RIPS is a tool written in PHP to find vulnerabilities using static
source code analysis for PHP web applications. By tokenizing and parsing
all source code files RIPS is able to transform PHP source code into a
program model and to detect sensitive sinks (potentially vulnerable
functions) that can be tainted by user input (influenced by a malicious
user) during the program flow. Besides the structured output of found
vulnerabilities RIPS also offers an integrated code audit framework for
further manual analysis.