PHP Security Software

View 5577 business solutions

Browse free open source PHP Security Software and projects below. Use the toggles on the left to filter open source PHP Security Software by OS, license, language, programming language, and project status.

  • Gen AI apps are built with MongoDB Atlas Icon
    Gen AI apps are built with MongoDB Atlas

    The database for AI-powered applications.

    MongoDB Atlas is the developer-friendly database used to build, scale, and run gen AI and LLM-powered apps—without needing a separate vector database. Atlas offers built-in vector search, global availability across 115+ regions, and flexible document modeling. Start building AI apps faster, all in one place.
    Start Free
  • Auth for GenAI | Auth0 Icon
    Auth for GenAI | Auth0

    Enable AI agents to securely access tools, workflows, and data with fine-grained control and just a few lines of code.

    Easily implement secure login experiences for AI Agents - from interactive chatbots to background workers with Auth0. Auth for GenAI is now available in Developer Preview
    Try free now
  • 1
    DVWA

    DVWA

    PHP/MySQL web application

    Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode.
    Downloads: 485 This Week
    Last Update:
    See Project
  • 2

    bWAPP

    an extremely buggy web app !

    bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific issue... bWAPP is covering a wide range of vulnerabilities! bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It is supported on WAMP or XAMPP. Another possibility is to download bee-box, a custom VM pre-installed with bWAPP. This project is part of the ITSEC GAMES project. You can find more about the ITSEC GAMES and bWAPP projects on our blog. For security-testing and educational purposes only! Cheers Malik Mesellem
    Leader badge
    Downloads: 1,824 This Week
    Last Update:
    See Project
  • 3
    Zphisher

    Zphisher

    An automated phishing tool with 30+ templates

    Zphisher is an advanced open-source phishing tool for educational and penetration testing purposes. It provides a simple interface for launching phishing attacks by cloning login pages of popular websites. Built in Bash, Zphisher automates server deployment using tunneling services like Ngrok, Localhost.run, and others. It is intended for ethical hacking and security research to demonstrate how phishing attacks work and how to defend against them.
    Downloads: 44 This Week
    Last Update:
    See Project
  • 4
    Network Security Toolkit (NST)

    Network Security Toolkit (NST)

    A network security analysis and monitoring toolkit Linux distribution.

    Network Security Toolkit (NST) is a bootable ISO image (Live USB Flash Drive) based on Fedora 42 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines.
    Leader badge
    Downloads: 177 This Week
    Last Update:
    See Project
  • AI-powered service management for IT and enterprise teams Icon
    AI-powered service management for IT and enterprise teams

    Enterprise-grade ITSM, for every business

    Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
    Try it Free
  • 5
    SecLists

    SecLists

    The Pentester’s Companion

    SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require.
    Downloads: 16 This Week
    Last Update:
    See Project
  • 6
    LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
    Leader badge
    Downloads: 100 This Week
    Last Update:
    See Project
  • 7
    pH7 Social Dating CMS (pH7Builder)❤️

    pH7 Social Dating CMS (pH7Builder)❤️

    🚀 Professional Social Dating Web App Builder (formerly pH7CMS)

    pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script gives you the perfect ingredients to create the best dating web app or social networking site on the World Wide Web! -- Get Involved! -- If you want to work on an Innovative Open Source Social/Dating Software Project with a Beautiful PHP Code using the latest PHP Features while collaborating with nice people and finally if you love the "Social" and "Dating" Services, ...you HAVE TO DO IT! - Fork the repo http://github.com/pH7Software/pH7-Social-Dating-CMS
    Downloads: 51 This Week
    Last Update:
    See Project
  • 8
    AlienVault OSSIM

    AlienVault OSSIM

    Open Source SIEM

    OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization
    Leader badge
    Downloads: 67 This Week
    Last Update:
    See Project
  • 9
    phpseclib

    phpseclib

    PHP secure communications library

    phpseclib is designed to be ultra-portable. The 3.0 version works on PHP 5.6+ and doesn't require any extensions. For purposes of speed, OpenSSL, GMP, libsodium or mcrypt are used, if they're available, but they are not required. phpseclib is designed to be fully interoperable with standardized cryptography libraries and protocols. MIT-licensed pure-PHP implementations of SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 / Ed449 / Curve25519 / Curve449, ECDSA / ECDH (with support for 66 curves), RSA (PKCS#1 v2.2 compliant), DSA / DH, DES / 3DES / RC4 / Rijndael / AES / Blowfish / Twofish / Salsa20 / ChaCha20, GCM / Poly1305. The only requirement that phpseclib 3.0 has is that you must be using PHP 5.6+. Using phpseclib2_compat will actually bring a few enhancements to your dependency.
    Downloads: 8 This Week
    Last Update:
    See Project
  • Picsart Enterprise Background Removal API for Stunning eCommerce Visuals Icon
    Picsart Enterprise Background Removal API for Stunning eCommerce Visuals

    Instantly remove the background from your images in just one click.

    With our Remove Background API tool, you can access the transformative capabilities of automation , which will allow you to turn any photo asset into compelling product imagery. With elevated visuals quality on your digital platforms, you can captivate your audience, and therefore achieve higher engagement and sales.
    Learn More
  • 10

    htmLawed

    PHP code to purify & filter HTML

    The htmLawed PHP script makes HTML more secure and standards- & policy-compliant. The customizable HTML filter/purifier can balance tags, ensure proper nestings, neutralize XSS, restrict HTML, beautify code like Tidy, implement anti-spam measures, etc.
    Leader badge
    Downloads: 109 This Week
    Last Update:
    See Project
  • 11
    TeamPass

    TeamPass

    cPassMan was renamed to TeamPass

    TeamPass is a collaborative passwords manager. It has been created for managing passwords in a collaborative environment of use such as companies. With TeamPass it is possible to organize passwords in a tree structure, associate information to password. MORE INFORMATION ON TEAMPASS.NET website!
    Leader badge
    Downloads: 38 This Week
    Last Update:
    See Project
  • 12
    Bash Scripting

    Bash Scripting

    Free Introduction to Bash Scripting eBook

    This is an open-source introduction to Bash scripting guide/ebook that will help you learn the basics of Bash scripting and start writing awesome Bash scripts that will help you automate your daily SysOps, DevOps, and Dev tasks. No matter if you are a DevOps/SysOps engineer, developer, or just a Linux enthusiast, you can use Bash scripts to combine different Linux commands and automate boring and repetitive daily tasks, so that you can focus on more productive and fun things. The guide is suitable for anyone working as a developer, system administrator, or a DevOps engineer and wants to learn the basics of Bash scripting. The first 13 chapters would be purely focused on getting some solid Bash scripting foundations then the rest of the chapters would give you some real-life examples and scripts.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 13
    PrivateBin

    PrivateBin

    A minimalist, open source online pastebin

    PrivateBin is a minimalist, open-source online pastebin that allows users to securely share text data. It encrypts the content client-side, ensuring that no one other than the intended recipient can read the data. PrivateBin is self-hosted, giving users full control over their data. It supports features like message expiration, password protection, and anonymous sharing.
    Downloads: 6 This Week
    Last Update:
    See Project
  • 14
    Laravel Breeze

    Laravel Breeze

    Minimal Laravel authentication scaffolding with Blade, Vue, or React

    Breeze provides a minimal and simple starting point for building a Laravel application with authentication. Styled with Tailwind, Breeze publishes authentication controllers and views to your application that can be easily customized based on your own application's needs. Laravel Breeze is powered by Blade and Tailwind. While you are welcome to use these starter kits, they are not required. You are free to build your own application from the ground up by simply installing a fresh copy of Laravel. Either way, we know you will build something great.
    Downloads: 5 This Week
    Last Update:
    See Project
  • 15

    Stock Inventory Management

    PHP Stock Inventory Management System - POS

    A web-based application which will manage stock inventory so easily: Dashboard, Stock Management, Purchasing, Sales, Suppliers, Customers, Outstandings, and Payments. Nice look and feel interface. It supports to be displayed in mobile-device. This web application is actually generated by PHPMaker without touch any code in the generated script files. All the customization are done from inside of PHPMaker Project. Thus, all the changes are saved in the project side, so that you will be able to maintain the project and upgrade it in future easily and quickly. This related PHPMaker Project file (including all the Extensions that used by this project) can be downloaded from http://www.ilovephpmaker.com. The latest version supports PHPMaker 2019. Technical support will be provided only for those of you who have subscribed to the site. Demo? Please visit: http://phpstock.ilovephpmaker.com/ For login, please use: - Username: admin - Password: master
    Downloads: 47 This Week
    Last Update:
    See Project
  • 16
    BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
    Downloads: 21 This Week
    Last Update:
    See Project
  • 17

    RIPS - PHP Security Analysis

    Free Static Code Analysis Tool for PHP Applications

    RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/
    Downloads: 26 This Week
    Last Update:
    See Project
  • 18
    PHP dotenv

    PHP dotenv

    Loads environment variables automatically

    You should never store sensitive credentials in your code. Storing configuration in the environment is one of the tenets of a twelve-factor app. Anything that is likely to change between deployment environments, such as database credentials or credentials for 3rd party services, should be extracted from the code into environment variables. Basically, a .env file is an easy way to load custom configuration variables that your application needs without having to modify .htaccess files or Apache/nginx virtual hosts. This means you won't have to edit any files outside the project, and all the environment variables are always set no matter how you run your project, Apache, Nginx, CLI, and even PHP's built-in webserver. It's WAY easier than all the other ways you know of to set environment variables, and you're going to love it!
    Downloads: 3 This Week
    Last Update:
    See Project
  • 19
    Paseto

    Paseto

    Platform-Agnostic Security Tokens

    Paseto (Platform-Agnostic Security Tokens) is an open-source security token format designed as a more secure alternative to JWT (JSON Web Tokens). Unlike JWT, Paseto eliminates common cryptographic pitfalls by avoiding weak algorithms. It is designed to be secure by default, with built-in cryptographic best practices, making it ideal for applications requiring robust authentication and token management.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 20
    Passbolt API

    Passbolt API

    Passbolt Community Edition (CE) API

    Passbolt API is an open-source password manager designed for teams. It allows users to securely store and share passwords using end-to-end encryption. Passbolt is self-hosted, offering full control over data and enhanced security. It integrates seamlessly into the workflow, allowing team members to access shared credentials while maintaining robust security practices.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 21
    ezXSS

    ezXSS

    ezXSS is an easy way for penetration testers and bug bounty hunters

    ezXSS is an open-source XSS (Cross-Site Scripting) testing platform designed to help security researchers identify and collect XSS vulnerabilities. It acts as a payload receiver and logger, storing details about triggered XSS attacks such as the user agent, cookies, DOM, and referrer. This tool is highly useful in bug bounty hunting and penetration testing for monitoring and documenting XSS vectors in real-time.
    Downloads: 3 This Week
    Last Update:
    See Project
  • 22
    Web Security Dojo

    Web Security Dojo

    Virtual training environment to learn web app ethical hacking.

    Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo
    Leader badge
    Downloads: 18 This Week
    Last Update:
    See Project
  • 23
    Fingerprint Pro Server API PHP SDK

    Fingerprint Pro Server API PHP SDK

    PHP SDK for Fingerprint Pro Server API

    Fingerprint Pro Server API allows you to get information about visitors and about individual events in a server environment. It can be used for data exports, decision-making, and data analysis scenarios. Server API is intended for server-side usage, it's not intended to be used from the client side, whether it's a browser or a mobile device.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 24
    Halite

    Halite

    High-level cryptography interface powered by libsodium

    Halite is a high-level cryptography interface that relies on libsodium for all of its underlying cryptography operations. Halite was created by Paragon Initiative Enterprises as a result of our continued efforts to improve the ecosystem and make cryptography in PHP safer and easier to implement. You can read the Halite Documentation online. Halite is released under Mozilla Public License 2.0. Commercial licenses are available from Paragon Initiative Enterprises if you wish to extend Halite without making your derivative works available under the terms of the MPL. If you are satisfied with the terms of MPL software for backend web applications but would like to purchase a support contract for your application that uses Halite, those are also offered by Paragon Initiative Enterprises.
    Downloads: 2 This Week
    Last Update:
    See Project
  • 25
    Laravel Passport

    Laravel Passport

    Laravel Passport provides OAuth2 server support to Laravel

    Laravel Passport is an OAuth2 server and API authentication package that is simple and enjoyable to use. Laravel Passport provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. Passport is built on top of the League OAuth2 server that is maintained by Andy Millington and Simon Hamp. Before getting started, you may wish to determine if your application would be better served by Laravel Passport or Laravel Sanctum. If your application absolutely needs to support OAuth2, then you should use Laravel Passport. However, if you are attempting to authenticate a single-page application, or mobile application, or issue API tokens, you should use Laravel Sanctum. Laravel Sanctum does not support OAuth2; however, it provides a much simpler API authentication development experience.
    Downloads: 2 This Week
    Last Update:
    See Project
  • Previous
  • You're on page 1
  • 2
  • 3
  • 4
  • 5
  • Next
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.