# Install sh4d0wup Signing-key abuse and update exploitation framework. Version 0.11.0 via Homebrew; verified 2026-04-25. ## Install ```sh sudo av install brew:sh4d0wup ``` Additional install commands: ### macOS - Homebrew (100%): ```sh brew install sh4d0wup ``` Evidence: local Homebrew formula metadata ### Linux - Nix (92%): ```sh nix profile install nixpkgs#sh4d0wup ``` Evidence: nixpkgs package indexes: pkgs/by-name/sh/sh4d0wup/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1 - pacman (92%): ```sh sudo pacman -S sh4d0wup ``` Evidence: Arch Linux sync databases: sh4d0wup from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz ## Package Facts - **Package key:** brew:sh4d0wup - **Package manager:** Homebrew - **Package manager URL:** - **Version:** 0.11.0 - **Source summary:** Signing-key abuse and update exploitation framework - **Homepage:** - **Repository:** - **Upstream docs:** - **License:** GPL-3.0-or-later - **Source archive:** - **Last updated:** 2026-04-25T12:16:17-07:00 - **Generated:** 2026-06-10T07:18:26+00:00 ## Executables - sh4d0wup (cli) - sh4d0wup (alias) ## Dependencies - openssl@3 - pcsc-lite - xz - zstd ## Build Dependencies - llvm - pkgconf - rust ## Install Behavior - Post-install hook: not defined - Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux ## Freshness - Page generated: 2026-06-10 - Package-manager version: 0.11.0 - Package-manager updated: 2026-04-25 - Local data status: ok - Upstream repository: https://github.com/kpcyrd/sh4d0wup - Upstream latest detected: v0.11.0 (current) ## Notes de sécurité escape, surveillance, or offensive capability signal. - **Geiger risk:** red / medium - escape, surveillance, or offensive capability signal ## Source Database Details - **Source Database:** Homebrew formula API - **Tap:** homebrew/core - **Full Name:** sh4d0wup - **Version Scheme:** 0 - **Revision:** 0 - **Bottle Stable Root URL:** - **Deprecated:** no - **Disabled:** no - **Keg Only:** no - **URL Keys:** stable ## Other Package-Manager Records - Nix - sh4d0wup: normalized package name match | nixpkgs package indexes: pkgs/by-name/sh/sh4d0wup/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1 - pacman - sh4d0wup - 0.11.0-2: normalized package name match | Arch Linux sync databases: sh4d0wup from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Signing-key abuse and update exploitation framework | https://github.com/kpcyrd/sh4d0wup ## Related Links - [Source-control packages](https://www.automicvault.com/fr/pkg/source-control-tools/) - Belongs to a source-control command family. - [Secret-risk packages](https://www.automicvault.com/fr/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals. - [Terminal utility packages](https://www.automicvault.com/fr/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata. - [Language runtime packages](https://www.automicvault.com/fr/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata. - [openssl@3](https://www.automicvault.com/fr/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew. - [xz](https://www.automicvault.com/fr/pkg/brew/xz/) - Runtime dependency declared by Homebrew. - [zstd](https://www.automicvault.com/fr/pkg/brew/zstd/) - Runtime dependency declared by Homebrew. - [pcsc-lite](https://www.automicvault.com/fr/pkg/brew/pcsc-lite/) - Runtime dependency declared by Homebrew. - [pkgconf](https://www.automicvault.com/fr/pkg/brew/pkgconf/) - Build dependency declared by Homebrew. - [llvm](https://www.automicvault.com/fr/pkg/brew/llvm/) - Build dependency declared by Homebrew. - [rust](https://www.automicvault.com/fr/pkg/brew/rust/) - Build dependency declared by Homebrew. - [malcontent](https://www.automicvault.com/fr/pkg/brew/malcontent/) - Shares av.db curated category or tags: cli, security, supply-chain-security. - [minder](https://www.automicvault.com/fr/pkg/brew/minder/) - Shares av.db curated category or tags: cli, security, supply-chain-security. - [cosign](https://www.automicvault.com/fr/pkg/brew/cosign/) - Shares av.db curated category or tags: cli, security, supply-chain-security. - [zizmor](https://www.automicvault.com/fr/pkg/brew/zizmor/) - Shares av.db curated category or tags: cli, security, supply-chain-security. - [rustscan](https://www.automicvault.com/fr/pkg/brew/rustscan/) - Shares av.db curated category or tags: cli, rust, security. - [feroxbuster](https://www.automicvault.com/fr/pkg/brew/feroxbuster/) - Shares av.db curated category or tags: cli, rust, security. - [jwt-cli](https://www.automicvault.com/fr/pkg/brew/jwt-cli/) - Shares av.db curated category or tags: cli, rust, security. - [yara-x](https://www.automicvault.com/fr/pkg/brew/yara-x/) - Shares av.db curated category or tags: cli, rust, security. - [sigstore](https://www.automicvault.com/fr/pkg/brew/sigstore/) - Security-sensitive metadata or terminology overlaps. Shared terms: chain, cli, openssl, openssl-3, security. - [cargo-geiger](https://www.automicvault.com/fr/pkg/brew/cargo-geiger/) - Both packages touch the same language runtime or ecosystem. Shared terms: cli, openssl, openssl-3, rust, security. ## Sources - Nucleus package database - Geiger risk classifier - package-page enrichment - package version freshness - av.db category and tag curation - package relationship graph - external package-manager database matches - cross-ecosystem install command graph