Saturday, August 14, 2010

Released RIPS version 0.32

RIPS - A static source code analyser for vulnerabilties in PHP scripts
RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security (

RIPS is written in PHP itself and can be controlled by a webinterface
Some features:
* detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
* 5 verbosity levels for debugging your scan results
* mark vulnerable lines in source code viewer
* highlight specific variables in source code viewer
* user-defined function code by mouse-over on detected call
* list of all user-defined functions and program entry points (user input) connected to the source code viewer
* create CURL exploits for detected vulnerabilties with few clicks
* 7 different syntax highlighting colour schemata
* only minimal requirement is a local webserver with PHP and a browser (tested with Opera and Firefox)


No comments: