RIPS is a static code analysis tool to automatically detect vulnerabilities in a PHP web application. By parsing all source files RIPS is able to transform PHP source code into a program model and detect the sensitive entry points, vulnerable functions which are exploitable with the user input during the program flow. It offers integrated code audit framework. The detection of the following vulnerabilities is supported by RIPS.


Server Side Vulnerabilities


  • Code execution
  • Command execution
  • File Disclosure
  • File Inclusion
  • File manipulation
  • LDAP Injection
  • PHP Object Injection
  • Protocol Injection
  • Reflection Injection
  • SQL Injection
  • XPath Injection

Client Side Vulnerabilities

  • Cross site scripting
  • HTTP Response splitting
  • Session Fixation

You can download the free version from here. To start with rips copy the rips folder into your XAMPP or WAMP servers htdocs. You’ll see the above window of it. To get started to locate your local PHP source code path/file, Choose the vulnerability type you want to scan. Check subdirs to include all sub directories into the scan. Enabling this option will improve the scan result. RIPS also contains Exploit Creator where you can enter exploit details and create PHP curl exploit code. Debug errors or improve your scan result by choosing a different verbosity level. You can click user input in the upper right to get a list of entry points, functions for a list and graph of all user defined functions or files for a list and graph of all scanned files and their includes. All lists are referenced to the Code Viewer. The next generation version offers functionalities like API/CLI support, Continues integration, the Export analysis in another format, issue review system, Vulnerability trends, offers real time results detects the latest threats and risks and supported vulnerabilities are above 40 which is only 15 in the free version.


Please enter your comment!
Please enter your name here