More Repositories with penetration testing


Is there a way to integrate opensuse or MER repositories into Sailfish?

I work in a security company in the area of IT and would like to test how individual programmes run on a Linux mobile phone. Therefore the question at the same time if there is a penetration repository.

Which device do you refer to? XA2 has the aarch64 architecture, so you can - in principle - integrate any aarch64 repository in SFOS, for examples those hosted at

However you will have difficulties installing software from there, as the dependencies might differ in their names or are not provided. You need software which is either built for SFOS specifically or statically linked.

Ohh sorry yes I have an xa2 :slight_smile:

Okay I will test, because under SFOS some software is missing

Rather than adding random repositories, which may break your system if they replace libs with incompatible versions, I would suggest setting up a chroot or lxc container.

Could you share a list of the software that you were hoping to use? It might be that some of it can be compiled easily and added to OpenRepos, depending on what it is.

Plus it’d be interesting to know about the pentest software in use.

Programs I would like to see:

Telegram Desktop or Telegram in general (I don’t like all other Telegram clients)

Tor Browser

The penetration programs:
John the ripper
These are the basics for the first time

Thanks! I notice some of these are available on OpenRepos. They’re old versions, but that does mean there’s probably scope for getting them updated to newer versions:

Tor, but no Tor Browser:

Thank you, But the problem is that a lot of it is very old and not on the. State-of-the-art is. And I can’t update so I don’t know how

Yes, I can appreciate you need the latest versions. If I get the chance I’ll try to build some over the weekend.


May I ask how you do this? Would also like to be able to :sweat_smile:

Sure, it’s a good question. Depending on whether the dependencies are already available in the repositories, building them may be straightforward (which is more likely to be the case for command line apps).

The key thing you need is a spec file. If there isn’t already one, and assuming you don’t need to fork the project, the usual structure is to create a new repository with the original git repository as a submodule.

OpenSSL provides a good example:

The spec file is the trickiest part, and in this case it also applies a bunch of patches to the original code:

If you’re not familiar with spec files, there are quite a few guides online. Plus you can often look at the fedora or other RPM-based distro spec file for inspiration.

Some spec file documentation:

And here’s the equivalent spec file for OpenSSL for Fedora, for comparison:

1 Like

Okay thank you since I have to read myself in, that looks complicated :thinking:

As with most things, it looks horrifically complicated… until you’ve done it and then the fog of mystery clears away.

In truth, it’s not always easy, and does require an investment of time, but on a platform like Sailfish it can be worth it to get access to a bunch of existing software.


I think it will be something else in terms of apps when I buy na license, but I can’t do that at the moment.
But then I can for example I heard I use the Android telegram client or?

Usually it’s not required to start from scratch, since most tools are already packaged for other systems. As a quick example:
I downloaded the nmap source RPM from here.
After logging in to my XA2 I first had to install rpmbuild and install the source package:

# zypper install rpm-build
# rpm -i /tmp/nmap-7.91-3.fc34.src.rpm

The sources and required patches are now in /root/rpmbuild/SOURCES and the spec file in SPECS. The first attempt to build nmap failed with lots of missing dependencies.

# zypper in autoconf automake gcc-c++ gettext-devel libpcap-devel libtool lua-devel openssl-devel pcre-devel zlib-devel

fixed that. After that, rpm complained about the macro %{gpgverify}. I simply removed the corresponding line from the spec file. Now

 # rpmbuild -bb nmap.spec

produced packages ‘nmap-7.91-3.armv7hl.rpm’ and nmap-ncat-7.91-3.armv7hl.rpm which I immediately installed:

# rpm -i nmap-7.91-3.armv7hl.rpm nmap-ncat-7.91-3.armv7hl.rpm
# nmap -V
Nmap version 7.91 ( )
Platform: armv7l-unknown-linux-gnueabi
Compiled with: nmap-liblua-5.3.5 openssl-1.0.2o libz-1.2.11 libpcre-8.42 libpcap-1.9.1 nmap-libdnet-1.12 ipv6
Compiled without: libssh2
Available nsock engines: epoll poll select