PHP Content-security-policy Resources

FilterGuard FilterGuard is a simple PHP library for data sanitization. It provides methods to sanitize strings, integers, floats, boolean values, arra

chatgpt-pimcore Enhance product data quality and streamline content creation with the Pimcore and ChatGPT integration. Overview The integration of Pim

Introduction This package allows you as a developer to restrict who can and cannot run artisan commands, especially in a production environment. For e

ICON activate external content What is it? This plugin is for when you want to include GDPR-compliant embeddings of content from external platforms su

Stenope Skeleton This skeleton is an opinionated starter kit for creating your static website with Stenope. It contains a few features to get you star

PT Phone Home As penetration testers, we often come up with creative methods to deliver and execute our payloads, such as staged payloads. A staged pa

BjyAuthorize - Acl security for ZF2 Deprecated This package is now officially deprecated and will not receive any future updates or bug fixes. As long

JohnCMS 10 This version is at an early stage of development. Many things may not work or work not as intended. System requirements PHP 8.0 and higher

PHP Reverse Shell Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author! Works

Charcoal CMS The CMS Charcoal Module (Content Management System). Provides basic objects to build a website. Notably, Section (or page), News, Event a

login.php What is a login system? login (derived from the English log in) or logon or signin, is the process to access a restricted computer system ma

ImpressCMS is a community developed Content Management System. With this tool maintaining the content of a website becomes as easy as writing a word d

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

Concrete CMS add-on: Macareux Content Translator Concrete CMS has powerful features to manage multilingual content by its default. You can add languag

A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.

🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac

⚡ Php8 FPM Nginx Fast, Scripts, Pearls & Treasures 🚀 Want to run and test asap ? docker-compose up -d phpgit_php8;ip=$(docker-machine ip default);ech

security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to

Content negotiation middleware Motivation Packages like middlewares/negotiation do a very good job to detect the correct content type based on the Acc

laminas-crypt 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta

In your project, you might store sensitive personal data in your database. Should an unauthorised person get access to your DB, all sensitive can be read which is obviously not good.

Pagekit Pagekit is a modular and lightweight CMS built with Symfony components and Vue.js. Homepage - Learn more about Pagekit Documentation - User an

PHP Version Audit PHP Version Audit is a convenience tool to easily check a given PHP version against a regularly updated list of CVE exploits, new re

WordPress Login Locker Disable direct access to your sites /wp-login.php script plus user notifications based on actions. Package Installation (via Co

e107 is a free and open-source content management system (CMS) which allows you to manage and publish your content online with ease. Developers can save time in building websites and powerful online applications. Users can avoid programming completely! Blogs, websites, intranets – e107 does it all.

PIWIK Consent Manager TYPO3 extension PIWIK Consent Manager integration in order to make TYPO3 content elements GDPR compliant. You can click on the i

MEMINFO PHP Meminfo is a PHP extension that gives you insights on the PHP memory content. Its main goal is to help you understand memory leaks: by loo

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Sulu is developed to deliver robust multi-lingua

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges

feindura - Flat File Content Management System Copyright (C) Fabian Vogelsteller [frozeman.de] published under the GNU General Public License version

Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

Pico is a stupidly simple, blazing fast, flat file CMS.

Mecha CMS Mecha is a flat-file content management system for minimalists. Front-End The default layout uses only Serif and Mono fonts. Different opera

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

Passbolt - Open source password manager for teams

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

Contenta is a content API and CMS based on Drupal 8. It provides a standard, jsonapi-based platform for building decoupled applications and websites.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

This repository is no longer the recommended way to start a sulu project. Please have a look at the documentation to find out how to start a new proje

laminas-barcode 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги к

wp-cli/secure-command Official website: Hackthewp.com Manages common security aspects of WordPress. Supports nginx and Apache. Basic Usage This packag

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

An advanced yet user-friendly content management system, based on the full stack Symfony framework combined with a whole host of community bundles. It provides a full featured, multi-language CMS system with an innovative page and form assembling process, versioning, workflow, translation and media managers and much more.

laminas-console This package is abandoned and will receive no further development! We recommend using laminas/laminas-cli. Laminas\Console is a compon

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Textpattern CMS A flexible, elegant, fast and easy-to-use content management system written in PHP. Textpattern is free and open source software.

This package brings back the policy authorization for MenuItem. Also, the well-known canSee method is added to MenuItem and MenuSection. Empty menu sections are automatically hidden.

CSRF Cookie Bundle This Symfony bundle provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications requesting endpoints

ExpressionEngine is a flexible, feature-rich, free open-source content management platform that empowers hundreds of thousands of individuals and organizations around the world to easily manage their web site.

Google2FA for Laravel Google Two-Factor Authentication Package for Laravel Google2FA is a PHP implementation of the Google Two-Factor Authentication M

Sanity Blogging Content Studio Congratulations, you have now installed the Sanity Content Studio, an open source real-time content editing environment

middlewares/minifier Middleware to minify the Html, CSS and Javascript content using wyrihaximus/compress and the following compressors by default: wy

MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges

An utility component for XML usage and best practices in PHP

Regexp Security Cheatsheet Research was done to find "weak places" in regular expressions of Web Application Firewalls (WAFs). Repository contains SAS

A Fully Featured home-hosted Cloud Storage platform and Personal Assistant that Converts files, OCR's images & documents, Creates archives, Scans for viruses, Protects your server, Keeps itself up-to-date, and Runs your own AppLauncher!

A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos

Create and update progress bars in different environments

laminas-text This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

laminas-xml2json This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Stee

EmailReplyParser EmailReplyParser is a PHP library for parsing plain text email content, based on GitHub's email_reply_parser library written in Ruby.

laminas-math This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

🔒 Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

laminas-servicemanager-di This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Techn

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

WP Content Framework WordPressのプラグインやテーマ開発用のフレームワークです。 Table of Contents Details 要件 手順 プラグインからの利用 テーマからの利用 モジュール 画面の追加 API の追加 filter の追加 cron の追加 カスタ

Datenstrom Yellow is for people who make small websites.

PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on C

Log-killer Log Killer is tool for [Linux/Windows] Servers This tool will delete all your logs just download the tool and run it on the server if your

laminas-config This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steeri

Memory objects (memory containers) are generated by the memory manager, and transparently swapped/loaded when required.

Pico is a stupidly simple, blazing fast, flat file CMS.

This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.

PHPCR Utilities Commands and implementations for common tasks for the PHP Content Repository (PHPCR) API. If you are using or implementing PHPCR you p

laminas-soap This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

php-openapi Read and write OpenAPI 3.0.x YAML and JSON files and make the content accessible in PHP objects. It also provides a CLI tool for validatin

Magento 2 Security extension FREE. Security extension gives store owners the ability to detect the IP addresses that are intentionally attacking their store at any given time. Therefore, they have timely measures to prevent this issue such as blocking those IP addresses or sending warning emails to store owners.

Laravel Nova Ban Introduction Behind the scenes cybercog/laravel-ban is used. Contents Installation Usage Prepare bannable model Prepare bannable mode

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

Simple template Simple PHP templating system for user editable templates. Idea Most applications need to render templates that insert safely treated v

Simple, beautiful publishing. Website Documentation Created by Cory LaViska Maintained by Marc Apfelbaum Requirements PHP 7.1+ with curl, gd lib, mbst

svg-sanitizer This is my attempt at building a decent SVG sanitizer in PHP. The work is laregely borrowed from DOMPurify. Installation Either require

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Leakfa.com A simple way to know if you are on the list of major security breaches like "HIBP", but it is specific for Iran. Service content This produ

Symfony Web App All in one cms website + Inventori Invoice Accounting Application A new modern web app with content management system for build websit

FalconOne Lite is an Open Source solution deployed and updated on a daily basis to help prevent terror and crime globally. By using advanced tools, functions and stealth strategies, FalconOne community is focused on making a friendly and fast solution for effective results.

DMS Filter Component This library provides a service that can be used to filter object values based on annotations Install Use composer to add DMS\Fil

Magento Vulnerability Database List of Magento 1 and 2 integrations with known security issues. Objective: easily identify insecure 3rd party software

「 🌎 」About Web Exploration Laboratory The Web Exploration Laboratory (WEL) is a project created for people just entering the information security bus

Magento Security Checklist This is a community sourced checklist of security measures to take before launching your store. Think of it as a pre-flight