#!/bin/bash set -euo pipefail # ============================================================================== # Privacy Toolkit - APT-based Tools Installation # ============================================================================== # Installs all privacy tools available via apt repositories # ============================================================================== # Colors readonly GREEN='\033[0;32m' readonly YELLOW='\033[1;33m' readonly BLUE='\033[0;34m' readonly NC='\033[0m' log() { echo -e "${GREEN}[INFO]${NC} $*"; } warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } section() { echo -e "${BLUE}=== $* ===${NC}"; } # APT-based privacy tools organized by category declare -A TOOLS=( # Encryption & Password Management ["keepassxc"]="Offline password manager" ["age"]="Modern file encryption" # Metadata & Privacy ["mat2"]="Metadata Anonymization Toolkit" ["exiftool"]="EXIF metadata editor" # Secure Deletion ["shred"]="Secure file overwriting (from coreutils)" ["bleachbit"]="System cleaning and secure deletion" # Network Privacy & Anonymity ["tor"]="Tor anonymity network daemon" ["torsocks"]="Torify applications" ["onionshare"]="Anonymous file sharing over Tor (GUI)" ["onionshare-cli"]="Anonymous file sharing over Tor (CLI)" # System Hardening ["firejail"]="Application sandboxing" # OSINT & Privacy Analysis ["sherlock"]="Username enumeration tool" # YubiKey & Hardware Security Keys ["yubikey-manager"]="YubiKey configuration tool (ykman)" ["pcscd"]="PC/SC Smart Card Daemon" ["scdaemon"]="GPG smart card daemon" ["libpam-u2f"]="PAM module for U2F/FIDO2 auth" # GPG Utilities ["paperkey"]="Extract GPG secret key for paper backup" # Monitoring & Detection ["inotify-tools"]="Filesystem event monitoring (for honeyfiles)" # Privacy Analysis & Recon ["nmap"]="Network scanner" ["whois"]="Domain/IP lookup" ) section "Privacy Toolkit - APT Tools Installation" echo "" log "Updating package lists..." sudo apt update echo "" section "Available Privacy Tools" echo "" # Show tools for tool in "${!TOOLS[@]}"; do echo " • $tool - ${TOOLS[$tool]}" done echo "" read -p "Install all tools? [Y/n] " -n 1 -r echo if [[ ! $REPLY =~ ^[Yy]$ ]] && [[ -n $REPLY ]]; then log "Installation cancelled" exit 0 fi echo "" section "Installing Tools" echo "" # Track installation results installed=() already_installed=() failed=() for tool in "${!TOOLS[@]}"; do if dpkg -l | grep -q "^ii $tool "; then log "✓ $tool already installed" already_installed+=("$tool") else log "Installing $tool..." if sudo apt install -y "$tool" 2>&1 | grep -q "Unable to locate package"; then warn "⚠ $tool not available in repositories" failed+=("$tool") else log "✅ $tool installed" installed+=("$tool") fi fi done echo "" section "Installation Summary" echo "" if [ ${#installed[@]} -gt 0 ]; then echo "✅ Newly installed (${#installed[@]}):" for tool in "${installed[@]}"; do echo " • $tool" done echo "" fi if [ ${#already_installed[@]} -gt 0 ]; then echo "✓ Already installed (${#already_installed[@]}):" for tool in "${already_installed[@]}"; do echo " • $tool" done echo "" fi if [ ${#failed[@]} -gt 0 ]; then echo "⚠ Failed/Not available (${#failed[@]}):" for tool in "${failed[@]}"; do echo " • $tool" done echo "" fi section "Versions" echo "" # Show versions for key tools echo "OnionShare: $(apt-cache policy onionshare | grep Candidate | awk '{print $2}')" echo "Tor: $(apt-cache policy tor | grep Candidate | awk '{print $2}')" echo "mat2: $(dpkg -l | grep "^ii mat2 " | awk '{print $3}' || echo 'not installed')" echo "KeePassXC: $(dpkg -l | grep "^ii keepassxc " | awk '{print $3}' || echo 'not installed')" echo "" section "Quick Usage Examples" echo "" cat << 'USAGE' OnionShare: # Share a file anonymously onionshare-cli /path/to/file # Receive files anonymously onionshare-cli --receive mat2: # Remove metadata from file mat2 document.pdf # Clean entire directory mat2 --inplace *.jpg Tor + torsocks: # Run command through Tor torsocks curl https://check.torproject.org/ # Torify an application torsocks firefox firejail: # Sandbox an application firejail firefox # Sandbox with no network firejail --net=none risky-app ExifTool: # View metadata exiftool image.jpg # Strip all metadata exiftool -all= image.jpg KeePassXC: # Launch GUI keepassxc # CLI (if available) keepassxc-cli age: # Generate key age-keygen -o key.txt # Encrypt file age -e -r file.txt > file.txt.age # Decrypt file age -d -i key.txt file.txt.age > file.txt YubiKey (ykman): # List connected YubiKeys ykman list # Show detailed info ykman info # Check OTP slot status ykman otp info # Check OpenPGP status ykman openpgp info # GPG smart card status (requires pcscd running) gpg --card-status paperkey (GPG backup): # Extract secret key to paper-friendly format gpg --export-secret-key KEY_ID | paperkey --output secret.txt # Restore from paper backup (needs public key) paperkey --pubring pubkey.gpg --secrets secret.txt | gpg --import inotify-tools (file monitoring): # Watch directory for any changes inotifywait -m -r /path/to/watch # Trigger on specific events (access, modify, create) inotifywait -m -e access,modify ~/.honeypot/ nmap (network scanning): # Quick scan of local network nmap -sn 192.168.1.0/24 # Service/version detection nmap -sV target.com # OS detection (requires root) sudo nmap -O target.com USAGE echo "" section "Installation Complete!" echo "" log "📚 For detailed usage, see:" log " - OnionShare: https://docs.onionshare.org/" log " - Tor: https://tb-manual.torproject.org/" log " - mat2: https://0xacab.org/jvoisin/mat2" log " - KeePassXC: https://keepassxc.org/docs/" echo ""