RIPS CLI

A command line interface for RIPS v3.

You can find out more about our CLI tool in our blog post.

Requirements

To use rips-cli you need php-cli as well as the php-zip extension. It is recommended to use the PHAR build of rips-cli.

Installation

PHAR

To install rips-cli simply download the PHAR build, place it in your program directory, and make it executable. A typical installation for a Linux user might look like this.

  • sudo wget https://github.com/rips/rips-cli/releases/download/3.0.3/rips-cli.phar -O /usr/bin/rips-cli
  • sudo chmod 755 /usr/bin/rips-cli

Docker

We also provide a Docker container that can be used instead of the PHAR. It is available at rips/rips-cli. For example, you can use it like this to start a scan that contains the PHP code of the current working directory:

docker run --rm -it -v `pwd`:/data rips/rips-cli:3.0 rips:scan:start -p /data

For the Docker version it is recommended to use environment variables to automatically authenticate with RIPS.

Usage

Configuration

rips-cli looks for the configuration file ~/.rips3.yml and uses it if it is available. You can create the file with rips-cli itself. For example, by calling rips-cli rips:login you store credentials in the configuration to avoid having to enter them on every command. Be aware that the password is stored in clear text.

Environment

You can also use environment variables to set certain properties.

NameDescriptionDefault
RIPS_BASE_URISet API addresshttps://api-3.ripstech.com
RIPS_EMAILSet API e-mail
RIPS_PASSWORDSet API password
RIPS_CONFIGSet path to configuration file~/.rips3.yml

Commands

General

Help

Call rips-cli without any parameters to see a list of all commands. Use --help or -h in combination with a command to see all available parameters.

Errors

In case an API request fails you will see an error message. A list with common errors and their solutions is available in the troubleshooting documentation.

Filter

Many commands allow you to use the filter system of the API. It is accessible through query parameters (--parameter or -p). More information are available in the filter documentation.

Input/Output

If required parameters are not specified there are stdin fall-backs in place to get values. The fall-backs can be suppressed by appending --no-interaction or -n to the command. If you do not want to see output use --quiet or -q. If you want to see a lot of output use --verbose or -v.

rips:application:create

This command creates a new application and prints the application id.

Parameters

LongShortDefaultDescription
--name-N
Set application name
--quota-Q
Set quota id

Examples

  • rips-cli rips:application:create -v
  • rips-cli rips:application:create -N DVWA

rips:scan:start

This command starts a scan. It can either upload an existing archive, upload a directory, use an existing upload, or start a scan with a local path (On-Premises only).

The command has a threshold parameter. If the parameter is specified once or multiple times, the script waits until the scan is finished and compares the number of unreviewed issues to the thresholds. If the number of issues exceeds the thresholds, the program exits with the status code 2. A threshold consists of a category (lowmediumhighcriticalsum), a colon, and a number. A threshold that consists only of a number is treated like sum.

It is possible to specify the emulated PHP environment through a YAML configuration file that is passed to the command with --env-file or -F. The following values can be set:

php:
    majorVersion: "5"
    minorVersion: "3"
    releaseVersion: "29"
    magicQuotesGpc: false
    registerGlobals: false
    allowUrlFopen: true
    allowUrlInclude: false
    filterDefault: "unsafe_raw"

Parameters

LongShortDefaultDescription
--application-a
Set application id
--path-p
Set path to project files
--exclude-path-E
Exclude files from archive with regular expressions
--upload-U
Set existing upload id
--name-N
Set version name
--threshold-t
Set threshold when the scan should fail (exit code 2)
--local-l
Set to true if you want to start a scan by local path
--profile-C
Set analysis profile id
--remove-upload-k
Remove upload after scan is finished
--keep-upload-K
Do not remove upload after scan is finished
--parent-P
Set parent scan id
--tag-T
Add tags
--env-file-F
Load environment from file
--remove-code-R
Remove source code from RIPS once analysis is finished
--keep-code-r
Keep source code in RIPS once analysis is finished
--issue-type-I
Override the issue types
--source-Srips-cliModify the source of the scan

Examples

  • rips-cli rips:scan:start
  • rips-cli rips:scan:start -a 1 -p /var/www --threshold 0 -v
  • rips-cli rips:scan:start -a 1 -p dvwa -N 'DVWA 1.8' --local -v
  • rips-cli rips:scan:start -a 1 -U 3 --keep-upload -t 14 -t high:5 -t critical:0
  • rips-cli rips:scan:start -a 1 -Q 4 -p /var/www -E 'config\.php$' -E 'test\/\.git'

rips:scan:export

This command exports a scan to PDF, or CSV.

Parameters

LongShortDefaultDescription
--application-a
Set application id
--scan-s
Set scan id
--file-f
Set output file
--type-t
Set type of export (pdf, csv)
--parameter-p
Add optional query parameters

Examples

  • rips-cli rips:scan:export
  • rips-cli rips:scan:export -a 1 -s 10 -t pdf -f report.pdf

rips:list:setup

This command allows you to modify the shown columns of a table.

You can restore the default values with the option --remove or -r.

Parameters

LongShortDefaultDescription
--table-t
Set table
--remove-r
Restore default columns

Examples

  • rips-cli rips:list:setup
  • rips-cli rips:list:setup -t applications
  • rips-cli rips:list:setup -t issues --remove

rips:list

This command lists entries of a table.

Parameters

LongShortDefaultDescription
--table-t
Set table
--max-chars-M40Set max. chars per column
--parameter-p
Add optional query parameters

Examples

  • rips-cli rips:list
  • rips-cli rips:list -t applications -p 'limit=5'
  • rips-cli rips:list -t scans -n
  • rips-cli rips:list -t issues --max-chars 160 1 10

rips:delete

This command deletes entries of a table.

By default this command only deletes single entries. Enable --list or -L to delete multiple entries at once.

Parameters

LongShortDefaultDescription
--table-t
Set table
--max-chars-M40Set max. chars per column
--parameter-p
Add optional query parameters
--list-L
Delete multiple elements at once
--force-f
Do not ask for confirmation (DANGEROUS)

Examples

  • rips-cli rips:delete
  • rips-cli rips:delete -t scans 1 5
  • rips-cli rips:delete -t applications -L -p 'limit=5'

rips:login

This command validates and stores the credentials in the configuration file.

Parameters

LongShortDefaultDescription
--config-c
Try to use password from config (read-only)
--force-f
Continue on error

rips:logout

This command removes the credentials from the configuration file.

Parameters

LongShortDefaultDescription
--force-f
Continue on error