This little tool scans PHP Scripts for potential vulnerable PHP functions and then traces back its parameters. With this you can easily see if a parameter of a vulnerable function comes from userinput. Additionally PHP Scanner allows you to mark those lines in the source (bottom frame) and build custom CURL code to exploit the issues found.
(new and open source version: see RIPS)
RIPS – A static source code analyser for vulnerabilities in PHP scripts
Finally I improved the code from my old PHP Scanner and the new tool called RIPS was released during the Month of PHP Security. RIPS is open source and freely available at http://sourceforge.net/projects/rips-scanner/.
- detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
- 5 verbosity levels for debugging your scan results
- mark vulnerable lines in source code viewer
- user-defined function code by mouse-over on detected call
- list of all user-defined functions and program entry points (user input) connected to the source code viewer
- create CURL exploits for detected vulnerabilties with few clicks
- 7 different syntax highlighting colour schemata
- only minimal requirement is a local webserver with PHP and a browser (tested with Opera and Firefox)
Please note that due to its missing support of OOP code and data flow analysis, the development was abandoned in 2013 and a complete new generation was developed that is available at RIPS Technologies.