Since I have a working prototype of a new tool available, I thought you all might like to play with it! (Warning: This is a prototype, it is still buggy, does not have a GUI, and may or may not explode your computrons.)
For my senior project, I’m writing a tool to extend the functionality of the RATS (Rough Auditing Tool for Security) vulnerability scanner. What GRaTS (Graphical RATS and Taint Scanner) does is to attempt to combine several approaches to finding vulnerabilities to help both experienced auditors and greenhorns to get quicker, more accurate results. By identifying points in code where users can affect the data flow (namely through input or things like signals, filesystem tomfoolery, etc) we can distill the code into a condensed version which shows only code dealing with tainted data. Once the code has been condensed, we scan it using RATS and format the output nicely into a GUI, including relevant line numbers, variable names, and any vulnerability information that RATS may have returned. This allows for novices to immediately identify dangerous code operating on tainted data, and allows more weathered folk to perform manual code analysis on tainted data timelines, making manual code analysis faster and more cost-efficient.
Hope you all get a kick out of it! Any new prototypes released will be on the same page, so check back periodically if you’re interested in seeing GRaTS progress.