commit 871a8d90dec1a01ad103aa7680ac5ce834d4cc23 Author: CherryKitten Date: Sun Jun 9 15:38:32 2024 +0200 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..87a3018 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result +*.qcow2 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..5a994c2 --- /dev/null +++ b/LICENSE @@ -0,0 +1,22 @@ +ANTI-CAPITALIST SOFTWARE LICENSE (v 1.4) + +Copyright © 2024 CherryKitten + +This is anti-capitalist software, released for free use by individuals and organizations that do not operate by capitalist principles. + +Permission is hereby granted, free of charge, to any person or organization (the "User") obtaining a copy of this software and associated documentation files (the "Software"), to use, copy, modify, merge, distribute, and/or sell copies of the Software, subject to the following conditions: + +1. The above copyright notice and this permission notice shall be included in all copies or modified versions of the Software. + +2. The User is one of the following: + a. An individual person, laboring for themselves + b. A non-profit organization + c. An educational institution + d. An organization that seeks shared profit for all of its members, and allows non-members to set the cost of their labor + +3. If the User is an organization with owners, then all owners are workers and all workers are owners with equal equity and/or equal vote. + +4. If the User is an organization, then the User is not law enforcement or military, or working for or under either. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT EXPRESS OR IMPLIED WARRANTY OF ANY KIND, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..5df75ec --- /dev/null +++ b/README.md @@ -0,0 +1,46 @@ +# Shiva + +Shiva is like Kali Linux, but based on NixOS + +Currently Work in Progress + +## Usage + +### NixOS Module + +Add Shiva to your flake inputs and import the NixOS Module + +``` +inputs.shiva.url = "git+https://git.cherrykitten.dev/sammy/shiva"; +# Or use the GitHub Mirror +inputs.shiva-github.url = "github://cherrykitten/shiva"; + +outputs = inputs @{ shiva, ...}: { + nixosConfigurations = { + your-host = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ shiva.nixosModules.shiva ./your/host/config ]; + }; + } +} +``` + +Then enable it in your configuration: + +``` +shiva.enable = true; + +# You can optionally enable GUI-based apps +shiva.gui-tools = true; + +# And disable specific package sets you might not want +shiva.modules.passwords.enable = false; +``` + +### In a VM + +Run `nixos-rebuild build-vm --flake .#iso-{graphical/minimal}` to build the virtual machine, then `result/bin/run-Shiva-vm` to launch it. + +### As a live image + +Build an ISO image using `nix build .#nixosConfigurations.iso-{graphical/minimal}.config.system.build.isoImage` and use your favorite method for writing it to a USB and booting it. diff --git a/configurations.nix b/configurations.nix new file mode 100644 index 0000000..a20084d --- /dev/null +++ b/configurations.nix @@ -0,0 +1,14 @@ +{ inputs, ... }: { + flake = { + nixosConfigurations = { + iso-minimal = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./profiles/minimal.nix ]; + }; + iso-graphical = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./profiles/graphical.nix ]; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..4904881 --- /dev/null +++ b/flake.lock @@ -0,0 +1,58 @@ +{ + "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1717786204, + "narHash": "sha256-4q0s6m0GUcN7q+Y2DqD27iLvbcd1G50T2lv08kKxkSI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "051f920625ab5aabe37c920346e3e69d7d34400e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1717284937, + "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..4838450 --- /dev/null +++ b/flake.nix @@ -0,0 +1,45 @@ +{ + description = "Shiva Linux - Like Kali but based on NixOS"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + + flake-parts.url = "github:hercules-ci/flake-parts"; + }; + + outputs = inputs @ { self, flake-parts, nixpkgs, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + + imports = [ + ./configurations.nix + ]; + + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + + perSystem = { config, pkgs, system, ... }: { + + formatter = pkgs.nixpkgs-fmt; + + devShells = { + default = pkgs.mkShell { + shellHook = "exec $SHELL"; + }; + }; + + + packages = { + hello = nixpkgs.legacyPackages.${system}.hello; + default = self.packages.${system}.hello; + }; + }; + + flake = { + nixosModules = { + shiva = import ./modules/shiva; + }; + }; + }; +} diff --git a/modules/passwords/default.nix b/modules/passwords/default.nix new file mode 100644 index 0000000..2cae1cb --- /dev/null +++ b/modules/passwords/default.nix @@ -0,0 +1,36 @@ +{ pkgs, config, lib, ... }: +let + cfg = config.shiva.modules.passwords; +in +{ + options.shiva.modules.passwords = { + enable = lib.mkEnableOption "Password cracking and brute-forcing related tools"; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + authoscope # Scriptable network authentication cracker + bruteforce-luks # Cracks passwords of LUKS encrypted volumes + brutespray # Tool to do brute-forcing from Nmap output + crunch # Wordlist generator + crowbar # A brute forcing tool that can be used during penetration tests + chntpw # A utility to reset the password of any user that has a valid local account on a Windows system + firefox_decrypt # A tool to extract passwords from profiles of Mozilla Firefox and derivates + h8mail # Email OSINT & Password breach hunting tool + hashcat # Fast password cracker + hashcat-utils # Small utilities that are useful in advanced password cracking + hashdeep # A set of cross-platform tools to compute hashes + hcxtools # Tools for capturing wlan traffic and conversion to hashcat and John the Ripper formats + john # John the Ripper password cracker + legba # A multiprotocol credentials bruteforcer / password sprayer and enumerator + medusa # A speedy, parallel, and modular, login brute-forcer + nasty # Recover the passphrase of your PGP or GPG-key + ncrack # Network authentication tool + nth # Module and CLI for the identification of hashes + phrasendrescher # A modular and multi processing pass phrase cracking tool + python311Packages.patator # Multi-purpose brute-forcer + thc-hydra # A very fast network logon cracker which support many different services + truecrack # A brute-force password cracker for TrueCrypt volumes + ]; + }; +} diff --git a/modules/shiva/default.nix b/modules/shiva/default.nix new file mode 100644 index 0000000..574a63d --- /dev/null +++ b/modules/shiva/default.nix @@ -0,0 +1,24 @@ +{ pkgs, config, lib, ... }: +let + cfg = config.shiva; +in +{ + imports = [ + ../passwords + ../web + ]; + + options.shiva = { + enable = lib.mkEnableOption "Shiva Linux"; + gui-tools = lib.mkOption { + type = lib.types.bool; + description = "Whether to enable GUI tools"; + default = false; + }; + }; + + config = lib.mkIf cfg.enable { + shiva.modules.passwords.enable = lib.mkDefault true; + shiva.modules.web.enable = lib.mkDefault true; + }; +} diff --git a/modules/web/default.nix b/modules/web/default.nix new file mode 100644 index 0000000..961a044 --- /dev/null +++ b/modules/web/default.nix @@ -0,0 +1,60 @@ +{ pkgs, config, lib, ... }: +let + cfg = config.shiva.modules.web; + gui = config.shiva.gui-tools; +in +{ + options.shiva.modules.web = { + enable = lib.mkEnableOption "Web Application and API Hacking"; + burpsuite.proEdition = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Install Burpsuite Pro"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + apachetomcatscanner # Tool to scan for Apache Tomcat server vulnerabilities + arjun # HTTP parameter discovery suite + brakeman # Static analysis security scanner for Ruby on Rails + cansina # Web Content Discovery Tool + cariddi # Crawler for URLs and endpoints + chopchop # CLI to search for sensitive services/files/folders + clairvoyance # Tool to obtain GraphQL API schemas + commix # Automated Command Injection Exploitation Tool + crackql # GraphQL password brute-force and fuzzing utility + crlfsuite # CRLF injection (HTTP Response Splitting) scanner + dalfox # Tool for analysing parameter and XSS scanning + dismap # Asset discovery and identification tools + dirstalk # Tool to brute force paths on web servers + gau # Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. + gospider # Fast web spider written in Go + gotestwaf # Tool for API and OWASP attack simulation + gowitness # Web screenshot utility + graphqlmap # Tool to interact with a GraphQL endpoint + graphw00f # GraphQL Server Engine Fingerprinting utility + gungnir # A command-line tool that continuously monitors certificate transparency (CT) logs for newly issued SSL/TLS certificates + hakrawler # Web crawler for the discovery of endpoints and assets + httpx # Fast and multi-purpose HTTP toolkit + jsubfinder # Tool to search for subdomains and secrets hidden in JavaScript + jwt-hack # Tool for attacking JWTs + mantra # Tool used to hunt down API key leaks in JS files and pages + ntlmrecon # Information enumerator for NTLM authentication enabled web endpoints + plecost # Vulnerability fingerprinting and vulnerability finder for Wordpress blog engine + snallygaster # Tool to scan for secret files on HTTP servers + wad # Tool for detecting technologies used by web applications + webanalyze # Tool to uncover technologies used on websites + wprecon # WordPress vulnerability recognition tool + wpscan # Black box WordPress vulnerability scanner + wsrepl # WebSocket REPL + wuzz # Interactive cli tool for HTTP inspection + xcrawl3r # A CLI utility to recursively crawl webpages + ] ++ lib.optionals gui [ + (burpsuite.override { + proEdition = cfg.burpsuite.proEdition; + }) # An integrated platform for performing security testing of web applications + zap + ]; + }; +} diff --git a/profiles/base.nix b/profiles/base.nix new file mode 100644 index 0000000..9998d0b --- /dev/null +++ b/profiles/base.nix @@ -0,0 +1,49 @@ +{ pkgs, ... }: { + imports = [ ../modules/shiva ]; + + shiva.enable = true; + + networking.hostName = "Shiva"; + # Enables copy / paste when running in a KVM with spice. + services.spice-vdagentd.enable = true; + + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + }; + }; + + users.users.nixos.shell = pkgs.fish; + programs.fish.enable = true; + + environment.systemPackages = with pkgs; [ + bind.dnsutils + fd + git + gnupg + htop + mkpasswd + neovim-unwrapped + nixpkgs-fmt + tmux + wget + ]; + + # Use faster squashfs compression + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + + nixpkgs.config.allowUnfree = true; + hardware.enableAllFirmware = true; + + + virtualisation.vmVariant = { + # following configuration is added only when building VM with build-vm + virtualisation = { + memorySize = 8192; + cores = 6; + graphics = true; + }; + }; + + system.stateVersion = "24.05"; +} diff --git a/profiles/graphical.nix b/profiles/graphical.nix new file mode 100644 index 0000000..80c0135 --- /dev/null +++ b/profiles/graphical.nix @@ -0,0 +1,10 @@ +{ modulesPath, ... }: { + imports = [ + ./base.nix + "${modulesPath}/installer/cd-dvd/installation-cd-graphical-plasma5.nix" + ]; + + config = { + shiva.gui-tools = true; + }; +} diff --git a/profiles/minimal.nix b/profiles/minimal.nix new file mode 100644 index 0000000..82f2efc --- /dev/null +++ b/profiles/minimal.nix @@ -0,0 +1,6 @@ +{ modulesPath, ... }: { + imports = [ + ./base.nix + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ]; +}