#10 Fedora Security Lab Tool Regrouping or Adding More tools for Security Professionals
Opened 2 years ago by bytehackr. Modified 2 years ago

I want to be more active in our security lab, and make it better than other security distros.
I have a tool list, where, Few tools need to be packaged (like BurpSuite, Zapproxy, etc) and a few already we have.

Tool List: https://docs.google.com/spreadsheets/d/1tP-3jJoGG0NBN-ocIQ9wy49if4C2ITFhY9-Q6U_Z1u8/edit?usp=sharing

This is a huge list of tools that need to check licensing as well as packaging, So I wish every packager can help to make this possible.

Thanks in Advance for Your Contribution.

Thanks dmknght@parrotsec.org for helping with tool list.


The spreadSheet has Commenter Permission So Anyone can comment and update the workflow.

I'd love to see this! I think Fedora Security Lab could be a well positioned as something one can use both as a fully-functional general-purpose desktop and as a security work and learning environment.

@mattdm I would like to help @bytehackr with this stuff! I totally concur your thoughts

site-note it was always important to us that the Fedora Security Lab is not a collection of dozens and dozens of tools but a careful collection of stable and useful tools - more is not better ;)

feel free to reach out to Fabian for personal feedback how to start helping with small tasks to proof that you are really committed:

From our main page -
Help us (aka Contribute)

There are many ways to help.

Pick a task or do a Package Review.
Add relevant information sources to the Documentation page.
Artwork
When we are getting close to a new release, please help with testing.

Further Questions? How to contribute? Contact Fabian.

I want to be more active in our security lab

Very help is welcome.

, and make it better than other security distros.

The "Fedora Security Lab" is not a "security distro" per se. It's Fedora with a package set that could be relevant for performing information security tasks available as a live system ;-)

This is a huge list of tools that need to check licensing as well as packaging,

All those lists are often based on the package set Kali has. Adding tools which are unmaintained for 15 years doesn't add value for the consumers. Also, spending time on packaging "community editions" of tools should be evaluated carefully as this is often a dead end.

if a packages is not part of the live media then it can be installed out of the Fedora Packages Collection. As the size of the live media has to be increased anyways there would space left to add additional tools.

The comps groups provide a larger set than the live media.

So I wish every packager can help to make this possible.

This was my romantic idea a decade ago as well. The reality is that only a few people do reviews on a regular base and often it can take from 6 to 12 months till a package passes the review process.

The current state is that it's not possible to keep well maintained tools around like bettercap, subfinder, openvas or angr. The review process of needed dependencies often take longer than the FTI/FTBFS period is and the package is removed before the issues can be resolved. Of course it can be added back later (aka doing the same work again).

Login to comment on this ticket.

Metadata