PHP Security-tools Resources

FilterGuard FilterGuard is a simple PHP library for data sanitization. It provides methods to sanitize strings, integers, floats, boolean values, arra

Kirby Components Overview Do you love to make awesome projects with Kirby CMS? Do you also find it difficult to switch between snippets and blueprints

Introduction This package allows you as a developer to restrict who can and cannot run artisan commands, especially in a production environment. For e

Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experience to be trul

PT Phone Home As penetration testers, we often come up with creative methods to deliver and execute our payloads, such as staged payloads. A staged pa

BjyAuthorize - Acl security for ZF2 Deprecated This package is now officially deprecated and will not receive any future updates or bug fixes. As long

composer/spdx-licenses SPDX (Software Package Data Exchange) licenses list and validation library. Originally written as part of composer/composer, no

PHP Reverse Shell Just a little refresh on the popular PHP reverse shell script pentestmonkey/php-reverse-shell. Credits to the original author! Works

TEC Utilities TEC UTilities (or tut) are a collection of tools for managing plugins. /^\ L L /

login.php What is a login system? login (derived from the English log in) or logon or signin, is the process to access a restricted computer system ma

Application with SQL Injection vulnerability and possible privilege escalation. Free vulnerable app for ethical hacking / penetration testing training.

Quality Hook Installer Install an execute script of specify quality tools to your git pre-commit hook, and it executes only for changed files Install

A Laravel package to scrub sensitive information that breaks operational security policies from being leaked on accident or not by developers.

Utilities Someday I will write documentation for this library, but for now, you can use it and see how it works. Introduction Some documentation will

🔒 Laravel Password Exposed Validation Rule This package provides a Laravel validation rule that checks if a password has been exposed in a data breac

⚡ Php8 FPM Nginx Fast, Scripts, Pearls & Treasures 🚀 Want to run and test asap ? docker-compose up -d phpgit_php8;ip=$(docker-machine ip default);ech

security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to

Jasny PHPUnit extension Additional functionality for PHPUnit. Callback mock - assert that callback is called with correct arguments. Safe mocks - disa

php-sdk Provides tools for building modules that integrate Nosto into your e-commerce platform. Requirements The Nosto PHP SDK requires at least PHP v

laminas-crypt 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги как

TYPO3 HTML Sanitizer ℹ️ Common safe HTML tags & attributes as given in \TYPO3\HtmlSanitizer\Builder\CommonBuilder still might be adjusted, extended or

Fix Major Security Vulnerability on PrestaShop Websites 🚀 CVE-2022-31101 detector and fixer! A newly found exploit could allow remote attackers to ta

In your project, you might store sensitive personal data in your database. Should an unauthorised person get access to your DB, all sensitive can be read which is obviously not good.

baldeweg/pdf-bundle Offers tools for creating pdf files. Getting Started composer req baldeweg/pdf-bundle Activate the bundle in your config/bundles.p

Quickly login to your local environment When developing an app that has an admin section (or any non-public section), you'll likely seed test users to

PHP Version Audit PHP Version Audit is a convenience tool to easily check a given PHP version against a regularly updated list of CVE exploits, new re

WordPress Login Locker Disable direct access to your sites /wp-login.php script plus user notifications based on actions. Package Installation (via Co

GenBundle This bundle provides new generator command line tools for doctrine generator, extending SensioGeneratorBundle. php bin/console gen:generate:

Package Builder This tools helps you with Collectors in DependecyInjection, Console shortcuts, ParameterProvider as service and many more. Install com

NOT MAINTANED ANYMORE The development of composer-plugin-qa was dropped in favor of phpqa which is actively maintained. The project use docker and can

The Assure Alliance support website. This website is based on Questions2Answers and is a forum for support using Biblical Tools

webtools Tools for checking malware, permission of file php and any on website You can use the webtools.php file directly. All features can be accesse

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Easy CI Tools that make easy to setup CI. Check git conflicts in CI Check TWIG and Latte templates for missing classes, non-existing static calls and

CrimeFlare is a useful tool for bypassing websites protected by CloudFlare WAF, with this tool you can easily see the real IP of websites that have been protected by CloudFlare. The resulting information is certainly very useful for conducting further penetration testing, and analyzing websites with the same server.

File Upload Vulnerability Scenarios (Challenges) This repository is a dockerized PHP application containing some file upload vulnerability challenges

✅ PiAlert PiAlert is system for automating the work of SAP PI/PO support team via aggregation of alerts (CBMA messages). Language support: English Рус

Added Laravel functionality to Enlightn Security Checker. Adds a command to check for, and optionally emails you, vulnerabilities when they affect you.

PHP library for Two Factor Authentication PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on b

Aura.Filter This package provides tools to validate and sanitize objects and arrays. Foreword Installation This library requires PHP 7.2 or later; we

This package can create URLs with a limited lifetime. This is done by adding an expiration date and a signature to the URL.

Passbolt - Open source password manager for teams

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Laravel Myanmar Tools A package for Myanmar Font, Phone and other Myanmar tools using Laravel Macro. Installation composer require pyaesoneaung/larave

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

laminas-barcode 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги к

wp-cli/secure-command Official website: Hackthewp.com Manages common security aspects of WordPress. Supports nginx and Apache. Basic Usage This packag

What is DockTie Is a simple wrapper script for commands inside docker container(s). So for instance, what you would normally run as: docker-compo

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

📝 Artisan Menu Use Artisan via an elegant console GUI Features Run built-in and custom Artisan commands from a console GUI Prompts to enter required

laminas-console This package is abandoned and will receive no further development! We recommend using laminas/laminas-cli. Laminas\Console is a compon

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

CSRF Cookie Bundle This Symfony bundle provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications requesting endpoints

Divi Migration Tools Different criteria to migrate the Divi shortcodes. Migrate the following Divi shortcodes to Gutenberg blocks 🙌 [et_pb_video] It

Google2FA for Laravel Google Two-Factor Authentication Package for Laravel Google2FA is a PHP implementation of the Google Two-Factor Authentication M

MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges

Laravel lsp The Laravel/Blade lsp provides: Blade: Diagnostics on missing components + action to create it. Autocomplete for components and their argu

An utility component for XML usage and best practices in PHP

Regexp Security Cheatsheet Research was done to find "weak places" in regular expressions of Web Application Firewalls (WAFs). Repository contains SAS

Tracy Debugger for ProcessWire The ultimate “swiss army knife” debugging and development tool for the ProcessWire CMF/CMS Integrates and extends Nette

A Fully Featured home-hosted Cloud Storage platform and Personal Assistant that Converts files, OCR's images & documents, Creates archives, Scans for viruses, Protects your server, Keeps itself up-to-date, and Runs your own AppLauncher!

A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos

Create and update progress bars in different environments

laminas-text This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

laminas-xml2json This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Stee

laminas-math This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

laminas-dom This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

ErrorHandler Component The ErrorHandler component provides tools to manage errors and ease debugging PHP code. Getting Started $ composer require symf

🔒 Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

laminas-servicemanager-di This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Techn

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

Grafite Builder Grafite has archived this project and no longer supports or develops the code. We recommend using only as a source of ideas for your o

PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on C

Log-killer Log Killer is tool for [Linux/Windows] Servers This tool will delete all your logs just download the tool and run it on the server if your

laminas-config This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steeri

IP-Tracer is used to track an ip address. IP-Tracer is developed for Termux and Linux based systems. you can easily retrieve ip address information using IP-Tracer. IP-Tracer use ip-api to track ip address.

It's a beautiful way to use powerful Linux/Unix tools in PHP. Easily and logically pipe commands together, capture errors as PHP Exceptions and use a simple yet powerful syntax. Works with any command line tool automagically.

Memory objects (memory containers) are generated by the memory manager, and transparently swapped/loaded when required.

This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.

laminas-soap This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

Magento 2 Security extension FREE. Security extension gives store owners the ability to detect the IP addresses that are intentionally attacking their store at any given time. Therefore, they have timely measures to prevent this issue such as blocking those IP addresses or sending warning emails to store owners.

Laravel Nova Ban Introduction Behind the scenes cybercog/laravel-ban is used. Contents Installation Usage Prepare bannable model Prepare bannable mode

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

Simple template Simple PHP templating system for user editable templates. Idea Most applications need to render templates that insert safely treated v

svg-sanitizer This is my attempt at building a decent SVG sanitizer in PHP. The work is laregely borrowed from DOMPurify. Installation Either require

Add a general-purpose tools page to your Filament project. Installation You can install the package via Composer: composer require ryangjchandler/fila

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

WorldTools A PocketMine plugin with advanced world tools and maybe can beat MultiWorld This plugin is on development! Helping me with pull request may

Leakfa.com A simple way to know if you are on the list of major security breaches like "HIBP", but it is specific for Iran. Service content This produ

Geotools Geotools is a PHP geo-related library, built atop Geocoder and React libraries. Features Batch geocode & reverse geocoding request(s) in seri

FalconOne Lite is an Open Source solution deployed and updated on a daily basis to help prevent terror and crime globally. By using advanced tools, functions and stealth strategies, FalconOne community is focused on making a friendly and fast solution for effective results.

DMS Filter Component This library provides a service that can be used to filter object values based on annotations Install Use composer to add DMS\Fil

Translation Component The Translation component provides tools to internationalize your application. Getting Started $ composer require symfony/transl

qshell 简介 qshell是利用七牛文档上公开的API实现的一个方便开发者测试和使用七牛API服务的命令行工具。该工具设计和开发的主要目的就是帮助开发者快速解决问题。目前该工具融合了七牛存储，CDN，以及其他的一些七牛服务中经常使用到的方法对应的便捷命令，比如b64decode，就是用来解码七