One month ago my static source code analyser for vulnerabilities in PHP scripts called "RIPS" has been released during the MOPS and I haven't announced it at sla.ckers yet. You can find a small paper about it here, a blogpost here and the open source files over here. I recommend to read about the limitations before firing RIPS at big code trees like wordpress and expecting too much ;)

Here are some features:

* detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
* 5 verbosity levels for debugging your scan results
* mark vulnerable lines in source code viewer
* highlight specific variables in source code viewer
* user-defined function code by mouse-over on detected call
* list of all user-defined functions and program entry points (user input) connected to the source code viewer
* create CURL exploits for detected vulnerabilties with few clicks
* 7 different syntax highlighting colour schemata
* only minimal requirement is a local webserver with PHP and a browser (tested with Opera and Firefox)

RIPS is written in PHP itself and can be controlled by a webinterface:



Unlike other static code analyser RIPS tries to not only point out vulnerable lines but also to actively assist in reviewing the vulnerability. I constantly try to improve RIPS and just released a new version (0.31) but keep in mind it is still beta. Since it is open source I hope to find some guys giving feedback, ideas, code snippets or anything else that helps improving this tool.

If you want to help here is what you could be interested in:

PHP developer:
- check detection of PHP characteristics
- improve scanner code
- improve scanner performance
- e.g.: would it be nicer to handle the config by XML without decreasing performance?

PHP security enthusiast:
- check potentially vulnerable functions (PVF) list
- check vulnerability detection
- e.g.: does it find backticks?

interested in automatic code analysation:
- check efficency
- model improvement (inter-procedual, data-flow, etc)

JavaScript enthusiast:
- improve JS code
- add new JS code
- e.g.: I want to add window resizing, the smaller the code the better

Designer:
- edit/add some cool code highlighting schemata (CSS)
- change the whole RIPS design?

Or just feel free to use it of course! :)

I did you a logo because I think your project is cool :)



------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 2 time(s). Last edit at 07/05/2010 09:33AM by Gareth Heyes.

hey very nice, thank you very much!! :) I added it as sourceforge project logo and will include to the webinterface in the next release !

Here's what I use: http://www.skyphire.nl/dll/fuzzing/suigenchi.txt

No longer maintained though.

released version 0.32

changelog and files: http://sourceforge.net/projects/rips-scanner/files/

A lot more documentation and description has been added, so if you had problems understanding what RIPS does you may enjoy the new version a bit more. Also, if you have been confused by the inverted code trace you can now choose to display the code trace top-down.

thanks again gareth for the logo =)

released version 0.33.

Especially the code viewer has been improved (variable highlighting, drag+dropable, resizeable window, active jumping between function calls and declarations) and is not only good for analyzing vulnerabilities manually but also for understanding foreign code quickly.
also a lot of new features like statistics, a regex search option and a help option (with description, example PoC, patch suggestion) have been added.

full changelog and files: http://sourceforge.net/projects/rips-scanner/files/

released version 0.40.
download: http://sourceforge.net/projects/rips-scanner/files/
project status with screenshots: https://websec.wordpress.com/2011/06/04/project-rips-status/

man good job on the tool. it helped a lot.

hi, glad you like it. btw, version 0.51 is already shipped
https://websec.wordpress.com/2011/12/31/project-rips-v0-50-status/

This really helps in source code review, thanks for this reiner.