home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.mobile.android      Discussion about Android-based devices      236,147 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 234,323 of 236,147   
   Chris to Marion   
   Re: What do folks make of this zero-day    
   30 Sep 25 17:52:50   
   
   XPost: misc.phone.mobile.iphone, comp.sys.mac.advocacy   
   From: ithinkiam@gmail.com   
      
   Marion  wrote:   
   > Chris wrote:   
   >>> Can we work together? You, me, Steve and badgolferman at least?   
   >>> Would you run this batch script on Windows, macOS or Linux please?   
   >> Not possible as batch scripts are Windows only and barely portable.   
   >   
   > Hi Chris,   
   >   
   > I write portable code. I write extensible code. I write readable code.   
   > I think ahead. I am always thinking strategically.   
   >   
   > I want others to run the code so I wrote it to be cross platform portable.   
   > Out of the box.   
   >   
   > I want others to improve the code so I wrote it to be easily extensible.   
   > Out of the box.   
   >   
   > Since you're trying to parse the data to get the truth out of it, I'll be   
   > gentle when I say "you're wrong" on that - but I understand why you think   
   > that powershell doesn't run on Linux or macOS so I'll explain further below.   
   >   
   > I *designed* the process to run on Linux, macOS or Windows.   
   > I just didn't test it on macOS or Linux but I designed it as X-platform.   
   >   
   > Here is a readme that I just now wrote to make it more obvious to others   
   > that what I wrote was designed to work on Linux, macOS and on Windows.   
   >   
   >   ========================================================================   
   >   Begin README.txt (v1.0) for kev.ps1 (running kev.ps1 on all platforms).   
   >   ========================================================================   
   >   This script analyzes the CISA Known Exploited Vulnerabilities (KEV)   
   >   database to compare Apple's iOS & Android-related security threats.   
   >   
   >   It works on macOS, Linux & Windows (I only tested it on Windows).   
   >   ========================================================================   
   >   SCRIPT OVERVIEW: What kev.ps1 Does   
   >   ========================================================================   
   >   kev.ps1 is a cross-platform PowerShell script that analyzes the CISA   
   >   Known Exploited Vulnerabilities (KEV) database to compare threats.   
   >   ------------------------------------------------------------------------   
   >   KEY FEATURES   
   >   ------------------------------------------------------------------------   
   >   1. Downloads the latest KEV CSV file from GitHub   
   >      (or uses a local copy if configured)   
   >   2. Filters out irrelevant entries (e.g., smart appliances, printers, IoT)   
   >   3. Uses keyword matching & vendor-product logic to identify:   
   >       a. iOS-specific vulnerabilities   
   >       b. Android-specific vulnerabilities   
   >       c. Shared vulnerabilities affecting both platforms   
   >   4. Saves results to timestamped log files in a ./logs directory:   
   >       a. ios_matches_YYYYMMDD_HHMMSS.log   
   >       b. android_matches_YYYYMMDD_HHMMSS.log   
   >       c. shared_matches_YYYYMMDD_HHMMSS.log   
   >       d. kev_output_YYYYMMDD_HHMMSS.log (summary)   
   >   5. Outputs results to the console (with added platform-detection info)   
   >   6. Includes toggle to count or exclude macOS vulnerabilities   
   >   7. Designed for portability across Windows, macOS, & Linux   
   >   8. Designed for extensibility to hone the desired output data.   
   >   ========================================================================   
   >   Windows users can run kev.bat, but macOS & Linux users should follow   
   >   these instructions below to run kev.ps1 directly.   
   >   ========================================================================   
   >   ------------------------------------------------------------------------   
   >   REQUIREMENTS (PowerShell runs on Windows, macOS & Linux)   
   >   ------------------------------------------------------------------------   
   >   PowerShell Core (pwsh) must be installed   
   >         
   >   ------------------------------------------------------------------------   
   >   INSTALLATION   
   >   ------------------------------------------------------------------------   
   >    macOS:   
   >      $ brew install --cask powershell   
   >   
   >    Ubuntu/Debian:   
   >     $ sudo apt-get install -y powershell   
   >   
   >    Fedora/RHEL:   
   >     $ sudo dnf install -y powershell   
   >   ------------------------------------------------------------------------   
   >   USAGE   
   >   ------------------------------------------------------------------------   
   >   1. Open a terminal & navigate to the folder containing kev.ps1   
   >   2. Run the script using PowerShell Core:   
   >      $ pwsh ./kev.ps1   
   >   3. If you see an execution policy error, bypass it temporarily:   
   >      $ pwsh -Command "Set-ExecutionPolicy -Scope Process -ExecutionPolicy   
   Bypass"   
   >   ------------------------------------------------------------------------   
   >   OPTIONAL: Use Local CSV Instead of Downloading   
   >   ------------------------------------------------------------------------   
   >   To avoid downloading the KEV CSV every time:   
   >   
   >   1. Edit kev.ps1 & change:   
   >       $useLocalFile = $false   
   >      to:   
   >       $useLocalFile = $true   
   >   2. Place kev.csv in the same folder as kev.ps1   
   >   ------------------------------------------------------------------------   
   >   OUTPUT   
   >   ------------------------------------------------------------------------   
   >   Results will be saved in the ./logs directory:   
   >     a. ios_matches_YYYYMMDD_HHMMSS.log   
   >     b. android_matches_YYYYMMDD_HHMMSS.log   
   >     c. shared_matches_YYYYMMDD_HHMMSS.log   
   >     d. kev_output_YYYYMMDD_HHMMSS.log   
   >   ========================================================================   
   >   End of README.txt for kev.ps1, version 1.0   
   >   ========================================================================   
   >   
   >   
   >> I prefer open source, portable code like R. You can install R from here:   
   >> https://cran.r-project.org/   
   >   
   > From their FAQ:   
   >  "R is a system for statistical computation and graphics.   
   >   It consists of a language plus a run-time environment with graphics,   
   >   a debugger, access to certain system functions, and the ability to   
   >   run programs stored in script files."   
   >   
   > That works fine I'm sure.   
   >   
   > The real problem with parsing the CISA KEV database is how the database   
   > is organized. The organization is what's difficult about parsing it.   
   >   
   >> You can find my version of the code here (note the 'blob:' is a valid   
   >> part of the url):   
   >> blob:https://creativedemon.github.io/654c1274-4117-4e0b-adfb-48ca3dc38fa8   
   >   
   > I tried a couple of browsers and it said it didn't exist.   
   >   
   >> It reads the data and makes two plots. The general threat distribution   
   >> and the time-based comparison between iOS and Android (by best   
   >> approximation and given the significant caveats of CISA).   
   >   
   > I'm sure those plots are nice, and if I had wanted them, what I'd use is   
   > Python which would go something like this first version (needs improvement).   
   >   
      
   [continued in next message]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca