-concept tool to exploit common 802.11 protocol weaknesses
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist * Package name: mdk3 Version : 6.0 Upstream Author : Pedro Larbig "ASPj" * URL : http://aspj.aircrack-ng.org/#mdk3 <https://github.com/wiire/pixiewps> * License : GPL-2+ Programming Lang: C Description : Proof-of-concept tool to exploit common 802.11 protocol weaknesses. MDK3 is a Wi-Fi testing tool from ASPj of k2wrlz, it uses the osdep library from the aircrack-ng project to inject frames on several operating systems. I intend to maintain this under the pkg-security team, as this is part of an effort to get kali packages within debian. Any help from a pkg-security team member is highly appreciated, i'm going to send the first draft of the packaging into our team's git soon. Samuel Henrique O. P. [samueloph]
Bug#835199: ITP: pixiewps -- Offline WPS bruteforce utility
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist * Package name: pixiewps Version : 1.2.2 Upstream Author : wi7ire * URL : https://github.com/wiire/pixiewps * License : GPL-3+ and Apache-2.0 Programming Lang: C Description : Offline WPS bruteforce utility Pixiewps is a tool written in C used to bruteforce offline the WPS pin exploiting the low or non-existing entropy of some Access Points, the so-called "pixie dust attack" discovered by Dominique Bongard in summer 2014. As opposed to the traditional online bruteforce attack, implemented in tools like Reaver or Bully which aim to recover the pin in a few hours, this method can get the pin in only a matter of milliseconds to minutes, depending on the target, if vulnerable. I intend to maintain this under the pkg-security team, as this is part of an effort to get kali packages within debian. Samuel Henrique O. P. [samueloph]
Bug#833115: Sponsoring hashid.
Hi Hugo, git > --- > > * HEAD is set on a non-existent ref. This is weird, I don't >know how you did that. The repository appears to be empty when you >clone it for the first time... :-) > > * You can already push the 'upstream' tags. In fact, you should delete >the 'debian' tags if you have some, they should not exist for the >moment. You will tag the debian release after the upload of the >package. Well, I'm not really sure about how the HEAD problem happened, i thought it was how we were supposed to work (although i would find it better to have the HEAD properly set). I created the git following our team's instructions[1] and it looks like we have at least one more package with this problem (hashcat), from the other email you sent on the team's list i bet this is affecting more then two of our packages. I just pushed the upstream tags, considering the debian tags, i'm aware that i can only tag it when we're ready for release. Regarding the rest of the hints, i believe i applied them all and git push everything, i'm sorry for making some silly mistakes, i did not paid enough attention to some things like the changelog change that dch have made when i switched my DEBFULLNAME. I'm used to work with lintian (with pedantic and experimental flags enabled), cowbuild, piuparts and licensecheck, i'm gonna look through the other ones you mentioned and start using them too, some days ago i did see something about building a reproducible build environment too, what i believe it would be nice to have in our team's package (reproducibility). I'm very grateful for you taking your time to review my changes and reporting problems with a nice explanation attached, thanks. [1]https://wiki.debian.org/Teams/pkg-security Samuel Henrique O. P. [samueloph]
Bug#833115: Sponsoring hashid.
Hi Hugo, I've just created the git repo. and pushed hashid, i didn't push any tags because i believe we will only tag hashid when we update the manpage, if i did something wrong please feel free to point out. Thanks. Samuel Henrique O. P. [samueloph] 2016-08-20 17:19 GMT-03:00 Hugo Lefeuvre : > Hi Samuel, > > > I believe the manpage update should be made in form of a PR on the > > project's github page, and because it's not practical to wait for another > > release, we can patch the new manpage with quilt until we get a new > release. > > I agree. Let's patch the manpage in our Debian release and submit the diff > to the upstream. > > Concerning signed releases, opening an issue on GitHub will be enough. This > document[0] explains very well how to proceed to create signed releases, so > it may be interesting to mention it. > > > I would be glad to have someone more experienced co-maintaining the > > package, you're more than welcome. > > > > I'm already a member of the team and have my ssh keys ready, i will > create > > the package's repository and then we can work there, please feel free to > > contact me. > > > > From what i see, we have to update the manpage and then we're ready to > > release, we also have to ask for signed releases but this is a non-block > > issue. > > Nice ! Well, drop me an e-mail when you're done with the repository and > I'll do a last review before building & uploading the package. > > Cheers, > Hugo > > [0] https://wiki.debian.org/Creating%20signed%20GitHub%20releases > > -- > Hugo Lefeuvre (hle)|www.owl.eu.com > 4096/ ACB7 B67F 197F 9B32 1533 431C AC90 AC3E C524 065E >
Bug#834145: ITP: wafw00f -- Identify and fingerprint Web Application Firewall (WAF)
Package: wnpp Owner: "Samuel Henrique" Severity: wishlist * Package name: wafw00f Version : 0.9.4 Upstream Author : Sandro Gauci > * URL : https://github.com/EnableSecurity/wafw00f <https://psypanda.github.io/hashID/> * License : BSD-3-clause Programming Lang: Python Description : identify and fingerprint Web Application Firewall (WAF) WAFW00F does the following: - Sends a *normal* HTTP request and analyses the response; this identifies a number of WAF solutions - If that is not successful, it sends a number of (potentially malicious) HTTP requests and uses simple logic to deduce which WAF it is - If that is also not successful, it analyses the responses previously returned and uses another simple algorithm to guess if a WAF or security solution is actively responding to our attacks I intend to maintain this as a part of the pkg-security team, as this is part of an effort to get kali packages within debian. I also will discuss with the team if there's any problem in packaging 0.9.4 (marked as pre-release) or if i will have to package some previously released version. Samuel Henrique O. P. [samueloph]
Bug#833115: ITP: hashid -- Identify the different types of hashes used to encrypt data
Package: wnpp Owner: "Samuel Henrique Oltramari Pinto (SamuelOPH)" Severity: wishlist * Package name: hashid Version : 3.1.4 Upstream Author : c0re * URL : https://psypanda.github.io/hashID/ * License : GPL-3+ Programming Lang: Python Description : Identify the different types of hashes used to encrypt data hashID is a tool written in Python 3 which supports the identification of over 220 unique hash types using regular expressions. It is able to identify a single hash, parse a file or read multiple files in a directory and identify the hashes within them. hashID is also capable of including the corresponding hashcat mode and/or JohnTheRipper format in its output. I intend to maintain this as a part of the pkg-security team, as this is part of an effort to get kali packages within debian. Samuel Henrique O. P. [samueloph]