packwise-skills 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.cursorrules +23 -23
- package/CLAUDE.md +25 -25
- package/LICENSE +21 -0
- package/README.md +404 -295
- package/audit.md +224 -224
- package/bin/packwise.js +322 -155
- package/install.sh +123 -0
- package/package.json +32 -31
- package/skill.md +944 -719
- package/sub-skills/ai/local-llm.md +183 -183
- package/sub-skills/ai/python-ml.md +164 -164
- package/sub-skills/backend/go-server.md +184 -184
- package/sub-skills/backend/java-spring.md +241 -241
- package/sub-skills/backend/node-server.md +164 -164
- package/sub-skills/backend/php-laravel.md +175 -175
- package/sub-skills/backend/python-server.md +164 -164
- package/sub-skills/backend/rust-backend.md +118 -118
- package/sub-skills/cli/python-cli.md +236 -236
- package/sub-skills/cli/sdk-library.md +497 -497
- package/sub-skills/cloud/ci-cd-pipelines.md +350 -350
- package/sub-skills/cloud/docker.md +191 -191
- package/sub-skills/cloud/kubernetes.md +277 -277
- package/sub-skills/cloud/payment-integration.md +307 -307
- package/sub-skills/cross-platform/multiplatform.md +252 -252
- package/sub-skills/desktop/electron.md +783 -783
- package/sub-skills/desktop/game-dev.md +443 -443
- package/sub-skills/desktop/native-app.md +123 -123
- package/sub-skills/desktop/scenarios.md +443 -443
- package/sub-skills/desktop/smart-platforms.md +324 -324
- package/sub-skills/desktop/tauri.md +428 -428
- package/sub-skills/desktop/vr-ar.md +252 -252
- package/sub-skills/desktop/web-to-desktop.md +153 -153
- package/sub-skills/embedded/car-infotainment.md +129 -129
- package/sub-skills/embedded/esp32.md +184 -184
- package/sub-skills/embedded/ros.md +150 -150
- package/sub-skills/embedded/stm32.md +160 -160
- package/sub-skills/mobile/android.md +322 -322
- package/sub-skills/mobile/capacitor.md +232 -232
- package/sub-skills/mobile/flutter-mobile.md +138 -138
- package/sub-skills/mobile/harmonyos.md +150 -150
- package/sub-skills/mobile/ios.md +245 -245
- package/sub-skills/mobile/react-native.md +443 -443
- package/sub-skills/mobile/wearables.md +230 -230
- package/sub-skills/plugins/browser-extension.md +308 -308
- package/sub-skills/plugins/jetbrains-plugin.md +226 -226
- package/sub-skills/plugins/vscode-extension.md +204 -204
- package/sub-skills/security/security-tools.md +174 -174
- package/sub-skills/web/monorepo.md +274 -274
- package/sub-skills/web/pwa.md +220 -220
- package/sub-skills/web/serverless-edge.md +295 -295
- package/sub-skills/web/spa.md +266 -266
- package/sub-skills/web/ssr.md +228 -228
- package/sub-skills/web/wasm.md +243 -243
|
@@ -1,174 +1,174 @@
|
|
|
1
|
-
# Security Tools Build Sub-Skill
|
|
2
|
-
|
|
3
|
-
Build and package security tools: penetration testing tools, vulnerability scanners, security monitoring, and CLI utilities.
|
|
4
|
-
|
|
5
|
-
## When to Use
|
|
6
|
-
|
|
7
|
-
- Penetration testing / offensive security tools
|
|
8
|
-
- Vulnerability scanners (SAST/DAST)
|
|
9
|
-
- Security monitoring platforms (SIEM)
|
|
10
|
-
- Encryption / cryptographic tools
|
|
11
|
-
- Compliance checking tools
|
|
12
|
-
- CTF (Capture The Flag) tools
|
|
13
|
-
|
|
14
|
-
## Tech Stack Overview
|
|
15
|
-
|
|
16
|
-
| Language | Strengths | Package Method | Best For |
|
|
17
|
-
|----------|-----------|---------------|----------|
|
|
18
|
-
| Python | Rapid prototyping, rich security libraries | PyInstaller / Docker / pipx | Script tools, scanners, automation |
|
|
19
|
-
| Go | Static binary, cross-compile, high concurrency | `go build` | Network tools, high-perf scanners |
|
|
20
|
-
| Rust | Memory safety, performance | `cargo build --release` | Low-level tools, cryptographic operations |
|
|
21
|
-
| C | Maximum control, minimal dependencies | Native compilation | Kernel modules, exploit development |
|
|
22
|
-
|
|
23
|
-
## Python Security Tools
|
|
24
|
-
|
|
25
|
-
### PyInstaller (Standalone Binary)
|
|
26
|
-
|
|
27
|
-
```bash
|
|
28
|
-
# Install
|
|
29
|
-
pip install pyinstaller
|
|
30
|
-
|
|
31
|
-
# Single-file executable
|
|
32
|
-
pyinstaller --onefile --name scanner scanner.py
|
|
33
|
-
|
|
34
|
-
# With hidden imports (common for security libs)
|
|
35
|
-
pyinstaller --onefile \
|
|
36
|
-
--hidden-import=cryptography \
|
|
37
|
-
--hidden-import=paramiko \
|
|
38
|
-
--hidden-import=scapy \
|
|
39
|
-
--name scanner scanner.py
|
|
40
|
-
|
|
41
|
-
# Console app (no GUI)
|
|
42
|
-
pyinstaller --onefile --console --name vuln-scanner scanner.py
|
|
43
|
-
|
|
44
|
-
# Output: dist/scanner (Linux/macOS) or dist/scanner.exe (Windows)
|
|
45
|
-
```
|
|
46
|
-
|
|
47
|
-
### pipx (Isolated CLI Installation)
|
|
48
|
-
|
|
49
|
-
```bash
|
|
50
|
-
# Install pipx
|
|
51
|
-
pip install pipx
|
|
52
|
-
pipx ensurepath
|
|
53
|
-
|
|
54
|
-
# Install security tool in isolated environment
|
|
55
|
-
pipx install bandit # Python SAST linter
|
|
56
|
-
pipx install safety # Dependency vulnerability scanner
|
|
57
|
-
pipx install semgrep # Multi-language SAST
|
|
58
|
-
pipx install trivy # Container/filesystem scanner
|
|
59
|
-
```
|
|
60
|
-
|
|
61
|
-
### Docker (Reproducible Environment)
|
|
62
|
-
|
|
63
|
-
```dockerfile
|
|
64
|
-
FROM python:3.13-slim
|
|
65
|
-
|
|
66
|
-
# Install system dependencies (common for security tools)
|
|
67
|
-
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
68
|
-
nmap \
|
|
69
|
-
masscan \
|
|
70
|
-
net-tools \
|
|
71
|
-
iputils-ping \
|
|
72
|
-
&& rm -rf /var/lib/apt/lists/*
|
|
73
|
-
|
|
74
|
-
WORKDIR /app
|
|
75
|
-
COPY requirements.txt .
|
|
76
|
-
RUN pip install --no-cache-dir -r requirements.txt
|
|
77
|
-
|
|
78
|
-
COPY . .
|
|
79
|
-
|
|
80
|
-
# Run as non-root (important for security tools too)
|
|
81
|
-
RUN useradd -m scanner
|
|
82
|
-
USER scanner
|
|
83
|
-
|
|
84
|
-
ENTRYPOINT ["python", "scanner.py"]
|
|
85
|
-
```
|
|
86
|
-
|
|
87
|
-
## Go Security Tools
|
|
88
|
-
|
|
89
|
-
```bash
|
|
90
|
-
# Single binary, no dependencies
|
|
91
|
-
CGO_ENABLED=0 go build -ldflags="-s -w" -o scanner .
|
|
92
|
-
|
|
93
|
-
# Cross-compile
|
|
94
|
-
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o scanner-linux .
|
|
95
|
-
GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o scanner.exe .
|
|
96
|
-
GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o scanner-mac .
|
|
97
|
-
|
|
98
|
-
# With version embedding
|
|
99
|
-
go build -ldflags="-s -w -X main.version=$(git describe --tags)" -o scanner .
|
|
100
|
-
```
|
|
101
|
-
|
|
102
|
-
## Rust Security Tools
|
|
103
|
-
|
|
104
|
-
```bash
|
|
105
|
-
# Release build (optimized)
|
|
106
|
-
cargo build --release
|
|
107
|
-
# Output: target/release/scanner
|
|
108
|
-
|
|
109
|
-
# Cross-compile with cross
|
|
110
|
-
cargo install cross
|
|
111
|
-
cross build --release --target x86_64-unknown-linux-musl
|
|
112
|
-
```
|
|
113
|
-
|
|
114
|
-
## C Security Tools
|
|
115
|
-
|
|
116
|
-
```bash
|
|
117
|
-
# Static binary (portable)
|
|
118
|
-
gcc -static -O2 -o scanner scanner.c
|
|
119
|
-
|
|
120
|
-
# With hardening flags
|
|
121
|
-
gcc -O2 -fstack-protector-all -D_FORTIFY_SOURCE=2 \
|
|
122
|
-
-Wformat -Wformat-security -o scanner scanner.c
|
|
123
|
-
```
|
|
124
|
-
|
|
125
|
-
## Signing & Distribution
|
|
126
|
-
|
|
127
|
-
### Signing Binaries (Trust)
|
|
128
|
-
|
|
129
|
-
```bash
|
|
130
|
-
# Windows: Sign with code signing certificate
|
|
131
|
-
signtool sign /f cert.pfx /p password /tr http://timestamp.digicert.com scanner.exe
|
|
132
|
-
|
|
133
|
-
# macOS: Sign and notarize
|
|
134
|
-
codesign --force --sign "Developer ID Application: Your Name" scanner
|
|
135
|
-
xcrun notarytool submit scanner.zip --apple-id your@email.com --password app-specific-pw
|
|
136
|
-
|
|
137
|
-
# Linux: GPG sign
|
|
138
|
-
gpg --detach-sign --armor scanner
|
|
139
|
-
```
|
|
140
|
-
|
|
141
|
-
### Distribution Channels
|
|
142
|
-
|
|
143
|
-
| Channel | Method | Best For |
|
|
144
|
-
|---------|--------|---------|
|
|
145
|
-
| GitHub Releases | `gh release create v1.0 scanner-linux scanner.exe` | Open source tools |
|
|
146
|
-
| PyPI / TestPyPI | `twine upload dist/*` | Python libraries/tools |
|
|
147
|
-
| Docker Hub | `docker build -t org/scanner . && docker push org/scanner` | Containerized tools |
|
|
148
|
-
| Homebrew | Create tap formula | macOS CLI tools |
|
|
149
|
-
| AUR | Submit PKGBUILD | Arch Linux users |
|
|
150
|
-
| Cargo crates.io | `cargo publish` | Rust libraries/tools |
|
|
151
|
-
|
|
152
|
-
## Compliance & Ethics
|
|
153
|
-
|
|
154
|
-
| Requirement | Implementation |
|
|
155
|
-
|-------------|---------------|
|
|
156
|
-
| Legal authorization | Add usage disclaimer; require explicit authorization flag |
|
|
157
|
-
| Logging | Log all operations with timestamps to file |
|
|
158
|
-
| Data protection | Encrypt scan results; don't hardcode credentials |
|
|
159
|
-
| Distribution control | Consider private distribution for offensive tools |
|
|
160
|
-
| Rate limiting | Implement request throttling to avoid DoS |
|
|
161
|
-
| Disclosure | Follow responsible disclosure for found vulnerabilities |
|
|
162
|
-
|
|
163
|
-
## Common Pitfalls
|
|
164
|
-
|
|
165
|
-
| Issue | Fix |
|
|
166
|
-
|-------|-----|
|
|
167
|
-
| PyInstaller missing modules | Use `--hidden-import` for dynamically loaded security libraries |
|
|
168
|
-
| Static binary too large | Use `upx --best` to compress (Go/Rust binaries) |
|
|
169
|
-
| Permission denied (network tools) | Use Linux capabilities: `setcap cap_net_raw+ep scanner` |
|
|
170
|
-
| Import errors in packaged binary | Test in a clean VM/container; PyInstaller may miss C extensions |
|
|
171
|
-
| Anti-virus false positive | Sign binaries; submit to AV vendors for whitelisting |
|
|
172
|
-
| Cross-compile fails (CGO) | Use Docker or `cross` tool; set `CGO_ENABLED=0` when possible |
|
|
173
|
-
| System tool dependency | Package with Docker; document required system tools |
|
|
174
|
-
| Hardcoded credentials in source | Use environment variables; add to `.gitignore` |
|
|
1
|
+
# Security Tools Build Sub-Skill
|
|
2
|
+
|
|
3
|
+
Build and package security tools: penetration testing tools, vulnerability scanners, security monitoring, and CLI utilities.
|
|
4
|
+
|
|
5
|
+
## When to Use
|
|
6
|
+
|
|
7
|
+
- Penetration testing / offensive security tools
|
|
8
|
+
- Vulnerability scanners (SAST/DAST)
|
|
9
|
+
- Security monitoring platforms (SIEM)
|
|
10
|
+
- Encryption / cryptographic tools
|
|
11
|
+
- Compliance checking tools
|
|
12
|
+
- CTF (Capture The Flag) tools
|
|
13
|
+
|
|
14
|
+
## Tech Stack Overview
|
|
15
|
+
|
|
16
|
+
| Language | Strengths | Package Method | Best For |
|
|
17
|
+
|----------|-----------|---------------|----------|
|
|
18
|
+
| Python | Rapid prototyping, rich security libraries | PyInstaller / Docker / pipx | Script tools, scanners, automation |
|
|
19
|
+
| Go | Static binary, cross-compile, high concurrency | `go build` | Network tools, high-perf scanners |
|
|
20
|
+
| Rust | Memory safety, performance | `cargo build --release` | Low-level tools, cryptographic operations |
|
|
21
|
+
| C | Maximum control, minimal dependencies | Native compilation | Kernel modules, exploit development |
|
|
22
|
+
|
|
23
|
+
## Python Security Tools
|
|
24
|
+
|
|
25
|
+
### PyInstaller (Standalone Binary)
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
# Install
|
|
29
|
+
pip install pyinstaller
|
|
30
|
+
|
|
31
|
+
# Single-file executable
|
|
32
|
+
pyinstaller --onefile --name scanner scanner.py
|
|
33
|
+
|
|
34
|
+
# With hidden imports (common for security libs)
|
|
35
|
+
pyinstaller --onefile \
|
|
36
|
+
--hidden-import=cryptography \
|
|
37
|
+
--hidden-import=paramiko \
|
|
38
|
+
--hidden-import=scapy \
|
|
39
|
+
--name scanner scanner.py
|
|
40
|
+
|
|
41
|
+
# Console app (no GUI)
|
|
42
|
+
pyinstaller --onefile --console --name vuln-scanner scanner.py
|
|
43
|
+
|
|
44
|
+
# Output: dist/scanner (Linux/macOS) or dist/scanner.exe (Windows)
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
### pipx (Isolated CLI Installation)
|
|
48
|
+
|
|
49
|
+
```bash
|
|
50
|
+
# Install pipx
|
|
51
|
+
pip install pipx
|
|
52
|
+
pipx ensurepath
|
|
53
|
+
|
|
54
|
+
# Install security tool in isolated environment
|
|
55
|
+
pipx install bandit # Python SAST linter
|
|
56
|
+
pipx install safety # Dependency vulnerability scanner
|
|
57
|
+
pipx install semgrep # Multi-language SAST
|
|
58
|
+
pipx install trivy # Container/filesystem scanner
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
### Docker (Reproducible Environment)
|
|
62
|
+
|
|
63
|
+
```dockerfile
|
|
64
|
+
FROM python:3.13-slim
|
|
65
|
+
|
|
66
|
+
# Install system dependencies (common for security tools)
|
|
67
|
+
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
68
|
+
nmap \
|
|
69
|
+
masscan \
|
|
70
|
+
net-tools \
|
|
71
|
+
iputils-ping \
|
|
72
|
+
&& rm -rf /var/lib/apt/lists/*
|
|
73
|
+
|
|
74
|
+
WORKDIR /app
|
|
75
|
+
COPY requirements.txt .
|
|
76
|
+
RUN pip install --no-cache-dir -r requirements.txt
|
|
77
|
+
|
|
78
|
+
COPY . .
|
|
79
|
+
|
|
80
|
+
# Run as non-root (important for security tools too)
|
|
81
|
+
RUN useradd -m scanner
|
|
82
|
+
USER scanner
|
|
83
|
+
|
|
84
|
+
ENTRYPOINT ["python", "scanner.py"]
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
## Go Security Tools
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
# Single binary, no dependencies
|
|
91
|
+
CGO_ENABLED=0 go build -ldflags="-s -w" -o scanner .
|
|
92
|
+
|
|
93
|
+
# Cross-compile
|
|
94
|
+
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o scanner-linux .
|
|
95
|
+
GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o scanner.exe .
|
|
96
|
+
GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -o scanner-mac .
|
|
97
|
+
|
|
98
|
+
# With version embedding
|
|
99
|
+
go build -ldflags="-s -w -X main.version=$(git describe --tags)" -o scanner .
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
## Rust Security Tools
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
# Release build (optimized)
|
|
106
|
+
cargo build --release
|
|
107
|
+
# Output: target/release/scanner
|
|
108
|
+
|
|
109
|
+
# Cross-compile with cross
|
|
110
|
+
cargo install cross
|
|
111
|
+
cross build --release --target x86_64-unknown-linux-musl
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
## C Security Tools
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
# Static binary (portable)
|
|
118
|
+
gcc -static -O2 -o scanner scanner.c
|
|
119
|
+
|
|
120
|
+
# With hardening flags
|
|
121
|
+
gcc -O2 -fstack-protector-all -D_FORTIFY_SOURCE=2 \
|
|
122
|
+
-Wformat -Wformat-security -o scanner scanner.c
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
## Signing & Distribution
|
|
126
|
+
|
|
127
|
+
### Signing Binaries (Trust)
|
|
128
|
+
|
|
129
|
+
```bash
|
|
130
|
+
# Windows: Sign with code signing certificate
|
|
131
|
+
signtool sign /f cert.pfx /p password /tr http://timestamp.digicert.com scanner.exe
|
|
132
|
+
|
|
133
|
+
# macOS: Sign and notarize
|
|
134
|
+
codesign --force --sign "Developer ID Application: Your Name" scanner
|
|
135
|
+
xcrun notarytool submit scanner.zip --apple-id your@email.com --password app-specific-pw
|
|
136
|
+
|
|
137
|
+
# Linux: GPG sign
|
|
138
|
+
gpg --detach-sign --armor scanner
|
|
139
|
+
```
|
|
140
|
+
|
|
141
|
+
### Distribution Channels
|
|
142
|
+
|
|
143
|
+
| Channel | Method | Best For |
|
|
144
|
+
|---------|--------|---------|
|
|
145
|
+
| GitHub Releases | `gh release create v1.0 scanner-linux scanner.exe` | Open source tools |
|
|
146
|
+
| PyPI / TestPyPI | `twine upload dist/*` | Python libraries/tools |
|
|
147
|
+
| Docker Hub | `docker build -t org/scanner . && docker push org/scanner` | Containerized tools |
|
|
148
|
+
| Homebrew | Create tap formula | macOS CLI tools |
|
|
149
|
+
| AUR | Submit PKGBUILD | Arch Linux users |
|
|
150
|
+
| Cargo crates.io | `cargo publish` | Rust libraries/tools |
|
|
151
|
+
|
|
152
|
+
## Compliance & Ethics
|
|
153
|
+
|
|
154
|
+
| Requirement | Implementation |
|
|
155
|
+
|-------------|---------------|
|
|
156
|
+
| Legal authorization | Add usage disclaimer; require explicit authorization flag |
|
|
157
|
+
| Logging | Log all operations with timestamps to file |
|
|
158
|
+
| Data protection | Encrypt scan results; don't hardcode credentials |
|
|
159
|
+
| Distribution control | Consider private distribution for offensive tools |
|
|
160
|
+
| Rate limiting | Implement request throttling to avoid DoS |
|
|
161
|
+
| Disclosure | Follow responsible disclosure for found vulnerabilities |
|
|
162
|
+
|
|
163
|
+
## Common Pitfalls
|
|
164
|
+
|
|
165
|
+
| Issue | Fix |
|
|
166
|
+
|-------|-----|
|
|
167
|
+
| PyInstaller missing modules | Use `--hidden-import` for dynamically loaded security libraries |
|
|
168
|
+
| Static binary too large | Use `upx --best` to compress (Go/Rust binaries) |
|
|
169
|
+
| Permission denied (network tools) | Use Linux capabilities: `setcap cap_net_raw+ep scanner` |
|
|
170
|
+
| Import errors in packaged binary | Test in a clean VM/container; PyInstaller may miss C extensions |
|
|
171
|
+
| Anti-virus false positive | Sign binaries; submit to AV vendors for whitelisting |
|
|
172
|
+
| Cross-compile fails (CGO) | Use Docker or `cross` tool; set `CGO_ENABLED=0` when possible |
|
|
173
|
+
| System tool dependency | Package with Docker; document required system tools |
|
|
174
|
+
| Hardcoded credentials in source | Use environment variables; add to `.gitignore` |
|