PHP Web-security Resources

ViMbAdmin project (vim-be-admin) provides a web based virtual mailbox administration system to allow mail administrators to easily manage domains, mailboxes and aliases.

Snuffleupagus is a PHP 7+ and 8+ module designed to drastically raise the cost of attacks against websites, by killing entire bug classes

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

laminas-barcode 🇷🇺 Русским гражданам Мы, участники Laminas, родились и живем в разных странах. У многих из нас есть друзья, родственники и коллеги к

SIPADU 🌐 Aplikasi web yang dibuat sebagai sarana pengaduan layanan masyarakat seperti infrastruktur dan fasilitas umum, ataupun permasalahan yang dih

wp-cli/secure-command Official website: Hackthewp.com Manages common security aspects of WordPress. Supports nginx and Apache. Basic Usage This packag

JSON Web Token (JWT) for webman plugin Json web token (JWT), 是为了在网络应用环境间传递声明而执行的一种基于JSON的开放标准（(RFC 7519).该token被设计为紧凑且安全的，特别适用于分布式站点的单点登录（SSO）场景。

ManagerBox O Manager Box é um projeto da disciplina de Projeto e prática 2 do IFPE - Igarassu, que consiste em uma aplicação web com funções de gerenc

Laravel 8.x package wrapper library for Metatrader 5 Web API

OverseerV2 The second iteration of the Overseer games. The configuration file is in inc/database.php and the database dump can be found at database.sq

Buat yang lagi nyari web cafe yang simple untuk mengelola transaksi jual-beli mungkin repo ini tepat. Aplikasi ini juga bisa digunakan buat kamu yang lagi belajar React Js dan REST API

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

Secure Headers Add security related headers to HTTP response. The package includes Service Providers for easy Laravel integration. Version Installatio

Embed PHP library to get information from any web page (using oembed, opengraph, twitter-cards, scrapping the html, etc). It's compatible with any web

Manage your photos with Piwigo, a full featured open source photo gallery application for the web. Star us on Github! More than 200 plugins and themes available. Join us and contribute!

laminas-console This package is abandoned and will receive no further development! We recommend using laminas/laminas-cli. Laminas\Console is a compon

WebPush can be used to send notifications to endpoints which server delivers Web Push notifications as described in the Web Push protocol. As it is standardized, you don't have to worry about what server type it relies on.

PHP Quickstart This repository contains a simple web application that demonstrates how to quickly connect to and communicate with a MariaDB database u

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

DataLoaderPHP is a generic utility to be used as part of your application's data fetching layer to provide a simplified and consistent API over various remote data sources such as databases or web services via batching and caching.

Kuro Photos Web app to share your favorite photos, made with laravel. This web app was made for educationals purposes only. I enjoyed so much learning

Gracili What is Gracili? Gracili is a PHP Application Template to quickly create a new Project. Using this template can save you a lot of time. With t

CSRF Cookie Bundle This Symfony bundle provides Cross Site Request Forgery (CSRF or XSRF) protection for client-side applications requesting endpoints

Laravel Abdal Detector - Find info about IP , OS and web browser from your client

PGPmfa() a PHP Class for PGP Multi-factor Authentication using a Public PGP key for web based applications Multi-factor Authentication with PGP Second

Bank API written in PHP 7.4 without framework

Google2FA for Laravel Google Two-Factor Authentication Package for Laravel Google2FA is a PHP implementation of the Google Two-Factor Authentication M

Convention scheduling tool originally developed for Arisia. Now used by several other conventions. PlanZ tracks sessions (events, panels, and anything that needs to be scheduled), participants, and rooms. PlanZ was originally Zambia, but many changes have been made away from the original code and so a new name was desired.

Zenphoto The simpler media website CMS http://www.zenphoto.org Welcome to the Zenphoto git repository! About Zenphoto is a standalone CMS for multimed

morgue a safe place for all your postmortem data Overview This is a PHP based web application to help manage your postmortems. It has a pluggable feat

MISP is an open source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

Damn Vulnerable PHP Application (DVPA) - It is Lab Written in The PHP lang, Which Contains PHP Type Juggling - RCE Challenges

Blog A reponsive web application blog where users can create & host their articles Tech Stack Bootstrap 5 CodeIgniter 4 GSAP AOS TrixEditor SweetAlert

I, Librarian Instructions Contents Automated installation using installers Windows manual installation Linux manual installation Mac OS X manual insta

Bludit is a web application to build your own website or blog in seconds, it's completely free and open source. Bludit uses files in JSON format to store the content, you don't need to install or configure a database. You only need a web server with PHP support.

An utility component for XML usage and best practices in PHP

CodeIgniter 4 Development What is CodeIgniter? CodeIgniter is a PHP full-stack web framework that is light, fast, flexible and secure. More informatio

Regexp Security Cheatsheet Research was done to find "weak places" in regular expressions of Web Application Firewalls (WAFs). Repository contains SAS

A Fully Featured home-hosted Cloud Storage platform and Personal Assistant that Converts files, OCR's images & documents, Creates archives, Scans for viruses, Protects your server, Keeps itself up-to-date, and Runs your own AppLauncher!

A laboratory for learning secure web and mobile development in a practical manner. Build your lab By provisioning local environments via docker-compos

Create and update progress bars in different environments

Drag & Drop landing page builder made with Laravel 8, Vue.js 3 and Tailwind CSS

Property page web scrapper This tool was built to expermiment with extracting features for property pages on websites like booking.com and Airbnb. Thi

laminas-text This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

laminas-xml2json This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Stee

laminas-math This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

DB-Project First SQL Project with HTML, Bootstrap, PHP enabling CRUD from web Java for mocking data, enabling .csv input Idea This model corresponds t

Géotuileur Ce projet constitue un portail web pour l'API entrepôt dédié à la publication de données sous forme de tuiles vectorielles. Ce dépôt ne con

Simple Laravel Invoice Generator Sling — open-source web application that helps you create invoices and track income. Table of Contents About

#Supermarket Management System A simple PHP web system for managing an Supermarket. Installation Clone the repository and move the root folder to the

Test technique But Créer un service web de discussion et de commentaires d’articles. Fonctionnalités Les fonctionnalités attendus sont les suivantes :

SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more. The goal is to enable a security tester to pull this repository onto a new testing box and have access to every type of list that may be needed.

Crawlzone is a fast asynchronous internet crawling framework aiming to provide open source web scraping and testing solution. It can be used for a wide range of purposes, from extracting and indexing structured data to monitoring and automated testing. Available for PHP 7.3, 7.4, 8.0.

This library allows you to quickly and easily use the Twilio SendGrid Web API v3 via PHP

🔒 Password Exposed Helper Function This PHP package provides a password_exposed helper function, that uses the haveibeenpwned.com API to check if a p

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

laminas-servicemanager-di This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Techn

Guzzle Bundle Cache Plugin This plugin integrates cache functionality into Guzzle Bundle, a bundle for building RESTful web service clients. Requireme

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

KodExplorer is a file manager for web. It is also a web code editor, which allows you to develop websites directly within the web browser.

Web Shell Detector – is a php script that helps you find and identify php/cgi(perl)/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and friendly interface.

BlazkAdvisor Projecte 03: Guia restaurants Creació d'un lloc web que sigui una guia de restaurants de la nostra ciutat. Hecho por Pol, Juan Carlos y G

Web Sekolah yang dibuat diatas CMS Popoji dengan base Laravel 6. Web Sekolah ini sudah diintegrasikan dengan template semesta-front.

Phalcon - Développez des applications web complexes et performantes en PHP Ce projet GitHub contient les sources du livre : Phalcon 3 - Développez des

Auth is a module for the Yii PHP framework that provides a web user interface for Yii's built-in authorization manager (CAuthManager). You can read more about Yii's authorization manager in the framework documentation under Authentication and Authorization.

Opulence Introduction Opulence is a PHP web application framework that simplifies the difficult parts of creating and maintaining a secure, scalable w

Elgg Elgg is an open source rapid development framework for socially aware web applications. Features Well-documented core API that allows developers

PHP Secure Configuration Checker Check current PHP configuration for potential security flaws. Simply access this file from your webserver or run on C

Log-killer Log Killer is tool for [Linux/Windows] Servers This tool will delete all your logs just download the tool and run it on the server if your

Microrest is a Silex provider to setting up a REST API on top of a relational database, based on a YAML (RAML) configuration file.

laminas-config This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steeri

laravel-google-lighthouse This package is based on octoper/lighthouse-php. This package provides a wrapper for Google Lighthouse to audit the quality

A Web UI frontend for YouTube-DL This is a small project that creates a simple and easy to use user interface for downloading content with YouTube-DL

Memory objects (memory containers) are generated by the memory manager, and transparently swapped/loaded when required.

A high-performance backend cache system. It is intended for use in speeding up dynamic web applications by alleviating database load. Well implemented, it can drops the database load to almost nothing, yielding faster page load times for users, better resource utilization. It is simple yet powerful.

This plugin allows you to secure your WordPress login with two factor authentication. The users will have to enter a one time password every time they log in.

This webshell can be used for multi-purposed especially most if you want to manage your web server but you are in an emergency , so why not use a webshell:)

laminas-soap This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

WebAgencyCertificate WebAgency certificate results done by Mickaël Moreau, delivred by Axelo (web-agency.app) Résultat du certificat en pré-production

Magento 2 Security extension FREE. Security extension gives store owners the ability to detect the IP addresses that are intentionally attacking their store at any given time. Therefore, they have timely measures to prevent this issue such as blocking those IP addresses or sending warning emails to store owners.

BrowserKit Component The BrowserKit component simulates the behavior of a web browser, allowing you to make requests, click on links and submit forms

Laravel Nova Ban Introduction Behind the scenes cybercog/laravel-ban is used. Contents Installation Usage Prepare bannable model Prepare bannable mode

sqlscan sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking. use sitemap for best result Simple to use

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

Rori-PHP is custom non production web application framework inspired by Laravel syntax. A web framework provides a structure and starting point for your application allowing you to focus on creating something amazing.

Shortener URL is simple web application to short your URL. It will generate unique key, with the unique key it will redirect to the original URL.

Simple template Simple PHP templating system for user editable templates. Idea Most applications need to render templates that insert safely treated v

PHP-Rocker Here you have yet another framework for writing RESTful web services in PHP, jay! What sets this framework apart from many of the others is

UserFrosting 4.6 Branch Version Build Coverage Style master hotfix develop https://www.userfrosting.com If you simply want to show that you like this

It is a web application that allows you to analyze electricity consumption and savings resulting from the installation of a photovoltaic installation.

BookStore Application web - Symfony 5.4 Présentation du projet Il s’agit d'une application Symfony 5.4 qui est appelée bookstore. L’application gèrer

svg-sanitizer This is my attempt at building a decent SVG sanitizer in PHP. The work is laregely borrowed from DOMPurify. Installation Either require

SimpleTest SimpleTest is a framework for unit testing, web site testing and mock objects for PHP. Installation Downloads All downloads are stored on G

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

About Laravel Laravel is a web application framework with expressive, elegant syntax. We believe development must be an enjoyable and creative experie

TeamCal Neo is a web application of a day-based calendar. It's generic purpose is the absence and event management of project teams, music bands and other groups needing a scheduler that focusses on days.

phpSleekDBAdmin is a web-based SleekDB database admin tool written in PHP. Following in the spirit of the flat-file system used by SleekDB, phpSleekDBAdmin consists of a single source file, phpsleekdbadmin.php. The interface and user experience is comparable to that of phpLiteAdmin and phpMyAdmin.

XHGui A graphical interface for XHProf profiling data that can store the results in MongoDB or PDO database. Application is profiled and the profiling

FINANCE FINANCE is a simple yet powerful, self-hosted personal finance tracking web app with the ability to parse SMS transactions and generate very u