New port: dns/nsec3walker: Walk NSEC3 secured DNSSEC zones

Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost
DNS database espionage. The nsec3walker tool allows administrators and users
to see how much private information is being given away by DNSSEC.

WWW: https://dnscurve.org/nsec3walker.html

PR:		215995
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl>

dns/Makefile

@@ -113,6 +113,7 @@
     SUBDIR += namesilo_ddns
     SUBDIR += noip
     SUBDIR += nsd
+    SUBDIR += nsec3walker
     SUBDIR += nslint
     SUBDIR += nsnotifyd
     SUBDIR += nsping

dns/nsec3walker/Makefile

@@ -0,0 +1,31 @@
+# Created by: Piotr Kubaj <pkubaj@anongoth.pl>
+# $FreeBSD$
+
+PORTNAME=	nsec3walker
+PORTVERSION=	20101223
+CATEGORIES=	dns
+MASTER_SITES=	https://dnscurve.org/
+
+MAINTAINER=	pkubaj@anongoth.pl
+COMMENT=	Walk NSEC3 secured DNSSEC zones
+
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}bsddb>0:databases/py-bsddb@${PY_FLAVOR} \
+		dig:dns/bind-tools
+
+USES=		python shebangfix ssl
+
+SHEBANG_FILES=	${WRKSRC}/collect ${WRKSRC}/unhash
+PLIST_FILES=	bin/collect \
+		bin/dicthashes \
+		bin/query \
+		bin/randomhashes \
+		bin/unhash
+
+do-install:
+	${INSTALL_SCRIPT} ${WRKSRC}/collect ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/dicthashes ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_SCRIPT} ${WRKSRC}/query ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_PROGRAM} ${WRKSRC}/randomhashes ${STAGEDIR}${PREFIX}/bin
+	${INSTALL_SCRIPT} ${WRKSRC}/unhash ${STAGEDIR}${PREFIX}/bin
+
+.include <bsd.port.mk>

dns/nsec3walker/distinfo

@@ -0,0 +1,3 @@
+TIMESTAMP = 1484146216
+SHA256 (nsec3walker-20101223.tar.gz) = 74d873b93d67634d9c1c16c938818ecb90dc6ad391ca6dc57b421c627eeb2e30
+SIZE (nsec3walker-20101223.tar.gz) = 3658

dns/nsec3walker/files/patch-Makefile

@@ -0,0 +1,12 @@
+--- Makefile.orig	2010-12-24 09:49:40 UTC
++++ Makefile
+@@ -1,7 +1,7 @@
+ all: dicthashes randomhashes
+ 
+ dicthashes: dicthashes.c
+-	gcc -O3 -o dicthashes dicthashes.c -lcrypto -lm
++	cc -O3 -o dicthashes dicthashes.c -lcrypto -lm
+ 
+ randomhashes: randomhashes.c
+-	gcc -O3 -o randomhashes randomhashes.c -lcrypto -lm
++	cc -O3 -o randomhashes randomhashes.c -lcrypto -lm

dns/nsec3walker/files/patch-collect

@@ -0,0 +1,20 @@
+--- collect.orig	2010-12-24 09:49:40 UTC
++++ collect
+@@ -71,7 +71,7 @@ while len(todo) > 0 or len(nexthash) == 
+     print "querying",guess,h
+     numqueries += 1
+     server = servers[r.randrange(len(servers))]
+-    query = subprocess.Popen(["./query",guess,server],stdout=subprocess.PIPE).stdout
++    query = subprocess.Popen(["query",guess,server],stdout=subprocess.PIPE).stdout
+     for x in query:
+       y = x.strip().split(' ')
+       if y[0] == "ns":
+@@ -84,7 +84,7 @@ while len(todo) > 0 or len(nexthash) == 
+           print "iterations",y[4]
+           salt = binascii.a2b_hex(y[3])
+           iterations = int(y[4])
+-	  hashprocess = subprocess.Popen(["./randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE)
++	  hashprocess = subprocess.Popen(["randomhashes",domain,y[4],y[3]],stdout=subprocess.PIPE)
+ 	  hashes = hashprocess.stdout
+ 	if salt != binascii.a2b_hex(y[3]):
+ 	  print "newsalt",binascii.a2b_hex(y[3])

dns/nsec3walker/files/patch-unhash

@@ -0,0 +1,11 @@
+--- unhash.orig	2017-01-13 09:05:36 UTC
++++ unhash
+@@ -35,7 +35,7 @@ print "names:",numnames
+ 
+ if domain and salt and numnames:
+   dictprocess = subprocess.Popen(["cat",dictionary],stdout=subprocess.PIPE)
+-  hashprocess = subprocess.Popen(["./dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE)
++  hashprocess = subprocess.Popen(["dicthashes",domain,iterations,salt],stdin=dictprocess.stdout,stdout=subprocess.PIPE)
+   for line in hashprocess.stdout:
+     numhashes += 1
+     x = line.strip().split()

dns/nsec3walker/pkg-descr

@@ -0,0 +1,5 @@
+Installing current DNSSEC (NSEC3) exposes private DNS data to low-cost
+DNS database espionage. The nsec3walker tool allows administrators and users
+to see how much private information is being given away by DNSSEC.
+
+WWW: https://dnscurve.org/nsec3walker.html