Tools no image

Published on January 2nd, 2012 | by MaxiSoler


RIPS – PHP Scanner v0.50 Released

RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security (www.php-security.org).

Changelog v0.50

Code analysis:

  • added about 30 new sensitive sinks and some new userinput functions
  • RIPS now traces codeblocks, not lines anymore
  • – code in one line without whitespaces (“obfuscated”) is now possible to analyse
  • – this also fixes several known bugs
  • RIPS now handles arrays and its keys a lot more accurate
  • – arrays are handled as variables with saved keys
  • – dynamic key values are resolved
  • – this also fixes several known bugs
  • RIPS is now recoded object oriented
  • – structure is better
  • – code easier to understand
  • fixes bug when an old define is overwritten by a new one
  • ignores “@” for correct detection of connected tokens
  • added leakscan: trace if return value of tainted sensitive sink is echo’d (non-blind/blind exploitation)
  • fixed lots of securing detection bugs
  • automatically scans for register_globals implementation (extract, parse_str, $$key = $value, import_request_variables, etc.)
  • lots of new testcases added and fixed
  • improved reconstruction of file names to be included
  • set_time_limit is set to 0 now


  • included SaveGraph patch
  • added preloader information about current scanning status (thanks for the input, Michael Hoffmann)
  • added links to the stats window to other windows
  • fixed bug with color highlighting in regex search results
  • improved jumping between functions in scan result
  • moved http response splitting to clientside vulnerability list

Download RIPS v0.50

Tags: , , , ,

About the Author

www.artssec.com @maxisoler

Back to Top ↑