Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

some things are downloaded over http #45

Open
crowell opened this issue Oct 29, 2015 · 4 comments
Open

some things are downloaded over http #45

crowell opened this issue Oct 29, 2015 · 4 comments

Comments

@crowell
Copy link
Contributor

crowell commented Oct 29, 2015

there are a bunch of tools downloaded over http. this isn't great in the case of being somewhere where your wifi can't be trusted (onsite at a ctf for example ;-) )
@zardus
Copy link
Owner

zardus commented Oct 29, 2015

Looks like:

yans@oth ~/tools $ grep "http://" */install
afl/install:curl http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz | tar xvz
df/install:wget -O - http://www.bay12games.com/dwarves/df_40_24_linux.tar.bz2 | tar xj
dislocker/install:wget http://www.hsc.fr/ressources/outils/dislocker/download/dislocker.tar.bz2
edgessh/install:svn checkout http://edgessh.googlecode.com/svn/trunk/ edgessh-read-only
evilize/install:wget http://www.mscs.dal.ca/~selinger/md5collision/downloads/evilize-0.2.tar.gz
fuzzgrind/install:wget -O - http://esec-lab.sogeti.com/dotclear/public/fuzzgrind/fuzzgrind_090622.tar.gz | tar xvz
gdb/install:curl http://ftp.gnu.org/gnu/gdb/gdb-7.10.tar.gz | tar xvz
hash-identifier/install:svn checkout http://hash-identifier.googlecode.com/svn/trunk/ hash-identifier-read-only
msieve/install:wget -O msieve.tar.gz http://sourceforge.net/projects/msieve/files/latest/download
qemu/install:curl http://wiki.qemu-project.org/download/qemu-2.4.0.1.tar.bz2 | tar xvj
reveng/install:curl http://jaist.dl.sourceforge.net/project/reveng/1.3.1/reveng-1.3.1.tar.gz | tar xvz
steganabara/install:curl http://www.caesum.com/handbook/steganabara-1.1.1.tar.gz | tar xvz
stegdetect/install:#wget -O - http://www.outguess.org/stegdetect-0.6.tar.gz | tar xvz
stegdetect/install:wget -O - http://archive.debian.org/debian-archive/debian/pool/main/s/stegdetect/stegdetect_0.6-3.tar.gz | tar xvz stegdetect-0.6/file/Magdir/varied.out
stegsolve/install:wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar
taintgrind/install:curl http://valgrind.org/downloads/valgrind-3.11.0.tar.bz2 | tar xvj
testdisk/install:curl http://www.cgsecurity.org/testdisk-7.0.linux26-x86_64.tar.bz2 | tar xvj
yafu/install:wget "http://downloads.sourceforge.net/project/yafu/1.34/yafu-1.34.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fyafu%2F&ts=1446080941&use_mirror=skylineservers" -O yafu.zip

@cao
Copy link
Contributor

cao commented Dec 19, 2015

The majority of the websites do not support SSL (or only with a deprecated and blocked cipher-suite or with an invalid certificate). See PR #50.

@crowell
Copy link
Contributor Author

crowell commented Feb 26, 2016

would it be reasonable to rehost some of the packages (can be done by making a github "release" and uploading files to that. or is that getting dangerously close to making ctf-tools a "real" package manager

@zardus
Copy link
Owner

zardus commented Feb 26, 2016

Yeah, I'd rather not move in that direction. Too many headaches. As we all know, convenience trumps security ;-)

@Edznux Edznux mentioned this issue Oct 21, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@crowell @zardus @cao