http://blogs.msdn.com/garretts/archive/2008/07/23/interesting-thing-found-at-oscon-taint.aspxI attended a session this morning called &quot; PHP Taint Tool: It Ain't a Parser &quot; by Luke Welling. Luke introduced a tool he's working on at OmniTI that is designed to assist in sniffing out where the potential for untrusted input is handled. Fromen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.msdn.com/garretts/archive/2008/07/23/interesting-thing-found-at-oscon-taint.aspx#8787299Tue, 29 Jul 2008 08:37:01 GMT91d46819-8472-40ad-a661-2c78acb4018c:8787299Tarique Sani<p>Rasmus like to call his tool &quot;scanmus&quot; or atleast he did when I first saw it in 2005 Linux Banglore conference.</p> <p>For mere mortals like me there is <a rel="nofollow" target="_new" href="https://chorizo-scanner.com/">https://chorizo-scanner.com/</a> which is PHP specific scanner and is commercial or one could try the Ratproxy <a rel="nofollow" target="_new" href="http://code.google.com/p/ratproxy/">http://code.google.com/p/ratproxy/</a> from Google.</p> <p>Currently there is no alternative to the Taint tool but one could use something like Inspeckt <a rel="nofollow" target="_new" href="http://code.google.com/p/inspekt/">http://code.google.com/p/inspekt/</a> </p>