View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0005177||Kali Linux||[All Projects] Queued Tool Addition||public||2018-12-27 21:23||2019-11-01 10:54|
|Target Version||Fixed in Version|
|Summary||0005177: Replace sslcaudit with qsslcaudit|
I am the author of sslcaudit tool you have in your distro https://en.kali.tools/all/?tool=1352.
The thing is the tool is not updated and does not produce reliable results anymore.
There is better tool: https://github.com/gremwell/qsslcaudit, developed by my colleague.
Here is docker file for Kali: https://github.com/gremwell/qsslcaudit/blob/docker/Dockerfile.kali.
Could you please remove sslcaudit and add qsslcaudit instead?
||Correct website URL for this tool: https://www.gremwell.com/tools/qsslcaudit (under construction).|
Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling <= 2018.4), these legacy versions are no longer supported.
We will be closing this ticket due to inactivity.
Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)?
If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup?
For more information, please read: https://kali.training/topic/filing-a-good-bug-report/
we should remove sslcaudit from our metapackages.
Should we package the new qsslcaudit?
Please consider the following repositories which we use to build Kali packages ourselves using "gbp" tool. See "kali/master" branch for corresponding "debian/" files:
@zOrg1331 I started to prepare the Kali package. I just have a question about the openSSL version:
In the "unsafeopenssl-pkg-deb" why do you use OpenSSL 1.0.2i sources and not the most recent version 1.0.2t?
||@sbrun thank you. The idea of "unsafeopenssl-" package is, well, to have unsafe version. Which mainly means having support of obsolete and insecure ciphers and protocols. I chose 1.0.2i because it existed in Debian repo at the time of starting development. As far as I see now (https://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=CHANGES;hb=refs/heads/OpenSSL_1_0_2-stable) there are no changes between 1.0.2i and 1.0.2t which can break "qsslcaudit" functionality. So, it is indeed possible to update to 1.0.2t. However, I can not do it myself right now, only a few days later. :(|
I packaged the unsafeopenssl package and update it to latest 1.0.2t version: version 1.0.2t-0kali1 is in kali-rolling
qsslcaudit version 0.7.1-1kali1 is available in kali-rolling
Great news, thanks! What will it take to have qsslcaudit tool added to this list - https://tools.kali.org/information-gathering/sslcaudit?
Do you need any input from us?
Please use the following URL for as home page for the tool: https://www.gremwell.com/tools/qsslcaudit
|2018-12-27 21:23||abb||New Issue|
|2018-12-29 11:25||abb||Note Added: 0010131|
|2019-02-20 11:48||g0tmi1k||Category||New Tool Requests => Kali Package Improvement|
|2019-09-04 12:37||g0tmi1k||Note Added: 0011027|
|2019-09-04 12:37||g0tmi1k||Status||new => closed|
|2019-09-11 15:08||sbrun||Assigned To||=> sbrun|
|2019-09-11 15:08||sbrun||Status||closed => feedback|
|2019-09-11 15:08||sbrun||Resolution||open => reopened|
|2019-09-11 15:08||sbrun||Note Added: 0011075|
|2019-09-12 06:48||sbrun||Status||feedback => assigned|
|2019-09-12 06:48||sbrun||Category||Kali Package Improvement => New Tool Requests|
|2019-09-26 13:24||zOrg1331||Note Added: 0011148|
|2019-10-28 13:10||g0tmi1k||Category||New Tool Requests => Queued Tool Addition|
|2019-10-28 13:10||g0tmi1k||Summary||please replace sslcaudit with qsslcaudit => Replace sslcaudit with qsslcaudit|
|2019-10-28 16:03||g0tmi1k||Product Version||2018.4 =>|
|2019-10-30 10:34||sbrun||Note Added: 0011263|
|2019-10-30 10:46||zOrg1331||Note Added: 0011264|
|2019-11-01 10:29||sbrun||Note Added: 0011271|
|2019-11-01 10:54||abb||Note Added: 0011272|