Difference between revisions of "Security packages"
Jump to navigation
Jump to search
(Created page with "Here is a list of security-related packages available in Debian-alike distros. <br>My setup is made of a basis of LMDE with Debian and [[K...") |
m (→logkeys) |
||
| (12 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Here is a list of security-related packages available in Debian-alike distros. |
+ | Here is a list of security-related packages available in Debian-alike distros that I'm using. |
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
<br>My setup is made of a basis of [[LMDE]] with [[LMDE#Add_Debian_repositories|Debian]] and [[Kali#Add_Kali_repositories_to_LMDE|Kali]] pinned repositories. |
||
| + | ==network== |
||
| + | <pre> |
||
| + | arping - sends IP and/or ARP pings (to the MAC address) |
||
| + | dsniff - Various tools to sniff network traffic for cleartext insecurities |
||
| + | etherwake - tool to send magic Wake-on-LAN packets |
||
| + | iodine - tool for tunneling IPv4 data through a DNS server |
||
| + | kismet - wireless sniffer and monitor - core |
||
| + | kismet-plugins - wireless sniffer and monitor - plugins |
||
| + | ndisc6 - IPv6 diagnostic tools |
||
| + | netcat - TCP/IP swiss army knife -- transitional package |
||
| + | netsniff-ng - packet sniffing beast |
||
| + | nmap - The Network Mapper |
||
| + | socat - multipurpose relay for bidirectional data transfer |
||
| + | sshfs - filesystem client based on SSH File Transfer Protocol |
||
| + | themole - automatic SQL injection exploitation tool |
||
| + | </pre> |
||
| + | ==forensics== |
||
| + | <pre> |
||
| + | autopsy - graphical interface to SleuthKit |
||
| + | chkrootkit - rootkit detector |
||
| + | cruft - program that finds any cruft built up on your system |
||
| + | dc3dd - patched version of GNU dd with forensic features |
||
| + | dcfldd - enhanced version of dd for forensics and security |
||
| + | ext4magic - recover deleted files from ext3 or ext4 partitions |
||
| + | foremost - forensic program to recover lost files |
||
| + | gpart - Guess PC disk partition table, find lost partitions |
||
| + | logkeys - keylogger for GNU/Linux systems |
||
| + | mac-robber - collects data about allocated files in mounted filesystems |
||
| + | memdump - utility to dump memory contents to standard output |
||
| + | pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents |
||
| + | recoverdm - recover files/disks with damaged sectors |
||
| + | recoverjpeg - tool to recover JPEG images from a filesystem image |
||
| + | rkhunter - rootkit, backdoor, sniffer and exploit scanner |
||
| + | tiger - Report system security vulnerabilities |
||
| + | unhide.rb - Forensic tool to find processes hidden by rootkits |
||
| + | vinetto - A forensics tool to examine Thumbs.db files |
||
| + | wipe - Secure file deletion |
||
| + | vbindiff - visual binary diff, visually compare binary files |
||
| + | </pre> |
||
| + | Kali: |
||
| + | recover - Undelete files on ext2 partitions |
||
| + | |||
| + | ==stegano== |
||
| + | <pre> |
||
| + | outguess - Universal Steganographic tool |
||
| + | steghide - A steganography hiding tool |
||
| + | </pre> |
||
| + | ==crypto== |
||
| + | <pre> |
||
| + | fcrackzip - password cracker for zip archives |
||
| + | password-gorilla - cross-platform password manager |
||
| + | pdfcrack - PDF files password cracker |
||
| + | ssss - Shamir's secret sharing scheme implementation |
||
| + | rotix - A program to generate rotational obfuscations |
||
| + | </pre> |
||
| + | |||
| + | john - active password cracking tool |
||
| + | John is more complete on Kali, so let's pin it: |
||
| + | |||
| + | Add to /etc/apt/preferences.d/kali-package-repositories.pref |
||
| + | Package: john john-data |
||
| + | Pin: release n=kali |
||
| + | Pin-Priority: 990 |
||
| + | |||
| + | ==reverse-engineering== |
||
| + | <pre> |
||
| + | flasm - assembler and disassembler for Flash (SWF) bytecode |
||
| + | </pre> |
||
| + | Kali: |
||
| + | binwalk - A firmware analysis tool |
||
| + | -> |
||
| + | apt-get install binwalk/kali |
||
| + | |||
| + | ==coding== |
||
| + | <pre> |
||
| + | ckport - portability analysis and security checking tool |
||
| + | cppcheck - tool for static C/C++ code analysis |
||
| + | flawfinder - examines source code and looks for security weaknesses |
||
| + | pychecker - tool to find common bugs in Python source code |
||
| + | pylint - python code static checker and UML diagram generator |
||
| + | </pre> |
||
| + | |||
| + | ==Specific installation instructions== |
||
| + | ===Building dependencies=== |
||
| + | Some of the softs require prerequisites, see [[LMDE#devel]] |
||
| + | ===LUKS Nuke=== |
||
| + | * http://www.kali.org/how-to/emergency-self-destruction-luks-kali/ |
||
| + | * http://www.kali.org/how-to/nuke-kali-linux-luks/ |
||
| + | * http://lxer.com/module/newswire/view/103692/index.html : |
||
| + | ''The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0). '' |
||
| + | cryptsetup luksAddNuke <device> |
||
| + | ''It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.'' |
||
| + | <br>''The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.'' |
||
| + | |||
| + | apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali |
||
| + | If initrd was not rebuilt in the process: |
||
| + | dpkg-reconfigure cryptsetup |
||
| + | |||
| + | cryptsetup luksAddNuke /dev/sda1 |
||
| + | Better to pin it: |
||
| + | <br>Add to /etc/apt/preferences.d/kali-package-repositories.pref |
||
| + | Package: /cryptsetup/ |
||
| + | Pin: release n=kali |
||
| + | Pin-Priority: 990 |
||
| + | ===pwsafe=== |
||
| + | Have to backport from squeeze: get and install those |
||
| + | http://ftp.de.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb |
||
| + | http://ftp.de.debian.org/debian/pool/main/p/pwsafe/pwsafe_0.2.0-3_amd64.deb |
||
| + | ===IDA Pro=== |
||
| + | See http://blog.stalkr.net/2014/01/ida-on-debian-amd64-with-python.html |
||
| + | <br>Run installation file |
||
| + | <br>It requires libglib2.0-0 but because of chromium/jessie we need the jessie one: |
||
| + | apt-get install -t jessie libglib2.0-0:i386 libselinux1:i386 |
||
| + | |||
| + | apt-get install libstdc++6:i386 libc6-i686:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libglib2.0-0:i386 \ |
||
| + | libice6:i386 libpcre3:i386 libpng12-0:i386 libsm6:i386 libstdc++6:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 \ |
||
| + | libxdmcp6:i386 libxext6:i386 libxrender1:i386 zlib1g:i386 |
||
| + | apt-get install libpython2.7:i386 |
||
| + | ===logkeys=== |
||
| + | apt-get install logkeys |
||
| + | Find keyboard device to see which eventX to use: |
||
| + | grep "^[NH]" /proc/bus/input/devices |
||
| + | Edit /etc/default/logkeys: |
||
| + | ENABLED=1 |
||
| + | LOGFILE=/var/log/logkeys |
||
| + | DEVICE=/dev/input/event0 |
||
| + | Avoid it to start automatically: |
||
| + | update-rc.d logkeys disable |
||
| + | Allow starting it without password prompt: |
||
| + | <br>Create /etc/sudoers.d/logkeys: |
||
| + | <myuser> ALL = NOPASSWD: /etc/init.d/logkeys |
||
| + | Provide stealth hooks, under your choice name, e.g. "sl" (for mispelled "ls") etc: |
||
| + | #!/bin/bash |
||
| + | sudo /etc/init.d/logkeys start >/dev/null |
||
| + | echo "bash: $(basename $0): command not found" |
||
| + | exit 127 |
||
| + | |||
| + | #!/bin/bash |
||
| + | sudo /etc/init.d/logkeys stop >/dev/null |
||
| + | echo "bash: $(basename $0): command not found" |
||
| + | exit 127 |
||
| + | If you get wrong keys in the log, create a mapfile according to /usr/share/doc/logkeys/README.gz ch4.2 then save it into /etc/logkeys-keymap and to load it, add to /etc/default/logkeys: |
||
| + | DAEMON_OPTS="--keymap /etc/logkeys-keymap" |
||
| + | But /etc/init.d/logkeys adds the incompatible option -u that we've to remove, so edit /etc/init.d/logkeys: |
||
| + | DAEMON_OPTS="-s -d $DEVICE -o $LOGFILE $DAEMON_OPTS" |
||
| + | |||
| + | ===Wireshark=== |
||
| + | <pre> |
||
| + | tshark - network traffic analyzer - console version |
||
| + | wireshark - network traffic analyzer - GTK+ version |
||
| + | </pre> |
||
| + | |||
| + | apt-get install wireshark tshark |
||
| + | dpkg-reconfigure wireshark-common |
||
| + | adduser <myuser> wireshark |
||
| + | ===GUFW=== |
||
| + | Firewall: |
||
| + | apt-get install gufw |
||
| + | Add entry in menu manually... see /usr/share/applications/gufw.desktop |
||
| + | <br>Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item". |
||
| + | ===mitmproxy=== |
||
| + | <pre> |
||
| + | mitmproxy - SSL-capable man-in-the-middle HTTP proxy |
||
| + | </pre> |
||
| + | See http://mitmproxy.org/ |
||
| + | apt-get install mitmproxy/jessie python-netlib/jessie |
||
| + | After first run of mitmproxy, certs are created. |
||
| + | <br>Install ~/.mitmproxy/mitmproxy-ca-cert.cer as authority or: |
||
| + | <br>Run mitmproxy, visit http://mitm.it and install certificate |
||
| + | |||
| + | To run mitmproxy on a router as transparent proxy, e.g. on the exit node of my VPN: |
||
| + | <br>I keep same certs as my local ones |
||
| + | scp -r .mitmproxy myvpn.box: |
||
| + | <br>On myvpn.box I've the following scripts: |
||
| + | <br>./mitmproxy: |
||
| + | <source lang=bash> |
||
| + | iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765 |
||
| + | iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765 |
||
| + | export LANG=en_US.UTF-8 |
||
| + | mitmproxy -T --host -p 8765 $* |
||
| + | iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765 |
||
| + | iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765 |
||
| + | </source> |
||
| + | ./mitmdump: |
||
| + | <source lang=bash> |
||
| + | iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765 |
||
| + | iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765 |
||
| + | export LANG=en_US.UTF-8 |
||
| + | mitmdump -T --host -p 8765 $* |
||
| + | iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765 |
||
| + | iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765 |
||
| + | </source> |
||
| + | And I can call them remotely: |
||
| + | <br>vpn_mitmproxy: |
||
| + | <source lang=bash> |
||
| + | ssh -t myvpn.box ./mitmproxy $* |
||
| + | </source> |
||
| + | |||
| + | vpn_mitmdump: |
||
| + | <source lang=bash> |
||
| + | ssh myvpn.box ./mitmdump $* |
||
| + | </source> |
||
| + | |||
| + | ===[[PyCryptoPlus]]=== |
||
| + | $ git clone https://github.com/doegox/python-cryptoplus |
||
| + | $ cd python-cryptoplus/ |
||
| + | # python setup.py install |
||
| + | |||
| + | ===Smartcard / RFID / NFC related=== |
||
| + | ====[[Belgian eID]]==== |
||
| + | cf http://eid.belgium.be/fr/utiliser_votre_eid/installer_le_logiciel_eid/linux/ |
||
| + | <br>-> debian 64 |
||
| + | <br>See also https://code.google.com/p/eid-mw/wiki/ChromeLinux : |
||
| + | <pre> |
||
| + | libnss3-tools - Network Security Service tools |
||
| + | </pre> |
||
| + | Close Chrome |
||
| + | cd |
||
| + | modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so |
||
| + | modutil -dbdir sql:.pki/nssdb/ -list |
||
| + | ====EMV-CAP==== |
||
| + | python setup.py install |
||
| + | And install: |
||
| + | <pre> |
||
| + | python-pyscard - Python wrapper above PC/SC API |
||
| + | </pre> |
||
| + | ====libnfc/libfreefare==== |
||
| + | <pre> |
||
| + | libfreefare-bin - MIFARE card manipulations binaries |
||
| + | libfreefare-dev - MIFARE card manipulations library (development files) |
||
| + | libfreefare-doc - documentation for libfreefare |
||
| + | libnfc-bin - Near Field Communication (NFC) binaries |
||
| + | libnfc-dev - Near Field Communication (NFC) library (development files) |
||
| + | libnfc-examples - Near Field Communication (NFC) examples |
||
| + | libnfc-pn53x-examples - Near Field Communication (NFC) examples for PN53x chips only |
||
| + | </pre> |
||
| + | Better to pin what we always want from Debian directly: |
||
| + | <br>Add to /etc/apt/preferences.d/debian-package-repositories.pref |
||
| + | <pre> |
||
| + | Package: libnfc* |
||
| + | Pin: origin ftp.be.debian.org |
||
| + | Pin-Priority: 990 |
||
| + | |||
| + | Package: libfreefare* |
||
| + | Pin: origin ftp.be.debian.org |
||
| + | Pin-Priority: 990 |
||
| + | </pre> |
||
| + | Then |
||
| + | apt-get install libnfc-bin libnfc-dev libnfc-examples libnfc-pn53x-examples |
||
| + | apt-get install libfreefare-bin libfreefare-dev libfreefare-doc |
||
| + | modprobe -r pn533 |
||
| + | adduser <myuser> plugdev |
||
| + | |||
| + | ====bp-tools==== |
||
| + | From http://www.eftlab.co.uk/index.php/downloads/bp-tools |
||
| + | <br>Needs libpthread-stubs0: |
||
| + | http://ftp.de.debian.org/debian/pool/main/libp/libpthread-stubs/libpthread-stubs0_0.3-3_amd64.deb |
||
| + | |||
| + | apt-get install libsqlite3-dev sqlite3 |
||
| + | dpkg --purge bp-tools |
||
| + | dpkg -i bp-tools_14.04_amd64_free.deb |
||
Latest revision as of 22:26, 6 August 2014
Here is a list of security-related packages available in Debian-alike distros that I'm using.
My setup is made of a basis of LMDE with Debian and Kali pinned repositories.
network
arping - sends IP and/or ARP pings (to the MAC address) dsniff - Various tools to sniff network traffic for cleartext insecurities etherwake - tool to send magic Wake-on-LAN packets iodine - tool for tunneling IPv4 data through a DNS server kismet - wireless sniffer and monitor - core kismet-plugins - wireless sniffer and monitor - plugins ndisc6 - IPv6 diagnostic tools netcat - TCP/IP swiss army knife -- transitional package netsniff-ng - packet sniffing beast nmap - The Network Mapper socat - multipurpose relay for bidirectional data transfer sshfs - filesystem client based on SSH File Transfer Protocol themole - automatic SQL injection exploitation tool
forensics
autopsy - graphical interface to SleuthKit chkrootkit - rootkit detector cruft - program that finds any cruft built up on your system dc3dd - patched version of GNU dd with forensic features dcfldd - enhanced version of dd for forensics and security ext4magic - recover deleted files from ext3 or ext4 partitions foremost - forensic program to recover lost files gpart - Guess PC disk partition table, find lost partitions logkeys - keylogger for GNU/Linux systems mac-robber - collects data about allocated files in mounted filesystems memdump - utility to dump memory contents to standard output pdfresurrect - tool for extracting/scrubbing versioning data from PDF documents recoverdm - recover files/disks with damaged sectors recoverjpeg - tool to recover JPEG images from a filesystem image rkhunter - rootkit, backdoor, sniffer and exploit scanner tiger - Report system security vulnerabilities unhide.rb - Forensic tool to find processes hidden by rootkits vinetto - A forensics tool to examine Thumbs.db files wipe - Secure file deletion vbindiff - visual binary diff, visually compare binary files
Kali:
recover - Undelete files on ext2 partitions
stegano
outguess - Universal Steganographic tool steghide - A steganography hiding tool
crypto
fcrackzip - password cracker for zip archives password-gorilla - cross-platform password manager pdfcrack - PDF files password cracker ssss - Shamir's secret sharing scheme implementation rotix - A program to generate rotational obfuscations
john - active password cracking tool
John is more complete on Kali, so let's pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: john john-data Pin: release n=kali Pin-Priority: 990
reverse-engineering
flasm - assembler and disassembler for Flash (SWF) bytecode
Kali:
binwalk - A firmware analysis tool
->
apt-get install binwalk/kali
coding
ckport - portability analysis and security checking tool cppcheck - tool for static C/C++ code analysis flawfinder - examines source code and looks for security weaknesses pychecker - tool to find common bugs in Python source code pylint - python code static checker and UML diagram generator
Specific installation instructions
Building dependencies
Some of the softs require prerequisites, see LMDE#devel
LUKS Nuke
- http://www.kali.org/how-to/emergency-self-destruction-luks-kali/
- http://www.kali.org/how-to/nuke-kali-linux-luks/
- http://lxer.com/module/newswire/view/103692/index.html :
The first part of the new feature is to actually store a "nuke" passphrase in a keyslot. However, this passphrase does not encrypt the masterkey used for en-/decrypting the partition, but rather encrypts a magic value (0x0...0).
cryptsetup luksAddNuke <device>
It behaves pretty much like a "luksAddKey", only that the actual keyslot data does not contain any cryptographic material.
The second part of the implementation is a modification of the function that unlocks a keyslot and extracts the key material for en-/decryption. This function now contains a check for said magical value and deletes all keyslots if it encounters it.
apt-get install cryptsetup/kali cryptsetup-bin/kali libcryptsetup4/kali
If initrd was not rebuilt in the process:
dpkg-reconfigure cryptsetup
cryptsetup luksAddNuke /dev/sda1
Better to pin it:
Add to /etc/apt/preferences.d/kali-package-repositories.pref
Package: /cryptsetup/ Pin: release n=kali Pin-Priority: 990
pwsafe
Have to backport from squeeze: get and install those
http://ftp.de.debian.org/debian/pool/main/o/openssl/libssl0.9.8_0.9.8o-4squeeze14_amd64.deb http://ftp.de.debian.org/debian/pool/main/p/pwsafe/pwsafe_0.2.0-3_amd64.deb
IDA Pro
See http://blog.stalkr.net/2014/01/ida-on-debian-amd64-with-python.html
Run installation file
It requires libglib2.0-0 but because of chromium/jessie we need the jessie one:
apt-get install -t jessie libglib2.0-0:i386 libselinux1:i386
apt-get install libstdc++6:i386 libc6-i686:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgcc1:i386 libglib2.0-0:i386 \
libice6:i386 libpcre3:i386 libpng12-0:i386 libsm6:i386 libstdc++6:i386 libuuid1:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 \
libxdmcp6:i386 libxext6:i386 libxrender1:i386 zlib1g:i386
apt-get install libpython2.7:i386
logkeys
apt-get install logkeys
Find keyboard device to see which eventX to use:
grep "^[NH]" /proc/bus/input/devices
Edit /etc/default/logkeys:
ENABLED=1 LOGFILE=/var/log/logkeys DEVICE=/dev/input/event0
Avoid it to start automatically:
update-rc.d logkeys disable
Allow starting it without password prompt:
Create /etc/sudoers.d/logkeys:
<myuser> ALL = NOPASSWD: /etc/init.d/logkeys
Provide stealth hooks, under your choice name, e.g. "sl" (for mispelled "ls") etc:
#!/bin/bash sudo /etc/init.d/logkeys start >/dev/null echo "bash: $(basename $0): command not found" exit 127
#!/bin/bash sudo /etc/init.d/logkeys stop >/dev/null echo "bash: $(basename $0): command not found" exit 127
If you get wrong keys in the log, create a mapfile according to /usr/share/doc/logkeys/README.gz ch4.2 then save it into /etc/logkeys-keymap and to load it, add to /etc/default/logkeys:
DAEMON_OPTS="--keymap /etc/logkeys-keymap"
But /etc/init.d/logkeys adds the incompatible option -u that we've to remove, so edit /etc/init.d/logkeys:
DAEMON_OPTS="-s -d $DEVICE -o $LOGFILE $DAEMON_OPTS"
Wireshark
tshark - network traffic analyzer - console version wireshark - network traffic analyzer - GTK+ version
apt-get install wireshark tshark dpkg-reconfigure wireshark-common adduser <myuser> wireshark
GUFW
Firewall:
apt-get install gufw
Add entry in menu manually... see /usr/share/applications/gufw.desktop
Right-click the Mint Menu, select "Configure" then "Open the menu editor", Click a software category / "New Item".
mitmproxy
mitmproxy - SSL-capable man-in-the-middle HTTP proxy
apt-get install mitmproxy/jessie python-netlib/jessie
After first run of mitmproxy, certs are created.
Install ~/.mitmproxy/mitmproxy-ca-cert.cer as authority or:
Run mitmproxy, visit http://mitm.it and install certificate
To run mitmproxy on a router as transparent proxy, e.g. on the exit node of my VPN:
I keep same certs as my local ones
scp -r .mitmproxy myvpn.box:
On myvpn.box I've the following scripts:
./mitmproxy:
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
export LANG=en_US.UTF-8
mitmproxy -T --host -p 8765 $*
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
./mitmdump:
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
export LANG=en_US.UTF-8
mitmdump -T --host -p 8765 $*
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8765
iptables -t nat -D PREROUTING -i tap0 -p tcp --dport 443 -j REDIRECT --to-port 8765
And I can call them remotely:
vpn_mitmproxy:
ssh -t myvpn.box ./mitmproxy $*
vpn_mitmdump:
ssh myvpn.box ./mitmdump $*
PyCryptoPlus
$ git clone https://github.com/doegox/python-cryptoplus $ cd python-cryptoplus/ # python setup.py install
Belgian eID
cf http://eid.belgium.be/fr/utiliser_votre_eid/installer_le_logiciel_eid/linux/
-> debian 64
See also https://code.google.com/p/eid-mw/wiki/ChromeLinux :
libnss3-tools - Network Security Service tools
Close Chrome
cd modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so modutil -dbdir sql:.pki/nssdb/ -list
EMV-CAP
python setup.py install
And install:
python-pyscard - Python wrapper above PC/SC API
libnfc/libfreefare
libfreefare-bin - MIFARE card manipulations binaries libfreefare-dev - MIFARE card manipulations library (development files) libfreefare-doc - documentation for libfreefare libnfc-bin - Near Field Communication (NFC) binaries libnfc-dev - Near Field Communication (NFC) library (development files) libnfc-examples - Near Field Communication (NFC) examples libnfc-pn53x-examples - Near Field Communication (NFC) examples for PN53x chips only
Better to pin what we always want from Debian directly:
Add to /etc/apt/preferences.d/debian-package-repositories.pref
Package: libnfc* Pin: origin ftp.be.debian.org Pin-Priority: 990 Package: libfreefare* Pin: origin ftp.be.debian.org Pin-Priority: 990
Then
apt-get install libnfc-bin libnfc-dev libnfc-examples libnfc-pn53x-examples apt-get install libfreefare-bin libfreefare-dev libfreefare-doc modprobe -r pn533 adduser <myuser> plugdev
bp-tools
From http://www.eftlab.co.uk/index.php/downloads/bp-tools
Needs libpthread-stubs0:
http://ftp.de.debian.org/debian/pool/main/libp/libpthread-stubs/libpthread-stubs0_0.3-3_amd64.deb
apt-get install libsqlite3-dev sqlite3 dpkg --purge bp-tools dpkg -i bp-tools_14.04_amd64_free.deb