RIPS download
NOTE: RIPS 0.5 development is abandoned since 2013 due to its fundamental limitations.
从2013年开始,RIPS 0.5X及以前的版本不会再支持;
代替的是使用商业版本:https://www.ripstech.com
demo 体验url: https://demo.ripstech.com/
RIPS 0.5X download link: http://rips-scanner.sourceforge.net/
demo:
Download + Installation
- Install a local webserver parsing PHP files (should already be available if you develop PHP applications).
- Download the latest version here.
- Extract all files to your local webservers document root (e.g. /var/www/rips/)
- goto http://localhost/rips/ and start scanning.
Features
vulnerabilities
- Code Execution
- Command Execution
- Cross-Site Scripting
- Header Injection
- File Disclosure
- File Inclusion
- File Manipulation
- LDAP Injection
- SQL Injection
- Unserialize with POP
- XPath Injection
- ... other
code audit interface
- scan and vulnerability statistics
- grouped vulnerable code lines (bottom up or top down)
- vulnerability description with example code, PoC, patch
- exploit creator
- file list and graph (connected by includes)
- function list and graph (connected by calls)
- userinput list (application parameters)
- source code viewer with highlighting
- active jumping between function calls
- search through code by regular expression
- 8 syntax highlighting designs
- ... much more
static code analysis
- fast
- tokenizing with PHP tokenizer extension
- taint analysis for 232 sensitive sinks
- inter- and intraprocedural analysis
- handles very PHP-specific behaviour
- handles user-defined securing
- reconstruct file inclusions
- detect blind/non-blind exploitation
- detect backdoors
- 5 verbosity levels
- over 100 testcases
- ... much more