From 261bd448bc0d3cea7891322dba79d570d2209001 Mon Sep 17 00:00:00 2001 From: D3vil0p3r Date: Sun, 29 Sep 2024 16:19:10 +0200 Subject: [PATCH] nixos/security.cyber-toolnix: add module This module is used to install pentesting tools based on the chosen role. Options are: * `blue` (Blue Teamer), * `bugbounty` (Bug Bounty Hunter), * `cracker` (Cracker Specialist), * `dos` (DoS Tester), * `forensic` (Forensic Specialist), * `malware` (Malware Analyst), * `mobile` (Mobile Specialist), * `network` (Network Specialist), * `osint` (OSINT Specialist), * `red` (Red Teamer), * `student` (Student), * `web` (Web Pentester) --- .../manual/release-notes/rl-2411.section.md | 2 + nixos/modules/module-list.nix | 1 + .../security/cyber-toolnix/default.nix | 58 +++ .../security/cyber-toolnix/roles/blue.nix | 24 ++ .../cyber-toolnix/roles/bugbounty.nix | 67 +++ .../security/cyber-toolnix/roles/cracker.nix | 70 ++++ .../security/cyber-toolnix/roles/dos.nix | 14 + .../security/cyber-toolnix/roles/forensic.nix | 50 +++ .../security/cyber-toolnix/roles/malware.nix | 95 +++++ .../security/cyber-toolnix/roles/mobile.nix | 59 +++ .../security/cyber-toolnix/roles/network.nix | 160 ++++++++ .../security/cyber-toolnix/roles/osint.nix | 88 ++++ .../security/cyber-toolnix/roles/red.nix | 381 ++++++++++++++++++ .../security/cyber-toolnix/roles/student.nix | 53 +++ .../security/cyber-toolnix/roles/web.nix | 97 +++++ 15 files changed, 1219 insertions(+) create mode 100644 nixos/modules/security/cyber-toolnix/default.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/blue.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/bugbounty.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/cracker.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/dos.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/forensic.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/malware.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/mobile.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/network.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/osint.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/red.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/student.nix create mode 100644 nixos/modules/security/cyber-toolnix/roles/web.nix diff --git a/nixos/doc/manual/release-notes/rl-2411.section.md b/nixos/doc/manual/release-notes/rl-2411.section.md index 6f2dd011eaf0c8f..419525d641056a2 100644 --- a/nixos/doc/manual/release-notes/rl-2411.section.md +++ b/nixos/doc/manual/release-notes/rl-2411.section.md @@ -157,6 +157,8 @@ - [obs-studio](https://obsproject.com/), Free and open source software for video recording and live streaming. Available as [programs.obs-studio.enable](#opt-programs.obs-studio.enable). +- `cyber-toolnix`, a module that enables easy installation of specialized cybersecurity toolsets tailored to various security roles. + ## Backward Incompatibilities {#sec-release-24.11-incompatibilities} - The `sound` options have been removed or renamed, as they had a lot of unintended side effects. See [below](#sec-release-24.11-migration-sound) for details. diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index ad54da561659584..abf021d1f7bba91 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -343,6 +343,7 @@ ./security/auditd.nix ./security/ca.nix ./security/chromium-suid-sandbox.nix + ./security/cyber-toolnix ./security/dhparams.nix ./security/doas.nix ./security/duosec.nix diff --git a/nixos/modules/security/cyber-toolnix/default.nix b/nixos/modules/security/cyber-toolnix/default.nix new file mode 100644 index 000000000000000..14b33990a7da45a --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/default.nix @@ -0,0 +1,58 @@ +{ + lib, + config, + pkgs, + ... +}: + +with lib; + +let + roles = { + blue = import ./roles/blue.nix { inherit pkgs; }; + bugbounty = import ./roles/bugbounty.nix { inherit pkgs; }; + cracker = import ./roles/cracker.nix { inherit pkgs; }; + dos = import ./roles/dos.nix { inherit pkgs; }; + forensic = import ./roles/forensic.nix { inherit pkgs; }; + malware = import ./roles/malware.nix { inherit pkgs; }; + mobile = import ./roles/mobile.nix { inherit pkgs; }; + network = import ./roles/network.nix { inherit pkgs; }; + osint = import ./roles/osint.nix { inherit pkgs; }; + red = import ./roles/red.nix { inherit pkgs; }; + student = import ./roles/student.nix { inherit pkgs; }; + web = import ./roles/web.nix { inherit pkgs; }; + }; +in +{ + options.cyber-toolnix = { + enable = mkOption { + type = types.bool; + default = false; + description = "Enable the cyber-toolnix module to install cyber security tools based on role."; + }; + + role = mkOption { + type = types.enum [ + "blue" + "bugbounty" + "cracker" + "dos" + "forensic" + "malware" + "mobile" + "network" + "osint" + "red" + "student" + "web" + ]; + default = "student"; + description = "Cyber role to determine which set of tools to install. Options are 'blue', 'bugbounty', 'cracker', 'dos', 'forensic', 'malware', 'mobile', 'network', 'osint', 'red', 'student' or 'web'."; + example = "student"; + }; + }; + + config = mkIf config.cyber-toolnix.enable { + environment.systemPackages = builtins.getAttr config.cyber-toolnix.role roles; + }; +} diff --git a/nixos/modules/security/cyber-toolnix/roles/blue.nix b/nixos/modules/security/cyber-toolnix/roles/blue.nix new file mode 100644 index 000000000000000..c9683244dce636f --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/blue.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: + +with pkgs; + +[ + amass + # https://github.com/NixOS/nixpkgs/pull/326533 + # clamav + cryptsetup + ddrescue + exploitdb + ext4magic + extundelete + foremost + fwbuilder + ghidra + netsniff-ng + python312Packages.impacket + recoverjpeg + sleuthkit + wapiti + wireshark + zap +] diff --git a/nixos/modules/security/cyber-toolnix/roles/bugbounty.nix b/nixos/modules/security/cyber-toolnix/roles/bugbounty.nix new file mode 100644 index 000000000000000..b3ba6246c6d4f1c --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/bugbounty.nix @@ -0,0 +1,67 @@ +{ pkgs, ... }: + +with pkgs; + +[ + amass + arjun + assetfinder + burpsuite + caido + cewl + chaos + commix + crlfuzz + crunch + dalfox + detect-secrets + dirb + dirstalk + dnsx + exploitdb + feroxbuster + ffuf + findomain + gau + gitleaks + gobuster + gospider + gowitness + graphqlmap + hakrawler + httpx + jaeles + joomscan + jwt-hack + knockpy + masscan + metasploit + naabu + nikto + nmap + nosqli + nuclei + psudohash + pwncat + python312Packages.httpx + # nose-1.3.7 not supported for interpreter python3.12 + python311Packages.patator + rustscan + sqlmap + subfinder + thc-hydra + theharvester + trufflehog + wafw00f + webanalyze + # https://github.com/NixOS/nixpkgs/issues/326902 + # wfuzz + whatweb + whispers + wpscan + # https://github.com/NixOS/nixpkgs/issues/326943 + # xsser + ### payloads and wordlists + payloadsallthethings + seclists +] diff --git a/nixos/modules/security/cyber-toolnix/roles/cracker.nix b/nixos/modules/security/cyber-toolnix/roles/cracker.nix new file mode 100644 index 000000000000000..10119f56baa2551 --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/cracker.nix @@ -0,0 +1,70 @@ +{ pkgs, ... }: + +with pkgs; + +[ + aesfix + aeskeyfind + aespipe + ares-rs + asleap + bkcrack + bruteforce-luks + brutespray + bully + cewl + chntpw + cmospwd + cowpatty + crackle + crackql + crowbar + dislocker + fcrackzip + gnutls + gomapenum + hash_extender + hash-identifier + hashcat + hashdeep + hashpump + hashrat + hcxtools + john + johnny + jwt-hack + katana + kerbrute + libargon2 + # https://github.com/NixOS/nixpkgs/issues/326909 + # libbde + libgcrypt + medusa + mfoc + ncrack + onesixtyone + pdfcrack + phrasendrescher + pixiewps + psudohash + python312Packages.myjwt + # nose-1.3.7 not supported for interpreter python3.12 + python311Packages.patator + python312Packages.pypykatz + rarcrack + reaverwps-t6x + sha1collisiondetection + snow + spiped + ssdeep + sslscan + testssl + thc-hydra + truecrack + veracrypt + wifite2 + xortool + ### payloads and wordlists + payloadsallthethings + seclists +] diff --git a/nixos/modules/security/cyber-toolnix/roles/dos.nix b/nixos/modules/security/cyber-toolnix/roles/dos.nix new file mode 100644 index 000000000000000..847cd79abc6bf56 --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/dos.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: + +with pkgs; + +[ + ddosify + hyenae + katana + netsniff-ng + siege + slowhttptest + slowlorust + thc-ipv6 +] diff --git a/nixos/modules/security/cyber-toolnix/roles/forensic.nix b/nixos/modules/security/cyber-toolnix/roles/forensic.nix new file mode 100644 index 000000000000000..fff6cd2371799d8 --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/forensic.nix @@ -0,0 +1,50 @@ +{ pkgs, ... }: + +with pkgs; + +[ + acquire + aesfix + aeskeyfind + afflib + bmap-tools + bulk_extractor + chainsaw + chipsec + chkrootkit + chntpw + dc3dd + dcfldd + ddrescue + dmg2img + exiftool + fatcat + file + firefox_decrypt + foremost + hstsparser + libewf + libpst + mac-robber + mdbtools + ms-sys + networkminer + ntfs3g + oletools + osquery + pdf-parser + pev + pngcheck + prowler + recoverjpeg + regripper + safecopy + scalpel + sleuthkit + snort + tell-me-your-secrets + testdisk + tracee + usbrip + volatility3 +] diff --git a/nixos/modules/security/cyber-toolnix/roles/malware.nix b/nixos/modules/security/cyber-toolnix/roles/malware.nix new file mode 100644 index 000000000000000..1668c8bab71e17f --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/malware.nix @@ -0,0 +1,95 @@ +{ pkgs, ... }: + +with pkgs; + +[ + amoco + androguard + apktool + bamf + binwalk + bsdiff + bvi + bytecode-viewer + capstone + cfr + chipsec + ctypes_sh + # https://github.com/NixOS/nixpkgs/issues/308262 + # cutter + # cutterPlugins.rz-ghidra + dex2jar + edb + # elf-dissector # libdwarf is insecure: https://github.com/NixOS/nixpkgs/issues/276728 + elfkickers + elfutils + eresi + flare-floss + flasm + frida-tools + gdb + gdbgui + ghidra + hexbinhex + hopper + iaito + jadx + # https://github.com/NixOS/nixpkgs/issues/308260 + # jd-cli + jd-gui + jpexs + jsbeautifier + # https://github.com/NixOS/nixpkgs/issues/326927 + # klee + lief + lldb + loadlibrary + ltrace + ms-sys + nasm + oletools + osslsigncode + packer + pe-bear + pev + pixd + procdump + procyon + pwndbg + pwntools + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.angr + # distorm3-3.5.2 not supported for interpreter python3.12 + # https://github.com/NixOS/nixpkgs/issues/326920 + # python311Packages.distorm3 + python312Packages.frida-python + python312Packages.pcodedmp + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.pwntools + python312Packages.pyjsparser + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.ropper + python312Packages.vt-py + python312Packages.yara-python + quark-engine + radare2 + retdec + rizin + rizinPlugins.rz-ghidra + rr + saleae-logic + saleae-logic-2 + scanmem + shellnoob + snowman + strace + # swftools + udis86 + upx + valgrind + vivisect + vt-cli + wcc + wxhexeditor + yara +] diff --git a/nixos/modules/security/cyber-toolnix/roles/mobile.nix b/nixos/modules/security/cyber-toolnix/roles/mobile.nix new file mode 100644 index 000000000000000..ada9d4a354f189d --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/mobile.nix @@ -0,0 +1,59 @@ +{ pkgs, ... }: + +with pkgs; + +[ + amoco + android-udev-rules + apkid + apkleaks + apktool + binwalk + bsdiff + capstone + cargo-ndk + ctypes_sh + # https://github.com/NixOS/nixpkgs/issues/308262 + # cutter + # cutterPlugins.rz-ghidra + dex2jar + edb + eresi + flasm + frida-tools + ghidra + ghost + hopper + iaito + jadx + # https://github.com/NixOS/nixpkgs/issues/308260 + # jd-cli + jd-gui + jsbeautifier + kalibrate-rtl + # https://github.com/NixOS/nixpkgs/issues/326927 + # klee + lief + pe-bear + pev + pwntools + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.angr + # distorm3-3.5.2 not supported for interpreter python3.12 + # https://github.com/NixOS/nixpkgs/issues/326920 + # python311Packages.distorm3 + python312Packages.frida-python + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.pwntools + python312Packages.pyaxmlparser + python312Packages.pyjsparser + quark-engine + radare2 + retdec + rizin + rizinPlugins.rz-ghidra + scanmem + # swftools + udis86 + vivisect +] diff --git a/nixos/modules/security/cyber-toolnix/roles/network.nix b/nixos/modules/security/cyber-toolnix/roles/network.nix new file mode 100644 index 000000000000000..47de8b2453513da --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/network.nix @@ -0,0 +1,160 @@ +{ pkgs, ... }: + +with pkgs; + +[ + # _3proxy + afpfs-ng + aircrack-ng + airgeddon + argus + argus-clients + arp-scan + arping + arpoison + asnmap + atftp + batctl + bettercap + bind + bully + burpsuite + cadaver + caido + chisel + cntlm + coercer + corkscrew + cowpatty + creds + darkstat + dnschef + dnsmasq + driftnet + dsniff + dublin-traceroute + dump1090 + etherape + ettercap + evillimiter + exabgp + fping + freeipmi + freeradius + geoip + girsh + gnuradio + gpredict + gqrx + gsocket + hackrf + haka + hcxdumptool + hcxtools + hostapd-mana + hping + httping + httptunnel + hyenae + i2pd + iodine + ipmitool + iputils + jnetmap + junkie + kismet + ldapdomaindump + libosmocore + libtins + ligolo-ng + # linuxKernel.packages.linux_zen.batman_adv + macchanger + mailsend + mapcidr + mdk4 + metasploit + mfcuk + mfoc + miredo + mitm6 + mitmproxy + mitmproxy2swagger + mtr + mtr-gui + mubeng + multimon-ng + netdiscover + netsniff-ng + networkminer + nfdump + ngrep + ngrok + obfs4 + ostinato + p0f + pcapfix + pixiewps + pmacct + proxify + proxmark3 + proxychains-ng + pwnat + pwncat + python312Packages.impacket + python312Packages.ldapdomaindump + python312Packages.netmap + python312Packages.scapy + python312Packages.sshtunnel + python312Packages.torpy + python312Packages.websockify + rathole + reaverwps-t6x + redsocks + responder + rinetd + rustcat + samplicator + sniffglue + snmpcheck + snort + soapui + socat + spiped + # https://github.com/NixOS/nixpkgs/pull/308093 + # ssh-mitm + sshuttle + ssldump + sslh + sslscan + sslsplit + stacs + stunnel + suricata + swaks + tcpdump + tcpflow + tcpreplay + tcptraceroute + thc-ipv6 + tinc + tinyproxy + tor + torsocks + tshark + udp2raw + udpreplay + udptunnel + urh + wavemon + wifite2 + wireshark + # haskell connection-0.3.1 dependency of wstunnel marked as broken + # wstunnel + yersinia + zap + zdns + zeek + zssh + zulu + # zzuf +] diff --git a/nixos/modules/security/cyber-toolnix/roles/osint.nix b/nixos/modules/security/cyber-toolnix/roles/osint.nix new file mode 100644 index 000000000000000..27a9ba53d1afbaa --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/osint.nix @@ -0,0 +1,88 @@ +{ pkgs, ... }: + +with pkgs; + +[ + ad-miner # To be backported to 24.05 + aiodnsbrute + amass + asn + assetfinder + bind + bloodhound + bloodhound-py + cantoolz + certgraph + chaos + checkpwn + clairvoyance + cloudlist + dnsenum + dnsrecon + dnstracer + dnstwist + dnsx + dorkscout + enum4linux + enum4linux-ng + fierce + findomain + fping + gau + geoip + ghdorker + git-hound # To be backported https://github.com/NixOS/nixpkgs/issues/276787 + gitleaks + gomapenum + gowitness + graphinder + holehe + httping + katana + kiterunner + knockpy + ldeep + linux-exploit-suggester + # pyhanko error on maigret + # maigret + maltego + metabigor + metasploit + netdiscover + netmask + ntlmrecon + octosuite + parsero + photon + proxmark3 + python312Packages.shodan + # https://github.com/NixOS/nixpkgs/issues/308235 + # python312Packages.scrapy + # https://github.com/NixOS/nixpkgs/issues/308232 + # python312Packages.scrapy-deltafetch + # python312Packages.scrapy-fake-useragent + # python312Packages.scrapy-splash + python312Packages.spyse-python + rita + sherlock + sleuthkit + smbmap + sn0int + sniffglue + snmpcheck + # https://github.com/NixOS/nixpkgs/issues/326940 + # snscrape + social-engineer-toolkit + socialscan + subfinder + subjs + thc-ipv6 + theharvester + traceroute + trufflehog + uncover + webanalyze + websploit + whatweb + zgrab2 +] diff --git a/nixos/modules/security/cyber-toolnix/roles/red.nix b/nixos/modules/security/cyber-toolnix/roles/red.nix new file mode 100644 index 000000000000000..20e3541eb30d987 --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/red.nix @@ -0,0 +1,381 @@ +{ pkgs, ... }: + +with pkgs; + +[ + # _3proxy + # ad-miner # To be backported to 24.05 + # https://github.com/NixOS/nixpkgs/issues/326942 + # adenum + aesfix + aeskeyfind + aflplusplus + afpfs-ng + aiodnsbrute + amass + apache-users + apachetomcatscanner + # archivebox https://github.com/NixOS/nixpkgs/issues/276947 + ares-rs + argus + argus-clients + arjun + arp-scan + arpoison + asleap + asnmap + assetfinder + atftp + bettercap + bind + bkcrack + bloodhound + bloodhound-py + boofuzz + braa + brakeman + bruteforce-luks + brutespray + bully + burpsuite + cadaver + caido + # cameradar + cantoolz + certgraph + certipy + certsync + cewl + cfr + chainsaw + chaos + checksec + chipsec + chntpw + clair + clairvoyance + cloudlist + cmospwd + coercer + commix + corkscrew + cowpatty + crackle + crackmapexec + crackql + creds + crlfuzz + crowbar + ctypes_sh + # https://github.com/NixOS/nixpkgs/issues/308262 + # cutter + # cutterPlugins.rz-ghidra + dalfox + darkstat + davtest + dirb + dirstalk + dive + dnsenum + dnsmasq + dnsrecon + dnstracer + dnstwist + dnsx + dontgo403 + doona + dorkscout + driftnet + dsniff + # dublin-traceroute # To be backported to 24.05 + dump1090 + edb + enum4linux + enum4linux-ng + eresi + etherape + ettercap + evillimiter + # https://github.com/NixOS/nixpkgs/issues/340969 + # evil-winrm + exabgp + exploitdb + fcrackzip + feroxbuster + ffuf + fierce + findomain + firewalk + flasm + fping + freeipmi + freerdp + fscan + gau + gdb + gdbgui + geoip + ghauri + ghdorker + ghidra + girsh + # git-hound # Marked as broken + gitleaks + go-cve-search + gobuster + gomapenum + gospider + gowitness + gpredict + graphinder + graphqlmap + graphw00f + grype + gsocket + haka + hakrawler + hashcat + hashcat-utils + hashpump + hcxdumptool + hcxtools + holehe + honggfuzz + hopper + hping + httping + httprobe + httpx + hyenae + i2pd + iaito + ike-scan + interactsh + ipmitool + iputils + jadx + jaeles + # https://github.com/NixOS/nixpkgs/issues/308260 + # jd-cli + jd-gui + jnetmap + john + johnny + joomscan + jpexs + jsbeautifier + junkie + jwt-hack + kalibrate-rtl + katana + kerbrute + kismet + kiterunner + # https://github.com/NixOS/nixpkgs/issues/326927 + # klee + knockpy + kube-hunter + ldapdomaindump + ldeep + libargon2 + libpst + libtins + ligolo-ng + linux-exploit-suggester + lldb + log4j-scan + lynis + macchanger + # pyhanko error on maigret + # maigret + mailsend + maltego + mapcidr + masscan + mdk4 + medusa + metabigor + metasploit + mfoc + mitm6 + mitmproxy + mitmproxy2swagger + mongoaudit + monsoon + mtr + mtr-gui + naabu + nbtscanner + ncrack + netdiscover + netmask + netsniff-ng + networkminer + nfdump + ngrep + ngrok + nikto + nmap + nosqli + ntlmrecon + nuclei + obfs4 + onesixtyone + osslsigncode + ostinato + p0f + padbuster + parsero + pcapfix + pdfcrack + pe-bear + photon + phrasendrescher + pixiewps + plecost + powersploit + pmacct + procyon + proxmark3 + psudohash + pwnat + pwncat + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.angrop + python312Packages.arsenic + python312Packages.dnspython + python312Packages.httpx + python312Packages.impacket + python312Packages.ldapdomaindump + python312Packages.minidump + python312Packages.minikerberos + python312Packages.myjwt + python312Packages.netmap + # nose-1.3.7 not supported for interpreter python3.12 + python311Packages.patator + python312Packages.pyjsparser + python312Packages.pypykatz + python312Packages.rfcat + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.ropgadget + # capstone-5.0.1 not supported for interpreter python3.12 + python311Packages.ropper + python312Packages.scapy + # https://github.com/NixOS/nixpkgs/issues/308235 + # python312Packages.scrapy + # https://github.com/NixOS/nixpkgs/issues/308232 + # python312Packages.scrapy-deltafetch + # python312Packages.scrapy-fake-useragent + # python312Packages.scrapy-splash + python312Packages.shodan + python312Packages.spyse-python + python312Packages.sshtunnel + python312Packages.thefuzz + python312Packages.torpy + # python312Packages.uncompyle6 + python312Packages.websockify + radamsa + radare2 + rarcrack + rathole + reaverwps-t6x + redfang + redsocks + responder + retdec + rinetd + # rita # To be backported to 24.05 + rizin + rizinPlugins.rz-ghidra + ropgadget + # https://github.com/NixOS/nixpkgs/issues/326970 + # routersploit + ruler + rustcat + rustscan + saleae-logic + saleae-logic-2 + samplicator + seclists + shellnoob + sherlock + sipvicious + slither-analyzer + smbmap + snallygaster + sniffglue + snmpcheck + snort + snowman + # https://github.com/NixOS/nixpkgs/issues/326940 + # snscrape + snyk + soapui + socat + social-engineer-toolkit + socialscan + spiped + sqlmap + ssh-audit + ssh-mitm + sshocker + sshuttle + ssldump + sslh + sslscan + sslsplit + stacs + stunnel + subfinder + subjs + swaks + # swftools + # https://github.com/NixOS/nixpkgs/pull/326600 + # sysdig + tcpdump + tcpflow + tcpreplay + tcptraceroute + testssl + tfsec + thc-hydra + thc-ipv6 + theharvester + tinc + tlsx + tor + traceroute + # trinity + trivy + trufflehog + udp2raw + udptunnel + uncover + vivisect + wafw00f + wapiti + webanalyze + websploit + # https://github.com/NixOS/nixpkgs/issues/326902 + # wfuzz + whatweb + wifite2 + wireshark + wpscan + wuzz + xcat + # https://github.com/NixOS/nixpkgs/issues/326943 + # xsser + yersinia + zap + zdns + zeek + zgrab2 + zmap + zssh + zulu + zzuf + ### payloads and wordlists + payloadsallthethings + seclists +] diff --git a/nixos/modules/security/cyber-toolnix/roles/student.nix b/nixos/modules/security/cyber-toolnix/roles/student.nix new file mode 100644 index 000000000000000..122d770ae0648ff --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/student.nix @@ -0,0 +1,53 @@ +{ pkgs, ... }: + +with pkgs; + +[ + aircrack-ng + binwalk + burpsuite + caido + cewl + crunch + dirb + dnsmasq + edb + enum4linux + enum4linux-ng + # https://github.com/NixOS/nixpkgs/issues/340969 + # evil-winrm + exploitdb + ffuf + fierce + ghidra + gobuster + hashcat + hashcat-utils + hcxtools + john + kismet + medusa + metasploit + mitmproxy + nasm + nikto + nmap + proxychains-ng + pwncat + python312Packages.pypykatz + radare2 + responder + social-engineer-toolkit + sqlmap + thc-hydra + theharvester + wafw00f + # https://github.com/NixOS/nixpkgs/issues/326902 + # wfuzz + wifite2 + wireshark + wpscan + ### payloads and wordlists + payloadsallthethings + seclists +] diff --git a/nixos/modules/security/cyber-toolnix/roles/web.nix b/nixos/modules/security/cyber-toolnix/roles/web.nix new file mode 100644 index 000000000000000..dda227e30a514bd --- /dev/null +++ b/nixos/modules/security/cyber-toolnix/roles/web.nix @@ -0,0 +1,97 @@ +{ pkgs, ... }: + +with pkgs; + +[ + aflplusplus + # archivebox # python-django dep is marked as insecure + apachetomcatscanner + arjun + assetfinder + boofuzz + brakeman + burpsuite + caido + cantoolz + chipsec + clairvoyance + commix + crackql + crlfuzz + dalfox + dirb + dirstalk + dontgo403 + doona + feroxbuster + ffuf + firewalk + gau + ghauri + gobuster + gospider + gowitness + graphinder + graphqlmap + graphw00f + hakrawler + honggfuzz + httpx + interactsh + jaeles + joomscan + jsbeautifier + jwt-hack + katana + kiterunner + log4j-scan + mdk4 + metasploit + mitm6 + mitmproxy + mitmproxy2swagger + mongoaudit + monsoon + nikto + nosqli + nuclei + photon + plecost + psudohash + python312Packages.arsenic + python312Packages.httpx + python312Packages.pyjsparser + # https://github.com/NixOS/nixpkgs/issues/308235 + # python312Packages.scrapy + # https://github.com/NixOS/nixpkgs/issues/308232 + # python312Packages.scrapy-deltafetch + # python312Packages.scrapy-fake-useragent + # python312Packages.scrapy-splash + python312Packages.thefuzz + radamsa + responder + ruler + snallygaster + soapui + sqlmap + subjs + # swftools + # trinity + wafw00f + wapiti + webanalyze + websploit + # https://github.com/NixOS/nixpkgs/issues/326902 + # wfuzz + whatweb + wpscan + wuzz + # https://github.com/NixOS/nixpkgs/issues/326943 + # xsser + yersinia + zap + zzuf + ### payloads and wordlists + payloadsallthethings + seclists +]