aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
blob: c9ef86c423f70826b94ec97418c81b23a4b9a96d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
![](.extras/assets/sl-hack-ware.jpg)

# Sl (hack) ware

### a Slackware GNU/Linux Pentesting Suite

The aim of this project is to bring a curated collection of programs, tools, libraries and various utilities, ~~packaged~~ (some packages are way too big, sorry) and ready to be installed on Slackware.

### Why Slackware

Because it's the best distro ever.

### We have Kali and/or Parrot

Yes, but I prefer Slackware.

## Packages List

This list is ever growing, if you want to ask for a package to be prioritized, just open an issue

Legend: ✅ yes / available / build-tested   ❎ not on SlackBuilds.org   ❔ not yet tested

| Package Name         | SlackBuilds.org available | Upstream                                                     | Version    | Tested -current | Tested -stable |
| -------------------- | ------------------------- | ------------------------------------------------------------ | ---------- | --------------- | -------------- |
| SecLists             | ✅                         | [danielmiessler/SecLists](https://github.com/danielmiessler/SecLists) | 2026.1 | ✅ | ❔ |
| ffuf                 | ✅                         | [ffuf/ffuf](https://github.com/ffuf/ffuf)                    | 2.1.0      | ✅ | ❔ |
| gobuster             | ✅                         | [OJ/gobuster](https://github.com/OJ/gobuster)                | 3.8.2      | ✅ | ❔ |
| hashcat              | ✅                         | [hashcat.net](https://hashcat.net/hashcat/)                  | 7.1.2      | ✅ | ❔ |
| john                 | ✅                         | [openwall.com](https://www.openwall.com/john/)               | 1.9.0      | ✅ | ❔ |
| exploitdb            | ✅                         | [exploit-db.com](https://www.exploit-db.com/)                | 2026-04-30 | ✅ | ❔ |
| cadaver              | ✅                         | [notroj/cadaver](https://notroj.github.io/cadaver/)          | 0.28       | ✅ | ❔ |
| nuclei               | ✅                         | [projectdiscovery/nuclei](https://github.com/projectdiscovery/nuclei) | 3.8.0      | ✅ | ❔ |
| feroxbuster          | ❎                         | [epi052/feroxbuster](https://github.com/epi052/feroxbuster)  | 2.13.1     | ✅ | ✅ |
| netexec              | ❎                         | [Pennyw0rth/NetExec](https://github.com/Pennyw0rth/NetExec)  | 1.5.1      | ✅ | ❎ |
| windows binaries     | ❎                         | [kali.org](https://www.kali.org/tools/windows-binaries/)     | 0.6.10     | ✅ | ❔ |
| webshells            | ❎                         | [kali.org](https://www.kali.org/tools/webshells/)            | 1.1        | ✅ | ❔ |
| metasploit-framework-bin | ✅                     | [metasploit.com](https://www.metasploit.com/)                | 6.4.135   | ✅ | ✅ |

> [!IMPORTANT]
>
> The exploitdb package pulls also the binsploits which consists of 1.1Gb of exploits.

> [!NOTE]
>
> There's an older `metasploit` package on slackbuilds.org (last updated in 2022) which is now orphaned. This `metasploit-framework-bin` package is a fresh `.deb` repack submitted alongside it, not a takeover of the old one.
>
> The cadaver package is available on slackbuilds.org but it's for an older version. I've reported here the script and built the newest version. The slackbuild includes now a pull from the [notroj/neon](https://github.com/notroj/neon) repository which is usually not allowed for SlackBuilds that are uploaded to slackbuilds.org
>
> The Powershell package is available on slackbuilds.org without modifications necessary so I removed it.

## Git Hooks

This repo ships maintainer git hooks under `.extras/hooks/`. After cloning,
install them with:

```bash
cp .extras/hooks/* .git/hooks/ && chmod 0755 .git/hooks/{pre,post}-commit
```

- **pre-commit** lints each changed package with `sbolint` and blocks the
  commit on errors. It also refuses staged source archives (these are fetched
  with `sbodl`, never committed). Bypass linting with `SBOLINT=no git commit`.
- **post-commit** offers to build an SBo submission tarball
  (`SBo/<package>.tar.gz`) for any added or updated package. To answer the
  prompt non-interactively, set `SBO_ARCHIVE=yes` or `SBO_ARCHIVE=no` in the
  environment.

## Building an SBo archive on demand

`.extras/mksboarchive <package>` builds the same `<package>.tar.gz` SBo
submission tarball the post-commit hook produces, but on demand by name
rather than at commit time:

```bash
.extras/mksboarchive feroxbuster        # writes ./feroxbuster.tar.gz
OUTPUT=/tmp .extras/mksboarchive hydra   # writes /tmp/hydra.tar.gz
```

Run it from the repo root: it looks for a `<package>/<package>.SlackBuild`
below the current directory, removes any `sbodl` source symlinks from the
package directory first (so they never leak into the tarball), then archives
the directory. The output directory defaults to the current working directory
and can be overridden with the `OUTPUT` environment variable. This means it
works the same whether you run `.extras/mksboarchive` or an installed copy
(e.g. in `~/bin`), as long as you are in the repo root.

## Vendored Crates (Rust packages)

Rust packages such as `feroxbuster` build from a vendored crates tarball
(`<pkg>-<version>-vendor.tar.gz`) declared as a second source in the `.info`
file, alongside the upstream tarball. The SlackBuild unpacks it, points cargo
at it via `.cargo/config.toml`, and builds fully offline (`cargo build
--offline --locked`).

This mirrors how SlackBuilds.org packages Rust (and Go) software. SBo builds
must be reproducible from the checksummed sources declared in `.info` and run
in a clean chroot with no network access. Letting cargo fetch from crates.io
at build time would break that: builds would depend on crates.io being
reachable and unchanged, and the SBo build farm (which runs offline) would
reject the package.

The vendor tarball is generated once per version with `cargo-vendor-filterer`
and hosted by the maintainer. `SOURCE_DATE_EPOCH` is pinned to the upstream
release tag's commit date so the archive is byte-for-byte reproducible:

```bash
tar xf feroxbuster-<version>.tar.gz && cd feroxbuster-<version>
export SOURCE_DATE_EPOCH="$(date -u -d '<release-tag commit date>' +%s)"
cargo vendor-filterer \
  --platform=x86_64-unknown-linux-gnu \
  --prefix=vendor \
  --format=tar.gz \
  feroxbuster-<version>-vendor.tar.gz
```

The tag commit date comes from the GitHub API
(`commits/<tag>``.commit.committer.date`). Then update `MD5SUM_x86_64` for
the new tarball in the `.info` file. The exact command is also recorded in the
package's own `README`.