Open Source PHP Security Software
Sort By:
PHP Security Software
View 920 business solutionsBrowse free open source PHP Security Software and projects below. Use the toggles on the left to filter open source PHP Security Software by OS, license, language, programming language, and project status.
-
Gen AI apps are built with MongoDB AtlasMongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
-
White Labeled Fintech Software Solutions | CentrexThe Centrex products include: CRM, loan origination, loan and advance servicing software, syndication management, white labeled mobile app, money manager, underwriting, Esign, and website smart app builder. The Centrex services include: fintech software consulting, admin retainer services, and managed data cloud.
-
1
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode. -
2
Zphisher
An automated phishing tool with 30+ templates
Zphisher is an advanced open-source phishing tool for educational and penetration testing purposes. It provides a simple interface for launching phishing attacks by cloning login pages of popular websites. Built in Bash, Zphisher automates server deployment using tunneling services like Ngrok, Localhost.run, and others. It is intended for ethical hacking and security research to demonstrate how phishing attacks work and how to defend against them. -
3
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific issue... bWAPP is covering a wide range of vulnerabilities! bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It is supported on WAMP or XAMPP. Another possibility is to download bee-box, a custom VM pre-installed with bWAPP. This project is part of the ITSEC GAMES project. You can find more about the ITSEC GAMES and bWAPP projects on our blog. For security-testing and educational purposes only! Cheers Malik Mesellem">
-
4
SecLists
The Pentester’s Companion
SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
Point of Sale. Powerful and Simple.Vibe Retail is an all-in-one retail point-of-sale and operations platform built for single-store and multi-location retailers seeking to unify inventory, sales, staff and customer data from one mobile-friendly interface. The system lets you track inventory across locations and warehouses, handle item variations (size, color, material), manage purchase orders and supplier deliveries, print custom barcodes, and transfer stock between stores in real time. On the sales side, Vibe supports multiple payment types (cards, cash, checks, gift cards, EBT), layaway workflows, serial number tracking, delivery management, loyalty programs and branded receipts. Retailers can integrate with online platforms (such as Shopify and WooCommerce), sync in-store and online sales, access 40+ real-time reports on sales, inventory and performance, set up promotions and discounts, and print receipts from mobile devices.
-
5
htmLawed
PHP code to purify & filter HTML
The htmLawed PHP script makes HTML more secure and standards- & policy-compliant. The customizable HTML filter/purifier can balance tags, ensure proper nestings, neutralize XSS, restrict HTML, beautify code like Tidy, implement anti-spam measures, etc.">
-
6
TeamPass
cPassMan was renamed to TeamPass
TeamPass is a collaborative passwords manager. It has been created for managing passwords in a collaborative environment of use such as companies. With TeamPass it is possible to organize passwords in a tree structure, associate information to password. MORE INFORMATION ON TEAMPASS.NET website! -
7
AlienVault OSSIM
Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization -
8
Apiato
PHP Framework for building scalable API's on top of Laravel
The open-source flawless framework for building scalable and testable API-Centric Apps with PHP and Laravel. Authentication with OAuth2.0 for first/third-party clients (using Laravel Passport). Role-Based Access Control (RBAC), seeded with a Super Admin, Roles, and Permissions. Query Parameters support (orderBy, sorted, and filter) with full-text search. Useful Endpoints for managing users, roles/permissions, tokens, and more. API Documentations generator, to generate API docs from PHP Docblock using ApiDocJS (provided by Documentation Container). Supports CORS (Cross-Origin Resource Sharing) and JSONP (JSON with padding). Auto encoding/decoding of real IDs, to prevent exposing real ids to the outer world. API Throttling (rate-limiting to control the rate of traffic received and protect your server). Support Data Caching (with auto clearing on Create, Update, and Delete). API versioning in the URL or Header (versioning based on the route file name). -
9
pH7 Social Dating CMS (pH7Builder)❤️
🚀 Professional Social Dating Web App Builder (formerly pH7CMS)
pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script gives you the perfect ingredients to create the best dating web app or social networking site on the World Wide Web! -- Get Involved! -- If you want to work on an Innovative Open Source Social/Dating Software Project with a Beautiful PHP Code using the latest PHP Features while collaborating with nice people and finally if you love the "Social" and "Dating" Services, ...you HAVE TO DO IT! - Fork the repo http://github.com/pH7Software/pH7-Social-Dating-CMS -
The All-In-One Google Workspace Management Tool for IT AdminsgPanel by Promevo streamlines administration, security, and user management, giving organizations full control over their Google Workspace.
-
10
Bash Scripting
Free Introduction to Bash Scripting eBook
This is an open-source introduction to Bash scripting guide/ebook that will help you learn the basics of Bash scripting and start writing awesome Bash scripts that will help you automate your daily SysOps, DevOps, and Dev tasks. No matter if you are a DevOps/SysOps engineer, developer, or just a Linux enthusiast, you can use Bash scripts to combine different Linux commands and automate boring and repetitive daily tasks, so that you can focus on more productive and fun things. The guide is suitable for anyone working as a developer, system administrator, or a DevOps engineer and wants to learn the basics of Bash scripting. The first 13 chapters would be purely focused on getting some solid Bash scripting foundations then the rest of the chapters would give you some real-life examples and scripts. -
11
jrean/laravel-user-verification
PHP package built for Laravel 5.* & 6.* & 7.* & 8.* & 9.* & 10.*
jrean/laravel-user-verification is a PHP package built for Laravel 5., 6., 7., 8., 9.* & 10.* to easily handle a user verification and validate the e-mail. -
12
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo -
13
CacheGuard Gateway
CacheGuard Gateway is a UTM, a WAF, and a QoS management appliance.
CacheGuard Gateway is a free and open-source Unified Threat Management (UTM) solution, a Web Application Firewall (WAF), and a Quality of Service (QoS) platform designed to optimize WAN traffic. To obtain a CacheGuard Gateway appliance, download CacheGuard-OS and install it on the bare-metal or virtual machine of your choice. It’s that simple and completely free. The UTM includes a firewall, web antivirus, VPN server, and a URL-filtering and SSL-inspection web proxy. The WAF operates in conjunction with a reverse proxy, web application load balancer, and SSL offloader, and is capable of blocking malicious requests as well as traffic from IP addresses with poor reputations. The QoS manager enables traffic shaping to prioritize critical network flows, load balance multiple WAN links, and cache web traffic.">
-
14
Adldap2
LDAP Authentication & Management for Laravel
Adldap2-Laravel is an extension to the core Adldap2 package. Using the built-in authentication driver, easily allow LDAP users to log into your application and control which users can login via Scopes and Rules. Users can be imported into your database upon first login, or you can import your entire directory via a simple command: php artisan adldap:import. Search for LDAP records with a fluent and easy-to-use interface you're used to. You'll feel right at home. LDAP records are returned as individual models. Easily create and update models then persist them to your LDAP server with a simple save(). -
15
Captcha for Laravel 5/6/7/8/9
Captcha for Laravel 5/6/7/8/9/10/11
A simple Laravel 5/6 service provider for including the Captcha for Laravel. for Laravel 4 Captcha for Laravel Laravel 4. The Captcha Service Provider can be installed via Composer by requiring the mews/captcha package and setting the minimum-stability to dev (required for Laravel 5) in your project's composer.json. -
16
Enlightn
Your performance & security consultant, an artisan command away
Enlightn scans your Laravel app code to provide you actionable recommendations on improving its performance, security & more. We'll perform over 100 checks against your application for common issues, and provide actionable feedback for fixing them. Think of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The Enlightn OSS (open source software) version has 64 automated checks that scan your application code, web server configurations, and routes to identify performance bottlenecks, possible security vulnerabilities, and code reliability issues. Enlightn Pro (commercial) is available for purchase on the Enlightn website and has an additional 64 automated checks (a total of 128 checks). Serving Assets: Minification, cache headers, CDN, and compression headers. -
17
Laravel Base
Admin authentication and a blank admin panel using AdminLTE
Note: This package is only used by Backpack v3. Starting with Backpack v4, everything this package does is included in Backpack/CRUD - one package to rule them all. -
18
Laravel Vonage Notification Channel
Vonage Notification Channel for Laravel.
Sending SMS notifications in Laravel is powered by Vonage (formerly known as Nexmo). The package includes a configuration file. However, you are not required to export this configuration file to your own application. You can simply use the VONAGE_KEY and VONAGE_SECRET environment variables to define your Vonage public and secret keys. After defining your keys, you should set a VONAGE_SMS_FROM environment variable that defines the phone number that your SMS messages should be sent from by default. -
19
Laravel Wallet
Easy work with virtual wallet
laravel-wallet - Easy to work with virtual wallet. -
20
PHP OAuth 2.0 Server
A spec compliant, secure by default
league/oauth2-server is a standards compliant implementation of an OAuth 2.0 authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them. The latest version of this package supports PHP 7.2, PHP 7.3, PHP 7.4, PHP 8.0. The openssl and json extensions are also required. All HTTP messages passed to the server should be PSR-7 compliant. This ensures interoperability with other packages and frameworks. The library uses PHPUnit for unit tests. We use Github Actions, Scrutinizer, and StyleCI for continuous integration. In order to prevent man-in-the-middle attacks, the authorization server MUST require the use of TLS with server authentication as defined by RFC2818 for any request sent to the authorization and token endpoints. The client MUST validate the authorization server’s TLS certificate as defined by RFC6125. -
21
Laravel Ban
Laravel Ban simplify blocking and banning Eloquent models
Laravel Ban simplifies the management of the Eloquent model's ban. Make any model bannable in minutes. The use case is not limited to the User model, any Eloquent model could be banned: Organizations, Teams, Groups, and others. Bannable model must have a nullable timestamp column named banned_at. This value is used as the flag and simplifies checks if the user was banned. -
22
Laravel Breeze
Minimal Laravel authentication scaffolding with Blade, Vue, or React
Breeze provides a minimal and simple starting point for building a Laravel application with authentication. Styled with Tailwind, Breeze publishes authentication controllers and views to your application that can be easily customized based on your own application's needs. Laravel Breeze is powered by Blade and Tailwind. While you are welcome to use these starter kits, they are not required. You are free to build your own application from the ground up by simply installing a fresh copy of Laravel. Either way, we know you will build something great. -
23
Personal Management System
Your web application for managing personal data
It's easier to understand this web application when you think about a CMS (WordPress) or CRM (SugarCRM); the logic behind this system is very similar to those two. My PMS may offer fewer possibilities than those systems above, but it just does what I want it to do. Additionally, writing extensions is not too hard, depending on the logic required. Anyone with development knowledge can pretty much write their own extensions for personal needs. Keep a track of your personal goals. You can use tools to keep track of your goals progress or use the payments submodule to keep an eye of the money amount that you want to collect for something. Add any personal note to the desired category. Here, you can keep any small information that you need; it can be either quick notes from phone calls, a bunch of information collected all around different pages, or some links to things that you want to check somewhere later in the future. -
24
Shield
The easiest and most intuitive way to add access management
The easiest and most intuitive way to add access management to your Filament Admin Resources, Pages & Widgets is through Spatie/Laravel Permission. -
25
RIPS - PHP Security Analysis
Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/