search

zardus / ctf-tools

Some setup scripts for security research tools.
BSD 3-Clause "New" or "Revised" License
8.35k stars 1.87k forks source link

some things are downloaded over http #45

Open crowell opened 8 years ago

crowell commented 8 years ago

there are a bunch of tools downloaded over http. this isn't great in the case of being somewhere where your wifi can't be trusted (onsite at a ctf for example ;-) )

zardus commented 8 years ago

Looks like:

yans@oth ~/tools $ grep "http://" */install
afl/install:curl http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz | tar xvz
df/install:wget -O - http://www.bay12games.com/dwarves/df_40_24_linux.tar.bz2 | tar xj
dislocker/install:wget http://www.hsc.fr/ressources/outils/dislocker/download/dislocker.tar.bz2
edgessh/install:svn checkout http://edgessh.googlecode.com/svn/trunk/ edgessh-read-only
evilize/install:wget http://www.mscs.dal.ca/~selinger/md5collision/downloads/evilize-0.2.tar.gz
fuzzgrind/install:wget -O - http://esec-lab.sogeti.com/dotclear/public/fuzzgrind/fuzzgrind_090622.tar.gz | tar xvz
gdb/install:curl http://ftp.gnu.org/gnu/gdb/gdb-7.10.tar.gz | tar xvz
hash-identifier/install:svn checkout http://hash-identifier.googlecode.com/svn/trunk/ hash-identifier-read-only
msieve/install:wget -O msieve.tar.gz http://sourceforge.net/projects/msieve/files/latest/download
qemu/install:curl http://wiki.qemu-project.org/download/qemu-2.4.0.1.tar.bz2 | tar xvj
reveng/install:curl http://jaist.dl.sourceforge.net/project/reveng/1.3.1/reveng-1.3.1.tar.gz | tar xvz
steganabara/install:curl http://www.caesum.com/handbook/steganabara-1.1.1.tar.gz | tar xvz
stegdetect/install:#wget -O - http://www.outguess.org/stegdetect-0.6.tar.gz | tar xvz
stegdetect/install:wget -O - http://archive.debian.org/debian-archive/debian/pool/main/s/stegdetect/stegdetect_0.6-3.tar.gz | tar xvz stegdetect-0.6/file/Magdir/varied.out
stegsolve/install:wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
taintgrind/install:curl http://valgrind.org/downloads/valgrind-3.11.0.tar.bz2 | tar xvj
testdisk/install:curl http://www.cgsecurity.org/testdisk-7.0.linux26-x86_64.tar.bz2 | tar xvj
yafu/install:wget "http://downloads.sourceforge.net/project/yafu/1.34/yafu-1.34.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fyafu%2F&ts=1446080941&use_mirror=skylineservers" -O yafu.zip
cao commented 8 years ago

The majority of the websites do not support SSL (or only with a deprecated and blocked cipher-suite or with an invalid certificate). See PR #50.

crowell commented 8 years ago

would it be reasonable to rehost some of the packages (can be done by making a github "release" and uploading files to that. or is that getting dangerously close to making ctf-tools a "real" package manager

zardus commented 8 years ago

Yeah, I'd rather not move in that direction. Too many headaches. As we all know, convenience trumps security ;-)