Home > Audit Source Code > RATS – Rough Auditing Tool for Security

RATS – Rough Auditing Tool for Security

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers. Secure Software was acquired by Fortify Software, Inc. RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.

RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

As its name implies, the tool performs only a rough analysis of source code. It will not find every error and will also find things that are not errors. Manual inspection of your code is still necessary, but greatly aided with this tool.


Win32: https://www.fortify.com/downloads2/public/rats-2.3-win32.zip

Source tarball: https://www.fortify.com/downloads2/public/rats-2.3.tar.gz

usage: rats [options] [file]…

Options explained:

-d <filename>, –db <filename>, –database <filename>

Specifies a vulnerability database to be loaded.  You may

have multiple -d options and each database specified will

be loaded.

-h, –help      Displays a brief usage summary

-i, –input     Causes a list of function calls that were used which

accept external input to be produced at the end of the

vulnerability report.

-l <lang>, –language <lang>

Force the specified language to be used regardless of

filename extension. Currently valid language names are

“c”, “perl”, “php”, “python” and “ruby”.

-r, –references

Causes references to vulnerable function calls that are not

being used as calls themselves to be reported.

-w <level>, –warning<level>

Sets the warning level.  Valid levels are 1, 2 or 3.

Warning level 1 includes only default and high severity

Level 2 includes medium severity. Level 2 is the default

warning level 3 includes low severity vulnerabilities.

-x              Causes the default vulnerability databases (which are in

the installation data directory, /usr/local/lib by default)

to not be loaded.

-R, –no-recursion

Disable recursion into subdirectories.

–xml       Cause output to be in XML

–html      Cause output to be in HTML


Evaluate and follow symlinks.

Categories: Audit Source Code
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: