Open Source PHP Security Software
Sort By:
PHP Security Software
View 5765 business solutionsBrowse free open source PHP Security Software and projects below. Use the toggles on the left to filter open source PHP Security Software by OS, license, language, programming language, and project status.
-
Gemini 3 and 200+ AI Models on One PlatformBuild generative AI apps with Vertex AI. Switch between models without switching platforms.
-
Fully Managed MySQL, PostgreSQL, and SQL ServerCloud SQL handles your database ops end to end, so you can focus on your app.
-
1
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode. -
2
Zphisher
An automated phishing tool with 30+ templates
Zphisher is an advanced open-source phishing tool for educational and penetration testing purposes. It provides a simple interface for launching phishing attacks by cloning login pages of popular websites. Built in Bash, Zphisher automates server deployment using tunneling services like Ngrok, Localhost.run, and others. It is intended for ethical hacking and security research to demonstrate how phishing attacks work and how to defend against them. -
3
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific issue... bWAPP is covering a wide range of vulnerabilities! bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It is supported on WAMP or XAMPP. Another possibility is to download bee-box, a custom VM pre-installed with bWAPP. This project is part of the ITSEC GAMES project. You can find more about the ITSEC GAMES and bWAPP projects on our blog. For security-testing and educational purposes only! Cheers Malik Mesellem -
4
Network Security Toolkit (NST)
A network security analysis and monitoring toolkit Linux distribution.
Network Security Toolkit (NST) is a bootable ISO image (Live USB Flash Drive) based on Fedora 42 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines. -
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
5
SecLists
The Pentester’s Companion
SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
6
CacheGuard Gateway
CacheGuard Gateway is a UTM, a WAF, and a QoS management appliance.
CacheGuard Gateway is a free and open-source Unified Threat Management (UTM) solution, a Web Application Firewall (WAF), and a Quality of Service (QoS) platform designed to optimize WAN traffic. To obtain a CacheGuard Gateway appliance, download CacheGuard-OS and install it on the bare-metal or virtual machine of your choice. It’s that simple and completely free. The UTM includes a firewall, web antivirus, VPN server, and a URL-filtering and SSL-inspection web proxy. The WAF operates in conjunction with a reverse proxy, web application load balancer, and SSL offloader, and is capable of blocking malicious requests as well as traffic from IP addresses with poor reputations. The QoS manager enables traffic shaping to prioritize critical network flows, load balance multiple WAN links, and cache web traffic. -
7
htmLawed
PHP code to purify & filter HTML
The htmLawed PHP script makes HTML more secure and standards- & policy-compliant. The customizable HTML filter/purifier can balance tags, ensure proper nestings, neutralize XSS, restrict HTML, beautify code like Tidy, implement anti-spam measures, etc. -
8
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo -
9
TeamPass
cPassMan was renamed to TeamPass
TeamPass is a collaborative passwords manager. It has been created for managing passwords in a collaborative environment of use such as companies. With TeamPass it is possible to organize passwords in a tree structure, associate information to password. MORE INFORMATION ON TEAMPASS.NET website! -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
10
AlienVault OSSIM
Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization -
11
Laratrust
Handle roles and permissions in your Laravel application
Handle roles and permissions in your Laravel application. Laratrust is an easy and flexible way to add roles, permissions and team authorization to Laravel. -
12
Laravel Notify
Flexible Flash notifications for Laravel
Laravel Notify is a package that lets you add custom notifications to your project. A diverse range of notification designs is available. -
13
Socialite
Socialite is an OAuth2 Authentication tool
Socialite is an OAuth2 Authentication tool. It is inspired by laravel/socialite, you can easily use it without Laravel. Socialite is an OAuth2 authentication tool. It is inspired by laravel/socialite , you can easily use it in any PHP project. The tool now supports the following platforms: Facebook, Github, Google, Linkedin, Outlook, QQ, TAPD, Alipay, Taobao, Baidu, DingTalk, Weibo, WeChat, Douyin, Feishu, Lark, Douban, Enterprise WeChat, Tencent Cloud, Line, Gitee, Coding. Users only need to create corresponding configuration variables, and then use tools to create authentication applications for each platform, and easily obtain the access_token and user-related information of the platform. For details about the tool implementation logic, refer to the OAuth2 documents of major platforms. -
14
pH7 Social Dating CMS (pH7Builder)❤️
🚀 Professional Social Dating Web App Builder (formerly pH7CMS)
pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script gives you the perfect ingredients to create the best dating web app or social networking site on the World Wide Web! -- Get Involved! -- If you want to work on an Innovative Open Source Social/Dating Software Project with a Beautiful PHP Code using the latest PHP Features while collaborating with nice people and finally if you love the "Social" and "Dating" Services, ...you HAVE TO DO IT! - Fork the repo http://github.com/pH7Software/pH7-Social-Dating-CMS -
15
PrivateBin
A minimalist, open source online pastebin
PrivateBin is a minimalist, open-source online pastebin that allows users to securely share text data. It encrypts the content client-side, ensuring that no one other than the intended recipient can read the data. PrivateBin is self-hosted, giving users full control over their data. It supports features like message expiration, password protection, and anonymous sharing. -
16
phpseclib
PHP secure communications library
phpseclib is designed to be ultra-portable. The 3.0 version works on PHP 5.6+ and doesn't require any extensions. For purposes of speed, OpenSSL, GMP, libsodium or mcrypt are used, if they're available, but they are not required. phpseclib is designed to be fully interoperable with standardized cryptography libraries and protocols. MIT-licensed pure-PHP implementations of SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 / Ed449 / Curve25519 / Curve449, ECDSA / ECDH (with support for 66 curves), RSA (PKCS#1 v2.2 compliant), DSA / DH, DES / 3DES / RC4 / Rijndael / AES / Blowfish / Twofish / Salsa20 / ChaCha20, GCM / Poly1305. The only requirement that phpseclib 3.0 has is that you must be using PHP 5.6+. Using phpseclib2_compat will actually bring a few enhancements to your dependency. -
17
Coyote Linux
Network Security Appliance Linux Distribution
Coyote Linux is a security-centric distribution of Linux designed to provide firewall, VPN, IP routing, and various other functions. -
18
Laravel CSP
Set content security policy headers in a Laravel app
By default, all scripts on a webpage are allowed to send and fetch data to any site they want. This can be a security problem. Imagine one of your JavaScript dependencies sends all keystrokes, including passwords, to a third party website. It's very easy for someone to hide this malicious behaviour, making it nearly impossible for you to detect it (unless you manually read all the JavaScript code on your site). For a better idea of why you really need to set content security policy headers, read this excellent blog post by David Gilbertson. Setting Content Security Policy headers helps solve this problem. These headers dictate which sites your site is allowed to contact. This package makes it easy for you to set the right headers. -
19
Laravel Wallet
Easy work with virtual wallet
laravel-wallet - Easy to work with virtual wallet. -
20
Bash Scripting
Free Introduction to Bash Scripting eBook
This is an open-source introduction to Bash scripting guide/ebook that will help you learn the basics of Bash scripting and start writing awesome Bash scripts that will help you automate your daily SysOps, DevOps, and Dev tasks. No matter if you are a DevOps/SysOps engineer, developer, or just a Linux enthusiast, you can use Bash scripts to combine different Linux commands and automate boring and repetitive daily tasks, so that you can focus on more productive and fun things. The guide is suitable for anyone working as a developer, system administrator, or a DevOps engineer and wants to learn the basics of Bash scripting. The first 13 chapters would be purely focused on getting some solid Bash scripting foundations then the rest of the chapters would give you some real-life examples and scripts. -
21
Laravel Fortify
Backend controllers and scaffolding for Laravel authentication
Laravel Fortify is a frontend agnostic authentication backend implementation for Laravel. Fortify registers the routes and controllers needed to implement all of Laravel's authentication features, including login, registration, password reset, email verification, and more. You are not required to use Fortify in order to use Laravel's authentication features. You are always free to manually interact with Laravel's authentication services by following the documentation available in the authentication, password reset, and email verification documentation. Laravel Fortify essentially takes the routes and controllers of Laravel Breeze and offers them as a package that does not include a user interface. This allows you to still quickly scaffold the backend implementation of your application's authentication layer without being tied to any particular frontend opinions. -
22
Laravel Socialite
Laravel wrapper around OAuth 1 & OAuth 2 libraries
Laravel Socialite provides an expressive, fluent interface to OAuth authentication with Facebook, Twitter, Google, LinkedIn, GitHub, GitLab and Bitbucket. It handles almost all of the boilerplate social authentication code you are dreading writing. Laravel Socialite provides an expressive, fluent interface to OAuth authentication with Facebook, Twitter, Google, LinkedIn, GitHub, GitLab and Bitbucket. It handles almost all of the boilerplate social authentication code you are dreading writing. To get started with Socialite, use the Composer package manager to add the package to your project's dependencies. When upgrading to a new major version of Socialite, it's important that you carefully review the upgrade guide. Before using Socialite, you will need to add credentials for the OAuth providers your application utilizes. -
23
Lavarel-admin
Tools to build a full-featured administrative interface
Built-in permission system based on RBAC, and easy to bind with routing and menu. It supports more than 40+ extensions, easy to install, and ready to use out of the box. With the elegance of Laravel, CURD pages are constructed with expressive code. Quickly generate controller and data table & form code with one key through built-in commands, reducing the workload to a minimum. It supports more than 40 form components, covering almost all usage scenarios, and supports customizing and extending any other components to meet your needs. As long as you install the corresponding OSS platform upload driver and complete the configuration, you can get through the OSS upload function. With the help intervention/imageof powerful functions, you can crop, zoom, watermark, flip and other dozens of operations on uploaded pictures. Supports Eloquentmaking kind of data relationships to meet a variety of scenarios. -
24
Spiral Framework
High-Performance PHP Framework for large scale applications
Born out of real-world software development projects, Spiral Framework is a modern PHP framework designed to power faster, cleaner, superior software development. Due to its design and sophisticated application server, Spiral Framework will execute your code up to 10 times faster than Laravel or Symfony without compromising code quality or compatibility with commonly-used libraries. Spiral Framework provides all the tools you need to write secure applications with embedded encryption, CSRF protection, cookie anti-tampering, RBAC authorization, token-based authentication, validation, and more. 10+ years of R&D and design-verification at Spiral Scout has delivered a high-performing framework that already serves dozens of applications on production and drives functionality for millions of users. Scale your application quickly with integrated tools for Queue, GRPC, Event broadcasting and more. -
25
Stock Inventory Management
PHP Stock Inventory Management System - POS
A web-based application which will manage stock inventory so easily: Dashboard, Stock Management, Purchasing, Sales, Suppliers, Customers, Outstandings, and Payments. Nice look and feel interface. It supports to be displayed in mobile-device. This web application is actually generated by PHPMaker without touch any code in the generated script files. All the customization are done from inside of PHPMaker Project. Thus, all the changes are saved in the project side, so that you will be able to maintain the project and upgrade it in future easily and quickly. This related PHPMaker Project file (including all the Extensions that used by this project) can be downloaded from http://www.ilovephpmaker.com. The latest version supports PHPMaker 2019. Technical support will be provided only for those of you who have subscribed to the site. Demo? Please visit: http://phpstock.ilovephpmaker.com/ For login, please use: - Username: admin - Password: master
