Here's my report for week 4: weevely - almost finished (will upload this week); - finishing manpage. - opened an issue asking for manpage or better help output [ https://github.com/epinna/weevely3/issues/84].
wpscan - non-free software, low effort to upload it though; - needs ruby-progressbar (>=1.6.0), which is being packaged on salsa. - send email on ruby team's list to check status of package ruby-progressbar, the required version o the package is on salsa but failing some tests. findmyhash - won't package right now; - found out we should wait for the fork to be released (hash-tool.py) [more info at https://github.com/Talanor/findmyhash]. zaproxy: needs to be repacked, lots of works and high chance of breaking without required lib's versions; - lots of java libs bundled, will confirm with mentors the next steps or if we are gonna leave this package out. dirbuster: integrated into zaproxy now, will focus on that package instead. beef-xss: lots of libs that breaks and needs lots of tests to be written first; - needs to package some rubygems, kali used to "proper" package beef-xss but the amount of regressions lead them to change to a bundled package. spreadsheet/script: - add two fields on the spreadsheet: ~ MANUAL NOTES: notes about the package that didn't got catch by the script. ~ samueloph's conclusion: my thoughts about the packaging (TODO, WIP,WONT). Other people may add their conclusion's there too. - update the kali-packages-checker script to output the Section of the package (so we know if the package is not on main already). - fix problem with script where it would detect packages not-installed from official debian repo's as present on debian and thus missing some packages. - update the script's output ods file and gdocs spreadsheet. small things: - update the team's wiki page to mention http://deb.li/pkgseckali [ https://wiki.debian.org/Teams/pkg-security] - report a problem with tagpending salsa integration explained on the team's wiki, the steps are not working - report broken link at https://wiki.debian.org/JavaPackagingFAQ - discovered that lintian would probably benefit from a check for windows binaries shipped on the package, mimikatz only ships windows pre-compiled binaries and the only check which would get that is: "source-contains-prebuilt-windows-binary", there should be a lintian "Error" tag there, probably. Still have to discuss that further with my mentors. Next steps: - talk with people about the mimikatz case to see if there's room for improvement for lintian on this case. - the script is now properly reporting packages that are not on unstable, but the way it works it thinks virtual packages are never present on debian, should rework that part with a proper check for sid presence of a package. - check for the packages sent by Gianfranco (13 packages) and package all the ones possible. - finish the packaging of weevely, wpscan, and talk about the other packages with mentors. Extra: - package python-shodan is still on the NEW queue, the changeme package will be uploaded right after. - talked with mentors and i'll do a more verbose and better formatted report now. As a starter, i'll write the report as i do the tasks, not at the end of the week, this has led me to forget things and write poor reports. Week 1: https://lists.debian.org/debian-outreach/2018/05/msg00025.html Week 2: https://lists.debian.org/debian-outreach/2018/05/msg00066.html Week 3: https://lists.debian.org/debian-outreach/2018/06/msg00018.html -- Samuel Henrique <samueloph>
