RIPS user guide for fresh

RIPS是一款用于PHP代码审计的安全扫描工具,自2013年起,开源版本RIPS0.5X不再更新,转而发展商业版本。RIPS能够检测包括代码执行、命令执行、跨站脚本等在内的多种漏洞,并提供详尽的漏洞描述、示例代码、PoC及补丁建议。其功能包括代码审计接口、漏洞统计、语法高亮、正则搜索等,采用静态代码分析方式,速度快且支持PHP特有行为。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

RIPS download

NOTE: RIPS 0.5 development is abandoned since 2013 due to its fundamental limitations.

从2013年开始,RIPS 0.5X及以前的版本不会再支持;

代替的是使用商业版本:https://www.ripstech.com

demo 体验url: https://demo.ripstech.com/

RIPS 0.5X download link: http://rips-scanner.sourceforge.net/ 

demo:

 

 

Download + Installation

  1. Install a local webserver parsing PHP files (should already be available if you develop PHP applications).
  2. Download the latest version here.
  3. Extract all files to your local webservers document root (e.g. /var/www/rips/)
  4. goto http://localhost/rips/ and start scanning.

Features

vulnerabilities

  • Code Execution
  • Command Execution
  • Cross-Site Scripting
  • Header Injection
  • File Disclosure
  • File Inclusion
  • File Manipulation
  • LDAP Injection
  • SQL Injection
  • Unserialize with POP
  • XPath Injection
  • ... other

code audit interface

  • scan and vulnerability statistics
  • grouped vulnerable code lines (bottom up or top down)
  • vulnerability description with example code, PoC, patch
  • exploit creator
  • file list and graph (connected by includes)
  • function list and graph (connected by calls)
  • userinput list (application parameters)
  • source code viewer with highlighting
  • active jumping between function calls
  • search through code by regular expression
  • 8 syntax highlighting designs
  • ... much more

static code analysis

  • fast
  • tokenizing with PHP tokenizer extension
  • taint analysis for 232 sensitive sinks
  • inter- and intraprocedural analysis
  • handles very PHP-specific behaviour
  • handles user-defined securing
  • reconstruct file inclusions
  • detect blind/non-blind exploitation
  • detect backdoors
  • 5 verbosity levels
  • over 100 testcases
  • ... much more

 

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值