phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and some HTML5/CSS3 features.
- demo: demo.phpipam.net
- IPv4 / IPv6 address management
- ICMP status updates, subnet scanning and status showing
- Domain authentication (AD) / OpenLDAP authentication
- Per-group permissions
- Multiple level of nested subnets
- Visual subnet display
- IPv4 / IPv6 address calculator
- VRF support
- VLAN management
- Device management
- RIPE import
- Import / export XLS files
- User management
- E-Mail notification with IP details
- IP database search
- IP request module
- IP range adding / editing / deleting
- Custom IP/subnet/userVLAN address fields
It just does the work ! A simple feature would make it perfect : multiple record modification and delete :)
Easy to install, easy to use and nicely designed UI! It could be improved with integration to DNS and/or DHCP.
I've been looking for something just like this for years. Great software, and developer is actively improving it.
Our company stopped using PHPIPAM (1.0) after a third-party auditor reported that it contained a number of security vulnerabilities, including SQL injections. For example, in functions-common.php, the get_menu_html() function reads in "subnetId" directly from the REQUEST, which gets passed to getAllParents(), which calls getSubnetDetailsById() in functions-network.php, which appears to drop the raw subnetId data right into a querystring executed at normal phpipam DB permissions. (You can grep the PHP code for more "$query" instances and back out to the related REQUEST or POST variable population to see similar examples.) The application also encourages IT admins to put "domain admin" credentials in clear text into the adLDAP.php file for optional AD/LDAP integration; there are safer ways to store these! (Using just MD5 for local user passwords also makes me nervous since a lot of the passwords stored here might be those of admins using the same password across multiple systems...) All in all, I think the project would benefit from a switch to PHP prepared statements and better credential protection. The functionality seems solid, but it could use better security (e.g., there appears to be some sanitization happening with parameters like username, but it's not universal), even if the app is normally only installed "behind the firewall."