RIPS – Beta

RIPS is a static source code analyser for vulnerabilities in PHP webapplications. It was released during the Month of PHP Security.[]

Platform : Windows & Unix/Linux


  • detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
  • 5 verbosity levels for debugging your scan results
  • mark vulnerable lines in source code viewer
  • highlight variables in the code viewer
  • user-defined function code by mouse-over on detected call
  • active jumping between function declaration and calls
  • list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer
  • graph visualization for files and includes as well as functions and calls
  • create CURL exploits for detected vulnerabilties with few clicks
  • visualization, description, example, PoC, patch and securing function list for every vulnerability
  • 7 different syntax highlighting colour schemata
  • display scan result in form of a top-down flow or bottom-up trace
  • only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)
  • regex search function

changelogs RIPS 0.51
– fixed bug with apache_setenv() for non-Apache webservers
– fixed bug in leakscan preloader


Download the latest .zip file
Extract the files to your local webservers docroot
Make sure your file permissions are set
Open your browser at http://localhost/rips-xx/
Read instructions on startpage and start scanning

Download latest version : (124.2 KB)
Find other version |
Read more in here :