217 Repositories
PHP information-security Libraries
FilterGuard is a simple PHP library for sanitizing data. It provides methods to sanitize strings, integers, floats, booleans, arrays, and objects. The library helps protect against common security vulnerabilities such as XSS and SQL injection.
FilterGuard FilterGuard is a simple PHP library for data sanitization. It provides methods to sanitize strings, integers, floats, boolean values, arra
A Laravel 9 package that allows you enforce security of your artisan commands by authenticating users before running.
Introduction This package allows you as a developer to restrict who can and cannot run artisan commands, especially in a production environment. For e
Staged Payloads from Kali Linux - Part 1,2 of 3
PT Phone Home As penetration testers, we often come up with creative methods to deliver and execute our payloads, such as staged payloads. A staged pa
How to get cookies from users' browser and send the information to your email address and telegram bot
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
A Bayesian average is a method of estimating the mean of a population using outside information, especially a pre-existing belief, which is factored into the calculation
A Bayesian average is a method of estimating the mean of a population using outside information, especially a pre-existing belief, which is factored into the calculation.
BjyAuthorize - Acl security for ZF2
BjyAuthorize - Acl security for ZF2 Deprecated This package is now officially deprecated and will not receive any future updates or bug fixes. As long
A web application built on PHP for user to view their credit information in their mysql database
TheCreditInfo Table of Content About Inspiration Technologies Client Pages Usage About Credere is a website created to help you track your credit hist
PHP shells that work on Linux OS, macOS, and Windows OS.
PHP Reverse Shell Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author! Works
Display some useful information in the reports module.
Useful information in the reports module : xclass, ajax, cliKeys, eID, general status of the system (encoding, DB, php vars...), hooks, compare local and TER extension (diff), used content type, used plugins, ExtDirect... It can really help you during migration or new existing project (to have a global reports of the system).
🔒 a simple login screen done in php with connection to mysql
login.php What is a login system? login (derived from the English log in) or logon or signin, is the process to access a restricted computer system ma
A sampling profiler for PHP written in PHP, which reads information about running PHP VM from outside of the process.
Reli Reli is a sampling profiler (or a VM state inspector) written in PHP. It can read information about running PHP script from outside of the proces
IP2Location library for CodeIgniter. Use IP2Location geolocation database to lookup the country, region, city, coordinates, zip code, time zone, ISP, domain name, connection type, area code, weather, MCC, MNC, mobile brand name, elevation and usage type that any IP address or hostname originates from.
CodeIgniter IP2Location Library This module enables users to retrieve below geolocation information from an IP address. It supports both the IPv4 and
Application with SQL Injection vulnerability and possible privilege escalation
Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.
EXT:server-timing adds Server-Timing Header with usefull information
EXT:server_timing - see your performance installation composer require kanti/server-timing at the moment there is nothing to configure Server timings
A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.
A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.
Library JGU is a website created for a university library system information. Made with PHP & TailwindCSS.
Library JGU Library JGU is a website created for a university library system information. Made with PHP & TailwindCSS. Key Features • How To Use • Rel
🔒 Laravel validation rule that checks if a password has been exposed in a data breach.
🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac
⚡ Php snippets, random stuff, demos, functions, fast message system, agnostic and framework free - 100% compactible ;) ⚡
⚡ Php8 FPM Nginx Fast, Scripts, Pearls & Treasures 🚀 Want to run and test asap ? docker-compose up -d phpgit_php8;ip=$(docker-machine ip default);ech
Github Action which checks Security issues scanning package manager files
security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to
The Smart-ID PHP client can be used for easy integration of the Smart-ID solution to information systems or e-services
Smart-ID PHP client Introduction The Smart-ID PHP client can be used for easy integration of the Smart-ID solution to information systems or e-service
Strong cryptography tools and password hashing
laminas-crypt 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.
TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or
Major Security Vulnerability on PrestaShop Websites - CVE-2022-31101
Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta
Use Ciphersweet in your Laravel project
In your project, you might store sensitive personal data in your database. Should an unauthorised person get access to your DB, all sensitive can be read which is obviously not good.
A Full Stack login/register system using a MySQL database to store the information
This is a Full Stack login/register system using a MySQL database to store the information. I created this to sharpen my Full Stack Development skills.
A clean and responsive interface for Zend OPcache information,
A clean and responsive interface for Zend OPcache information, showing statistics, settings and cached files, and providing a real-time update for the information.
Open Source Data & Experience Management Platform (PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce)
Pimcore - Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce
Audit your PHP version for known CVEs and patches
PHP Version Audit PHP Version Audit is a convenience tool to easily check a given PHP version against a regularly updated list of CVE exploits, new re
Disable direct access to your sites /wp-login.php script, plus user notifications based on actions.
WordPress Login Locker Disable direct access to your sites /wp-login.php script plus user notifications based on actions. Package Installation (via Co
Magento 2 Megamenu extension is an indispensable component, and plays the role of website navigation to help customers easily categorize and find information
Mageno 2 Mega Menu (Magicmenu) helps you create neat and smart navigation menus to display the main categories on your website.
Web page performance/seo/security/accessibility analysis, browser-less for PHP
Web page performance/seo/security/accessibility analysis, browser-less for PHP
CheckIP - A composer module to retrieve information from an IP address
A composer module to retrieve information from an IP address, using geoplugin.net Installation Use composer to install CheckIP composer requir
cve-2021-38314 - Unauthenticated Sensitive Information Disclosure
cve-2021-38314 - Unauthenticated Sensitive Information Disclosure The Gutenberg Template Library & Redux Framework plugin = 4.2.11 for WordPress regi
A sampling profiler for PHP written in PHP, which reads information about running PHP VM from outside of the process.
Reli Reli is a sampling profiler (or a VM state inspector) written in PHP. It can read information about running PHP script from outside of the proces
CrimeFlare - This tools can help you to see the real IP behind CloudFlare protected websites
CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.
A dockerized PHP application containing some file upload vulnerability challenges (scenarios)
File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges
Added Laravel functionality to Enlightn Security Checker
Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.
PHP library for Two Factor Authentication (TFA / 2FA)
PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b
Create and validate signed URLs with a limited lifetime
This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.
Passbolt - Open source password manager for teams
Passbolt - Open source password manager for teams
The Security component provides a complete security system for your web application.
Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us
Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes
Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.
SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an
Programmatically create and render barcodes as images or in PDFs
laminas-barcode 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги к
Secure package for WP CLI, built to provide an easier way of securing your WordPress installation
wp-cli/secure-command Official website: Hackthewp.com Manages common security aspects of WordPress. Supports nginx and Apache. Basic Usage This packag
PHP Secure Headers
Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio
Laminas\Console is a component to design and implement console applications in PHP.
laminas-console This package is abandoned and will receive no further development! We recommend using laminas/laminas-cli. Laminas\Console is a compon
A wrapper of voku/anti-xss for Laravel
Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb
Symfony bundle that provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications
CSRF Cookie Bundle This Symfony bundle provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications requesting endpoints
Google Two-Factor Authentication Package for Laravel
Google2FA for Laravel Google Two-Factor Authentication Package for Laravel Google2FA is a PHP implementation of the Google Two-Factor Authentication M
MISP - Threat Intelligence Sharing Platform
MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.
Damn Vulnerable PHP Application (DVPA)
Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges
A WordPress plugin that displays proxied war news from the free world to Russian IP address visitors with option to block further access.
A WordPress plugin that displays proxied war news from the free world to Russian IP address visitors with option to block further access.
An utility component for XML usage and best practices in PHP
An utility component for XML usage and best practices in PHP
Regexp Security Cheatsheet
Regexp Security Cheatsheet Research was done to find "weak places" in regular expressions of Web Application Firewalls (WAFs). Repository contains SAS
A full-featured home hosted Cloud Drive, Personal Assistant, App Launcher, File Converter, Streamer, Share Tool & More!
A Fully Featured home-hosted Cloud Storage platform and Personal Assistant that Converts files, OCR's images & documents, Creates archives, Scans for viruses, Protects your server, Keeps itself up-to-date, and Runs your own AppLauncher!
A laboratory for learning secure web and mobile development in a practical manner
A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos
Create and update progress bars in different environments
Create and update progress bars in different environments
2 functions which work together to sanitize the the information from a form from SQL_Inyection.
Form_sanitizer 2 functions which work together to sanitize the the information from a form from SQL_Inyection. How to use the 2 functions Once you cop
Laminas\Text is a component to work on text strings
laminas-text This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering
laminas-xml2json provides functionality for converting XML structures to JSON
laminas-xml2json This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Stee
Create cryptographically secure pseudo-random numbers, and manage big integers
laminas-math This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering
All in one tool for Information Gathering and Vulnerability Scanning
All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.
🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.
🔒 Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable.
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.
laminas-di integration for laminas-servicemanager
laminas-servicemanager-di This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Techn
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.
PHP Secure Configuration Checker
PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on C
Clear all your logs in [linux/windows] servers 🛡️
Log-killer Log Killer is tool for [Linux/Windows] Servers This tool will delete all your logs just download the tool and run it on the server if your
provides a nested object property based user interface for accessing this configuration data within application code
laminas-config This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steeri
Track any ip address with IP-Tracer. IP-Tracer is developed for Linux and Termux. you can retrieve any ip address information using IP-Tracer.
IP-Tracer is used to track an ip address. IP-Tracer is developed for Termux and Linux based systems. you can easily retrieve ip address information using IP-Tracer. IP-Tracer use ip-api to track ip address.
laminas-memory manages data in an environment with limited memory
Memory objects (memory containers) are generated by the memory manager, and transparently swapped/loaded when required.
Secure WordPress login with two factor authentication
This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.
This package is considered feature-complete, and is now in security-only maintenance mode
laminas-soap This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering
Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.
Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR
Starless Sky is a network protocol for secure identities, providing the use of assymetric identities, public information, end-to-end messaging and smart contracts
Descentralized network protocol providing smart identity over an secure layer. What is the Starless Sky Protocol? Starless Sky is a network protocol f
Security issues for Magento have left a big question mark in the community of online stores
Magento 2 Security extension FREE. Security extension gives store owners the ability to detect the IP addresses that are intentionally attacking their store at any given time. Therefore, they have timely measures to prevent this issue such as blocking those IP addresses or sending warning emails to store owners.
Laravel Nova Ban simplify blocking and banning Eloquent models.
Laravel Nova Ban Introduction Behind the scenes cybercog/laravel-ban is used. Contents Installation Usage Prepare bannable model Prepare bannable mode
Security Component - Guard
The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.
Simple PHP templating system for user editable templates.
Simple template Simple PHP templating system for user editable templates. Idea Most applications need to render templates that insert safely treated v
A simple PHP scripting application which fetch emails from your Gmail account according to a filter and parses them for information.
A simple PHP scripting application which fetch emails from your Gmail account according to a filter and parses them for information.
CRUD Build a system to insert student name information, grade the class name, and edit and delete this information
CRUD Build a system to insert student name information, grade the class name, and edit and delete this information
This is my attempt at building a decent SVG sanitizer in PHP. The work is laregely borrowed from DOMPurify.
svg-sanitizer This is my attempt at building a decent SVG sanitizer in PHP. The work is laregely borrowed from DOMPurify. Installation Either require
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core
Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb
Allow any Discord user to sign in to your website and save their discord user information for later use.
Simple Discord SSO ( Single Sign-On ) Requires at least: 5.0 Tested up to: 5.8.3 Stable tag: 1.0.2 Requires PHP: 7.4 License: GPLv2 or later License U
A simple way to know if you are on the list of major security breaches like "HIBP", but it is specific for Iran.
Leakfa.com A simple way to know if you are on the list of major security breaches like "HIBP", but it is specific for Iran. Service content This produ
A php package to get the server information.
A php package to get you the server information Install Via Composer $ composer require ameetroy/server Usage use BubbleGum\Sweety; $getTotalSpace =
Laravel & Solana Phantom wallet example built with Bootstrap, JQuery. App connects to Phantom wallet and fetching publicKey and balance information.
Phantom Wallet Authentication Example Laravel & Solana ($SOL) Phantom wallet example built with Bootstrap, JQuery. This is a Web 3.0 app that connects
FalconOne Lite is an Open Source solution deployed and updated on a daily basis to help prevent terror and crime globally
FalconOne Lite is an Open Source solution deployed and updated on a daily basis to help prevent terror and crime globally. By using advanced tools, functions and stealth strategies, FalconOne community is focused on making a friendly and fast solution for effective results.
A simple platform information plugin for WordPress. Shows you environment variables, PHP settings and more.
A simple platform information plugin for WordPress. Shows you environment variables, PHP settings and more.
Library that offers Input Filtering based on Annotations for use with Objects. Check out 2.dev for 2.0 pre-release.
DMS Filter Component This library provides a service that can be used to filter object values based on annotations Install Use composer to add DMS\Fil
Magento 2 module for displaying additional information in configuration
AvS_ScopeHint for Magento 2 Displays a hint when a configuration value is overwritten on a lower scope (website or store view). Facts version: 1.0.0-b
List of Magento extensions with known security issues.
Magento Vulnerability Database List of Magento 1 and 2 integrations with known security issues. Objective: easily identify insecure 3rd party software
「🌎」Web Exploration Laboratory
「 🌎 」About Web Exploration Laboratory The Web Exploration Laboratory (WEL) is a project created for people just entering the information security bus
A Magento community sourced security pre-flight checklist.
Magento Security Checklist This is a community sourced checklist of security measures to take before launching your store. Think of it as a pre-flight
Online chatting application through a logical decentralized blockchain network that stores chat information and hashing keys implemented using AJAX, JQuery, PHP, SQL, CSS, and HTML
Online chatting application through a logical decentralized blockchain network that stores chat information and hashing keys implemented using AJAX, JQuery, PHP, SQL, CSS, and HTML. The blockchain stores a previous hash value, current hash value, time, chat data, and a special key(nonce) used for encryption in each block (node).
A study of the design, implementation, and management of enterprise information systems.
Enterprise-Architecture A study of the design, implementation, and management of enterprise information systems. Organization: University of North Ala
It allows frontend developer to send ajax requests and return a custom information from the server without a php developer help
[Magento 1 Extension] It allows frontend developer to send ajax requests and return a custom information from the server without a php developer help (without any php code).
This Magento extension provides a Real Full Page Caching for Magento powered by Varnish with support of Session-Based information caching (Cart, Customer Accounts, ...) via ESI includes
This Magento extension provides a Real Full Page Caching (FPC) for Magento powered by Varnish with support of Session-Based information caching (Cart, Customer Accounts, ...) via ESI includes