Contributing to Kali Linux using toolbox on Fedora
While working on Penetration Testing with Kali Linux (PWK) training offered by Offensive Security, I came across a tool called
smtp-user-enum. It is a perl script to enumerate OS-level user accounts on Solaris via the SMTP service (sendmail).
In its usage documentation, it mentions an option to pass a list of hostnames running the SMTP service via a file, to use for enumeration. When trying out that option, I noticed that it didn’t work. Upon taking a close look at the script, I noticed that although it looks for the option
-T in the arguments list1, it was never part of the
getopts evaluation2, thus erroring out.
As it stands, I do not like having SSH keys tied to GitHub/Gitlab accounts on my Kali Linux virtual machine, so instead, I found a way to use a Debian container via
toolbox on my regular workstation using Fedora, to create the necessary patches to conform to Debian packaging standards and submitting a pull request on Kali Linux’s
stmp-user-enum package repo.
This post recounts of the steps I used, in case someone finds it useful or for my own reference in the future.
Note: I chose to use a Debian image here as I plan to work on other things via the same toolbox. We could have chosen to use Kali Linux docker image instead as well.
We can create the first “toolbox” by invoking
toolbox enter on Fedora. This will use the same Fedora version as our running host. That is, if the running host is
Fedora 33, it will download the same container image via https://registry.fedoraproject.org.
However, we will see that the registry does not have a Debian image from which we can work from.
Using Debian Docker image
First create a Debian “toolbox” named “debtest” as follows:
toolbox create -c debtest --image docker.io/debian:testing
Once it has finished downloading the docker image, we can enter the toolbox as:
toolbox enter debtest
We notice that we have entered our toolbox via the change in shell prompt:
Creating the patch
Here we will use the Debian
git-buildpackage (gbp) (Found a nice guide on
gbp4 mentioned in another pull request5) to create and apply our changes according to Debian packaging standards.
So install the package:
sudo apt install git-buildpackage -y
smtp-user-enum package on Gitlab.
Clone the forked repository and enter the directory:
git clone email@example.com:<your-username>/smtp-user-enum.git && cd smtp-user-enum
Create our feature branch:
git checkout -b getopts-Targets-file
Apply the previous patches by executing:
gbp pq import
This will move us to a patch queue branch called
We can check this by running:
Now we can create our changes and commit them.
Afterwards, we regenerate the patches in
debian/patches/ by running:
gbp pq export
This will drop us back into our original branch
Now we add
debian/patches to git and commit them:
git add debian/patches git commit
Then push those changes to your repository:
git push -u origin getopts-Targets-file
And then we create a pull request at the original repository, wait for the Gitlab CI jobs to run and turn green, and hope that one of the Kali Linux developers merges it. 😄