Project RIPS v0.54 – Status

I just updated RIPS and fixed some JavaScript errors that came up due to the latest browser updates (thank you for the reports). You can download it here. Now the code viewer and other window features should work again. At the same time I am announcing that the current version of RIPS will not be enhanced. The current engine does not allow further enhancement and suffers from bad language parsing. This leads to an inacceptable rate of false positives. Further, the current engine can not be extended to support OOP.

The good news is that I have rewritten RIPS completely during the past 6 month during my final master thesis at the Ruhr-University Bochum. RIPS 1.0 now uses Abstract Syntax Trees, Control Flow Graphs, and Context-Sensitive String Analysis doing it the academic way ;). The result looks very promising, but its worthless to share any results/numbers without sharing the tool. It is still under development and a release date is unknown, but already in its current state it is way better than RIPS 0.5. In the end, full OOP support is planned. Any updates will be released here or via twitter.

The project continues … =)


9 Responses to Project RIPS v0.54 – Status

  1. Darrell says:

    It’s disappointing to not see a slew of positive comments/feedback on this post. Perhaps many people are just lurking, and watching. RIPS is a fantastic tool, thank you for your monumental efforts on this. Can’t wait to download and use v1.0

  2. Stuart says:

    Hi Hannes,

    Can’t wait to see the new version of RIPS 🙂 I hope it won’t be too much longer!


  3. Arjan says:

    I am eagerly awaiting to see what you have done with it, it sounds very promising and I look forward to using it. 🙂

  4. Tom says:

    Looking forward to updates. Enjoyed the academic-style article. Please let the community know how we can help.

  5. ryvan says:

    I am really in love with this tool,if there are any possibilities ,i wanna be a volunteer in developing any modules or add-ons,anything.Thanks ,awesome work.

  6. Sergei says:

    are there any news regarding release date of RIPS 1.0? I read your papers on PHP analysis and am very interested in exploring the tool that uses taint and AST as internal representation for PHP security analysis. Hope RIPS 1.0 will be released soon. Thanks!

  7. Jabberwock says:


  8. Reiners says:

    The new version will be available as a commercial product at

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: