Spike is an Open Source tool based on the popular RATS C based auditing tool implemented for PHP.
The tool Spike basically does static analysis of php code for security exploits, PHP5 and call-time pass-by-reference are currently required, but a PHP4 version is coming out this week.
This tool is especially welcomed by Darknet as there aren’t many static analysis tools out there that are free, and there are very few tools for auditing PHP code..which as we all known tends to be coded quite insecurely at times (just look at phpBB and PhpNUKE).
You can find the latest version here:
Subscribe to Darknet RSS Feed Stored in: Countermeasures, Hacking Tools, Web Hacking
Related Posts:
- SPIKE Proxy – Application Level Security Assessment
- Skavenger – source code auditing tool!
- FIS [File Inclusion Scanner] v0.1 – PHP Vulnerability
- w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework
- Predicting Malware – Events Trigger Malware/Phishing Spikes
- The RSS Tools That Diggers Use
| 11,144 views |
Thank you for the post, guys.
BTW, the php 4 friendly version was released yesterday.
http://ez.spikesource.com/phpsecaudit_023_released.htm
http://developer.spikesource.com/projects/phpsecaudit
Thanks,
Ezra
No worries, we are always happy to support new projects.
Especially those which will lead to more secure coding practises for everyone!
Very interesting project
You should also try Wapiti for blackbox testing. It’s a “web application vulnerability scanner” released under the GPL License.