4c57b932ab
CipherScan is a simple way to find out which SSL ciphersuites are supported by a target. It can take advantage of the extra features in Peter Mosmans' openssl fork (which is also included in this commit).
43 lines
1.3 KiB
Nix
43 lines
1.3 KiB
Nix
{ stdenv, lib, fetchFromGitHub, pkgconfig, openssl, makeWrapper, python, coreutils }:
|
|
|
|
stdenv.mkDerivation rec {
|
|
name = "cipherscan-${version}";
|
|
version = "2015-12-17";
|
|
src = fetchFromGitHub {
|
|
owner = "jvehent";
|
|
repo = "cipherscan";
|
|
rev = "18b0d1b952d027d20e38f07329817873ec077d26";
|
|
sha256 = "0b6fkfm2y8w04am4krspmapcc5ngn603n5rlwyjly92z2dawc7h8";
|
|
};
|
|
buildInputs = [ makeWrapper python ];
|
|
patches = [ ./path.patch ];
|
|
buildPhase = ''
|
|
substituteInPlace cipherscan \
|
|
--replace "@OPENSSLBIN@" \
|
|
"${openssl}/bin/openssl" \
|
|
--replace "@TIMEOUTBIN@" \
|
|
"${coreutils}/bin/timeout" \
|
|
--replace "@READLINKBIN@" \
|
|
"${coreutils}/bin/readlink"
|
|
|
|
substituteInPlace analyze.py \
|
|
--replace "@OPENSSLBIN@" \
|
|
"${openssl}/bin/openssl"
|
|
'';
|
|
installPhase = ''
|
|
mkdir -p $out/bin
|
|
|
|
cp cipherscan $out/bin
|
|
cp openssl.cnf $out/bin
|
|
cp analyze.py $out/bin
|
|
|
|
wrapProgram $out/bin/analyze.py --set PYTHONPATH "$PYTHONPATH"
|
|
'';
|
|
meta = with lib; {
|
|
description = "Very simple way to find out which SSL ciphersuites are supported by a target";
|
|
homepage = "https://github.com/jvehent/cipherscan";
|
|
license = licenses.mpl;
|
|
platforms = platforms.all;
|
|
maintainers = with maintainers; [ cstrahan ];
|
|
};
|
|
}
|