pyrox.dev
1{
2 lib,
3 buildPythonPackage,
4 dissect-cstruct,
5 dissect-util,
6 fetchFromGitHub,
7 flow-record,
8 httpx,
9 lark,
10 pycryptodome,
11 pyshark,
12 pytest-httpserver,
13 pytestCheckHook,
14 pythonOlder,
15 rich,
16 setuptools,
17 setuptools-scm,
18}:
19
20buildPythonPackage rec {
21 pname = "dissect-cobaltstrike";
22 version = "1.0.0";
23 pyproject = true;
24
25 disabled = pythonOlder "3.7";
26
27 src = fetchFromGitHub {
28 owner = "fox-it";
29 repo = "dissect.cobaltstrike";
30 rev = "refs/tags/v${version}";
31 hash = "sha256-CS50c3r7sdxp3CRS6XJ4QUmUFtmhFg6rSdKfYzJSOV4=";
32 };
33
34 build-system = [
35 setuptools
36 setuptools-scm
37 ];
38
39 dependencies = [
40 dissect-cstruct
41 dissect-util
42 lark
43 ];
44
45 passthru.optional-dependencies = {
46 c2 = [
47 flow-record
48 httpx
49 pycryptodome
50 ];
51 pcap = [
52 flow-record
53 httpx
54 pycryptodome
55 pyshark
56 ];
57 full = [
58 flow-record
59 httpx
60 pycryptodome
61 pyshark
62 rich
63 ];
64 };
65
66 __darwinAllowLocalNetworking = true;
67
68 nativeCheckInputs = [
69 pytest-httpserver
70 pytestCheckHook
71 ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies);
72
73 pythonImportsCheck = [ "dissect.cobaltstrike" ];
74
75 meta = with lib; {
76 description = "Dissect module implementing a parser for Cobalt Strike related data";
77 homepage = "https://github.com/fox-it/dissect.cobaltstrike";
78 changelog = "https://github.com/fox-it/dissect.cobaltstrike/releases/tag/${version}";
79 license = licenses.agpl3Only;
80 maintainers = with maintainers; [ fab ];
81 };
82}