挖掘PHP程序的漏洞工具 - RIPS

     <p>RIPS是一款不错的静态源代码分析工具，主要用来挖掘PHP程序的漏洞。</p>    <p></p>    <h2>主要特性:</h2>    <ul class="features">     <li>检测 XSS, SQLi, File disclosure, LFI/RFI, RCE漏洞等</li>     <li>5 verbosity levels for debugging your scan results</li>     <li>mark vulnerable lines in source code viewer</li>     <li>highlight variables in the code viewer</li>     <li>user-defined function code by mouse-over on detected call</li>     <li>active jumping between function declaration and calls</li>     <li>list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer</li>     <li>graph visualization for files and includes as well as functions and calls</li>     <li>create CURL exploits for detected vulnerabilties with few clicks</li>     <li>visualization, description, example, PoC, patch and securing function list for every vulnerability</li>     <li>7 different syntax highlighting colour schemata</li>     <li>display scan result in form of a top-down flow or bottom-up trace</li>     <li>only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)</li>     <li>正则表达式搜索功能<br /> </li>    </ul>    <p><strong>项目主页：</strong><a href="http://www.open-open.com/lib/view/home/1325600416187" target="_blank">http://www.open-open.com/lib/view/home/1325600416187</a></p>