nixos/security.cyber-toolnix: add module

This module is used to install pentesting tools based on the chosen role. Options are:
* `blue` (Blue Teamer),
* `bugbounty` (Bug Bounty Hunter),
* `cracker` (Cracker Specialist),
* `dos` (DoS Tester),
* `forensic` (Forensic Specialist),
* `malware` (Malware Analyst),
* `mobile` (Mobile Specialist),
* `network` (Network Specialist),
* `osint` (OSINT Specialist),
* `red` (Red Teamer),
* `student` (Student),
* `web` (Web Pentester)

nixos/doc/manual/release-notes/rl-2411.section.md

@@ -157,6 +157,8 @@
 
 - [obs-studio](https://obsproject.com/), Free and open source software for video recording and live streaming. Available as [programs.obs-studio.enable](#opt-programs.obs-studio.enable).
 
+- `cyber-toolnix`, a module that enables easy installation of specialized cybersecurity toolsets tailored to various security roles.
+
 ## Backward Incompatibilities {#sec-release-24.11-incompatibilities}
 
 - The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details.

nixos/modules/module-list.nix

@@ -343,6 +343,7 @@
   ./security/auditd.nix
   ./security/ca.nix
   ./security/chromium-suid-sandbox.nix
+  ./security/cyber-toolnix
   ./security/dhparams.nix
   ./security/doas.nix
   ./security/duosec.nix

nixos/modules/security/cyber-toolnix/default.nix

@@ -0,0 +1,58 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+
+with lib;
+
+let
+  roles = {
+    blue = import ./roles/blue.nix { inherit pkgs; };
+    bugbounty = import ./roles/bugbounty.nix { inherit pkgs; };
+    cracker = import ./roles/cracker.nix { inherit pkgs; };
+    dos = import ./roles/dos.nix { inherit pkgs; };
+    forensic = import ./roles/forensic.nix { inherit pkgs; };
+    malware = import ./roles/malware.nix { inherit pkgs; };
+    mobile = import ./roles/mobile.nix { inherit pkgs; };
+    network = import ./roles/network.nix { inherit pkgs; };
+    osint = import ./roles/osint.nix { inherit pkgs; };
+    red = import ./roles/red.nix { inherit pkgs; };
+    student = import ./roles/student.nix { inherit pkgs; };
+    web = import ./roles/web.nix { inherit pkgs; };
+  };
+in
+{
+  options.cyber-toolnix = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable the cyber-toolnix module to install cyber security tools based on role.";
+    };
+
+    role = mkOption {
+      type = types.enum [
+        "blue"
+        "bugbounty"
+        "cracker"
+        "dos"
+        "forensic"
+        "malware"
+        "mobile"
+        "network"
+        "osint"
+        "red"
+        "student"
+        "web"
+      ];
+      default = "student";
+      description = "Cyber role to determine which set of tools to install. Options are 'blue', 'bugbounty', 'cracker', 'dos', 'forensic', 'malware', 'mobile', 'network', 'osint', 'red', 'student' or 'web'.";
+      example = "student";
+    };
+  };
+
+  config = mkIf config.cyber-toolnix.enable {
+    environment.systemPackages = builtins.getAttr config.cyber-toolnix.role roles;
+  };
+}

nixos/modules/security/cyber-toolnix/roles/blue.nix

@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+
+with pkgs;
+
+[
+  amass
+  # https://github.com/NixOS/nixpkgs/pull/326533
+  # clamav
+  cryptsetup
+  ddrescue
+  exploitdb
+  ext4magic
+  extundelete
+  foremost
+  fwbuilder
+  ghidra
+  netsniff-ng
+  python312Packages.impacket
+  recoverjpeg
+  sleuthkit
+  wapiti
+  wireshark
+  zap
+]

nixos/modules/security/cyber-toolnix/roles/bugbounty.nix

@@ -0,0 +1,67 @@
+{ pkgs, ... }:
+
+with pkgs;
+
+[
+  amass
+  arjun
+  assetfinder
+  burpsuite
+  caido
+  cewl
+  chaos
+  commix
+  crlfuzz
+  crunch
+  dalfox
+  detect-secrets
+  dirb
+  dirstalk
+  dnsx
+  exploitdb
+  feroxbuster
+  ffuf
+  findomain
+  gau
+  gitleaks
+  gobuster
+  gospider
+  gowitness
+  graphqlmap
+  hakrawler
+  httpx
+  jaeles
+  joomscan
+  jwt-hack
+  knockpy
+  masscan
+  metasploit
+  naabu
+  nikto
+  nmap
+  nosqli
+  nuclei
+  psudohash
+  pwncat
+  python312Packages.httpx
+  # nose-1.3.7 not supported for interpreter python3.12
+  python311Packages.patator
+  rustscan
+  sqlmap
+  subfinder
+  thc-hydra
+  theharvester
+  trufflehog
+  wafw00f
+  webanalyze
+  # https://github.com/NixOS/nixpkgs/issues/326902
+  # wfuzz
+  whatweb
+  whispers
+  wpscan
+  # https://github.com/NixOS/nixpkgs/issues/326943
+  # xsser
+  ### payloads and wordlists
+  payloadsallthethings
+  seclists
+]

nixos/modules/security/cyber-toolnix/roles/cracker.nix

@@ -0,0 +1,70 @@
+{ pkgs, ... }:
+
+with pkgs;
+
+[
+  aesfix
+  aeskeyfind
+  aespipe
+  ares-rs
+  asleap
+  bkcrack
+  bruteforce-luks
+  brutespray
+  bully
+  cewl
+  chntpw
+  cmospwd
+  cowpatty
+  crackle
+  crackql
+  crowbar
+  dislocker
+  fcrackzip
+  gnutls
+  gomapenum
+  hash_extender
+  hash-identifier
+  hashcat
+  hashdeep
+  hashpump
+  hashrat
+  hcxtools
+  john
+  johnny
+  jwt-hack
+  katana
+  kerbrute
+  libargon2
+  # https://github.com/NixOS/nixpkgs/issues/326909
+  # libbde
+  libgcrypt
+  medusa
+  mfoc
+  ncrack
+  onesixtyone
+  pdfcrack
+  phrasendrescher
+  pixiewps
+  psudohash
+  python312Packages.myjwt
+  # nose-1.3.7 not supported for interpreter python3.12
+  python311Packages.patator
+  python312Packages.pypykatz
+  rarcrack
+  reaverwps-t6x
+  sha1collisiondetection
+  snow
+  spiped
+  ssdeep
+  sslscan
+  testssl
+  thc-hydra
+  truecrack
+  veracrypt
+  wifite2
+  xortool
+  ### payloads and wordlists
+  payloadsallthethings
+  seclists
+]

nixos/modules/security/cyber-toolnix/roles/dos.nix

@@ -0,0 +1,14 @@
+{ pkgs, ... }:
+
+with pkgs;
+
+[
+  ddosify
+  hyenae
+  katana
+  netsniff-ng
+  siege
+  slowhttptest
+  slowlorust
+  thc-ipv6
+]

nixos/modules/security/cyber-toolnix/roles/forensic.nix

@@ -0,0 +1,50 @@
+{ pkgs, ... }:
+
+with pkgs;
+
+[
+  acquire
+  aesfix
+  aeskeyfind
+  afflib
+  bmap-tools
+  bulk_extractor
+  chainsaw
+  chipsec
+  chkrootkit
+  chntpw
+  dc3dd
+  dcfldd
+  ddrescue
+  dmg2img
+  exiftool
+  fatcat
+  file
+  firefox_decrypt
+  foremost
+  hstsparser
+  libewf
+  libpst
+  mac-robber
+  mdbtools
+  ms-sys
+  networkminer
+  ntfs3g
+  oletools
+  osquery
+  pdf-parser
+  pev
+  pngcheck
+  prowler
+  recoverjpeg
+  regripper
+  safecopy
+  scalpel
+  sleuthkit
+  snort
+  tell-me-your-secrets
+  testdisk
+  tracee
+  usbrip
+  volatility3
+]