RIPS – A Static Code Analyzer tool

RIPS – A Static Code Analyzer tool

Source code analysis is the automated testing of source code for the purpose of debugging a computer program or application

Source code analysis can be done in two ways

  1. Static analysis
  2. Dynamic analysis

Static analysis: in this debugging is done by examining the code without actually executing the program

Dynamic analysis is the testing and evaluation of an application during runtime

RIPS – It is an open source tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

Main features of RIPS:

  • It is fast
  • Find vulnerabilities like Code Execution, XSS, SQL Injection, XPath Injection, File Manipulation etc.
  • Exploit creator
  • Vulnerability Description with example code, PoC, patch
  • Search through code by Regular Expression
  • Graph visualization for files and includes as well as functions and calls

More…

RIPS

Download Link:Here

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

10 + thirteen =