1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|

# Sl (hack) ware
### a Slackware GNU/Linux Pentesting Suite
The aim of this project is to bring a curated collection of programs, tools, libraries and various utilities, ~~packaged~~ (some packages are way too big, sorry) and ready to be installed on Slackware.
### Why Slackware
Because it's the best distro ever.
### We have Kali and/or Parrot
Yes, but I prefer Slackware.
## Packages List
This list is ever growing, if you want to ask for a package to be prioritized, just open an issue
| Package Name | SlackBuilds.org available | Upstream | Version |
| -------------------- | ------------------------- | ------------------------------------------------------------ | ---------- |
| SecLists | ✅ | [danielmiessler/SecLists](https://github.com/danielmiessler/SecLists) | 2026.1 |
| ffuf | ✅ | [ffuf/ffuf](https://github.com/ffuf/ffuf) | 2.1.0 |
| gobuster | ✅ | [OJ/gobuster](https://github.com/OJ/gobuster) | 3.8.2 |
| hashcat | ✅ | [hashcat.net](https://hashcat.net/hashcat/) | 7.1.2 |
| john | ✅ | [openwall.com](https://www.openwall.com/john/) | 1.9.0 |
| exploitdb | ✅ | [exploit-db.com](https://www.exploit-db.com/) | 2026-04-30 |
| cadaver | ✅ | [notroj/cadaver](https://notroj.github.io/cadaver/) | 0.28 |
| nuclei | ✅ | [projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) | 3.8.0 |
| feroxbuster | ❎ | [epi052/feroxbuster](https://github.com/epi052/feroxbuster) | 2.13.1 |
| windows binaries | ❎ | [kali.org](https://www.kali.org/tools/windows-binaries/) | 0.6.10 |
| webshells | ❎ | [kali.org](https://www.kali.org/tools/webshells/) | 1.1 |
| metasploit framework | ❎ | [metasploit.com](https://www.metasploit.com/) | 6.4.133 |
> [!IMPORTANT]
>
> The exploitdb package pulls also the binsploits which consists of 1.1Gb of exploits.
> [!NOTE]
>
> There's a metasploit package on slackbuilds.org but is an older version (last updated in 2022). I'll contact the mantainer and ask to transfer it to me and I'll update it.
>
> The cadaver package is available on slackbuilds.org but it's for an older version. I've reported here the script and built the newest version. The slackbuild includes now a pull from the [notroj/neon](https://github.com/notroj/neon) repository which is usually not allowed for SlackBuilds that are uploaded to slackbuilds.org
>
> The Powershell package is available on slackbuilds.org without modifications necessary so I removed it.
## Git Hooks
This repo ships maintainer git hooks under `.extras/hooks/`. After cloning,
install them with:
```bash
cp .extras/hooks/* .git/hooks/ && chmod 0755 .git/hooks/{pre,post}-commit
```
- **pre-commit** lints each changed package with `sbolint` and blocks the
commit on errors. It also refuses staged source archives (these are fetched
with `sbodl`, never committed). Bypass linting with `SBOLINT=no git commit`.
- **post-commit** offers to build an SBo submission tarball
(`SBo/<package>.tar.gz`) for any added or updated package. To answer the
prompt non-interactively, set `SBO_ARCHIVE=yes` or `SBO_ARCHIVE=no` in the
environment.
## Vendored Crates (Rust packages)
Rust packages such as `feroxbuster` build from a vendored crates tarball
(`<pkg>-<version>-vendor.tar.gz`) declared as a second source in the `.info`
file, alongside the upstream tarball. The SlackBuild unpacks it, points cargo
at it via `.cargo/config.toml`, and builds fully offline (`cargo build
--offline --locked`).
This mirrors how SlackBuilds.org packages Rust (and Go) software. SBo builds
must be reproducible from the checksummed sources declared in `.info` and run
in a clean chroot with no network access. Letting cargo fetch from crates.io
at build time would break that: builds would depend on crates.io being
reachable and unchanged, and the SBo build farm (which runs offline) would
reject the package.
The vendor tarball is generated once per version with `cargo-vendor-filterer`
and hosted by the maintainer. `SOURCE_DATE_EPOCH` is pinned to the upstream
release tag's commit date so the archive is byte-for-byte reproducible:
```bash
tar xf feroxbuster-<version>.tar.gz && cd feroxbuster-<version>
export SOURCE_DATE_EPOCH="$(date -u -d '<release-tag commit date>' +%s)"
cargo vendor-filterer \
--platform=x86_64-unknown-linux-gnu \
--prefix=vendor \
--format=tar.gz \
feroxbuster-<version>-vendor.tar.gz
```
The tag commit date comes from the GitHub API
(`commits/<tag>` → `.commit.committer.date`). Then update `MD5SUM_x86_64` for
the new tarball in the `.info` file. The exact command is also recorded in the
package's own `README`.
|