410 Repositories
PHP magento-security-checklist Libraries
A list of useful Magento technical resources
Magento 2 Resources A curated list of useful Magento 2 resources. Resources are listed alphabetically within each category. This file is automatically
A laboratory for learning secure web and mobile development in a practical manner.
A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos
Collection of scripts, thoughts about CSP (Content Security Policy)
CSP useful, a collection of scripts, thoughts about CSP I'm testing and using CSP (Content Security Policy), and here are some thoughts, resources, sc
A PHP dependency vulnerabilities scanner based on the Security Advisories Database.
Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v
Extract and evolution of the magento2-currency-precision module from the magento2-jp project from @Magento
Currency Precision Module for Magento 2 This module aims to help merchants to manage easily their currency precision in Magento 2. DISCLAIMER Initiall
This project lists all the mandatory steps I recommend to build a Website using Symfony, Twig, Doctrine.
{% raw %} -- keep this for Jekyll to fully bypass this documents, because of the Twig tags. Symfony Website Checklist 📑 Summary~~~~ Elevator pitch P
SЁCU is a public API to store self-destructing data payloads with url shortener and handle anonymous chat-rooms.
SЁCU Introduction SЁCU is a public API to store self-destructing data payloads. This repository includes only backend part using Laravel framework. Fr
Csrf Component provides Cross Site Request Forgery protection by comparing provided token with session token to ensure request validity.
Csrf Component Csrf Component provides Cross Site Request Forgery protection by comparing provided token with session token to ensure request validity
Serialize and deserialize PHP structures to a variety of representations
laminas-serializer This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical St
Extends the customer functionality of Magento.
FireGento_Customer This extension extends the core functionality of the customer module of Magento. It is possible to temporarily lock the user accoun
A kernel designed to run one and only one application in a virtualized environment
nanos Nanos is a new kernel designed to run one and only one application in a virtualized environment. It has several constraints on it compared to a
Docker images for Cyber_Security hakathon 2021.
This repository contains a set of vulnerable Docker images for attacking the container environment compiled for Cyber_Security hackathon 2021. Require
Magento 2 module to quickly acces products, orders and customer from admin menu
Magento 2 module to quickly access product, order or customer views Introduction The Magento 2 backend can be sluggish. Ever wanted to access a produc
WPBruiser {no- Captcha anti-Spam} (forked, updated)
=== WPBruiser {no- Captcha anti-Spam} === Contributors: mihche, knutsp Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_
Matomo is the leading Free/Libre open analytics platform.
Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M
Security advisories as a simple composer exclusion list, updated daily
Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa
PHP frontend for security.symfony.com
SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20
PHP Secure Headers
Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio
Parse: A Static Security Scanner
Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool
A static analysis tool for security
progpilot A static analyzer for security purposes Only PHP language is currently supported Installation Option 1: use standalone phar Download the lat
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code
phpcs-security-audit v3 About phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in
Add Price Including tax for Magento's "cart" GraphQl query
Comwrap_GraphQlCartPrices Add Price Including tax for Magento's "cart" GraphQl query Query will looks like following: items { id __typenam
This package allows you to send logs to files. based on monolog/monolog. You can use it during your development to make debugging easier. The file are in the var / log folder. This package is recommended for magento 2.This package allows you to send logs to files.
Custom Logger This package allows you to send logs to files. based on monolog/monolog. You can use it during your development to make debugging easier
HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.
TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or
Exploiting and fixing security vulnerabilities of an old version of E-Class. Project implemented as part of the class YS13 Cyber-Security.
Open eClass 2.3 Development of XSS, CSRF, SQLi, RFI attacks/defences of an older,vulnerable version of eclass. Project implemented as part of the clas
A Magento 2 module that adds a CLI bin/magento cms:dump to dump all CMS pages and CMS blocks to a folder var/cms-output.
A Magento 2 module that adds a CLI bin/magento cms:dump to dump all CMS pages and CMS blocks to a folder var/cms-output.
Test essentials for writing testable code that interacts with Magento core modules
Essentials for testing Magento 2 modules Using mocking frameworks for testing Magento 2 modules is counterproductive as you replicate line by line you
Allow SVG images to be used in Magento CMS blocks and pages via the TinyMCE Wysiwyg Editor.
Hyvä Themes - SVG support for the Magento CMS Wysiwyg Editor Allow SVG images to be used in CMS blocks and pages via the TinyMCE Wysiwyg Editor. hyva-
Windows and macOS Hardening Interface to make security more accessible.
Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan
Here are few exercises to practice how to implement API Security with NGINX App-Protect WAF.
api-security-lab This repo contains files for customers and partners to practice an API Security with NGINX App-Protect WAF. To demonstrate the capabi
Client for the Tenant Security Proxy in PHP
Tenant Security Client PHP Library A PHP client for implementing CMK within a vendor's infrastructure. Makes requests through an IronCore Tenant Secur
(Magento 2) Count Quantity of Products Sold
It counts how many items were sold based on the product ID and lists the quantity on the product page.
Content Fuzzyfyr Module for Magento® 2
Content Fuzzyfyr Module for Magento® 2 The Content Fuzzyfyr module for Magento® 2 fills up empty content fields - and if needed - switches real conten
EzPz Tweaks is an all-in-one WordPress plugin that helps you personalize the admin panel appearances
EzPz Tweaks is an all-in-one WordPress plugin that helps you personalize the admin panel appearances, clean your site code and remove unwanted features to increase its security and improve performance.
Improve Core Web Vital score for Magento 2 website
Magento 2 Optimization for Google Insights This modules allows you modify the HTML, Javascript, CSS, update the position, optimize CWV (Core Web Vital
PASETO: Platform-Agnostic Security Tokens
PASETO: Platform-Agnostic Security Tokens Paseto is everything you love about JOSE (JWT, JWE, JWS) without any of the many design deficits that plague
This system will provide security and comfortable opportunities to protect your gaming account.
VK Security – Auth system VK Security provides the ability to use game authorization inside in conjunction with the official VKontakte groups. Conveni
Php Security Class
Security Advanced Security Class for Php Features Secure From XSS, CSRF, SQL Injection, BASE64, RFI, LFI, Command Injection, Block Suspicious Request
A Magento implementation for validating JSON Structures against a given Schema
Zepgram JsonSchema A Magento implementation for validating JSON Structures against a given Schema with support for Schemas of Draft-3 or Draft-4. Base
FunboxEasy - Proving Grounds - Offensive Security
FunboxEasy - Proving Grounds - Offensive Security
Clean up your Magento database by removing orphaned, unused and wrongly added attribute, attribute values and settings (for M2).
Magento 2 EAV Cleaner Console Command Purpose of this project is to check for different flaws that can occur due to EAV and provide cleanup functions.
Magewire is a Laravel Livewire port for Magento 2.
Magewire is a Laravel Livewire port for Magento 2. The goal is to make it fun and easy to build modern, reactive and dynamic interfaces, without leaving the comfort of Magento's core layout and template systems. Magewire can be the missing piece when you intend to build dynamic and reactive features, but don't require or feel comfortable working with a full JavaScript framework like Vue or React.
Easily add logs anywhere in your Magento 2 code
Magento 2 Simple Log Easily add logs anywhere in the code (like Magento 1). Requirements Requires Magento 2 in any version. Installation Add the Log.p
User registration and login form with validations and escapes for total security made with PHP.
Login and Sign Up with PHP User registration and login form with validations and escapes for total security made with PHP. Validations Required fields
This Magento 2 extension integrates EasyTranslate into Magento 2.
EasyTranslate Magento 2 Connector This Magento 2 extension integrates EasyTranslate into Magento 2. Mind that you need to have an account with EasyTra
Added Laravel functionality to Enlightn Security Checker.
Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.
Create and validate signed URLs with a limited lifetime
THIS PACKAGE IS NOT MAINTAINED ANYMORE. SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes Create secured URLs with a limited
A library for property-based policy evaluation
PropAuth: Property-based policy evaluation Performing evaluations on credentials for authentication or sets of permissions on users has its limitation
🔒 Laravel validation rule that checks if a password has been exposed in a data breach.
🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac
Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen.
HTTP-Header Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen. Zu beachten ist, dass nicht alle He
Security Defense for Firebase's PHP-JWT Library
PHP-JWT-Guard Protect your code from being impacted by issue 351 in firebase/php-jwt. Installation First, install this library with Composer: composer
Record created by, updated by and deleted by on Eloquent models automatically.
quarks/laravel-auditors Record created by, updated by and deleted by (if SoftDeletes added) on Eloquent models automatically. Installation composer re
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium)
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.
Magento specific extension for phpstan
bitexpert/phpstan-magento This package provides some additional features for PHPStan to make it work for Magento 2 projects. Installation The preferre
Certainty - CA-Cert Automation for PHP Projects
Certainty - CA-Cert Automation for PHP Projects Automate your PHP projects' cacert.pem management. Read the blog post introducing Certainty. Requires
Public append-only ledger microservice built with Slim Framework
Chronicle is a self-hostable microservice, built with Slim Framework, which enables authorized users to commit arbitrary data to an immutable, append-only public ledger.
Web Application Firewall (WAF) package for Laravel
Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,
Upload SVG images in Magento 2.x
Upload SVG images in Magento 2.x This extension for Magento 2 allows uploading SVG images in the following sections: wysiwyg editor in static blocks a
Laravel Security Notifications
This package adds security notifications to warn your users when significant security events occur so that they aren't the next victim of an attacker.
Security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.
Jetpack Monorepo This is the Jetpack Monorepo. It contains source code for the Jetpack plugin, the Jetpack composer packages, and other things. How to
An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
PHP-Casbin Documentation | Tutorials | Extensions Breaking News: Laravel-authz is now available, an authorization library for the Laravel framework. P
Magento 2 Facebook Pixel Extension
Magento 2 Facebook Pixel Extension Enable Facebook Pixel on Magento 2 website Requirements Magento Community 2.3.0-2.4.x (CE, EE, ECE, B2B) Magefan Co
A package that allows secure communication between two or more projects, focused mainly for use in microservices architectures, adding the Oauth2 authorization standard in addition to security at the network level by IP addresses and whitelists, which may already be owned.
OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi
JObfuscator — Java Source Code Obfuscation & Protection
JObfuscator is a source code obfuscator for the Java programming language. It can protect your Java source code and algorithms from hacking, cracking, reverse engineering, decompilation, and technology theft.
This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
Docker Tutorials and Labs At this time we are not actively adding labs to this repository. Our focus is on training.play-with-docker.com where new lab
Learn Cookies and Tokens Security in Practice.
The full article is posted on my blog. The video presentation is shared here. The presentation slides are shared here. The exploit codes are shared he
The swiss army knife for Magento developers, sysadmins and devops. The tool provides a huge set of well tested command line commands which save hours of work time. All commands are extendable by a module API.
netz98 magerun CLI tools for Magento 2 The n98 magerun cli tools provides some handy tools to work with Magento from command line. Build Status Latest
Learn how to set up a fake authentication web page on a fake WiFi network.
Evil Twin - Mark VII Learn how to set up a fake authentication web page on a fake WiFi network. Read the comments in these two files to get a better u
Magento 2 Code Generator
Magento 2 Code Generator Created by Orba Inspired by https://github.com/staempfli/magento2-code-generator Purpose In day-to-day Magento 2 development
Collection of the Laravel/Eloquent Model classes that allows you to get data directly from a Magento 2 database.
Laragento LAravel MAgento Micro services Magento 2 has legacy code based on abandoned Zend Framework 1 with really ugly ORM on top of outdated Zend_DB
Performance fixes for magento 2 core.
magento2-performance-fixes Performance fixes for magento 2 core. Problem and solution's concept - briefly PHP / Magento doesn't support concurency req
Example of Pre-Loader Implementation for Magento 2
Example of preloader Implements optimistic preloader for configurable product data without taking into account simple product status for: Price of con
Hackigniter, php codeigniter üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma testi sırasında en çok tespit edilen zafiyetlere benzer olacak şekilde hazırlanmıştır.
hackigniter Hakkında : Hackigniter php codeigniter üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma tes
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials.
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.
Security Component - Core Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the
This tool can help you to see the real IP behind CloudFlare protected websites.
CrimeFlare Bypass Hostname Alat untuk melihat IP asli dibalik website yang telah dilindungi CloudFlare. Introduction Alat ini berfungsi untuk melakuka
A project to add Psalm support for Drupal for security testing, focused only on taint analysis.
psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize
PHP Phar Stream Wrapper
Based on Sam Thomas' findings concerning insecure deserialization in combination with obfuscation strategies allowing to hide Phar files inside valid image resources, the TYPO3 project decided back then to introduce a PharStreamWrapper to intercept invocations of the phar:// stream in PHP and only allow usage for defined locations in the file system.
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a
Laravel Qcloud Content Security T-Sec 腾讯云内容安全(文字图片内容审核)服务
Laravel Qcloud Content Security T-Sec 天御内容安全服务使用了深度学习技术,识别文本/图片中出现的可能令人反感、不安全或不适宜内容,支持用户配置词库/图片黑名单,识别自定义的识别类型。
Magento 2 module to only allow checkout when the number of items in the cart are a multiple of X.
Cart Quantity Multiple - Magento 2 Module Introduction This module allows to limit checkout only when the contents of the cart are a multiple of X
Magento 2.4.x module Sort Out Of Stock Product At last the product list
Magento 2.4.x module Sort Out Of Stock Product At last the product list composer require ghoster/module-outofstockatlast Extension on GitHub Direct d
A Magento 1.9's module to export products informations, inside a chosen date range, to a .XLSX file.
Magento 1.9 Export products module A magento 1.9 module to export products informations to a .XLSX file. Module informations Package/Namespace: "Mathe
WordPress static site generator for security, performance and cost benefits
WordPress static site generator for security, performance and cost benefits
WordPress plugin that provides instant switching between user accounts.
User Switching Stable tag: 1.5.7 Requires at least: 3.7 Tested up to: 5.7 Requires PHP: 5.3 License: GPL v2 or later Tags: users, profiles, user switc
Allow multiple options for Magento 2 checkout layout. Provides capabilities to AB test checkout changes and more.
Aimes_CheckoutDesigns Features Please note: This module is currently still considered a proof of concept. This module provides the ability to change c
PHP Secure Headers
Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio
Laravel Ban simplify blocking and banning Eloquent models.
Laravel Ban Introduction Laravel Ban simplify management of Eloquent model's ban. Make any model bannable in a minutes! Use case is not limited to Use
Captcha for Laravel 5/6/7/8
Captcha for Laravel 5/6/7 A simple Laravel 5/6 service provider for including the Captcha for Laravel. for Laravel 4 Captcha for Laravel Laravel 4 Pre
Eloquent roles and abilities.
Bouncer Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Table of Contents Click
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i
Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M
PHP Captcha library
Captcha Installation With composer : { ... "require": { "gregwar/captcha": "1.*" } } Usage You can create a captcha with the Captc
Message Queue, Job Queue, Broadcasting, WebSockets packages for PHP, Symfony, Laravel, Magento. DEVELOPMENT REPOSITORY - provided by Forma-Pro
Supporting Enqueue Enqueue is an MIT-licensed open source project with its ongoing development made possible entirely by the support of community and
A static analysis tool for finding errors in PHP applications
Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo
☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.
Latte: amazing template engine for PHP Introduction Latte is a template engine for PHP which eases your work and ensures the output is protected again
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.
SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an
CIDRAM: Classless Inter-Domain Routing Access Manager.
What is CIDRAM? CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating f
[OUTDATED] Two-factor authentication for Symfony applications 🔐 (bunde version ≤ 4). Please use version 5 from https://github.com/scheb/2fa.
scheb/two-factor-bundle ⚠ Outdated version. Please use versions ≥ 5 from scheb/2fa. This bundle provides two-factor authentication for your Symfony ap
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap