RIPS – A Static Code Analyzer tool
Source code analysis is the automated testing of source code for the purpose of debugging a computer program or application
Source code analysis can be done in two ways
- Static analysis
- Dynamic analysis
Static analysis: in this debugging is done by examining the code without actually executing the program
Dynamic analysis is the testing and evaluation of an application during runtime
RIPS – It is an open source tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.
Main features of RIPS:
- It is fast
- Find vulnerabilities like Code Execution, XSS, SQL Injection, XPath Injection, File Manipulation etc.
- Exploit creator
- Vulnerability Description with example code, PoC, patch
- Search through code by Regular Expression
- Graph visualization for files and includes as well as functions and calls