RIPS - A static source code analyser for vulnerabilities in PHP scripts

Quickstart:

Locate your local PHP source code path/file (e.g. /var/www/project1/ or /var/www/index.php), choose the vulnerability type you are looking for and click scan!
Check subdirs to include all subdirectories into the scan. It is recommended to scan only the root directory of your project. Files in subdirectories will be automatically scanned by RIPS when included by the PHP code. However enabling subdirs can improve the scan result and the include success rate (shown in the result).

Advanced:

Debug errors or improve your scan result by choosing a different verbosity level (default level 1 is recommended).
After the scan finished 4 new button will appear in the upper right. You can select between different types of vulnerabilities that have been found by clicking on their name in the stats window. You can click user input in the upper right to get a list of entry points, functions for a list and graph of all user defined functions or files for a list and graph of all scanned files and their includes. All lists are referenced to the Code Viewer.

Style:

Change the syntax highlighting schema on-the-fly by selecting a different code style.
Before scanning you can choose which way the code flow should be displayed: bottom-up or top-down.

Icons:

User input has been found in this line. Potential entry point for vulnerability exploitation.
Vulnerability exploitation depends on the parameters passed to the function declared in this line. Have a look at the calls in the scan result.
Click ⇑ or ⇓ to jump to the next declaration or call of this function.
User-implemented securing has been detected in this line. This may prevent exploitation.

Options:

Click the file icon to open the Code Viewer to review the original code. A new window will be opened with all relevant lines highlighted.
Highlight variables temporarily by mouseover or persistently by clicking on the variable. Jump into the code of a user-defined function by clicking on the call. Click return on the bottom of the code viewer to jump back. This also works for nested function calls.
Click the minimize icon to hide a specific code trace. You may display it later by clicking the icon again.
Click the target icon to open the Exploit Creator. A new window will open where you can enter exploit details and create PHP Curl exploit code.
Click the help icon to get a description, example code, example exploitation, patch and related securing functions for this vulnerability type.
Click the data leak icon to check if the output of the tainted sink leaks somewhere (is embedded to the HTTP response via echo/print).

Hints:

RIPS implements static source code analysis. It only scans source code files and will not execute the code.
Object-oriented code (classes) is not supported in this version.
Make sure RIPS has file permissions on the files to be scanned.
Don't leave the webinterface of RIPS open to the public internet. Use it on your local webserver only.
Only tested with Firefox.