home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.mobile.android      Discussion about Android-based devices      236,147 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 234,307 of 236,147   
   Marion to Chris   
   Re: What do folks make of this zero-day    
   29 Sep 25 19:27:20   
   
   XPost: misc.phone.mobile.iphone, comp.sys.mac.advocacy   
   From: marionf@fact.com   
      
   Chris wrote:   
   >> Can we work together? You, me, Steve and badgolferman at least?   
   >> Would you run this batch script on Windows, macOS or Linux please?   
   > Not possible as batch scripts are Windows only and barely portable.   
      
   Hi Chris,   
      
   I write portable code. I write extensible code. I write readable code.   
   I think ahead. I am always thinking strategically.   
      
   I want others to run the code so I wrote it to be cross platform portable.   
   Out of the box.   
      
   I want others to improve the code so I wrote it to be easily extensible.   
   Out of the box.   
      
   Since you're trying to parse the data to get the truth out of it, I'll be   
   gentle when I say "you're wrong" on that - but I understand why you think   
   that powershell doesn't run on Linux or macOS so I'll explain further below.   
      
   I *designed* the process to run on Linux, macOS or Windows.   
   I just didn't test it on macOS or Linux but I designed it as X-platform.   
      
   Here is a readme that I just now wrote to make it more obvious to others   
   that what I wrote was designed to work on Linux, macOS and on Windows.   
      
     ========================================================================   
     Begin README.txt (v1.0) for kev.ps1 (running kev.ps1 on all platforms).   
     ========================================================================   
     This script analyzes the CISA Known Exploited Vulnerabilities (KEV)   
     database to compare Apple's iOS & Android-related security threats.   
      
     It works on macOS, Linux & Windows (I only tested it on Windows).   
     ========================================================================   
     SCRIPT OVERVIEW: What kev.ps1 Does   
     ========================================================================   
     kev.ps1 is a cross-platform PowerShell script that analyzes the CISA   
     Known Exploited Vulnerabilities (KEV) database to compare threats.   
     ------------------------------------------------------------------------   
     KEY FEATURES   
     ------------------------------------------------------------------------   
     1. Downloads the latest KEV CSV file from GitHub   
        (or uses a local copy if configured)   
     2. Filters out irrelevant entries (e.g., smart appliances, printers, IoT)   
     3. Uses keyword matching & vendor-product logic to identify:   
         a. iOS-specific vulnerabilities   
         b. Android-specific vulnerabilities   
         c. Shared vulnerabilities affecting both platforms   
     4. Saves results to timestamped log files in a ./logs directory:   
         a. ios_matches_YYYYMMDD_HHMMSS.log   
         b. android_matches_YYYYMMDD_HHMMSS.log   
         c. shared_matches_YYYYMMDD_HHMMSS.log   
         d. kev_output_YYYYMMDD_HHMMSS.log (summary)   
     5. Outputs results to the console (with added platform-detection info)   
     6. Includes toggle to count or exclude macOS vulnerabilities   
     7. Designed for portability across Windows, macOS, & Linux   
     8. Designed for extensibility to hone the desired output data.   
     ========================================================================   
     Windows users can run kev.bat, but macOS & Linux users should follow   
     these instructions below to run kev.ps1 directly.   
     ========================================================================   
     ------------------------------------------------------------------------   
     REQUIREMENTS (PowerShell runs on Windows, macOS & Linux)   
     ------------------------------------------------------------------------   
     PowerShell Core (pwsh) must be installed   
           
     ------------------------------------------------------------------------   
     INSTALLATION   
     ------------------------------------------------------------------------   
      macOS:   
        $ brew install --cask powershell   
      
      Ubuntu/Debian:   
       $ sudo apt-get install -y powershell   
      
      Fedora/RHEL:   
       $ sudo dnf install -y powershell   
     ------------------------------------------------------------------------   
     USAGE   
     ------------------------------------------------------------------------   
     1. Open a terminal & navigate to the folder containing kev.ps1   
     2. Run the script using PowerShell Core:   
        $ pwsh ./kev.ps1   
     3. If you see an execution policy error, bypass it temporarily:   
        $ pwsh -Command "Set-ExecutionPolicy -Scope Process -ExecutionPolicy   
   Bypass"   
     ------------------------------------------------------------------------   
     OPTIONAL: Use Local CSV Instead of Downloading   
     ------------------------------------------------------------------------   
     To avoid downloading the KEV CSV every time:   
      
     1. Edit kev.ps1 & change:   
         $useLocalFile = $false   
        to:   
         $useLocalFile = $true   
     2. Place kev.csv in the same folder as kev.ps1   
     ------------------------------------------------------------------------   
     OUTPUT   
     ------------------------------------------------------------------------   
     Results will be saved in the ./logs directory:   
       a. ios_matches_YYYYMMDD_HHMMSS.log   
       b. android_matches_YYYYMMDD_HHMMSS.log   
       c. shared_matches_YYYYMMDD_HHMMSS.log   
       d. kev_output_YYYYMMDD_HHMMSS.log   
     ========================================================================   
     End of README.txt for kev.ps1, version 1.0   
     ========================================================================   
      
      
   > I prefer open source, portable code like R. You can install R from here:   
   > https://cran.r-project.org/   
      
   From their FAQ:   
    "R is a system for statistical computation and graphics.   
     It consists of a language plus a run-time environment with graphics,   
     a debugger, access to certain system functions, and the ability to   
     run programs stored in script files."   
      
   That works fine I'm sure.   
      
   The real problem with parsing the CISA KEV database is how the database   
   is organized. The organization is what's difficult about parsing it.   
      
   > You can find my version of the code here (note the 'blob:' is a valid   
   > part of the url):   
   > blob:https://creativedemon.github.io/654c1274-4117-4e0b-adfb-48ca3dc38fa8   
      
   I tried a couple of browsers and it said it didn't exist.   
      
   > It reads the data and makes two plots. The general threat distribution   
   > and the time-based comparison between iOS and Android (by best   
   > approximation and given the significant caveats of CISA).   
      
   I'm sure those plots are nice, and if I had wanted them, what I'd use is   
   Python which would go something like this first version (needs improvement).   
      
     ########################################################################   
     # plotkev.py   
     # Requires: pandas, matplotlib   
     # Usage: python plotkev.py   
     ########################################################################   
     # DESCRIPTION   
     ########################################################################   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca