Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked rips-0.51

sQuo

By ADMINsQuo
in Tools

 Share

Recommended Posts

sQuo Hacker

ADMINsQuo

Posted
Posted

This is the hidden content, please

 

Description

 

RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security (

This is the hidden content, please
).

 

Features

 

detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more

5 verbosity levels for debugging your scan results

mark vulnerable lines in source code viewer

highlight variables in the code viewer

user-defined function code by mouse-over on detected call

active jumping between function declaration and calls

list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer

graph visualization for files and includes as well as functions and calls

create CURL exploits for detected vulnerabilties with few clicks

visualization, description, example, PoC, patch and securing function list for every vulnerability

7 different syntax highlighting colour schemata

display scan result in form of a top-down flow or bottom-up trace

only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)

regex search function

 

This is the hidden content, please

Link to comment
Share on other sites
  • 1 month later...
Versus71 Aspiring Hacker

INACTIVE Versus71

Posted
Posted

update

 

RIPS v.0.53

 

[spoiler=ChangeLog] fixed bug where RIPS hangs on includes building a loop 1->2->3->1->2->3->1… (thanks to Michael Hoffmann)

fixed bug where RIPS string analyzer hangs on certain array keys coming from foreach statements (thanks to Ricky-Lee Birtles)

fixed bug where RIPS hangs on certain switch statements (thanks to Jay Bonci)

fixed bug with wrong brace wrapping for “case x;” instead of “case x:” statements

fixed bug with wrong brace wrapping when if-clause contains only 1 token or in a try/catch block

fixed bug with parameter count in interprocedural analysis

fixed bug with register_globals implementation and constants

fixed bug with tokenizing a do-while in a do-while

fixed bug with wrong boundary detection when a function is declared in another function

fixed bug with wrong file pointer of included files, improved include rate

added auto_prepend/append_file support, improved include_path support (thanks to Jay Bonci)

added support for func_get_args() and func_get_arg()

added support for alternative syntax for control structures (while(): … endwhile;)

added new sensitive sinks

added experimental option SCAN_REGISTER_GLOBALS (/config/general.php)

added parsing errors to verbosity level = debug, improved code stability

 

[spoiler=Interface] added stylesheet “print” (thanks to Kurt Payne)

added scrollbars to function code on mouseover

disabled graphs for large projects (>50 files) due to performance

improved output when a vulnerability is found multiple times (e.g. by multiple inclusion of a vulnerable file)

fixed bug with style of multiline comments in code viewer

optimized code viewer with file preview window

 

Download:

This is the hidden content, please

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.