# see also
# - https://pyrox0.github.io/arewehackersyet/
# - https://github.com/NixOS/nixpkgs/issues/81418
# - https://git.sr.ht/~pamplemousse/nix-utils for wordlists
{
  lib,
  pkgs,
  config,
  ...
}:
let
  inherit (lib) mkIf mkEnableOption;

  cfg = config.garden.profiles.pentesting;
in
{
  options.garden.profiles.pentesting.enable =
    mkEnableOption "Enable packages designed for pentesting";

  config = mkIf cfg.enable {
    garden.packages = {
      inherit (pkgs)
        aircrack-ng # wifi tool
        arping # arp tool
        bettercap # mitm tool
        binwalk # analyze binary blobs and executables
        certgraph # ssl certificate graph crawler
        crunch # wordlist generator
        deepsecrets # find secrets in code
        dnsenum # dns enumeration
        enum4linux-ng # enumerate info from windows/samba
        fcrackzip # zip password cracker
        ghorg # mass clone git repos
        hashcat # hash cracker
        hcxtools # wifi capture and convert to hashcat/john
        hcxdumptool # capture packets from wifi
        iaito # gui for radare2
        john # hash cracker
        ldapnomnom # ldap user brute force
        msldapdump # ldap enumeration
        nikto # web server scanner
        nmap # network scanner
        onesixtyone # snmp scanner
        p0f # passive os fingerprinting
        radare2 # reverse engineering framework
        sqlmap # sql injection tool
        sslscan # ssl scanner
        testssl # ssl checker
        tcpdump # dump network packets
        thc-hydra # network logon cracker
        theharvester # osint
        wifite2 # wifi network auditor
        wireshark # network traffic analyzer
        zap # web app penetration testing
        ;
    };
  };
}