RATS – Rough Auditing Tool for Security

Outsmart Malicious Hackers

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.


RATS requires expat to be installed in order to build and run. Expat is often installed in /usr/local/lib and /usr/local/include. On some systems, you will need to specify –with-expat-lib and –with-expat-include options to configure so that it can find your installation of the library and header. Expat can be found here.

You can download RATS here:

Source Code: rats-2.4.tgz

Or read more here.

Posted in: Countermeasures, Exploits/Vulnerabilities, Programming, Security Software

, , , , , , , , , , , , ,

Recent in Countermeasures:
- Why Are Hackers Winning The Security Game?
- Barnyard2 – Dedicated Spooler for Snort Output
- Wycheproof – Test Crypto Libraries Against Known Attacks

Related Posts:

Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 120,549 views
- Password Hasher Firefox Extension - 118,103 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,799 views

One Response to RATS – Rough Auditing Tool for Security

  1. Mehera November 3, 2009 at 3:43 am #

    Thank you for the RATS download link. It does radically speed-up the time to look through all that code. Extremely informative site. Keep up the good work.