The Rough Auditing Tool for Security is an open source tool developed by Secure Software Engineers. Since then it has been acquired by Fortify, which continues to distribute it free of charge (here). It scans various languages, including C, C++, Perl, PHP and Python.

It is very fast and can easily be integrated into a building process without causing noticeable overhead.

  • Typical errors found (C/C++):
    • Buffer overflows
    • TOCTOU race conditions
  • Typical errors not found (C/C++):
    • Design flaws
PerlIn Perl code, it will mostly raise a flag when finding calls to risky built-in functions.
PHPUnfortunately its utility is rather limited for PHP as it does not find Cross-Site Scripting or SQL Injection vulnerabilities.
PythonAs far as python is concerned, RATS is fairly basic and will only check for risky built-in/library function calls.


wget http://downloads.sourceforge.net/project/expat/expat/2.0.1/expat-2.0.1.tar.gz
tar -xvf expat-2.0.1.tar.gz
cd expat-2.0.1
./configure && make && sudo make install
wget https://rough-auditing-tool-for-security.googlecode.com/files/rats-2.4.tgz
tar -xzvf rats-2.4.tgz
cd rats-2.4
./configure && make && sudo make install


Basic run
rats --resultsonly <path_to_source_directory>
Advanced config
rats --quiet --xml -w 3 <path_to_source_directory>
  • --xml, --html generate output in the specified format
  • -w <1,[2],3> set the warning level:
    • 1 will only include high level warnings (i.e. less false positives, but more false negatives)),
    • 2 is the medium and default option,
    • 3 will produce more output and miss less vulnerabilities, but might also report many false positives.