PHP Security Resources

phpseclib - PHP Secure Communications Library Supporting phpseclib Become a backer or sponsor on Patreon One-time donation via PayPal or crypto-curren

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i

Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

OWASP ZAP The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated internatio

HTML Purifier HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and aggressive parsing to ensure that no

random_compat PHP 5.x polyfill for random_bytes() and random_int() created and maintained by Paragon Initiative Enterprises. Although this library sho

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

endoflife.date Keep track of various End of Life dates as they are approaching. Visit https://endoflife.date for a list of supported products. This in

PHPGGC: PHP Generic Gadget Chains PHPGGC is a library of unserialize() payloads along with a tool to generate them, from command line or programmatica

Sapient: Secure API toolkit Sapient secures your PHP applications' server-to-server HTTP(S) traffic even in the wake of a TLS security breakdown (comp

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

Easy to use yet feature-rich and secure password manager for Nextcloud

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

php-encryption composer require defuse/php-encryption This is a library for encrypting data with a key or password in PHP. It requires PHP 5.6 or new

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers

Rules for detecting usage of deprecated classes, methods, properties, constants and traits. PHPStan Installation To use this extension, require it in

Optimus id transformation With this library, you can transform your internal id's to obfuscated integers based on Knuth's integer hash. It is similar

BadMod auto exploit tool Version 2.0 Fixed colors bug Fixed permissions bug Added new option to scan single target Added new option to scan joomla & w

KMS服务器 快速部署的KMS服务器，提供针对Windows和Office的激活服务，同时内置了各个版本的激活密钥与命令，支持Docker容器化部署，在Docker Hub或Github Package可以查看已构建的镜像。 使用方法 以 kms.343.re 为例，在成功部署KMS服务以后，你可以

Security Component - Core Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Laravel Source Encrypter This package encrypts your php code with phpBolt For Laravel and Lumen 6, 7, 8 Installation Usage Installation Step 1 At the

Honeypot spam prevention for Laravel applications How does it work? "Honeypot" method of spam prevention is a simple and effective way to defer some o

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

PHP Encryption A cryptography API wrapping the Sodium library, providing a simple object interface for symmetrical and asymmetrical encryption, decryp

password_compat This library is intended to provide forward compatibility with the password_* functions that ship with PHP 5.5. See the RFC for more d

Acme PHP Acme PHP is a simple yet very extensible CLI client for Let's Encrypt that will help you get and renew free HTTPS certificates. Acme PHP is a

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

Fast Elliptic Curve Cryptography in PHP Information This library is a PHP port of elliptic, a great JavaScript ECC library. Supported curve types: Sho

RandomAddress what actually it does? Its scrap Address from Fakeaddress and gives output in json format for api use. This address are working many pla

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

Fides is an SSH certificate signing server. It enables zero-trust infrastructure for your engineers by dynamically, and transparently, issuing short-lived certificates with clearly defined permissions.

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20

PHP Malware Finder _______ __ __ _______ | ___ || |_| || | | | | || || ___| | |___| || || |___ Webshell finder, |

WPHunter Tool ☣ WPHunter A Wordpress Vulnerability Scanner You can use this tool on your wordpress website to check the security of your website by fi

Halite Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations. Halite was created by

PHP malware detector Smart PHP vulnerability detector Web mode: Console mode: Using PHP malware detector Requirements PHP 5.4+ Install php-malware-det

NAMSHI | JOSE Deprecation notice Hi there, as much as we'd like to be able to work on all of the OSS in the world, we don't actively use this library

Laravel Sail plugin to enable SSL (HTTPS) connection with Nginx.

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries.

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

㊙️ AntiXSS "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inje

laminas-crypt 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

Web page performance/seo/security/accessibility analysis, browser-less for PHP

What is CIDRAM? CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating f

OXID eShop This repository contains the sources of OXID eShop Community Edition Core Component. About OXID eShop: OXID eShop is a flexible open source