diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 127 |
1 files changed, 42 insertions, 85 deletions
@@ -14,27 +14,40 @@ Because it's the best distro ever. Yes, but I prefer Slackware. -## Packages List +## Tool Catalog + +The goal of this repo is to make pentesting tools available on Slackware: +package from scratch what isn't readily available, and point to a good source +for what already is. This table is the catalog. It lists every tool in scope, +whether its SlackBuild lives **In repo** here, and where else to get it. This list is ever growing, if you want to ask for a package to be prioritized, just open an issue Legend: ✅ yes / available / build-tested ❎ not on SlackBuilds.org ❔ not yet tested -| Package Name | SlackBuilds.org available | Upstream | Version | Tested -current | Tested -stable | -| -------------------- | ------------------------- | ------------------------------------------------------------ | ---------- | --------------- | -------------- | -| SecLists | ✅ | [danielmiessler/SecLists](https://github.com/danielmiessler/SecLists) | 2026.1 | ✅ | ❔ | -| ffuf | ✅ | [ffuf/ffuf](https://github.com/ffuf/ffuf) | 2.1.0 | ✅ | ❔ | -| gobuster | ✅ | [OJ/gobuster](https://github.com/OJ/gobuster) | 3.8.2 | ✅ | ❔ | -| hashcat | ✅ | [hashcat.net](https://hashcat.net/hashcat/) | 7.1.2 | ✅ | ❔ | -| john | ✅ | [openwall.com](https://www.openwall.com/john/) | 1.9.0 | ✅ | ❔ | -| exploitdb | ✅ | [exploit-db.com](https://www.exploit-db.com/) | 2026-04-30 | ✅ | ❔ | -| cadaver | ✅ | [notroj/cadaver](https://notroj.github.io/cadaver/) | 0.28 | ✅ | ❔ | -| nuclei | ✅ | [projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) | 3.8.0 | ✅ | ❔ | -| feroxbuster | ❎ | [epi052/feroxbuster](https://github.com/epi052/feroxbuster) | 2.13.1 | ✅ | ✅ | -| netexec | ❎ | [Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec) | 1.5.1 | ✅ | ❎ | -| windows binaries | ❎ | [kali.org](https://www.kali.org/tools/windows-binaries/) | 0.6.10 | ✅ | ❔ | -| webshells | ❎ | [kali.org](https://www.kali.org/tools/webshells/) | 1.1 | ✅ | ❔ | -| metasploit-framework-bin | ✅ | [metasploit.com](https://www.metasploit.com/) | 6.4.135 | ✅ | ✅ | +Where a tool lives: + +- **In repo ✅** — written/maintained here (usually because it's not on + SlackBuilds.org, or the SBo version is stale). +- **In repo ❎** — already on SlackBuilds.org, so there's no need to duplicate + it here; install it straight from SBo. Still cataloged because it's part of + the suite. + +| Package Name | In repo | SlackBuilds.org available | Maintainer | Upstream | Version | Tested -current | Tested -stable | +| -------------------- | ------- | ------------------------- | ---------- | ------------------------------------------------------------ | ---------- | --------------- | -------------- | +| SecLists | ❎ | ✅ | danix | [danielmiessler/SecLists](https://github.com/danielmiessler/SecLists) | 2026.1 | ✅ | ❔ | +| ffuf | ❎ | ✅ | danix | [ffuf/ffuf](https://github.com/ffuf/ffuf) | 2.1.0 | ✅ | ❔ | +| gobuster | ❎ | ✅ | danix | [OJ/gobuster](https://github.com/OJ/gobuster) | 3.8.2 | ✅ | ❔ | +| hashcat | ❎ | ✅ | B. Watson | [hashcat.net](https://hashcat.net/hashcat/) | 7.1.2 | ✅ | ❔ | +| john | ❎ | ✅ | Kent Fritz | [openwall.com](https://www.openwall.com/john/) | 1.9.0 | ✅ | ❔ | +| exploitdb | ❎ | ✅ | danix | [exploit-db.com](https://www.exploit-db.com/) | 2026-04-30 | ✅ | ❔ | +| nuclei | ❎ | ✅ | danix | [projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) | 3.8.0 | ✅ | ❔ | +| feroxbuster | ❎ | ✅ | danix | [epi052/feroxbuster](https://github.com/epi052/feroxbuster) | 2.13.1 | ✅ | ✅ | +| metasploit-framework-bin | ❎ | ✅ | danix | [metasploit.com](https://www.metasploit.com/) | 6.4.143 | ✅ | ✅ | +| cadaver | ✅ | ✅ | danix | [notroj/cadaver](https://notroj.github.io/cadaver/) | 0.28 | ✅ | ❔ | +| netexec | ✅ | ❎ | danix | [Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec) | 1.5.1 | ✅ | ❎ | +| windows binaries | ✅ | ❎ | danix | [kali.org](https://www.kali.org/tools/windows-binaries/) | 0.6.10 | ✅ | ❔ | +| webshells | ✅ | ❎ | danix | [kali.org](https://www.kali.org/tools/webshells/) | 1.1 | ✅ | ❔ | > [!IMPORTANT] > @@ -48,72 +61,16 @@ Legend: ✅ yes / available / build-tested ❎ not on SlackBuilds.org &nb > > The Powershell package is available on slackbuilds.org without modifications necessary so I removed it. -## Git Hooks - -This repo ships maintainer git hooks under `.extras/hooks/`. After cloning, -install them with: - -```bash -cp .extras/hooks/* .git/hooks/ && chmod 0755 .git/hooks/{pre,post}-commit -``` - -- **pre-commit** lints each changed package with `sbolint` and blocks the - commit on errors. It also refuses staged source archives (these are fetched - with `sbodl`, never committed). Bypass linting with `SBOLINT=no git commit`. -- **post-commit** offers to build an SBo submission tarball - (`SBo/<package>.tar.gz`) for any added or updated package. To answer the - prompt non-interactively, set `SBO_ARCHIVE=yes` or `SBO_ARCHIVE=no` in the - environment. - -## Building an SBo archive on demand - -`.extras/mksboarchive <package>` builds the same `<package>.tar.gz` SBo -submission tarball the post-commit hook produces, but on demand by name -rather than at commit time: - -```bash -.extras/mksboarchive feroxbuster # writes ./feroxbuster.tar.gz -OUTPUT=/tmp .extras/mksboarchive hydra # writes /tmp/hydra.tar.gz -``` - -Run it from the repo root: it looks for a `<package>/<package>.SlackBuild` -below the current directory, removes any `sbodl` source symlinks from the -package directory first (so they never leak into the tarball), then archives -the directory. The output directory defaults to the current working directory -and can be overridden with the `OUTPUT` environment variable. This means it -works the same whether you run `.extras/mksboarchive` or an installed copy -(e.g. in `~/bin`), as long as you are in the repo root. - -## Vendored Crates (Rust packages) - -Rust packages such as `feroxbuster` build from a vendored crates tarball -(`<pkg>-<version>-vendor.tar.gz`) declared as a second source in the `.info` -file, alongside the upstream tarball. The SlackBuild unpacks it, points cargo -at it via `.cargo/config.toml`, and builds fully offline (`cargo build ---offline --locked`). - -This mirrors how SlackBuilds.org packages Rust (and Go) software. SBo builds -must be reproducible from the checksummed sources declared in `.info` and run -in a clean chroot with no network access. Letting cargo fetch from crates.io -at build time would break that: builds would depend on crates.io being -reachable and unchanged, and the SBo build farm (which runs offline) would -reject the package. - -The vendor tarball is generated once per version with `cargo-vendor-filterer` -and hosted by the maintainer. `SOURCE_DATE_EPOCH` is pinned to the upstream -release tag's commit date so the archive is byte-for-byte reproducible: - -```bash -tar xf feroxbuster-<version>.tar.gz && cd feroxbuster-<version> -export SOURCE_DATE_EPOCH="$(date -u -d '<release-tag commit date>' +%s)" -cargo vendor-filterer \ - --platform=x86_64-unknown-linux-gnu \ - --prefix=vendor \ - --format=tar.gz \ - feroxbuster-<version>-vendor.tar.gz -``` - -The tag commit date comes from the GitHub API -(`commits/<tag>` → `.commit.committer.date`). Then update `MD5SUM_x86_64` for -the new tarball in the `.info` file. The exact command is also recorded in the -package's own `README`. +## Maintainer tooling + +The `.extras/` folder holds the tools used when maintaining this repo (git +hooks, version-tracking config, and helper scripts). They are not needed to +install any of the packages. + +## Development Approach + +This project is developed using AI-assisted tools. Code is generated with the help of AI based on human-provided specifications, design decisions, and iterative feedback. + +All contributions are reviewed, tested, and curated by the maintainer before being included in the codebase. AI is used as a productivity and exploration tool, while human oversight remains central to all decisions. + +The goal is to combine the flexibility of AI-assisted development with standard open-source practices such as transparency, review, and accountability. |
