RIPS user guide for fresh

RIPS download

NOTE: RIPS 0.5 development is abandoned since 2013 due to its fundamental limitations.

从2013年开始，RIPS 0.5X及以前的版本不会再支持；

代替的是使用商业版本：https://www.ripstech.com

demo 体验url: https://demo.ripstech.com/

RIPS 0.5X download link: http://rips-scanner.sourceforge.net/ 

demo:

 

 

Download + Installation

1. Install a local webserver parsing PHP files (should already be available if you develop PHP applications).
2. Download the latest version here.
3. Extract all files to your local webservers document root (e.g. /var/www/rips/)
4. goto http://localhost/rips/ and start scanning.

Features

vulnerabilities

• Code Execution
• Command Execution
• Cross-Site Scripting
• Header Injection
• File Disclosure
• File Inclusion
• File Manipulation
• LDAP Injection
• SQL Injection
• Unserialize with POP
• XPath Injection
• ... other

code audit interface

• scan and vulnerability statistics
• grouped vulnerable code lines (bottom up or top down)
• vulnerability description with example code, PoC, patch
• exploit creator
• file list and graph (connected by includes)
• function list and graph (connected by calls)
• userinput list (application parameters)
• source code viewer with highlighting
• active jumping between function calls
• search through code by regular expression
• 8 syntax highlighting designs
• ... much more

static code analysis

• fast
• tokenizing with PHP tokenizer extension
• taint analysis for 232 sensitive sinks
• inter- and intraprocedural analysis
• handles very PHP-specific behaviour
• handles user-defined securing
• reconstruct file inclusions
• detect blind/non-blind exploitation
• detect backdoors
• 5 verbosity levels
• over 100 testcases
• ... much more