Bug#631213: O: arp-scan -- arp scanning and fingerprinting tool
On Tuesday 21 June 2011 15:56:10 Rene Mayorga wrote: Package: wnpp Severity: normal The current maintainer of arp-scan, Tim Brown t...@nth-dimension.org.uk, is apparently not active anymore. Therefore, I orphan this package now. Maintaining a package requires time and skills. Please only adopt this package if you will have enough time and attention to work on it. If you want to be the new maintainer, please see http://www.debian.org/devel/wnpp/index.html#howto-o for detailed instructions how to adopt a package properly. To coin a phrase, I am not dead, just sleeping. The current version of arp- scan in Debian is functionally complete IMO. There are some open bugs however a lack of any pressing need to upgrade the version in Debian, along with the loss of contact with my original sponsor lead to the neglect of the package for too long. If other people are interested in (co-)maintaining it then great but I'm more than happy to continue. FWIW of the 3 ourstanding bugs 1 relates to the release of 1.7 (which didn't IMO add any pressing features) and 1 related to a change to support a shared OUI database (which floundered with a lack of interest from all packagers not just myself). The 3rd was only filed last week and is one that I could fix fairly quickly if I had a sponsor. Tim -- Tim Brown mailto:t...@nth-dimension.org.uk http://www.nth-dimension.org.uk/ signature.asc Description: This is a digitally signed message part.
Bug#570621: Parsing output = derivative work? (was: RFS: gnetworktester)
--nextPart2958378.qgascxSZ95 Content-Type: Text/Plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Sunday 06 March 2011 11:04:35 W. Martin Borgert wrote: (out of curiosity moved to debian-legal) =20 On 2011-03-05 23:46, Timo Juhani Lindfors wrote: gnetworktester seems to parse the output of nmap and nmap upstream at http://insecure.org/nmap/data/COPYING gives me the impression that gnetworktester would thus be derivative work. =20 IANAL, but since when parsing the output of another program constitutes a derivative work? Indeed, the forementioned file says, a program would be a derivate in the authors interpretation of the GPL, if it =20 o Executes Nmap and parses the results (as opposed to typical shell or execution-menu apps, which simply display raw Nmap output and so are not derivative works.) o Integrates/includes/aggregates Nmap into a proprietary executable installer, such as those produced by InstallShield. o Links to a library or executes a program that does any of the above =20 What do the legal experts think about this, especially the parsing aspect? This may fall outside of the Debian maintainer's role as a packager but you= =20 could take a look at how OpenVAS does this since we (the OpenVAS project)=20 worked hard with Fyodor and the nmap folk to get something both we and they= =20 feel comfortable with. I can probably dig out some references from our and= =20 their mailing lists too if necessary. Tim =2D-=20 Tim Brown mailto:t...@65535.com --nextPart2958378.qgascxSZ95 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAABCAAGBQJNc+tvAAoJEPJhpTVyySo7k1UP/i4Xr6vqjg/vMxS204g4m3jT mFa2dS9R3xPuDd30+DjM+9BRjuy1Tn+PnrjS4n3zCu3bABkU3J6qINj4hWjPJXIE EVPrcSi+bkBKgckY76qe83MhnA8j7YXIfDJX+O/lh0AqwVEgyI1T6dC0RbTXBvWD fE4Nz9hnCa7k4JWcyM4oXxrtBXGTDnshrZSGKerSW2633Grlm4/6zkAxR/1ET9C7 i4jJg5sWMWK+IX5qf1Piaot7DKKNb8RG0nFQ38PSyJacjsusJOyS2hzaF+TFIAcN n/drnXovRO1G9j2jzWxJJ4ng6zED9+uOEaXmm2zwPa8kpVqF50wbYeNYhM9nEqYv ffv4xY6vV3KW5SDWOfXYEkDJBjxPn3xMDAiwUF2627e8my+PEsrLQqQwiwj3D+4H IgMZl1CZBoaHvifrDfWeXYltC5o+iY0PLtIXamLIhG/1zV0T4xqZrNYQ06iA43Ze mT6eUR6p0vENqHNS1FXnfUxT2V/YwNDc2Wa1Pw8SfFzzahtjKyVqA0VprjMxFpLq TL9NL63SwoPEQqD48FRMDysB33lRcu/40Io6Lhx5dIHJ6zZPUTaqb91b1/NOxuw1 41dkKuexmZjYT4Vpg3roolHh5mki5AmqpFEgbPUM1iRHRmK9VZwQcYTPwwRjBfRq sXXUPqLzRl5LEpsFjpvc =Ebhq -END PGP SIGNATURE- --nextPart2958378.qgascxSZ95-- -- Tim Brown mailto:deb...@machine.org.uk http://www.machine.org.uk/ signature.asc Description: This is a digitally signed message part.
Bug#435456: ITP: openvas-client -- Remote network security auditor, the client
Package: wnpp Severity: wishlist Owner: Tim Brown [EMAIL PROTECTED] * Package name: openvas-client Version : 0.9.1 Upstream Author : OpenVAS [EMAIL PROTECTED] * URL : http://www.openvas.org/ * License : GPL Programming Lang: C Description : Remote network security auditor, the client The OpenVAS Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, openvasd, is in charge of the attacks, whereas the client, OpenVAS-Client, provides the user a nice X11/GTK+ interface. . This package contains the GTK+ client, which exists in other forms and on other platforms, too. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#433472: ITP: dirbuster -- Directory file brute forcing, with a twist
Package: wnpp Severity: wishlist Owner: Tim Brown [EMAIL PROTECTED] * Package name: dirbuster Version : 0.9.7 Upstream Author : James Fisher [EMAIL PROTECTED] * URL : http://sourceforge.net/projects/dirbuster/ * License : LGPL Programming Lang: Java Description : Directory file brute forcing, with a twist DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.18 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#433472: ITP: dirbuster -- Directory file brute forcing, with a twist
On Tuesday 17 July 2007 15:05:44 Steve Greenland wrote: Nitpick: multi-threaded. The description is taken directly from upstream. I will pass on your comment. Bigger pick: I *think* I understand what a directory brute forcing is from the context, but there's got to be a more explicit way of describing this package. In particular, think about what someone who wants this package might search for. There are lists, but they are licenced under a CC (:() license. I will probably add scripts to pull them directly from sourceforge.net. Does this package really have any non-cracker usefulness? If I'm the sys admin, then it's a lot easier for me to 'ls -R' and look at the configuration files to find what URLs might be in play. It's always questionable whether tools have non-cracker usefulness. I'm a penetration tester, so from my perspective yes. I guess the tool falls into the same bracket as nikto. Some legitimate use cases off the top of my head: * Cases where roles within an organisation are segregated - security teams do not always have root * Auditing embedded devices - the lists are generated from crawling the net, so are based on real file/directory names used by developers * Auditing dynamic applications where URLs don't necessarily map on to files * Auditing web server ACLs * Load testing - it can produce up to 6000 requests/second I'd also point out that this is an OWASP project. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#415036: ITP: arp-scan -- arp scanning and fingerprinting tool
Package: wnpp Severity: wishlist Owner: Tim Brown [EMAIL PROTECTED] * Package name: arp-scan Version : 1.5 Upstream Author : Roy Hills [EMAIL PROTECTED] * URL : http://www.nta-monitor.com/tools/arp-scan/ * License : GPL Programming Lang: C Description : arp scanning and fingerprinting tool arp-scan is a command-line tool that uses the ARP protocol to discover and fingerprint IP hosts on the local network. It is available for Linux and BSD under the GPL licence. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
On Monday 12 March 2007 18:25, Joerg Jaspert wrote: On 10956 March 1977, Tim Brown wrote: Why package it? Other than the practical uses outlined above, because having binaries on a system outside of the package management system is a PITA to keep track of / update and it makes building a new system very quick. Why do I need a package for this? If i am able to install a package I have access to the files john needs. If i dont have it I copy it from elsewhere as a static binary anyway. (You know, we dont love static binaries in debian packages) That's not strictly true - how do you audit ssh key phrases, or binaries which use an arbitrary obfuscation of the password in their user database? The advantage of this package is that it can drive anything which prompts you for a password, which allows more varied uses. TIm -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
Package: wnpp Severity: wishlist Owner: Tim Brown [EMAIL PROTECTED] * Package name: sucrack Version : 1.1 Upstream Author : Nico Leidecker [EMAIL PROTECTED] * URL : http://www.leidecker.info/ * License : GPL Programming Lang: C Description : multithreaded su bruteforcer sucrack is a multithreaded Linux/UNIX tool for cracking local user accounts via wordlist bruteforcing su -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
On Monday 12 March 2007 13:57, Marco d'Itri wrote: On Mar 12, Tim Brown [EMAIL PROTECTED] wrote: I'm packaging a bunch of security tools that I use in my job pen testing. I do not understand how you would use such a tool in packaged form. If you can install a package then obviously you already have root access, and at that point you can check the passwords strength by directly accessing /etc/shadow. It's built statically. Normally what happens, is that during an assessment, if a local account is compromised, then sucrack is copied across and an attack against root occurs. Additionally, because this tool doesn't rely on having access to the hashes, but actually drives su (or other tools), it can be used against for example custom encryption schemes that may be used by 3rd parties. I've also had it drive ssh-agent to audit key phrases too. Why package it? Other than the practical uses outlined above, because having binaries on a system outside of the package management system is a PITA to keep track of / update and it makes building a new system very quick. I can see this tool isn't for everyone, but then that probably goes for a large number of tools packaged by Debian (depending on what you use your systems for). Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
On Monday 12 March 2007 13:02, Marco d'Itri wrote: On Mar 12, Tim Brown [EMAIL PROTECTED] wrote: sucrack is a multithreaded Linux/UNIX tool for cracking local user accounts via wordlist bruteforcing su What is the point of packaging this? I'm packaging a bunch of security tools that I use in my job pen testing. There are already a number of people both internally and at other security companies using my packages, so I figured they'd be useful to the community. I actually have a mentor for these packages already, so it seems there are Debian developers that agree. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
On Monday 12 March 2007 16:08, Hendrik Sattler wrote: Am Montag 12 März 2007 12:30 schrieb Tim Brown: Package: wnpp Severity: wishlist Owner: Tim Brown [EMAIL PROTECTED] * Package name: sucrack Version : 1.1 Upstream Author : Nico Leidecker [EMAIL PROTECTED] * URL : http://www.leidecker.info/ * License : GPL Programming Lang: C Description : multithreaded su bruteforcer sucrack is a multithreaded Linux/UNIX tool for cracking local user accounts via wordlist bruteforcing su Is there any real need for such a tool in Debian? It's not an administrative tool and it's obviously not meant for security tests. I just can't see what the normal use of this tool would be. HS I disagree, it is used for security work. I use it as part of my day job as a penetration tester, as have others including the author Nico, who is a colleague of mine. Have you followed my responses to Marco d'Itri who raised similar queries? Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/
Bug#414534: ITP: sucrack -- multithreaded su bruteforcer
Nope since he that did not go to d-d. Maybe you can outline professional uses in the description like done in the previous answers? As to previous answers, verbatim: I'm packaging a bunch of security tools that I use in my job pen testing. There are already a number of people both internally and at other security companies using my packages, so I figured they'd be useful to the community. I actually have a mentor for these packages already, so it seems there are Debian developers that agree. and: It's built statically. Normally what happens, is that during an assessment, if a local account is compromised, then sucrack is copied across and an attack against root occurs. Additionally, because this tool doesn't rely on having access to the hashes, but actually drives su (or other tools), it can be used against for example custom encryption schemes that may be used by 3rd parties. I've also had it drive ssh-agent to audit key phrases too. Why package it? Other than the practical uses outlined above, because having binaries on a system outside of the package management system is a PITA to keep track of / update and it makes building a new system very quick. I can see this tool isn't for everyone, but then that probably goes for a large number of tools packaged by Debian (depending on what you use your systems for). IANAL but there may be countries where distributing such a tool, with it's main/only purpose to break access restrictions, may not be legal (there was some discussion about this in Germany but I did not follow it closely). The upstream developer is German, I will discuss with him any due diligence he may have performed and report back (he's AFK for next week or so). Personally, I am English. Through my day job, I have clarification regarding changes to UK law that might affect this tool and we have had assurances that legitimate security researchers and the tools they develop will not be targetted here in the UK. Tim -- Tim Brown mailto:[EMAIL PROTECTED] http://www.nth-dimension.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]