RIPS static source code analyser

RIPS is a static source code analyser and is one awesome piece of coding by @fluxreiners. Use it now to scan your PHP files for vulnerabilities. It can detect XSS, SQLi, File disclosure, LFI/RFI, RCE and lots more and it’s free. I’m downloading the current version now 0.52, so should you!

5 Responses to “RIPS static source code analyser”

  1. Petah writes:

    It doesn’t even do OO, whats the point.

  2. Gareth Heyes writes:

    Request the feature or add it yourself or whine to me about it I’m sure that will help a lot.

  3. Chris writes:

    This tool is quite useless. Developers who would benefit from this tool, would never write non-object-oriented code in a system large enough to require such an audit. And developers who only write procedural code would not know what to do with this information.

  4. Gareth Heyes writes:


    The version is 0.5, it’s still in beta and it’s free software. To say that it’s useless just because it doesn’t work with some code you scanned it with is greater than harsh it’s insulting to the hard work Johannes has put into the project.

    What I don’t understand about both of you getting a free lunch of this software is you are so willing to criticize it rather than help out. If it doesn’t do OO code then help out, it’s easy if it means so much to you then you can help build it.

    I would also like to point out Johannes is one of the most skilled people I know about SQLi and he should be encouraged to share his skills with the world not criticized because of a narrowed minded view of how people construct web sites.

    OO coding has nothing to do with the size of a project, it’s perfectly fine to use procedural code with a large project. I’ve used both in my experience of a web developer and it’s a matter of personal taste rather than a requirement to use OO.

    I hope Johannes isn’t put off by these negative comments because the code rocks and yes it doesn’t support OO but we can all help with that. I approve all the comments in my blog even if some of them I don’t agree with which is definitely the case here.

  5. Gareth Heyes writes:

    Did you try running on www-framework btw? I recommend you do.