PHP Information-security Resources

magento-htaccess A htaccess boilerplate for all Magento Community installations. Features focus on speed, SEO and security. The file should be placed

JvMTECH.NeosHardening Package for Neos CMS Harden request headers, login interface and passwords to increase backend security. Installation composer r

YogsMAP adalah GIS(Geographic Information System) yang dibangun dengan PHP Native, MapBox API dan Boostrap. Website ini menampilkan data pada area di yogyakarta, serta bisa menampilkan lokasi-lokasi yang diinginkan.

Awesome AppSec A curated list of resources for learning about application security. Contains books, websites, blog posts, and self-assessment quizzes.

About this project Academico is an open-source, Lavarel-based school management platform. Its main features include course management, enrolments mana

Enlightn A Laravel Tool To Boost Your App's Performance & Security Introduction Think of Enlightn as your performance and security consultant. Enlight

Laravel ACL This package allows you to manage user permissions and groups in a database, and is compatible with Laravel v5.8 or higher. Please check t

PHP面试准备的资料 这个项目是自己准备面试整理的资料。可能包括PHP、MySQL等资料。方便自己以后查阅，会不定期更新，如果错误，请指出，谢谢。欢迎大家提交PR，谢谢大家的star 可以通过https://xianyunyh.gitbooks.io/php-interview/预览。欢迎有精力的朋

Video Thumbnail URL Get the thumbnail of youtube and vimeo videos from the url. The returned information is ID and URL of the thumbnail Installation I

A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos

CSP useful, a collection of scripts, thoughts about CSP I'm testing and using CSP (Content Security Policy), and here are some thoughts, resources, sc

Manifest Component for reading phar.io manifest information from a PHP Archive (PHAR). Installation You can add this library as a local, per-project d

Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v

SЁCU Introduction SЁCU is a public API to store self-destructing data payloads. This repository includes only backend part using Laravel framework. Fr

Csrf Component Csrf Component provides Cross Site Request Forgery protection by comparing provided token with session token to ensure request validity

laminas-serializer This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical St

nanos Nanos is a new kernel designed to run one and only one application in a virtualized environment. It has several constraints on it compared to a

This repository contains a set of vulnerable Docker images for attacking the container environment compiled for Cyber_Security hackathon 2021. Require

=== WPBruiser {no- Captcha anti-Spam} === Contributors: mihche, knutsp Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_

Laravel Masked DB Dump A database dumping package that allows you to replace and mask columns while dumping your database. Installation You can instal

Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

progpilot A static analyzer for security purposes Only PHP language is currently supported Installation Option 1: use standalone phar Download the lat

phpcs-security-audit v3 About phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in

XVideos PornHub RedTube API This script scrapes the HTML from different web pages to get the information from the video and you can use it in your own

⚡ ⚡ ⚡ Laravel Go Translate Translate laravel resource, vendor, folder or file from google translation without requiring any api information. Table of

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

Open eClass 2.3 Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the clas

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

api-security-lab This repo contains files for customers and partners to practice an API Security with NGINX App-Protect WAF. To demonstrate the capabi

A WordPress plugin for crawling information from the Iranian customs site and displaying it in Elementor

Tenant Security Client PHP Library A PHP client for implementing CMK within a vendor's infrastructure. Makes requests through an IronCore Tenant Secur

Simple command-line tool to access HiWeb account information.

EzPz Tweaks is an all-in-one WordPress plugin that helps you personalize the admin panel appearances, clean your site code and remove unwanted features to increase its security and improve performance.

PASETO: Platform-Agnostic Security Tokens Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague

LarageoPlugin (Laravel 4 Package) A Laravel package that uses geoPlugin web service to fetch information from an IP. It will store in cache the IP inf

Postcode Search Simple searching for postcodes to retrieve geographic information. Support for various API providers and a unified address/output form

VK Security – Auth system VK Security provides the ability to use game authorization inside in conjunction with the official VKontakte groups. Conveni

Security Advanced Security Class for Php Features Secure From XSS, CSRF, SQL Injection, BASE64, RFI, LFI, Command Injection, Block Suspicious Request

Goldbach Algorithms Address Info Getter (fondly nicknamed AIG) is a PHP library developed for Symfony to collect address information.

Here is an Instagram Guest API. Gather all public information as JSON format without logging yourself. It's all automation and time saving.

Infopanel is a simple tool getting some information from source. It works basically like a slider that shows only title, image, a little bit description and QR-Code for links. It has its own GUI for the editing. The GUI provides a very simple role concept. This tool can be used for digital signage, Information panels, News or Events or similar.

Symfony Entity Exporter Goldbach Algorithms Symfony Entity Exporter (fondly nicknamed Entity Exporter) is a library developed for the Symfony framewor

FunboxEasy - Proving Grounds - Offensive Security

Login and Sign Up with PHP User registration and login form with validations and escapes for total security made with PHP. Validations Required fields

QueryServer This is a plugin written in PHP programming language and running on the PocketMine platform that works stably on the API 4.0.0 platform. I

Laravel Server Timings Add Server-Timing header information from within your Laravel apps. Installation You can install the package via composer: comp

Kirby3 GnuPG This plugin adds information about PGP public keys on upload, using gpg binary (which needs to be installed for this to work). Getting st

Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

THIS PACKAGE IS NOT MAINTAINED ANYMORE. SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes Create secured URLs with a limited

PropAuth: Property-based policy evaluation Performing evaluations on credentials for authentication or sets of permissions on users has its limitation

🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac

HTTP-Header Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen. Zu beachten ist, dass nicht alle He

Store and retrieve settings generally or for model objects in Laravel. Documentation You can find the detailed documentation here in Laravel Settings

PHP-JWT-Guard Protect your code from being impacted by issue 351 in firebase/php-jwt. Installation First, install this library with Composer: composer

quarks/laravel-auditors Record created by, updated by and deleted by (if SoftDeletes added) on Eloquent models automatically. Installation composer re

Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.

OpenEMR is a Free and Open Source electronic health records and medical practice management application. It features fully integrated electronic health records, practice management, scheduling, electronic billing, internationalization, free support, a vibrant community, and a whole lot more. It runs on Windows, Linux, Mac OS X, and many other platforms.

Certainty - CA-Cert Automation for PHP Projects Automate your PHP projects' cacert.pem management. Read the blog post introducing Certainty. Requires

Chronicle is a self-hostable microservice, built with Slim Framework, which enables authorized users to commit arbitrary data to an immutable, append-only public ledger.

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

php-text-analysis PHP Text Analysis is a library for performing Information Retrieval (IR) and Natural Language Processing (NLP) tasks using the PHP l

BaiCloud-cms About BaiCloud-cms is a powerful open source CMS that allows you to create professional websites and scalable web applications. Visit the

This package adds security notifications to warn your users when significant security events occur so that they aren't the next victim of an attacker.

Jetpack Monorepo This is the Jetpack Monorepo. It contains source code for the Jetpack plugin, the Jetpack composer packages, and other things. How to

PHP-Casbin Documentation | Tutorials | Extensions Breaking News: Laravel-authz is now available, an authorization library for the Laravel framework. P

OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi

JObfuscator is a source code obfuscator for the Java programming language. It can protect your Java source code and algorithms from hacking, cracking, reverse engineering, decompilation, and technology theft.

Docker Tutorials and Labs At this time we are not actively adding labs to this repository. Our focus is on training.play-with-docker.com where new lab

The full article is posted on my blog. The video presentation is shared here. The presentation slides are shared here. The exploit codes are shared he

Evil Twin - Mark VII Learn how to set up a fake authentication web page on a fake WiFi network. Read the comments in these two files to get a better u

hackigniter Hakkında : Hackigniter php codeigniter üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma tes

A small example of crawling another website and extracting the required information from it to save the website wherever we need it Description This s

Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

PropertyInfo Component The PropertyInfo component extracts information about PHP class' properties using metadata of popular sources. Resources Docume

Security Component - Core Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the

CrimeFlare Bypass Hostname Alat untuk melihat IP asli dibalik website yang telah dilindungi CloudFlare. Introduction Alat ini berfungsi untuk melakuka

psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize

Based on Sam Thomas' findings concerning insecure deserialization in combination with obfuscation strategies allowing to hide Phar files inside valid image resources, the TYPO3 project decided back then to introduce a PharStreamWrapper to intercept invocations of the phar:// stream in PHP and only allow usage for defined locations in the file system.

Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a

Laravel Qcloud Content Security T-Sec 天御内容安全服务使用了深度学习技术，识别文本/图片中出现的可能令人反感、不安全或不适宜内容，支持用户配置词库/图片黑名单，识别自定义的识别类型。

Repository for Fact Extraction and VERification Over Unstructured and Structured information (FEVEROUS), used for the FEVER Workshop Shared Task at EMNLP2021.

WordPress static site generator for security, performance and cost benefits

phpunit/php-code-coverage Provides collection, processing, and rendering functionality for PHP code coverage information. Installation You can add thi

User Switching Stable tag: 1.5.7 Requires at least: 3.7 Tested up to: 5.7 Requires PHP: 5.3 License: GPL v2 or later Tags: users, profiles, user switc

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

Laravel Ban Introduction Laravel Ban simplify management of Eloquent model's ban. Make any model bannable in a minutes! Use case is not limited to Use

Captcha for Laravel 5/6/7 A simple Laravel 5/6 service provider for including the Captcha for Laravel. for Laravel 4 Captcha for Laravel Laravel 4 Pre

Bouncer Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Table of Contents Click

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i

phpSysInfo Copyright (c), 1999-2008, Uriah Welcome (sf.net/users/precision) Copyright (c), 1999-2009, Michael Cramer (sf.net/users/bigmichi1) Copyrigh

Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M

Captcha Installation With composer : { ... "require": { "gregwar/captcha": "1.*" } } Usage You can create a captcha with the Captc

MathPHP - Powerful Modern Math Library for PHP The only library you need to integrate mathematical functions into your applications. It is a self-cont

Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo

Latte: amazing template engine for PHP Introduction Latte is a template engine for PHP which eases your work and ensures the output is protected again

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an