RATS is a security auditing utility for C, C++, PHP, Perl, and Python code. RATS scans source code, finding potentially dangerous function calls. The goal of rats is not to definitively find bugs (yet), but to provide a reasonable starting point for performing manual security audits.
The initial vulnerability database is taken directly from things that could be easily found when starting with the book, "Building Secure Software" by Viega and McGraw.
Installing RATS:
Open the terminal and type following command to install RATS:
There are several options which may be given in addition to a directory name to scan, these are described in the man page.
The most useful of the options are those concerning the output, such as:
--warning <level> (Set the level of flaws to be reported upon)
1 includes only default and high severity.
2 includes medium severity (default).
3 includes low severity vulnerabilities.
--xml (Output in XML)
--html (Output in HTML)
Run the following command inside the directory which contains the source codes which you need to analyze:
The initial vulnerability database is taken directly from things that could be easily found when starting with the book, "Building Secure Software" by Viega and McGraw.
Installing RATS:
Open the terminal and type following command to install RATS:
sudo apt-get install ratsRunning RATS is as simple as invoking the command with a directory to process. Each of the recognized source files it finds will be processed. RATS understands several programming languages, C, Perl, PHP, and Python and will treat each as valid source to examine.
There are several options which may be given in addition to a directory name to scan, these are described in the man page.
The most useful of the options are those concerning the output, such as:
--warning <level> (Set the level of flaws to be reported upon)
1 includes only default and high severity.
2 includes medium severity (default).
3 includes low severity vulnerabilities.
--xml (Output in XML)
--html (Output in HTML)
Run the following command inside the directory which contains the source codes which you need to analyze:
rats --warning 1 --html . > output.htmlThis will produce an HTML file containing the results of the scan, which can be loaded by a browser.
1 comments:
That's a very useful tool, will help take the load off when training new recruits, and moving things up the chain. Thanks
Post a Comment