From bfc43b171a9d7ac84470cc909d5d51aaee8289ff Mon Sep 17 00:00:00 2001 From: "Danilo M." Date: Sat, 11 Jul 2026 12:42:37 +0200 Subject: Move danix-official SBo packages to sbo-slackbuilds repo Deduplicate the seven packages that are now danix-maintained on SlackBuilds.org (SecLists, ffuf, gobuster, exploitdb, nuclei, feroxbuster, metasploit-framework-bin); they live in the sbo-slackbuilds repo. ffuf and gobuster were synced to current SBo (arch-independent .info) before the move. README keeps them in the package table with In-repo/Maintainer columns since they stay relevant to the suite. CLAUDE.md build-strategy docs for the moved build types (Go/Rust/.deb, metasploit regen procedures) relocate to sbo-slackbuilds/CLAUDE.md; a pointer note remains here. cadaver stays (SBo entry orphaned, local is the notroj 0.28 rewrite). Co-Authored-By: Claude Opus 4.8 --- README.md | 74 ++++++++++++++++++++------------------------------------------- 1 file changed, 23 insertions(+), 51 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index c9ef86c..cba44d0 100644 --- a/README.md +++ b/README.md @@ -20,21 +20,27 @@ This list is ever growing, if you want to ask for a package to be prioritized, j Legend: ✅ yes / available / build-tested   ❎ not on SlackBuilds.org   ❔ not yet tested -| Package Name | SlackBuilds.org available | Upstream | Version | Tested -current | Tested -stable | -| -------------------- | ------------------------- | ------------------------------------------------------------ | ---------- | --------------- | -------------- | -| SecLists | ✅ | [danielmiessler/SecLists](https://github.com/danielmiessler/SecLists) | 2026.1 | ✅ | ❔ | -| ffuf | ✅ | [ffuf/ffuf](https://github.com/ffuf/ffuf) | 2.1.0 | ✅ | ❔ | -| gobuster | ✅ | [OJ/gobuster](https://github.com/OJ/gobuster) | 3.8.2 | ✅ | ❔ | -| hashcat | ✅ | [hashcat.net](https://hashcat.net/hashcat/) | 7.1.2 | ✅ | ❔ | -| john | ✅ | [openwall.com](https://www.openwall.com/john/) | 1.9.0 | ✅ | ❔ | -| exploitdb | ✅ | [exploit-db.com](https://www.exploit-db.com/) | 2026-04-30 | ✅ | ❔ | -| cadaver | ✅ | [notroj/cadaver](https://notroj.github.io/cadaver/) | 0.28 | ✅ | ❔ | -| nuclei | ✅ | [projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) | 3.8.0 | ✅ | ❔ | -| feroxbuster | ❎ | [epi052/feroxbuster](https://github.com/epi052/feroxbuster) | 2.13.1 | ✅ | ✅ | -| netexec | ❎ | [Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec) | 1.5.1 | ✅ | ❎ | -| windows binaries | ❎ | [kali.org](https://www.kali.org/tools/windows-binaries/) | 0.6.10 | ✅ | ❔ | -| webshells | ❎ | [kali.org](https://www.kali.org/tools/webshells/) | 1.1 | ✅ | ❔ | -| metasploit-framework-bin | ✅ | [metasploit.com](https://www.metasploit.com/) | 6.4.135 | ✅ | ✅ | +The **In repo** column marks whether the SlackBuild source lives here. Packages +maintained by danix that already ship on SlackBuilds.org are kept in the +[sbo-slackbuilds](https://github.com/danixland/sbo-slackbuilds) repo, not +duplicated here; they are still listed below because they are relevant to the +suite. Third-party SBo packages (hashcat, john) are listed for the same reason. + +| Package Name | In repo | SlackBuilds.org available | Maintainer | Upstream | Version | Tested -current | Tested -stable | +| -------------------- | ------- | ------------------------- | ---------- | ------------------------------------------------------------ | ---------- | --------------- | -------------- | +| SecLists | ❎ (SBo) | ✅ | danix | [danielmiessler/SecLists](https://github.com/danielmiessler/SecLists) | 2026.1 | ✅ | ❔ | +| ffuf | ❎ (SBo) | ✅ | danix | [ffuf/ffuf](https://github.com/ffuf/ffuf) | 2.1.0 | ✅ | ❔ | +| gobuster | ❎ (SBo) | ✅ | danix | [OJ/gobuster](https://github.com/OJ/gobuster) | 3.8.2 | ✅ | ❔ | +| hashcat | ❎ | ✅ | B. Watson | [hashcat.net](https://hashcat.net/hashcat/) | 7.1.2 | ✅ | ❔ | +| john | ❎ | ✅ | Kent Fritz | [openwall.com](https://www.openwall.com/john/) | 1.9.0 | ✅ | ❔ | +| exploitdb | ❎ (SBo) | ✅ | danix | [exploit-db.com](https://www.exploit-db.com/) | 2026-04-30 | ✅ | ❔ | +| nuclei | ❎ (SBo) | ✅ | danix | [projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) | 3.8.0 | ✅ | ❔ | +| feroxbuster | ❎ (SBo) | ✅ | danix | [epi052/feroxbuster](https://github.com/epi052/feroxbuster) | 2.13.1 | ✅ | ✅ | +| metasploit-framework-bin | ❎ (SBo) | ✅ | danix | [metasploit.com](https://www.metasploit.com/) | 6.4.143 | ✅ | ✅ | +| cadaver | ✅ | ✅ | danix | [notroj/cadaver](https://notroj.github.io/cadaver/) | 0.28 | ✅ | ❔ | +| netexec | ✅ | ❎ | danix | [Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec) | 1.5.1 | ✅ | ❎ | +| windows binaries | ✅ | ❎ | danix | [kali.org](https://www.kali.org/tools/windows-binaries/) | 0.6.10 | ✅ | ❔ | +| webshells | ✅ | ❎ | danix | [kali.org](https://www.kali.org/tools/webshells/) | 1.1 | ✅ | ❔ | > [!IMPORTANT] > @@ -72,8 +78,8 @@ submission tarball the post-commit hook produces, but on demand by name rather than at commit time: ```bash -.extras/mksboarchive feroxbuster # writes ./feroxbuster.tar.gz -OUTPUT=/tmp .extras/mksboarchive hydra # writes /tmp/hydra.tar.gz +.extras/mksboarchive netexec # writes ./netexec.tar.gz +OUTPUT=/tmp .extras/mksboarchive webshells # writes /tmp/webshells.tar.gz ``` Run it from the repo root: it looks for a `/.SlackBuild` @@ -83,37 +89,3 @@ the directory. The output directory defaults to the current working directory and can be overridden with the `OUTPUT` environment variable. This means it works the same whether you run `.extras/mksboarchive` or an installed copy (e.g. in `~/bin`), as long as you are in the repo root. - -## Vendored Crates (Rust packages) - -Rust packages such as `feroxbuster` build from a vendored crates tarball -(`--vendor.tar.gz`) declared as a second source in the `.info` -file, alongside the upstream tarball. The SlackBuild unpacks it, points cargo -at it via `.cargo/config.toml`, and builds fully offline (`cargo build ---offline --locked`). - -This mirrors how SlackBuilds.org packages Rust (and Go) software. SBo builds -must be reproducible from the checksummed sources declared in `.info` and run -in a clean chroot with no network access. Letting cargo fetch from crates.io -at build time would break that: builds would depend on crates.io being -reachable and unchanged, and the SBo build farm (which runs offline) would -reject the package. - -The vendor tarball is generated once per version with `cargo-vendor-filterer` -and hosted by the maintainer. `SOURCE_DATE_EPOCH` is pinned to the upstream -release tag's commit date so the archive is byte-for-byte reproducible: - -```bash -tar xf feroxbuster-.tar.gz && cd feroxbuster- -export SOURCE_DATE_EPOCH="$(date -u -d '' +%s)" -cargo vendor-filterer \ - --platform=x86_64-unknown-linux-gnu \ - --prefix=vendor \ - --format=tar.gz \ - feroxbuster--vendor.tar.gz -``` - -The tag commit date comes from the GitHub API -(`commits/` → `.commit.committer.date`). Then update `MD5SUM_x86_64` for -the new tarball in the `.info` file. The exact command is also recorded in the -package's own `README`. -- cgit v1.2.3