挖掘PHP程序的漏洞工具 - RIPS

RIPS是一款不錯的靜態源代碼分析工具，主要用來挖掘PHP程序的漏洞。

主要特性:

• 檢測 XSS, SQLi, File disclosure, LFI/RFI, RCE漏洞等
• 5 verbosity levels for debugging your scan results
• mark vulnerable lines in source code viewer
• highlight variables in the code viewer
• user-defined function code by mouse-over on detected call
• active jumping between function declaration and calls
• list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer
• graph visualization for files and includes as well as functions and calls
• create CURL exploits for detected vulnerabilties with few clicks
• visualization, description, example, PoC, patch and securing function list for every vulnerability
• 7 different syntax highlighting colour schemata
• display scan result in form of a top-down flow or bottom-up trace
• only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)
• 正則表達式搜索功能
  

項目主頁：http://www.baiduhome.net/lib/view/home/1325600416187