Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'static-analysis'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 1 result

  1. ApplicationInspector v1.0.24 Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does. Application Inspector is different from traditional static analysis tools in that it doesn’t attempt to identify “good” or “bad” patterns; it simply reports what it finds against a set of over 400 rule patterns for feature detection including features that impact security such as the use of cryptography and more. This can be extremely helpful in reducing the time needed to determine what Open Source or other components do by examining the source directly rather than trusting to limited documentation or recommendations. The tool supports scanning various programming languages including C, C++, C#, Java, JavaScript, HTML, Python, Objective-C, Go, Ruby, PowerShell and more and includes HTML, JSON and text output formats with the default being an HTML report similar to the one shown here. It includes a filterable confidence indicator to help minimize false positives matches as well as customizable default rules and conditional match logic. Goals Application Inspector helps inform you better for choosing the best components to meet your needs with a smaller footprint of unknowns for keeping your application attack surface smaller. It helps you to avoid inclusion of components with unexpected features you don’t want. Application Inspector can help identify feature deltas or changes between component versions which can be critical for detecting injection of backdoors. It can be used to automate detection of features of interest to identify components that require additional scrutiny as part of your build pipeline or create a repository of metadata regarding all of your enterprise application. Basically, we created Application Inspector to help us identify risky third party software components based on their specific features, but the tool is helpful in many non-security contexts as well. Application Inspector v1.0 is now in GENERAL AUDIENCE release status. Your feedback is important to us. If you’re interested in contributing, please review the CONTRIBUTING.md. Getting Application Inspector To use Application Inspector, download the relevant binary (either platform-specific or the multi-platform .NET Core release). If you use the .NET Core version, you will need to have .NET Core 3.0 or later installed. See the JustRunIt.md or Build.md files for help. It might be valuable to consult the project wiki for additional background on Rules, Tags and more used to identify features. Tags are used as a systematic heirarchal nomenclature e.g. Cryptography.Protocol.TLS to more easily represent features. Usage Application Inspector is a command-line tool. Run it from a command line in Windows, Linux, or MacOS. Examples: Command Help Usage: dotnet AppInspector.dll [arguments] [options] dotnet AppInspector.dll -description of available commands dotnet AppInspector.dll <command> -options description for a given command Analyze Command Usage: dotnet AppInspector.dll analyze [arguments] [options] Arguments: -s, --source-path Required. Path to source code to inspect (required) -o, --output-file-path Path to output file. Ignored with -f html option which auto creates output.html -f, --output-file-format (Default: html) Output format [html|json|text] -e, --text-format (Default: Tag:%T,Rule:%N,Ruleid:%R,Confidence:%X,File:%F,Sourcetype:%t,Line:%L,Sample:%m) -r, --custom-rules-path Custom rules path -t, --tag-output-only (Default: false) Output only contains identified tags -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -d, --allow-dup-tags (Default: false) Output only contains non-unique tag matches -c, --confidence-filters (Default: high,medium) Output only if matches rule pattern confidence [<value>,] [high|medium|low] -k, --include-sample-paths (Default: false) Include source files with (sample,example,test,.vs,.git) in pathname in analysis -x, --console-verbosity (Default: medium) Console verbosity [high|medium|low|none] -l, --log-file-path Log file path -v, --log-file-level (Default: Error) Log file level [Debug|Info|Warn|Error|Fatal|Off] Scan a project directory, with output sent to "output.html" (default behavior includes launching default browser to this file) dotnet AppInspector.dll analyze -s /home/user/myproject Add custom rules (can be specified multiple times) dotnet AppInspector.dll analyze -s /home/user/myproject -r /my/rules/directory -r /my/other/rules Write to JSON format dotnet AppInspector.dll analyze -s /home/user/myproject -f json Tagdiff Command Use to analyze and report on differences in tags (features) between two project or project versions e.g. v1, v2 to see what changed Usage: dotnet AppInspector.dll tagdiff [arguments] [options] Arguments: --src1 Required. Source 1 to compare (required) --src2 Required. Source 2 to compare (required -t, --test-type (Default: equality) Type of test to run [equality|inequality] -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low -l, --log-file-path Log file path -v, --log-file-level Log file level [error|trace|debug|info] Simplist way to see the delta in tag features between two projects dotnet AppInspector.dll tagdiff --src1 /home/user/project1 --src2 /home/user/project2 Basic use dotnet AppInspector.dll tagdiff --src1 /home/user/project1 --src2 /home/user/project2 -t equality Basic use dotnet AppInspector.dll tagdiff --src1 /home/user/project1 --src2 /home/user/project2 -t inequality TagTest Command Used to verify (pass/fail) that a specified set of rule tags is present or not present in a project e.g. user only wants to know true/false if crytography is present as expected or if personal data is not present as expected and get a simple yes/no result rather than a full analyis report. Note: The user is expected to use the custom-rules-path option rather than the default ruleset because it is unlikely that any source package would contain all of the default rules. Instead, create a custom path and rule set as needed or specify a path using the custom-rules-path to point only to the rule(s) needed from the default set. Otherwise, testing for all default rules present in source will likely yield a false or fail result in most cases. Usage: dotnet AppInspector.dll tagtest [arguments] [options Arguments: -s, --source-path Required. Source to test (required) -t, --test-type (Default: rulespresent) Test to perform [rulespresent|rulesnotpresent] -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: true) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low -l, --log-file-path Log file path -v, --log-file-level Log file level Simplest use to see if a set of rules are all present in a project dotnet AppInspector.dll tagtest -s /home/user/project1 -r /home/user/myrules.json Basic use dotnet AppInspector.dll tagtest -s /home/user/project1 -r /home/user/myrules.json -t rulespresent Basic use dotnet AppInspector.dll tagtest -s /home/user/project1 -r /home/user/myrules.json -t rulesnotpresent ExportTags Command Simple export of the ruleset schema for tags representing what features are supported for detection Usage: dotnet AppInspector.dll exporttags [arguments] [options] Arguments: -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low Export default rule tags to console dotnet AppInspector.dll exporttags Using output file dotnet AppInspector.dll exporttags -o /home/user/myproject/exportags.txt With custom rules and output file dotnet AppInspector.dll exporttags -r /home/user/myproject/customrules -o /hom/user/myproject/exportags.txt Verify Command Verification that ruleset is compatible and error free for import and analysis Usage: dotnet AppInspector.dll verifyrules [arguments] Arguments: -r, --custom-rules-path Custom rules path -i, --ignore-default-rules (Default: false) Ignore default rules bundled with application -o, --output-file-path Path to output file -x, --console-verbosity Console verbosity [high|medium|low Simplist case to verify default rules dotnet AppInspector.dll verifyrules Using custom rules only dotnet AppInspector.dll verifyrules -r /home/user/myproject/customrules -i Download & more info [Hidden Content]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.