RIPS user guide for fresh

最新推荐文章于 2024-08-19 09:51:56 发布

原创最新推荐文章于 2024-08-19 09:51:56 发布 · 361 阅读

0 ·

CC 4.0 BY-SA版权

SECURITY 专栏收录该内容

16 篇文章

订阅专栏

RIPS是一款用于PHP代码审计的安全扫描工具，自2013年起，开源版本RIPS0.5X不再更新，转而发展商业版本。RIPS能够检测包括代码执行、命令执行、跨站脚本等在内的多种漏洞，并提供详尽的漏洞描述、示例代码、PoC及补丁建议。其功能包括代码审计接口、漏洞统计、语法高亮、正则搜索等，采用静态代码分析方式，速度快且支持PHP特有行为。

RIPS download

NOTE: RIPS 0.5 development is abandoned since 2013 due to its fundamental limitations.

从2013年开始，RIPS 0.5X及以前的版本不会再支持；

代替的是使用商业版本：https://www.ripstech.com

demo 体验url: https://demo.ripstech.com/

RIPS 0.5X download link: http://rips-scanner.sourceforge.net/

demo:

Download + Installation

Install a local webserver parsing PHP files (should already be available if you develop PHP applications).
Download the latest version here.
Extract all files to your local webservers document root (e.g. /var/www/rips/)
goto http://localhost/rips/ and start scanning.

Features

vulnerabilities

Code Execution
Command Execution
Cross-Site Scripting
Header Injection
File Disclosure
File Inclusion
File Manipulation
LDAP Injection
SQL Injection
Unserialize with POP
XPath Injection
... other

code audit interface

scan and vulnerability statistics
grouped vulnerable code lines (bottom up or top down)
vulnerability description with example code, PoC, patch
exploit creator
file list and graph (connected by includes)
function list and graph (connected by calls)
userinput list (application parameters)
source code viewer with highlighting
active jumping between function calls
search through code by regular expression
8 syntax highlighting designs
... much more

static code analysis

fast
tokenizing with PHP tokenizer extension
taint analysis for 232 sensitive sinks
inter- and intraprocedural analysis
handles very PHP-specific behaviour
handles user-defined securing
reconstruct file inclusions
detect blind/non-blind exploitation
detect backdoors
5 verbosity levels
over 100 testcases
... much more