PHP Magento-security-checklist Resources

FilterGuard FilterGuard is a simple PHP library for data sanitization. It provides methods to sanitize strings, integers, floats, boolean values, arra

Siteation - Hyva Icon Pack - Flags This Magento 2 module adds the option to use Flagpack icons in your Hyvä frontend. This requires that you have a wo

Introduction This package allows you as a developer to restrict who can and cannot run artisan commands, especially in a production environment. For e

Laravel Magento Prices Package to send prices to Magento from a Laravel application using a configurable source. Features The idea is that we want to

Laravel Magento Customer Prices This package provides a way to add customer specific prices to Magento from a Laravel app. By default, it uses the Mag

Magento Products This package tracks if products exist in Magento by storing the status locally in the DB. We developed this to prevent multiple calls

Laravel Magento Products Nova This package is the Laravel Nova integration for justbetter/laravel-magento-products. Installation Install the package.

Laravel Magento Prices Nova This package is the Laravel Nova integration for justbetter/laravel-magento-prices. Installation Install the package. comp

Laravel Magento Customer Prices Nova Laravel Nova integration for justbetter/laravel-magento-customer-prices. Installation Install the package. compos

PT Phone Home As penetration testers, we often come up with creative methods to deliver and execute our payloads, such as staged payloads. A staged pa

BjyAuthorize - Acl security for ZF2 Deprecated This package is now officially deprecated and will not receive any future updates or bug fixes. As long

PHP Reverse Shell Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author! Works

login.php What is a login system? login (derived from the English log in) or logon or signin, is the process to access a restricted computer system ma

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.

🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac

Lesti_Fpc Simple Magento Fullpagecache. The current documentation can be found here. Install Several quick start options are available: Install manual

element119 | CMS Duplicator 📝 Features ✔️ Allows merchants to duplicate CMS blocks and pages from the Action column in the admin grid ✔️ Allows merch

A Magento 2 module that allows for creating discrete PDP (Product Detail Pages) page layouts for customers landing on the site from a PPC (Pay Per Click) link/ad by allowing routing to the same pages using a `/ppc/` prefix in the URL path.

⚡ Php8 FPM Nginx Fast, Scripts, Pearls & Treasures 🚀 Want to run and test asap ? docker-compose up -d phpgit_php8;ip=$(docker-machine ip default);ech

security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to

laminas-crypt 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

REQUIREMENTS Docker https://docs.docker.com/desktop/install/windows-install/ Git https://git-scm.com/download/win STOP LOCAL SERVERS (XAMPP, OPENSERVE

Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta

In your project, you might store sensitive personal data in your database. Should an unauthorised person get access to your DB, all sensitive can be read which is obviously not good.

Url data integrity checker module for Magento 2 Purpose The purpose of this module is to give store owners of a Magento 2 shop insight into what url-r

PHP Version Audit PHP Version Audit is a convenience tool to easily check a given PHP version against a regularly updated list of CVE exploits, new re

WordPress Login Locker Disable direct access to your sites /wp-login.php script plus user notifications based on actions. Package Installation (via Co

CurrencyPrecision Magento 2 Extension Metamask Ethereum payment method module for Magento 2 Table of contents Description Feature Installation Compose

Magento 2 Invoice PDF Generator - helps you to customize the pdf templates for Magento 2. If you have an enabled template and a default template for the store you need your template the system will print the pdf template.

ExtDN PHP_CodeSniffer rules for Magento 2 Introduction There are already many PHP CodeSniffer rules out there to aid in Magento 2 development: Magento

Mageplaza Share Cart Extension helps customers in sharing their shopping cart with friends and family as well. This is a supportive method to promote store’s conversion rate via the existing users, and this can significantly contribute to the revenue of the store.

Magento Semantic Versioning Checker

MailChimp for Magento 2. Syncs all data (subscriber, customers, orders, products) and enables marketing automation with email campaigns, automations, ads, postcards and more.

Magento sample data includes a sample store, complete with more than 250 products (about 200 of them are configurable products), categories, promotional price rules, CMS pages, banners, and so on. Sample data uses the Luma theme on the storefront.

Magento 2 GDPR extension Free by Magepow helps websites comply with GDPR regulations, allowing customers to control personal data and avoid penalties.

Mageno 2 Mega Menu (Magicmenu) helps you create neat and smart navigation menus to display the main categories on your website.

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Integrity checker Package allows to run static analysis on Magento 2 Module Packages to provide an integrity check of package. Supported tools: Compos

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges

Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

magento2-log-correlation-id Magento 2 log correlation id for PHP requests/processes and magento logs. This is useful when debugging issues on a produc

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Magento n98-magerun module for importing and exporting configuration data. Import supports hierarchical folder structure and of course different environments.

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

Passbolt - Open source password manager for teams

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Enables developers to modify Magento installations (configuration, data) based on the given environment using n98-magerun.

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

laminas-barcode 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги к

wp-cli/secure-command Official website: Hackthewp.com Manages common security aspects of WordPress. Supports nginx and Apache. Basic Usage This packag

Hyvä Themes - Magento translation CSV comparison command hyva-themes/magento2-i18n-csv-diff This module adds the bin/magento i18n:diff-csv and i18n:tr

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

Magento 2 Configurable Options This module provides functionality for preselecting configurable product options and updating attribute values from sel

laminas-console This package is abandoned and will receive no further development! We recommend using laminas/laminas-cli. Laminas\Console is a compon

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Improve default Magento 2 Import / Export features - cron jobs, CSV , XML , JSON , Excel , mapping of any format, Google Sheet, data and price modification, improved speed and a lot more!

Boilerplate between the Magento API and ImportExport, so that you can do fast Array/XMLRPC/SOAP based product imports.

CSRF Cookie Bundle This Symfony bundle provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications requesting endpoints

Magento 2 custom extension to add custom attributes(longitude, latitude) to customer address. Then save them to quote model and copy them from quote address to order address on bakend, frontend, rest api

magento2-bnpl Description LatitudePay & Genoapay Payment Modules for Magento 2. Compatible with Magento 2.3.5 onwards. Tested up to: Magento 2.4.3. Ta

Google2FA for Laravel Google Two-Factor Authentication Package for Laravel Google2FA is a PHP implementation of the Google Two-Factor Authentication M

Magento 2 Message Queue AMQP Backend AMQP message queue backend implementation for Rcason_Mq. Installation Require the module via Composer $ composer

❄️ Magento 2 Snowflake module allow you to add snow and even more on your site and make winter fun.

This module add a global registration.php that replace the default glob search performed for each request to discover the components not installed from composer.

ConfigImportExport This module provides new CLI commands for Magento 2 to import/export data in/from core_config_data. This module is inspired by the

Smile ElasticSuite - Magento 2 merchandising and search engine built on ElasticSearch

MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges

Magento Project Mess Detector Author: Fabrizio Branca (fbrnc.net / @fbrnc) Some additional commands for the excellent n98-magerun Magento command-line

An utility component for XML usage and best practices in PHP

Regexp Security Cheatsheet Research was done to find "weak places" in regular expressions of Web Application Firewalls (WAFs). Repository contains SAS

A Fully Featured home-hosted Cloud Storage platform and Personal Assistant that Converts files, OCR's images & documents, Creates archives, Scans for viruses, Protects your server, Keeps itself up-to-date, and Runs your own AppLauncher!

A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos

Create and update progress bars in different environments

A dev-friendly approach to handle background jobs in Magento 2 Overview 💭 Now and then we need to create processes that can take some time to execute

laminas-text This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

laminas-xml2json This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Stee

laminas-math This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

Simple Import / Export tool A tool that allows to quickly export data from Magento 1 and Magento 2 store and import it back into Magento 2. Table data

🔒 Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

laminas-servicemanager-di This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Techn

Magento 2 SMTP Extension helps the owner of store simply install SMTP (Simple Mail Transfer Protocol) server which transmits the messages into codes or numbers.

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

Magento 2 extension. Solution for set Url of Category without Parent path.

Magento 2 Preview/Visit Catalog Overview Magento 2 Preview/Visit Catalog allows the store owner to quickly preview the catalog (product & category) pa

Magento 2 extension. Strekoza_GoogleCategory Magento 2 extension. Add Category Attribute (field) - "Google Category" This exstension will add Category

PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on C

Log-killer Log Killer is tool for [Linux/Windows] Servers This tool will delete all your logs just download the tool and run it on the server if your

laminas-config This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steeri

Magento Relay Installation First, install Relay as a PHP extension for your CLI and FPM environments. Next, install the Magento module: composer requi

Memory objects (memory containers) are generated by the memory manager, and transparently swapped/loaded when required.

This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.

Seamlessly integrate the popular Snowdog Menu for Magento 2 with the Luma theme templates. No custom templates or CSS required.

Cm_RedisSession A Redis-based session handler for Magento with optimistic locking. Features: Falls back to mysql handler if it can't connect to Redis.