RIPS - A static source code analyser for vulnerabilities in PHP scripts

Quickstart:

Locate your PHP path/file, choose the vulnerability type you are looking for and click scan!
Check subdirs to include subdirectories into the scan. It is recommended to scan only the root directory of your project. Included files in subdirectories will be automatically scanned by RIPS when included. Enable subdirs for a more intense scan or if you have a low include success rate (shown in the result).

Advanced:

Debug your scan result by choosing a verbosity level (level 1 is recommended).
After the scan finished you can select between different types of vulnerabilities that have been found by clicking on their name in the stats window. You can click user input in the upper right to get a list of entry points, functions for a list and graph of all user defined functions or files for a list and graph of all scanned files and their includes. All lists are referenced to the Code Viewer.

Style:

Change the syntax highlighting schema on-the-fly by selecting a different code style.
Before scanning you can choose which way the code flow should be displayed: bottom-up or top-down.

Icons:

User input has been found in this line. Potential entry point for vulnerability exploitation.
Vulnerability exploitation depends on the parameters passed to the function declared in this line. Have a look at the calls in the scan result.
Click ⇑ or ⇓ to jump to the next declaration or call of this function.
User-implemented securing has been detected in this line. This may prevent exploitation.
Click the file icon to open the Code Viewer to review the original code. A new window will be opened with all relevant lines highlighted.
Highlight variables temporarily by mouseover or persistently by clicking on the variable. Jump into the code of a user-defined function by clicking on the call. Click return on the bottom of the code viewer to jump back. This also works for nested function calls.
Click the minimize icon to hide a specific code trace. You may display it later by clicking the icon again.
Click the target icon to open the Exploit Creator. A new window will open where you can enter exploit details and create PHP Curl exploit code.
Click the help icon to get a description, example code, example exploitation, patch and related securing functions for this vulnerability type.
Click the data leak icon to check if the output of the tainted sink leaks somewhere (is embedded to the HTTP response via echo/print).

hints: Make sure RIPS has file permissions on your source code files. Don't leave the webinterface of RIPS open to the public internet. Tested with Firefox.