RIPS静态源代码分析工具
RIPS是一款不错的静态源代码分析工具,主要用来挖掘PHP程序的漏洞。
Features
- detect XSS, SQLi, File disclosure, LFI/RFI, RCE vulnerabilities and more
- 5 verbosity levels for debugging your scan results
- mark vulnerable lines in source code viewer
- highlight variables in the code viewer
- user-defined function code by mouse-over on detected call
- active jumping between function declaration and calls
- list of all user-defined functions (defines and calls), program entry points (user input) and scanned files (with includes) connected to the source code viewer
- graph visualization for files and includes as well as functions and calls
- create CURL exploits for detected vulnerabilties with few clicks
- visualization, description, example, PoC, patch and securing function list for every vulnerability
- 7 different syntax highlighting colour schemata
- display scan result in form of a top-down flow or bottom-up trace
- only minimal requirement is a local webserver with PHP and a browser (tested with Firefox)
- regex search function
评论
StatCvsCVS静态分析工具
StatCVS是一个创建并发版本系统(ConcurrentVersionsSystem-CVS)储存库活动图表的方便工具。在本文中,开发人员TomCopeland将解释如何安装、运行StatCVS,概
StatCvsCVS静态分析工具
0
PHPStanPHP 静态分析工具
PHPStan是一款PHP静态分析工具,它专注于在代码中发现错误而不实际运行它。它甚至能在代码编写测试之前捕获整个类的错误。PHPStan让PHP更接近编译语言,这意味着在运行实际行之前可以检查代码的
PHPStanPHP 静态分析工具
0
PsalmPHP 静态分析工具
Psalm是一个PHP程序的静态分析工具,用来找出代码中存在的错误。可通过Composer安装:composerrequire--devvimeo/psalm添加psalm.xml配置:<?xm
PsalmPHP 静态分析工具
0
StatSvnSVN静态分析工具
StatSVN是一个SVN版本库的静态分析工具,它能生成SVNlog日志文件的html报表。这样能大概地评估工作量、开发效率、趋势,帮助项目管理。使用它之前下载SVN的命令行客户端,以便能自动化任务。
StatSvnSVN静态分析工具
0