[Fwd: ANNOUNCE: RATS 2.0]
Ron Guerin
ron at vnetworx.net
Fri Sep 20 14:12:34 EDT 2002
FYI: I just learned of this (forwarded message below), and it looks
interesting.
Since I'm sending this, I'm going to toss in Whisker, which can help
find (among other things) spammer-exploitable scripts. Many hosting
services use this now to scan nightly for customer-installed exploitable
scripts. Or so I've been lead to believe. ;)
http://www.wiretrip.net/rfp/p/doc.asp/i2/d21.htm
- Ron
-----Forwarded Message-----
From: RATS Team <rats at securesoftware.com>
To: bugtraq at securityfocus.com
Subject: ANNOUNCE: RATS 2.0
Date: 19 Sep 2002 15:13:11 -0400
Secure Software Inc. would like to announce the release of RATS 2.0.
RATS, the Rough Auditing Tool for Security, is a security auditing utility
for C, C++, Python, Perl and PHP code. RATS scans source code, finding
potentially dangerous function calls. The goal of this project is not
to definitively find bugs. The current goal is to provide a reasonable
starting point for performing manual security audits. RATS is released
under version 2 of the GNU Public License (GPL).
New in this version of RATS:
RATS can now descend through directories recursively, analyzing any supported
source code it finds.
Ability to output results as HTML or XML.
Result output can contain the line of code that caused each problem to be
reported, along with the column number in the source file the problem was
detected at.
RATS will now report various statistics at the end of the reporting phase,
including total time spend on the analysis, and number of source lines analyzed.
Various database additions.
A new database file, rats-openssl, which aids in analyzing any code that
utilizes the OpenSSL C API. (Thanks to Ben Laurie for contributing this
database)
To download RATS, please visit http://www.securesw.com/rats/
More information about the talk
mailing list