sccmhunter: Init at 1.0.6-unstable-2024-10-30

[purpole]

Hello!

I added sccmhunter (https://github.com/garrettfoster13/sccmhunter) and added purpole to the maintainers list.

sccmhunter is a python post-exploitation tool that can be used by pentesters and administrators to identify, profile and attack SCCM related assets in an Active Directory environment.

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.11 Release Notes (or backporting 23.11 and 24.05 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[purpole]

Shortened output of nix-shell -p nixpkgs-review --run "nixpkgs-review pr 353121":

--------- Impacted packages on 'x86_64-linux' ---------
1 package added:
sccmhunter (init at 1.0.6-unstable-2024-10-30)

...

Link to currently reviewing PR:
https://github.com/NixOS/nixpkgs/pull/353121

--------- Report for 'x86_64-linux' ---------
2 packages built:
sccmhunter sccmhunter.dist

[purpole]

Tested build for x86_64-linux:

[david@nixos]$ nix-build -A sccmhunter
/nix/store/yw4z8kqmjr3i0iynamdcrph1n10m0fnp-sccmhunter-1.0.6-unstable-2024-10-30

And package runs as expected:

[david@nixos]$ ./result/bin/sccmhunter.py --help
SCCMHunter v1.0.5 by @unsigned_sh0rt
                                                                                                         
 Usage: sccmhunter [OPTIONS] COMMAND [ARGS]...                                                           
                                                                                                         
╭─ Options ─────────────────────────────────────────────────────────────────────────────────────────────╮
│ --help  -h        Show this message and exit.                                                         │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Commands ────────────────────────────────────────────────────────────────────────────────────────────╮
│ admin   Run administrative commands through the AdminService API.                                     │
│ dpapi   Extract SCCM secrets from DPAPI encrypted blobs, requires Local Administrator privileges.     │
│ find    Enumerate LDAP for SCCM assets.                                                               │
│ http    Abuse client enrollment.                                                                      │
│ mssql   MSSQL relay abuse.                                                                            │
│ show    Show and/or recon table results.                                                              │
│ smb     Profile and Enumerate SMB shares of discovered SCCM servers.                                  │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────╯

[Moraxyc]

Welcome to Nixpkgs! Some suggestions

[Moraxyc]

Why add requests-kerberos? I don't find it in dependencies upstream.

https://github.com/garrettfoster13/sccmhunter/blob/7f493d1499fec1a694d949d9de17f25acdb6a0a9/requirements.txt

[purpole]

Yes, during my testing / building of the packages, it was a required package that was not listed within requirements.txt.

But, it seems that this was only by mistake (garrettfoster13/sccmhunter#75) and the dependency has since then been removed (garrettfoster13/sccmhunter@4c6669e).

Should I bump the commit rev to a newer commit where requests-kerberos is not included anymore?

[purpole]

Welcome to Nixpkgs! Some suggestions

Thank you very much for your helpful review! Much appreciated! 🙂