sQuo Posted February 5, 2012 Share Posted February 5, 2012 This is the hidden content, please Sign In or Sign Up Description RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security ( This is the hidden content, please Sign In or Sign Up ). Features detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more 5 verbosity levels for debugging your scan results mark vulnerable lines in source code viewer highlight variables in the code viewer user-defined function code by mouse-over on detected call active jumping between function declaration and calls list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer graph visualization for files and includes as well as functions and calls create CURL exploits for detected vulnerabilties with few clicks visualization, description, example, PoC, patch and securing function list for every vulnerability 7 different syntax highlighting colour schemata display scan result in form of a top-down flow or bottom-up trace only minimal requirement is a local webserver with PHP and a browser (tested with Firefox) regex search function This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Versus71 Posted March 24, 2012 Share Posted March 24, 2012 update RIPS v.0.53 [spoiler=ChangeLog] fixed bug where RIPS hangs on includes building a loop 1->2->3->1->2->3->1… (thanks to Michael Hoffmann) fixed bug where RIPS string analyzer hangs on certain array keys coming from foreach statements (thanks to Ricky-Lee Birtles) fixed bug where RIPS hangs on certain switch statements (thanks to Jay Bonci) fixed bug with wrong brace wrapping for “case x;” instead of “case x:” statements fixed bug with wrong brace wrapping when if-clause contains only 1 token or in a try/catch block fixed bug with parameter count in interprocedural analysis fixed bug with register_globals implementation and constants fixed bug with tokenizing a do-while in a do-while fixed bug with wrong boundary detection when a function is declared in another function fixed bug with wrong file pointer of included files, improved include rate added auto_prepend/append_file support, improved include_path support (thanks to Jay Bonci) added support for func_get_args() and func_get_arg() added support for alternative syntax for control structures (while(): … endwhile;) added new sensitive sinks added experimental option SCAN_REGISTER_GLOBALS (/config/general.php) added parsing errors to verbosity level = debug, improved code stability [spoiler=Interface] added stylesheet “print” (thanks to Kurt Payne) added scrollbars to function code on mouseover disabled graphs for large projects (>50 files) due to performance improved output when a vulnerability is found multiple times (e.g. by multiple inclusion of a vulnerable file) fixed bug with style of multiline comments in code viewer optimized code viewer with file preview window Download: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts