Vulnerability scanners – is there any open source or commercial tool from desktop / standalone app scan to detect vulnerabilities?

We have been scanning the web app for the top 10 OWASP vulnerabilities using App Scan or Burp and now we need to do a similar scan for desktop or standalone apps.

Are there any open source or commercial tools for scanning desktop / standalone application vulnerabilities?

Please note that the requirement is DO NOT to do static code analysis / pen test / manual app test etc, so kindly exclude from the suggestions

python 3.x: a standalone parser generator implementation

This is a recreational project, I was trying to make a parser generator with a grammar inspired by: https://docs.python.org/3/reference/grammar.html

Unfortunately, understanding that the grammar-specific syntax (meta-grammar?) Ended up being a lot more difficult than I expected, so I ended up creating mine.

I call it KiloGrammar (sorry for the bad pun).

It ended up being very different from what I was planning, but it seems to get the job done.
It actually describes a stack machine and Turing is probably complete, although I didn't have time to try implementing something like rule 110 to verify it.

Here is a snippet from a grammar for parsing simple mathematical expressions:

# this grammar parses simple math expressions like: a + 10 * (8 + 5)

token var "(A-Za-z)+"
token int "-?(0-9)+"
token float "-?(0-9+)+.(0-9)+"
token whitespace "( s)+"
keyword "("
keyword ")"
keyword "+"
keyword "-"
keyword "*"
keyword "/"

shorthand "NUMBER" "int|float|var"
shorthand "EXPRESSION" "MATH_NODES|NUMBER"
shorthand "MATH_NODES" "ADD|SUB|MUL|DIV"
shorthand "operation" "+|-|*|/"

rule ignore_whitespace (whitespace)
    pop(1)

rule math_priority (ADD|SUB, *|/, EXPRESSION)
    pop(3); push((0)(1), (0)(0), (0)(2), (1), (2))

rule math (EXPRESSION, operation, EXPRESSION)
    pop(3)
    push(node(
            pick_name((1),
            operation,
            MATH_NODES),
         (1),
         (0),
         (2)))

rule parenthesis ("(", EXPRESSION, ")")
    pop(3); push((1))

The full implementation can be found here:
https://github.com/jeacom25b/KiloGrammar

you can run it using: python kilogrammar.py some_input_grammar.txt -compile > output_parser.py

To test your new analyzer just python output_parser.py some_input.txt -color you should print a syntax tree.

or to see the syntax tree that is being built: python output_parser.py some_input.txt -interactive -color

also works for itsel parser generator: python kilogrammar.py some_input_grammar.txt -interactive -color

Although I thought it was a toy project and had no idea what it was doing, I would like to know what you think about its usability and quality, especially about the metagram (?) Used by it.

oracle: what license should i use for SQL Server as a standalone developer?

I have seen that for SQL Server, there is a developer license that is free.
Apparently it can be used for all environments that are for development or testing, but not for production environments or for use with production data.

What I want to know is what license would I need as a freelance developer to be able to use Sql Server Management Studio to connect to a production server (as well as development / test servers of course) from my client. My client would be the one who needs the standard or enterprise license for their production server, but what about me as a developer?
What license do I need and for what price?
Or, if the license is expensive, what software could you use that is free and performs the same functionality (globally) as Sql Server Management Studio?

Also, comparatively, what is the software used for Oracle databases and what are the required licenses (and their prices)?

networks – Wifi router: stand-alone desktop

I am updating my desktop computer (which is mainly used as a file / plex / torrent / video encoding / pihole server). The motherboard I bought (Gigabyte Aorus Elite WIFI) comes with WIFI. I am not sure why a motherboard needs WIFI. Should I configure my desktop to be my Wi-Fi router instead of using my existing independent one?

If yes, what is the recommended way to implement?

I have never seen this in a business environment, I usually use Cisco products, so I wonder if there is a reason why this should not be done.

Pros:

  • Best Performance?
  • Better security?
  • VPN capability

Cons:

  • If the computer fails, I lose my network
  • Less safe? Ethernet goes directly to the computer instead of through another device. Could sandbox ethernet to VM or configure on another computer
  • Could the radio be less powerful? although I could buy another

Background:

Currently, my Internet connects from my cable modem to a TPLink Archer C9 802.11ac router. My desktop computer is connected by gigabit ethernet to the router. The desktop computer runs Windows 10. I rarely use it interactively and mainly use it as a file / torrent / video encoding server. I also have a ubuntu virtual machine that runs pihole and plex. My main computer is a Windows 10 laptop connected below via Wi-Fi. The main reason I run Windows on the desktop is to facilitate connectivity for file sharing. On the ground floor, I have a Tenda AC15 802.11ac connected to the TPLink. I have an HTPC and a connected printer. The HTPC also acts as a backup server for the main desktop. Recently I received a ROKU that connects directly to the TPLink. So, I can decide to get rid of the HTPC, replace it with an old laptop and connect via Wi-Fi directly to the TPLink. That only leaves the printer for which I can also find some Wi-Fi solution. Then I can get rid of the secondary wifi access point.

How does YouTrack Standalone work?

I know the version of YouTrack InCloud is on a specific website, but what about YouTrack Standalone? Do you need it to run on your own server?

terminal – Shell variables in the bash script standalone application

I have a bash script that mounts a fuse file system created with the borg backup tool. Mounting the file system requires a passphrase. The borg mount command allows you to read the passphrase of an export in my shell script. So, the first two lines of my script are something like

#!/bin/bash
export BORG_PASSPHRASE='mypassphrase'

Then mount the file system with the mount command

borg mount user@server:/mntpoint::backup_repository /localmntpoint

The script works perfectly well. However, I would like to create a separate application that runs this script. Then I called the Borg script and created a Borg.app directory that contains Content and MacOS as subdirectories and in MacOS I put the Borg shell script. This seems to be the usual way to convert a shell script into a clickable application. I am aware that one can click on the shell script and a terminal will activate and execute the script. I prefer the other option.

Unfortunately, nothing happens when I click on my Borg.app. I suspect that the problem is the export command at the beginning, which is somehow lost by the mount command in this configuration.

Any help to solve this is greatly appreciated.

compile: MWE to compile functions in standalone DLL and call them in Python?

I have read calling a compiled-dll-from-outside-Mathica function and the CodeGeneration tutorial and scanned other related questions too numerous to mention, but I am still not sure how to generate a DLL that contains one or more compiled functions that I can call Python

The functions in question take as parameters 1, 2 or matrices valued in 3D and several int / real scalars, and can also return matrices, multiple values ​​(for assignment to multiple variables in Python).

(I also looked at pjlink @ b3m2a1, but I was worried about overhead costs since the compiled functions will be used to a large extent, and then I noticed that WolframClientForPython replaced it; I installed it anyway with pip but then I noticed that it says it requires Wolfram Language 11.3 or higher, unfortunately I only have MMA 11.0.1, is that an absolute prerequisite or a recommendation? To update It seems absolute: the evaluation generated an error

WolframKernelException: could not communicate with the kernel: C: Program Files Wolfram Research Mathematica 11.0 WolframKernel.exe

)

Since my compilation and C skills are insignificant, and my ignorance of executables, shells, etc. Windows is huge, can anyone provide me or direct me to a minimum working example of: compiling> 2 of such functions in a DLL for the environment below?

The functions in question are compiled in C, do not call MainEvaluate and have been used successfully within MMA, I just need to reuse them in a Python environment.

Environment: MMA 11.0.1.0; Win 10 64 bits, VS Studio 2017, Python 3.6 / 7, Jupyterlab front-end.

Although useless by themselves, here are examples of the definitions of compiled functions

pearsonRtoRefVector = Compile({{dataVec, _Real,1}, {corrVecLen, _Integer},{corrVecMean, _Real}, {corrVecMeanDiffs, _Real, 1}, {corrVecMeanDiffsSquaredSummed, _Real}}, 
Module(
    {dataVecLen,dataVecMean, dataVecMeanDiffs,dataVecMeanDiffsSquaredSummed},
    dataVecLen = Length(dataVec);
    If(dataVecLen !=corrVecLen,
        -11, (* just a number that is not in the range(-1,1) *)
        dataVecMean = Last(Accumulate(dataVec))/dataVecLen;
        dataVecMeanDiffs= dataVec - dataVecMean;
        dataVecMeanDiffsSquaredSummed = dataVecMeanDiffs.dataVecMeanDiffs;
        If(dataVecMeanDiffsSquaredSummed <= 2.2250738585072014`*^-308 (*$MinMachineNumber*), (* 2019-06-04 Why not just Chop, which is compilable *)
           0, (* clamp value to zero for effectively zero floats - can increase the size of "effectively zero" as required *)
           dataVecMeanDiffs.corrVecMeanDiffs/(Sqrt(dataVecMeanDiffsSquaredSummed)*Sqrt(corrVecMeanDiffsSquaredSummed))
        )
    )
), CompilationTarget -> "C", "RuntimeOptions" -> "Speed");

(* COMPILATION TESTED OK 2017-02-12 Needed "InlineExternalDefinitions"(Rule)True *)
(* It is assumed the following have been precomputed: the common correlation vector, vOscTable... 
   To see the effect of the Vosc table (which is assumed to have the right dimensions) pass a table filled with zeroes 
   Recall  that vOscTable has n columns and nc rows, i.e. indexes as ((nc, n))*)
buildTAMSDTable = 
    Compile({{aPQTable, _Real, 3},{gCorrVecLen, _Real}, {gCorrVecMean, _Real}, {gCorrVecMeanDiffs, _Real, 1}, {gCorrVecMeanDiffsSquaredSummed, _Real},{aVoscTable, _Real, 2}}, 
        Module({pTable, qTable, ps, qs, pDiffs, qDiffs, bigN, intNcut,n,nc,cs,commonPQDims},
            pTable = aPQTable((1));
            qTable = aPQTable((2));
            commonPQDims = Dimensions(pTable);
            nc = commonPQDims((1)); (* #random c values = ((1)) because I am working on one of the translation variable sub-tables extracted *)
            bigN = Last(commonPQDims); (* Number of points in data series *)
            intNcut = IntegerPart(bigN/10);

            Table( (* Outer Table makes a vector of the correlations, but built-in Correlation is not compilable :( *)
                pearsonRtoRefVector(
                    Table( (* This makes the mean squared deviations for correlation *) 
                        ps = pTable((cs)); (* Take one set of p values for the series *)
                        qs = qTable((cs)); (* Take one set of q values for the series *)
                        pDiffs = Take(ps, n - bigN) - Take(ps, bigN - n); (* Calc the p diffs *)
                        qDiffs = Take(qs, n - bigN) - Take(qs, bigN - n); (* Calc the q diffs *)
                        (1/(bigN - n) (pDiffs.pDiffs + qDiffs.qDiffs)) - aVoscTable((cs, n)), (* The Mean of squared diffs summed - Vosc Continue to be wary of Vosc index order - ok but you never know!   *)
                        {n, 1, intNcut}), 
                    gCorrVecLen,gCorrVecMean,gCorrVecMeanDiffs,gCorrVecMeanDiffsSquaredSummed),
                {cs,1,nc})
        ),
       CompilationTarget -> "C", "RuntimeOptions" -> "Speed", CompilationOptions->{"InlineCompiledFunctions"->True, "InlineExternalDefinitions"->True});

Windows application – CLO Standalone 5.1.320.44124 (x64) Multilingual | NulledTeam UnderGround

File size: 1.5 GB

Check changes instantly, as any modification of 2D patterns, colors, textures and finishing details are simulated immediately.

Improve the quality of the designs by verifying the silhouette and adjusting before in the development process, allowing sample time for refinement before completion.
Easy to use
Visualize your designs with just a few clicks! Users of any skill level or specialty can easily become familiar with our simple and intuitive interface. Learn how to use CLO online with regularly updated video and tutorial resources.
Evolve how you design
Reduce design preparation time and immerse yourself in the design process immediately with prepared blocks. Quickly draw new designs directly on your Avatar and automatically generate pattern pieces.
Precise materials
CLO can accurately emulate curtain-sensitive fabrics, such as lightweight fabrics and shirts with various material properties. Access the complete CLO library of commonly used fabrics to immediately see design ideas. Finishing techniques, such as coatings, sewing tape and steam, can be applied and removed as necessary to adjust the fit of 3D garments.
Aerodynamic process
Explore endless possibilities at zero cost with the ability to create unlimited graphic locations, color combinations and designed print designs. Eliminate unnecessary physical sampling and shipping costs by seeing all changes immediately in 3D samples. Get ahead of the cost calculation process by finishing styles well ahead of regular production deadlines.
Final style
Show your 3D clothes in many ways with our natural simulation environment. Fold and hang 3D garments to create retail environments, and check the big picture by marketing your collection.
New features:
GPU simulation
Scale simulation speed up to 20 times with GPU.
Avatar size editor
Since the CLO avatar size editor works with thousands of real body scanned data, body parts not assigned by users are also automatically adjusted based on actual data to generate realistic body shapes.
Convert custom body scan to CLO Avatar
Convert custom body scans such as dummies and bodies to CLO Avatar. Poses and accessories such as hair and shoes provided in CLO can be used with custom converted bodies.
CLOSET Tech Pack
Upload a 3D garment to CLOSET and extract its technological package.
Brightness and light material
Express brightness with various particle densities and colors. Use objects and clothes as supplementary lights.
Enhanced Rendering Environment
Three-point lights are added in addition to the original ceiling light. Adjust each of your forces and locations to render 3D garments in a more realistic and dramatic way.
Take a dramatic photo with an advanced camera that supports IOS editing, Focus Distance and Image Pending.
Export garment information with API
Develop features to selectively export the 3D Garments BOM information needed for production using the CLO API.
Enhanced Rating
Copy and paste the qualification rules from one point to another. The rating remains when multiple patterns are merged. Graduated patterns can be easily observed with colored dots.
Notch improved
The notches now appear both in the contours of the pattern and in the seam allowances. The length of the notch can now be edited.
Rule and guidelines
Organize 2D elements precisely with the ruler and guidelines.
Enhanced Link
The length and thickness of binding can now be edited.
Align grain lines parallel to segments
Align the grain lines parallel to the designated segments.
Randomly colored surface
Easily distinguish patterns with random colored surface.
[Fixed] Error blocking or freezing the program when loading a project file after changing shoes or hair for avatars.
[Fixed] Shock that occurs when using the Slash and Spread tool for patterns with seam lines.
[Fixed] Unstable collision problem of settings such as buttons when Layer is applied to patterns.
[Fixed] A problem in which a file does not open when you double-click the ZPAC / ZPRJ file while the program is running on Mac.
[Fixed] Occasional accident that occurs when pausing the rendering or interactive rendering.

TO DOWNLOAD
nitroflare

Unit gets component by launching NullReferenceException only in standalone compilation

I have a very frustrating problem with GetComponent().

private void Show()
{
    var transition = GetComponent();

    Debug.Log($"Transition: {transition}");
    transition?.FadeIn();
}

In the editor, this works fine. transition It is not null and FadeIn() is called. In independent construction, GetComponent() returns null, throws a NullReferenceException, and execution stops before you can print transition to the console

This is the result of the log file.

Uploading Crash Report
NullReferenceException
  at (wrapper managed-to-native) UnityEngine.Component.get_gameObject(UnityEngine.Component)
  at UnityEngine.Component.GetComponentInChildren (System.Type t, System.Boolean includeInactive) (0x00001) in :0 
  at UnityEngine.Component.GetComponentInChildren(T) (System.Boolean includeInactive) (0x00001) in :0 
  at Winglett.RR.UI.Gradient.Show () (0x00001) in /Users/redacted/Documents/repos/radical-relocation/Assets/_Core/Scripts/UI/Gradient.cs:63 
  at (wrapper delegate-invoke) .invoke_void()
  at Winglett.RR.Gameplay.GameState.SetPause () (0x00001) in /Users/redacted/Documents/repos/radical-relocation/Assets/_Core/Scripts/Gameplay/GameState.cs:46 
  at Winglett.RR.Gameplay.GameState.SetPause_STATIC () (0x00000) in /Users/redacted/Documents/repos/radical- relocation/Assets/_Core/Scripts/Gameplay/GameState.cs:70 
  at Winglett.RR.UI.Wrapper.SetGameStatePause () (0x00000) in /Users/redacted/Documents/repos/radical-relocation/Assets/_Core/Playground/ui/Wrapper.cs:27 
  at UnityEngine.Events.InvokableCall.Invoke () (0x00011) in :0 
  at UnityEngine.Events.UnityEvent.Invoke () (0x00023) in :0 
  at Winglett.RR.Utils.ESCButton.Update () (0x00026) in /Users/redacted/Documents/repos/radical-relocation/Assets/_Core/Scripts/Utilities/Other/ESCButton.cs:21 

I was wondering if the problem could be because the object of the game is disabled. So i tried GetComponentInChildren(true); where true is an overload for inactive game objects. This did not change anything.

Host a standalone web application .Net Core

We have created a .Net Core web application and we are implementing it as an independent exe. The main reason to implement it independently was not to depend on the version of .Net Core installed on the target server. We will create many instances of these environments.

This web application will act as a service for a client web application; It is essential that the service application is active.

The question I have is: in addition to calling Process.Start () from the dependent web application and perhaps monitoring its status, is there a more appropriate way to host this exe?

Thank you!