{"id":37146464,"url":"https://github.com/polyverse/ropoly-cmd","last_synced_at":"2026-01-14T17:02:58.852Z","repository":{"id":57577546,"uuid":"343273418","full_name":"polyverse/ropoly-cmd","owner":"polyverse","description":"Tool replicating some of ropoly's functionality without a server","archived":false,"fork":false,"pushed_at":"2022-06-11T03:23:45.000Z","size":6402,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":7,"default_branch":"main","last_synced_at":"2024-06-20T09:17:55.903Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/polyverse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-01T03:01:42.000Z","updated_at":"2022-06-11T03:23:48.000Z","dependencies_parsed_at":"2022-09-11T22:51:26.859Z","dependency_job_id":null,"html_url":"https://github.com/polyverse/ropoly-cmd","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/polyverse/ropoly-cmd","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polyverse%2Fropoly-cmd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polyverse%2Fropoly-cmd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polyverse%2Fropoly-cmd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polyverse%2Fropoly-cmd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/polyverse","download_url":"https://codeload.github.com/polyverse/ropoly-cmd/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/polyverse%2Fropoly-cmd/sbom","scorecard":{"id":740593,"data":{"date":"2025-08-11","repo":{"name":"github.com/polyverse/ropoly-cmd","commit":"b33fc252b90776c60c92a0d2eba52f9ab7bb0cb1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":8,"reason":"binaries present in source code","details":["Warn: binary detected: TestFiles/loop:1","Warn: binary detected: TestFiles/ropoly:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating golang:1.16 to golang:1.16@sha256:5f6a4662de3efc6d6bb812d02e9de3d8698eea16b8eb7281f03e6f3e8383018e","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.1.2 not signed: https://api.github.com/repos/polyverse/ropoly-cmd/releases/48550832","Warn: release artifact v1.1.1 not signed: https://api.github.com/repos/polyverse/ropoly-cmd/releases/48260674","Warn: release artifact v1.1 not signed: https://api.github.com/repos/polyverse/ropoly-cmd/releases/48226984","Warn: release artifact v1.0.2 not signed: https://api.github.com/repos/polyverse/ropoly-cmd/releases/45511671","Warn: release artifact v1.0.1 not signed: https://api.github.com/repos/polyverse/ropoly-cmd/releases/43512206","Warn: release artifact v1.1.2 does not have provenance: https://api.github.com/repos/polyverse/ropoly-cmd/releases/48550832","Warn: release artifact v1.1.1 does not have provenance: https://api.github.com/repos/polyverse/ropoly-cmd/releases/48260674","Warn: release artifact v1.1 does not have provenance: https://api.github.com/repos/polyverse/ropoly-cmd/releases/48226984","Warn: release artifact v1.0.2 does not have provenance: https://api.github.com/repos/polyverse/ropoly-cmd/releases/45511671","Warn: release artifact v1.0.1 does not have provenance: https://api.github.com/repos/polyverse/ropoly-cmd/releases/43512206"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T17:19:16.626Z","repository_id":57577546,"created_at":"2025-08-22T17:19:16.626Z","updated_at":"2025-08-22T17:19:16.626Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28427182,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T17:02:57.931Z","updated_at":"2026-01-14T17:02:58.838Z","avatar_url":"https://github.com/polyverse.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# DEPRECATION NOTICE\n\nPlease note that this repository has been deprecated and is no longer actively maintained by Polyverse Corporation.  It may be removed in the future, but for now remains public for the benefit of any users.\n\nImportantly, as the repository has not been maintained, it may contain unpatched security issues and other critical issues.  Use at your own risk.\n\nWhile it is not maintained, we would graciously consider any pull requests in accordance with our Individual Contributor License Agreement.  https://github.com/polyverse/contributor-license-agreement\n\nFor any other issues, please feel free to contact info@polyverse.com\n\n---\n\n# polyverse/ropoly-cmd\n\n## Build instructions for Docker\n\n`build.sh` produces both a binary and a Docker image each called `ropoly-cmd`. The Docker image has the `ropoly-cmd`\nbinary and a directory `TestFiles` containing some simple fake fingerprints for testing the EQI calculation.\n\n## Usage\n\n`./ropoly-cmd \u003ccommand\u003e [flags]`\n\nSupported commands include `fingerprint` to generate a fingerprint from a binary and output it to stdout, and\n`eqi` to calculate an EQI from two fingerprints saved as files.\n\n## Fingerprints\n\nA fingerprint contains the gadgets (within a specified minimum and maximum length in instructions) taken from a binary.\nThe `fingeprint` command outputs a fingerprint as a JSON object, which if saved to a file can be used as input for the\n`eqi` command.\n\n## EQI\n\nA number between 0 and 100 inclusive representing the difference in gadgets between a modified binary and an original binary,\nwith 0 being the least different and 100 meaning that the two binaries share no gadgets whatsoever.\n\nBy default, EQI is calculated as the average of each of the original binary's gadgets' EQI contribution. For a gadget `g`\nsuch that the modified binary contains no identical gadget to `g`, `g`'s EQI contribution is 0. Otherwise, `g`'s EQI\ncontribution is calculated as `100 * (1 - (m/t))` where `t` is the total number of gadgets in the original binary and\n`m` is the size of the largest subset of gadgets from the original binary including `g` such that an offset `k` exists,\nsuch that for each gadget `h` in the subset, the modified binary contains an identical gadget offset by `k` bytes from\nits original location.\n\nYou can change the EQI calculation to one of several using the `--eqi-func` or `-f` flag.\n\n### `eqi-func` options\n\n`shared-offsets` Use the default calculation.\n\n`kill-rate` Use the percentage of gadgets from the original binary that exist at the same address in the modified binary.\n\n`kill-rate-without-movement` Use the percentage of gadgets whose byte sequences do not appear anywhere in the modified binary's executable segments.\n\n`highest-offset-count` Find the greatest number `n` of gadgets from the original such that an offset `k` exists and each gadget's byte sequence can be found in the modified binary at `gadget's original address`+`k`. Return 100*(1-`n`)/`total number of gadgets in original binary`.\n\n`monte-carlo` Optionally, the flags `--trials` and `--num-gadgets` can be supplied followed by non-negative integer values.\nTheir defaults are 10,000 and 3 respectively. Randomly selects `--num-gadgets` gadgets from the original binary, and checks\nwhether an offset `k` exists such that each gadget can be found in the modified binary at its original address + `k`.\nRepeats this test `--trials` times, and returns the percentage of tests in which no common offset was found.\n\n## Gadget definition\n\nA ROP gadget is a series of consecutive instructions (consecutive both in terms of address, and in the sense\nthat it must be possible to consecutively execute them starting from the first instruction) ending with a return,\nbut for our purposes gadgets are more broadly defined to also include series ending with certain jumps and syscalls.\nA gadget is defined by both the series of instructions and the address of the first instruction.\n\nA gadget's length is one less than the number of included instructions--a gadget consisting of only a return is a 0-length gadget.\nUsually only gadgets below a certain length are considered useful for attackers.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolyverse%2Fropoly-cmd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpolyverse%2Fropoly-cmd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpolyverse%2Fropoly-cmd/lists"}