Bug 566403 (dnsmap)

Summary: Review Request: dnsmap - Passive DNS network mapper a.k.a. subdomains bruteforcer
Product: [Fedora] Fedora Reporter: Mykola Ulianytskyi <lystor>
Component: Package ReviewAssignee: Michal Ambroz <rebus>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: rawhideCC: fedora-package-review, mail, notting, pahan, rebus
Target Milestone: ---Flags: rebus: fedora‑review+
limburgher: fedora‑cvs+
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dnsmap-0.30-2.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-03-28 15:20:53 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 563471    
Attachments:
Description Flags
dnsmap-review-checklist none

Description Mykola Ulianytskyi 2010-02-18 07:25:08 EST
Spec URL: http://repo.lystor.org.ua/fedora/12/SPECS/dnsmap.spec
SRPM URL: http://repo.lystor.org.ua/fedora/12/SRPMS/dnsmap-0.25-1.fc12.src.rpm

Description: 
dnsmap is mainly meant to be used by pentesters during the information
gathering/enumeration phase of infrastructure security assessments
as subdomains bruteforcer tool which reads subdomains from built-in list
or wordlist file and saves output to txt/csv format.

$ rpmlint {i386,x86_64,SRPMS}/dnsmap*
3 packages and 0 specfiles checked; 0 errors, 0 warnings.

This package builds successfully by mock on i686/x86_64 architectures.

This is one from my first packages and I'm looking for a sponsor.
Comment 1 Mykola Ulianytskyi 2010-02-19 04:42:25 EST
Builds successfully in mock on Fedora 11 with i386/x86_64 architectures.
Comment 2 Mykola Ulianytskyi 2010-02-19 07:52:43 EST
Builds successfully in mock on Fedora 13 with i386/x86_64 architectures.
Comment 3 Mykola Ulianytskyi 2010-03-13 14:47:10 EST
* Sat Mar 13 2010 Nikolay Ulyanitsky <lystor AT lystor.org.ua> - 0.30-1
- Update to 0.30
- Fix the license
- Remove dnsmap-0.25-Makefile.patch (included by the upstream)
- Replace generally useful macros by regular commands


Spec URL: http://repo.lystor.org.ua/fedora/12/SPECS/dnsmap.spec
SRPM URL: http://repo.lystor.org.ua/fedora/12/SRPMS/dnsmap-0.30-1.fc12.src.rpm
Comment 4 Michal Ambroz 2010-03-20 18:53:22 EDT
Hello,
I am not authorized to do a review, but I was gonna to try submit the package review request so it makes sense I would do at least comments (review) of the package to help it to het to Fedora.

Generally the package seems to be aligned with the packaging guidelines and I have not found any issues.

1) rpmlint OK - no errors
Spelling warnings - all referenced words are comonly used in the industry
Warning about download is not relevant - link is ok, spectool was able to download the source file based on the spec file. Probably some race condition in my environment + rpmlint.

$rpmlint dnsmap-0.30-1.fc12.i686.rpm dnsmap-debuginfo-0.30-1.fc12.i686.rpm dnsmap-0.30-1.fc12.src.rpm 

dnsmap.i686: W: spelling-error Summary(en_US) subdomains -> sub domains, sub-domains, domains
dnsmap.i686: W: spelling-error Summary(en_US) bruteforcer -> Wilberforce, enforcer, brutishness
dnsmap.i686: W: spelling-error %description -l en_US pentesters -> pen testers, pen-testers, pent esters
dnsmap.i686: W: spelling-error %description -l en_US subdomains -> sub domains, sub-domains, domains
dnsmap.i686: W: spelling-error %description -l en_US bruteforcer -> Wilberforce, enforcer, brutishness
dnsmap.i686: W: spelling-error %description -l en_US wordlist -> word list, word-list, wordless
dnsmap.i686: W: spelling-error %description -l en_US txt -> text, ext, tit
dnsmap.i686: W: spelling-error %description -l en_US csv -> cs, cs v, CST
dnsmap.src: W: spelling-error Summary(en_US) subdomains -> sub domains, sub-domains, domains
dnsmap.src: W: spelling-error Summary(en_US) bruteforcer -> Wilberforce, enforcer, brutishness
dnsmap.src: W: spelling-error %description -l en_US pentesters -> pen testers, pen-testers, pent esters
dnsmap.src: W: spelling-error %description -l en_US subdomains -> sub domains, sub-domains, domains
dnsmap.src: W: spelling-error %description -l en_US bruteforcer -> Wilberforce, enforcer, brutishness
dnsmap.src: W: spelling-error %description -l en_US wordlist -> word list, word-list, wordless
dnsmap.src: W: spelling-error %description -l en_US txt -> text, ext, tit
dnsmap.src: W: spelling-error %description -l en_US csv -> cs, cs v, CST
dnsmap.src: W: invalid-url Source0: http://dnsmap.googlecode.com/files/dnsmap-0.30.tar.gz HTTP Error 404: Not Found
3 packages and 0 specfiles checked; 0 errors, 17 warnings.

2) package name OK, specname OK, 
3) license ok - gplv2+ is the license of code, is in spec and attached in package
6) spec file is legible and consistent in usage of (17) macros and formating
7) package compiled and running on i686 without issues found
code in srpm matches the upstream code - md5sum used for checksum
15) defattr is present, Executable permissions are not explicitly set by spec file, but they are  explicitly set by the makefile
16) clean section ok

Best regards
Michal Ambroz
Comment 5 Michal Ambroz 2010-04-12 13:07:54 EDT
Hello Nikolay,
please would you be able to polish the package summary/description 
so it does'n trigger the rpmlint attention? 

Summary field: ... it could be quite missleading. The tool is not so much passive - it is brute-forcing DNS. (I know it is comming from the home site). Please could you reword to something better describing the situation?

Description field: ... one too long sentence makes it hard to read. Please could you split and make it more readable?

I know that words like pentester are quite common in the given industry.
Anyway please could you to change it to something acceptable by spell-checker without loosing meaning.

I propose these changes:
subdomains  -> sub-domains
wordlist    -> word-list
pentesters  -> pen-testers or penetration testers
txt/csv     -> TXT/CSV
bruteforcer -> I don't know ... may be something like tool performing sub-domain guessing / brute-forcing 

Attached is the review checklist.

Best regards
Michal Ambroz
Comment 6 Michal Ambroz 2010-04-12 13:09:21 EDT
Created attachment 406019 [details]
dnsmap-review-checklist
Comment 7 Mykola Ulianytskyi 2010-04-17 10:15:27 EDT
Hi Michal

Spec diff:
@@ -1,7 +1,7 @@
-Release:        1%{?dist}
-Summary:        Passive DNS network mapper a.k.a. subdomains bruteforcer
+Release:        2%{?dist}
+Summary:        Sub-domains bruteforcer


@@ -11,10 +11,9 @@
 %description
-dnsmap is mainly meant to be used by pentesters during the information 
-gathering/enumeration phase of infrastructure security assessments
-as subdomains bruteforcer tool which reads subdomains from built-in list
-or wordlist file and saves output to txt/csv format.
+dnsmap is a small tool that perform brute-forcing of domains.
+It can use a built-in list or an external dictionary file and
+saves output to TXT/CSV format.

@@ -41,6 +40,9 @@
 %changelog
+* Sat Apr 17 2010 Nikolay Ulyanitsky <lystor AT lystor.org.ua> - 0.30-2
+- Fix description and summary


Spec URL: http://repo.lystor.org.ua/fedora/12/SPECS/dnsmap.spec
SRPM URL: http://repo.lystor.org.ua/fedora/12/SRPMS/dnsmap-0.30-2.fc12.src.rpm
Comment 8 Michal Ambroz 2010-04-30 05:24:44 EDT
Hello Nikolay,
I am sorry for my delay. I bit forgot to post feedback about this package.
Please do not hesitate to ping me if I fail again.

rpmlint dnsmap-0.30-2.fc12.src.rpm  dnsmap-0.30-2.fc12.i686.rpm dnsmap-debuginfo-0.30-2.fc12.i686.rpm 
dnsmap.src: W: spelling-error Summary(en_US) bruteforcer -> Wilberforce, enforcer, brutishness
dnsmap.i686: W: spelling-error Summary(en_US) bruteforcer -> Wilberforce, enforcer, brutishness
3 packages and 0 specfiles checked; 0 errors, 2 warnings.

Word bruteforcer comes from the original description on the upstream website. I would not consider it error.

Package works as expected. 

Package is APPROVED.

Best regards
Michal Ambroz
Comment 9 Mykola Ulianytskyi 2010-04-30 06:58:35 EDT
Hi Michal

Thank you for reviewing the package.

New Package CVS Request
=======================
Package Name: dnsmap
Short Description: Sub-domains bruteforcer
Owners: lystor
Branches: F-11 F-12 F-13
InitialCC:
Comment 10 Kevin Fenzi 2010-04-30 13:43:08 EDT
CVS done (by process-cvs-requests.py).
Comment 11 Michal Ambroz 2010-06-27 21:00:53 EDT
Ping. 
Looking forward to test the nem package.
Michal Ambroz
Comment 12 Michal Ambroz 2010-09-27 12:36:38 EDT
Ping.
Hello Nikolay - AYT?
Michal Ambroz
Comment 13 Fedora Update System 2010-10-15 03:27:12 EDT
dnsmap-0.30-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/dnsmap-0.30-2.fc14
Comment 14 Fedora Update System 2010-10-15 03:27:49 EDT
dnsmap-0.30-2.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/dnsmap-0.30-2.fc13
Comment 15 Fedora Update System 2010-10-15 15:07:54 EDT
dnsmap-0.30-2.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update dnsmap'.  You can provide feedback for this update here: https://admin.fedoraproject.org/updates/dnsmap-0.30-2.fc14
Comment 16 Fabian Affolter 2011-01-11 14:02:10 EST
I think that this package can be pushed to stable and this review closed.
Comment 17 Fabian Affolter 2011-03-14 06:03:31 EDT
Can you please push that package to stable?
Comment 18 Fabian Affolter 2011-03-26 13:35:39 EDT
Is there a problem with pushing that package to stable? We would like to add it the Fedora Security Lab.
Comment 19 Fedora Update System 2011-03-28 15:20:48 EDT
dnsmap-0.30-2.fc13 has been pushed to the Fedora 13 stable repository.
Comment 20 Fedora Update System 2011-03-28 15:21:13 EDT
dnsmap-0.30-2.fc14 has been pushed to the Fedora 14 stable repository.
Comment 21 Fabian Affolter 2014-09-24 02:28:26 EDT
Package Change Request
======================
Package Name: dnsmap
New Branches: el6 epel7
Owners: fab rebus
InitialCC:
Comment 22 Gwyn Ciesla 2014-09-24 06:03:16 EDT
Git done (by process-git-requests).