AuditSecuriteApplicationsWeb:RATS

From aldeid
Jump to: navigation, search
Translation.png
This article needs to be translated
This article has been copied from the old wiki and is in french. It needs to be translated into english. If you wish to participate, please send a mail to (click to reveal email)

RATS (Rough Auditing Tool for Security)

Présentation

RATS (Rough Auditing Tool for Security) est un scanner de vulnérabilités développé par Secure Software security engineers. Il permet de détecter des vulnérabilités dans le code source de vos applications C, C++, Perl, PHP et Python. L'outil appuie son analyse sur une base de données interne qui permet d'identifier des erreurs de développement ainsi que l'utilisation de fonctions dangereuses.

Téléchargement

RATS est disponible ici. Le site officiel est le suivant : http://www.fortify.com/security-resources/rats.jsp

Installation

L'installation s'effectue simplement :

# cd /usr/local/src/
# wget http://www.fortify.com/servlet/downloads/public/rats-2.1.tar.gz
# tar xzvf rats-2.1.tar.gz
# cd rats-2.1
# ./configure
# make && make install

Utilisation

RATS peut s'utiliser comme suit afin d'exporter un rapport HTML.

rats -w 1 --html www > export-rats.htm 

Les paramètres sont les suivants :

usage: rats [-adhilrwxR] [--help] [--database|--db]  name1 name2 ... namen

  -a <fun>
                 report any occurence of function 'fun' in the source file(s)
  -d, --db, --database <filename>
                 specify an alternate vulnerability database.
  -h, --help
                 display usage information (what you're reading)
  -i, --input
                 report functions that accept external input
  -l <language>, --language <language>
                 force the specified language to be used
  -r, --references
                 include references that are not function calls
  -w <1,2,3>, --warning <1,2,3>
                 set warning level (default 2)
  -x
                 do not load default databases
  -R, --no-recursion
                 don't recurse subdirectories scanning for matching files
  --xml
                 Output in XML.
  --html
                 Output in HTML.
  --follow-symlinks
                 Follow symlinks and process files found.
  --noheader

Don't print initial header in output 

  --nofooter
                 Don't show timing information footer at end of analysis
  --quiet
                 Don't print status information regarding what file is being analyzed
  --resultsonly
                 No header, footer, or status information
  --columns
                 Show column number of the line where the problem occured.
  --context
                 Display the line of code that caused the problem report




DirBuster
[Sommaire]
ExploitMe