RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis. RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.
Features
scan and vulnerability statistics
grouped vulnerable code lines (bottom up or top down)
vulnerability description with example code, PoC, patch
exploit creator
file list and graph (connected by includes)
function list and graph (connected by calls)
userinput list (application parameters)
source code viewer with highlighting
active jumping between function calls
search through code by regular expression
8 syntax highlighting designs
Code Execution
Command Execution
Cross-Site Scripting
Header Injection
File Disclosure
File Inclusion
File Manipulation
LDAP Injection
SQL Injection
Đăng nhận xét Blogger Facebook