Source: brutespray
Severity: wishlist
X-Debbugs-Cc: stefneveu@gmail.com, charlesmelara@riseup.net, sophie@offensive-security.com
User: devel@kali.org
Usertags: origin-kali

Hello

Upstream has released new versions of brutespray. They have rewritten the
tool in Golang.

They asked me to update it in Kali [1].

I have updated the package for Kali [2]. I chose to embed 9 Golang
dependencies in debian/vendor as the packages don't exist in Debian. But I don't think it is acceptable for a Debian package, or at least the debian/copyright needs to be fixed.

It would be great if you could update the package in Debian.

Thanks.

Sophie

[1] https://bugs.kali.org/view.php?id=4035
[2] https://gitlab.com/kalilinux/packages/brutespray

-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable-security'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.15-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi, Sophie.

On Thu, Mar 21, 2024 at 03:47:36PM +0100, Sophie Brun wrote:

Upstream has released new versions of brutespray. They have rewritten the tool in Golang.

I saw it and started to track which dependencies were necessary to go
through the NEW queue [1], but the upstream was releasing a new version
every day so I was just waiting a bit for things to cool down before
trying to package everything.

They asked me to update it in Kali [1].

I have updated the package for Kali [2]. I chose to embed 9 Golang dependencies in debian/vendor as the packages don't exist in Debian. But I don't think it is acceptable for a Debian package, or at least the debian/copyright needs to be fixed.

Yeah, I think we have to package the go dependencies aside from
brutespray :-( Though I was wondering if we should keep them under the
umbrella of the security team or the go team (I tend to keep under the
go team, what do you think?).

It would be great if you could update the package in Debian.

Now that it seems to have slowed down the releases, I'll check what you
have done in kali and start to package the go dependencies. If you'd
like to help, just let me know :-)

Question: do you know if the v2 has feature/api compatibility with the
python one?

Thanks.

Sophie

Cheers,
Charles

[1] https://salsa.debian.org/debian-brasilia-team/docs/-/issues/157

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECgzx8d8+AINglLHJt4M9ggJ8mQsFAmX8kFIACgkQt4M9ggJ8 mQuQNg//Ycp6uWmLG4i0qmPUIIj07bMaOE42htgEhkYkBhcEWJ+/S3/RC0mFh+5W RP/Q7ZTSxuVSdbZwrQhUFNbw7eYW03izzBqoQtX5su/k5hyBYsr5c+fKMLbuzf1M j1m6tcg1z3zVr0V/MBJaSJHp44O1rMM8YrNnYJzsVVFlBQcgVuQF00PB50z+Dscy u3hb/iucXRlC8fR+hJHhuvvAZhlD71YKx+PYKLD8WhUDhL5+8SmRUVULnjR/a+/I mHfCsdVKva1rS5nDwTk3zNefk5hKDp1VjAuOQeEkps1CzpCyx7VvhUWajwM1LKni S65i3MnKUhZ/5BR+/3RSxLnoaPFSURPOyn30usau4BzadlB3iNvVAihUURI9p+0I iDjcVCkK3VYt/qGpaWYQYTT+150qG16wfY8lwxWt1aU7dkT4TR/wW1WIQ7uErg0r C90OHuiUjCvTPqMX1tSAmuIqsclnQcFHvv7S6QKqesVP1eeRu3TR0dDAYiL8xckm Ydi4ZEkyvWBfG//45b50AwcC5nVSPNy4aue8x5dRAzOJ6/U5qW9qyAtaw4PivaQx oJ7KpIA5qj3acoViCpzoDU+xLQF/j2fh+bpLykouvccYNSE2+EYvI6wi8q10SzZG xS2/2mfjrIBPzxG8mLNinoJ5eiGB4XbZLarHWNp4a2zWRe0jIk8=
=4y1z
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)