156 Repositories
PHP regexp-security-cheatsheet Libraries
FunboxEasy - Proving Grounds - Offensive Security
FunboxEasy - Proving Grounds - Offensive Security
Cheatsheet for some Php knowledge you will frequently encounter in modern projects.
Cheatsheet for some Php knowledge you will frequently encounter in modern projects.
User registration and login form with validations and escapes for total security made with PHP.
Login and Sign Up with PHP User registration and login form with validations and escapes for total security made with PHP. Validations Required fields
Added Laravel functionality to Enlightn Security Checker.
Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.
Create and validate signed URLs with a limited lifetime
THIS PACKAGE IS NOT MAINTAINED ANYMORE. SIGNING URLS IS NOW PART OF LARAVEL: https://laravel-news.com/signed-routes Create secured URLs with a limited
A library for property-based policy evaluation
PropAuth: Property-based policy evaluation Performing evaluations on credentials for authentication or sets of permissions on users has its limitation
🔒 Laravel validation rule that checks if a password has been exposed in a data breach.
🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac
Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen.
HTTP-Header Aktivierung verschiedener Webseiten-Header zur Einstellung von Sicherheitsmaßnahmen und Optimierungen. Zu beachten ist, dass nicht alle He
Security Defense for Firebase's PHP-JWT Library
PHP-JWT-Guard Protect your code from being impacted by issue 351 in firebase/php-jwt. Installation First, install this library with Composer: composer
Record created by, updated by and deleted by on Eloquent models automatically.
quarks/laravel-auditors Record created by, updated by and deleted by (if SoftDeletes added) on Eloquent models automatically. Installation composer re
PHP regexp pattern matching Unicode emojis
Emoji pattern This package provides regexp patterns to match Unicode emojis. All forms of emojis are matched, including: Single-character emoji ( 👍 )
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium)
Sodium Compat is a pure PHP polyfill for the Sodium cryptography library (libsodium), a core extension in PHP 7.2.0+ and otherwise available in PECL.
Certainty - CA-Cert Automation for PHP Projects
Certainty - CA-Cert Automation for PHP Projects Automate your PHP projects' cacert.pem management. Read the blog post introducing Certainty. Requires
Public append-only ledger microservice built with Slim Framework
Chronicle is a self-hostable microservice, built with Slim Framework, which enables authorized users to commit arbitrary data to an immutable, append-only public ledger.
Web Application Firewall (WAF) package for Laravel
Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,
Laravel Security Notifications
This package adds security notifications to warn your users when significant security events occur so that they aren't the next victim of an attacker.
Security, performance, marketing, and design tools — Jetpack is made by WordPress experts to make WP sites safer and faster, and help you grow your traffic.
Jetpack Monorepo This is the Jetpack Monorepo. It contains source code for the Jetpack plugin, the Jetpack composer packages, and other things. How to
An authorization library that supports access control models like ACL, RBAC, ABAC in PHP .
PHP-Casbin Documentation | Tutorials | Extensions Breaking News: Laravel-authz is now available, an authorization library for the Laravel framework. P
A package that allows secure communication between two or more projects, focused mainly for use in microservices architectures, adding the Oauth2 authorization standard in addition to security at the network level by IP addresses and whitelists, which may already be owned.
OAuth2 between Laravel projects A package that allows secure communication between two or more projects, focused mainly for use in microservices archi
JObfuscator — Java Source Code Obfuscation & Protection
JObfuscator is a source code obfuscator for the Java programming language. It can protect your Java source code and algorithms from hacking, cracking, reverse engineering, decompilation, and technology theft.
This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
Docker Tutorials and Labs At this time we are not actively adding labs to this repository. Our focus is on training.play-with-docker.com where new lab
Learn Cookies and Tokens Security in Practice.
The full article is posted on my blog. The video presentation is shared here. The presentation slides are shared here. The exploit codes are shared he
Learn how to set up a fake authentication web page on a fake WiFi network.
Evil Twin - Mark VII Learn how to set up a fake authentication web page on a fake WiFi network. Read the comments in these two files to get a better u
Hackigniter, php codeigniter üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma testi sırasında en çok tespit edilen zafiyetlere benzer olacak şekilde hazırlanmıştır.
hackigniter Hakkında : Hackigniter php codeigniter üzerinde kodlanmış zafiyetli bir web uygulamasıdır. Uygulama üzerinde bulunan zafiyetler, sızma tes
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials.
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.
Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.
Security Component - Core Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the
This tool can help you to see the real IP behind CloudFlare protected websites.
CrimeFlare Bypass Hostname Alat untuk melihat IP asli dibalik website yang telah dilindungi CloudFlare. Introduction Alat ini berfungsi untuk melakuka
A project to add Psalm support for Drupal for security testing, focused only on taint analysis.
psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize
PHP Phar Stream Wrapper
Based on Sam Thomas' findings concerning insecure deserialization in combination with obfuscation strategies allowing to hide Phar files inside valid image resources, the TYPO3 project decided back then to introduce a PharStreamWrapper to intercept invocations of the phar:// stream in PHP and only allow usage for defined locations in the file system.
A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.
Current version: 1.3.5 PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted a
Laravel Qcloud Content Security T-Sec 腾讯云内容安全(文字图片内容审核)服务
Laravel Qcloud Content Security T-Sec 天御内容安全服务使用了深度学习技术,识别文本/图片中出现的可能令人反感、不安全或不适宜内容,支持用户配置词库/图片黑名单,识别自定义的识别类型。
WordPress static site generator for security, performance and cost benefits
WordPress static site generator for security, performance and cost benefits
WordPress plugin that provides instant switching between user accounts.
User Switching Stable tag: 1.5.7 Requires at least: 3.7 Tested up to: 5.7 Requires PHP: 5.3 License: GPL v2 or later Tags: users, profiles, user switc
PHP Secure Headers
Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio
Laravel Ban simplify blocking and banning Eloquent models.
Laravel Ban Introduction Laravel Ban simplify management of Eloquent model's ban. Make any model bannable in a minutes! Use case is not limited to Use
Captcha for Laravel 5/6/7/8
Captcha for Laravel 5/6/7 A simple Laravel 5/6 service provider for including the Captcha for Laravel. for Laravel 4 Captcha for Laravel Laravel 4 Pre
Eloquent roles and abilities.
Bouncer Bouncer is an elegant, framework-agnostic approach to managing roles and abilities for any app using Eloquent models. Table of Contents Click
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i
Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!
Matomo (formerly Piwik) - matomo.org Code Status Description Matomo is the leading Free/Libre open analytics platform. Matomo is a full-featured PHP M
PHP Captcha library
Captcha Installation With composer : { ... "require": { "gregwar/captcha": "1.*" } } Usage You can create a captcha with the Captc
A static analysis tool for finding errors in PHP applications
Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo
☕ Latte: the intuitive and fast template engine for those who want the most secure PHP sites.
Latte: amazing template engine for PHP Introduction Latte is a template engine for PHP which eases your work and ensures the output is protected again
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.
SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an
CIDRAM: Classless Inter-Domain Routing Access Manager.
What is CIDRAM? CIDRAM (Classless Inter-Domain Routing Access Manager) is a PHP script designed to protect websites by blocking requests originating f
[OUTDATED] Two-factor authentication for Symfony applications 🔐 (bunde version ≤ 4). Please use version 5 from https://github.com/scheb/2fa.
scheb/two-factor-bundle ⚠ Outdated version. Please use versions ≥ 5 from scheb/2fa. This bundle provides two-factor authentication for your Symfony ap
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application
PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An
A php.ini scanner for best security practices
Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it
A database of PHP security advisories
PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries.
The OWASP ZAP core project
OWASP ZAP The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by a dedicated internatio
[READ-ONLY] CakePHP Utility classes such as Inflector, Text, Hash, Security and Xml. This repo is a split of the main code that can be found in https://github.com/cakephp/cakephp
CakePHP Utility Classes This library provides a range of utility classes that are used throughout the CakePHP framework What's in the toolbox? Hash A
Library that offers Input Filtering based on Annotations for use with Objects. Check out 2.dev for 2.0 pre-release.
DMS Filter Component This library provides a service that can be used to filter object values based on annotations Install Use composer to add DMS\Fil
PHP-based anti-virus anti-trojan anti-malware solution.
What is phpMussel? An ideal solution for shared hosting environments, where it's often not possible to utilise or install conventional anti-virus prot
PHP library for Two Factor Authentication (TFA / 2FA)
PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b
A flexible, driver based Acl package for PHP 5.4+
Lock - Acl for PHP 5.4+ I'm sad to say that Lock is currently not maintained. I won't be able to offer support or accept new contributions for the cur
A framework agnostic authentication & authorization system.
Sentinel Sentinel is a PHP 7.3+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as