Open Source PHP Security Software
Sort By:
PHP Security Software
View 5818 business solutionsBrowse free open source PHP Security Software and projects below. Use the toggles on the left to filter open source PHP Security Software by OS, license, language, programming language, and project status.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
1
DVWA
PHP/MySQL web application
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible. Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode. -
2
Zphisher
An automated phishing tool with 30+ templates
Zphisher is an advanced open-source phishing tool for educational and penetration testing purposes. It provides a simple interface for launching phishing attacks by cloning login pages of popular websites. Built in Bash, Zphisher automates server deployment using tunneling services like Ngrok, Localhost.run, and others. It is intended for ethical hacking and security research to demonstrate how phishing attacks work and how to defend against them. -
3
bWAPP
an extremely buggy web app !
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web bugs! It covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project. The focus is not just on one specific issue... bWAPP is covering a wide range of vulnerabilities! bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It is supported on WAMP or XAMPP. Another possibility is to download bee-box, a custom VM pre-installed with bWAPP. This project is part of the ITSEC GAMES project. You can find more about the ITSEC GAMES and bWAPP projects on our blog. For security-testing and educational purposes only! Cheers Malik Mesellem -
4
SecLists
The Pentester’s Companion
SecLists is the ultimate security tester’s companion. It is a collection of various types of lists commonly used during security assessments, all in one place. SecLists helps to increase efficiency and productivity in security testing by conveniently providing all the lists a security tester may need in one repository. List types include those for usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and many more. All the tester will have to do is pull this repo onto a new testing box and he’ll have access to every type of list he may require. -
$300 in Free Credit Towards Top Cloud ServicesStart your project in minutes. After credits run out, 20+ products include free monthly usage. Only pay when you're ready to scale.
-
5
Network Security Toolkit (NST)
A network security analysis and monitoring toolkit Linux distribution.
Network Security Toolkit (NST) is a bootable ISO image (Live USB Flash Drive) based on Fedora 42 providing easy access to best-of-breed Open Source Network Security Applications and should run on most x86_64 systems. The main intent of developing this toolkit was to provide the security professional and network administrator with a comprehensive set of Open Source Network Security Tools. The majority of tools published in the article: Top 125 Security Tools by INSECURE.ORG are available in the toolkit. An advanced Web User Interface (WUI) is provided for system/network administration, navigation, automation, network monitoring, host geolocation, network analysis and configuration of many network and security applications found within the NST distribution. In the virtual world, NST can be used as a network security analysis, validation and monitoring tool on enterprise virtual servers hosting virtual machines. -
6
AlienVault OSSIM
Open Source SIEM
OSSIM, AlienVault’s Open Source Security Information and Event Management (SIEM) product, provides event collection, normalization and correlation. For more advanced functionality, AlienVault Unified Security Management (USM) builds on OSSIM with these additional capabilities: * Log management * Advanced threat detection with a continuously updated library of pre-built correlation rules * Actionable threat intelligence updates from AlienVault Labs Security Research Team * Rich analytics dashboards and data visualization -
7
htmLawed
PHP code to purify & filter HTML
The htmLawed PHP script makes HTML more secure and standards- & policy-compliant. The customizable HTML filter/purifier can balance tags, ensure proper nestings, neutralize XSS, restrict HTML, beautify code like Tidy, implement anti-spam measures, etc. -
8
CacheGuard Gateway
Free UTM appliance: firewall, VPN, WAF and antivirus in one ISO.
Securing your network should not require an enterprise budget. CacheGuard is a free open-source network security appliance for startups and growing businesses that need serious protection without the complexity. Install CacheGuard-OS on any x86 machine or VM and get a complete security gateway in under an hour. No plug-ins, no compatibility issues. Everything works out of the box. CacheGuard-OS is not an app, it IS the OS. A fully custom network appliance operating system built from scratch over 20 years, now fully open source. One ISO includes: firewall, VPN, web antivirus, URL filtering, SSL inspection, WAF, reverse proxy, load balancer and QoS. Free for any number of users. Optional paid support available. Source code: https://github.com/cacheguard/CacheGuard-OS Website: https://www.cacheguard.com/ -
9
pH7 Social Dating CMS (pH7Builder)❤️
🚀 Professional Social Dating Web App Builder (formerly pH7CMS)
pH7Builder is a Professional, Free & Open Source PHP Social Dating Builder Software (primarily designed for developers ...). This Social Dating Web App is fully coded in object-oriented PHP (OOP) with the MVC pattern (Model-View-Controller). It is low resource-intensive, extremely powerful and highly secure. pH7Builder is included with over 42 native modules and is based on its homemade pH7 Framework which includes more than 52 packages To summarize, pH7Builder Social Dating Script gives you the perfect ingredients to create the best dating web app or social networking site on the World Wide Web! -- Get Involved! -- If you want to work on an Innovative Open Source Social/Dating Software Project with a Beautiful PHP Code using the latest PHP Features while collaborating with nice people and finally if you love the "Social" and "Dating" Services, ...you HAVE TO DO IT! - Fork the repo http://github.com/pH7Software/pH7-Social-Dating-CMS -
Forever Free Full-Stack Observability | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
10
Web Security Dojo
Virtual training environment to learn web app ethical hacking.
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want transform their stock Ubuntu into a virtual dojo. Bow to your sensei! username: dojo password: dojo -
11
jrean/laravel-user-verification
PHP package built for Laravel 5.* & 6.* & 7.* & 8.* & 9.* & 10.*
jrean/laravel-user-verification is a PHP package built for Laravel 5., 6., 7., 8., 9.* & 10.* to easily handle a user verification and validate the e-mail. -
12
TeamPass
cPassMan was renamed to TeamPass
TeamPass is a collaborative passwords manager. It has been created for managing passwords in a collaborative environment of use such as companies. With TeamPass it is possible to organize passwords in a tree structure, associate information to password. MORE INFORMATION ON TEAMPASS.NET website! -
13
BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intrusion Databases (ACID) project. This application provides a web front-end to query and analyze the alerts coming from a SNORT IDS system.
-
14
Bash Scripting
Free Introduction to Bash Scripting eBook
This is an open-source introduction to Bash scripting guide/ebook that will help you learn the basics of Bash scripting and start writing awesome Bash scripts that will help you automate your daily SysOps, DevOps, and Dev tasks. No matter if you are a DevOps/SysOps engineer, developer, or just a Linux enthusiast, you can use Bash scripts to combine different Linux commands and automate boring and repetitive daily tasks, so that you can focus on more productive and fun things. The guide is suitable for anyone working as a developer, system administrator, or a DevOps engineer and wants to learn the basics of Bash scripting. The first 13 chapters would be purely focused on getting some solid Bash scripting foundations then the rest of the chapters would give you some real-life examples and scripts. -
15
ezXSS
ezXSS is an easy way for penetration testers and bug bounty hunters
ezXSS is an open-source XSS (Cross-Site Scripting) testing platform designed to help security researchers identify and collect XSS vulnerabilities. It acts as a payload receiver and logger, storing details about triggered XSS attacks such as the user agent, cookies, DOM, and referrer. This tool is highly useful in bug bounty hunting and penetration testing for monitoring and documenting XSS vectors in real-time. -
16
Personal Management System
Your web application for managing personal data
It's easier to understand this web application when you think about a CMS (WordPress) or CRM (SugarCRM); the logic behind this system is very similar to those two. My PMS may offer fewer possibilities than those systems above, but it just does what I want it to do. Additionally, writing extensions is not too hard, depending on the logic required. Anyone with development knowledge can pretty much write their own extensions for personal needs. Keep a track of your personal goals. You can use tools to keep track of your goals progress or use the payments submodule to keep an eye of the money amount that you want to collect for something. Add any personal note to the desired category. Here, you can keep any small information that you need; it can be either quick notes from phone calls, a bunch of information collected all around different pages, or some links to things that you want to check somewhere later in the future. -
17
PrivateBin
A minimalist, open source online pastebin
PrivateBin is a minimalist, open-source online pastebin that allows users to securely share text data. It encrypts the content client-side, ensuring that no one other than the intended recipient can read the data. PrivateBin is self-hosted, giving users full control over their data. It supports features like message expiration, password protection, and anonymous sharing. -
18
phpseclib
PHP secure communications library
phpseclib is designed to be ultra-portable. The 3.0 version works on PHP 5.6+ and doesn't require any extensions. For purposes of speed, OpenSSL, GMP, libsodium or mcrypt are used, if they're available, but they are not required. phpseclib is designed to be fully interoperable with standardized cryptography libraries and protocols. MIT-licensed pure-PHP implementations of SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 / Ed449 / Curve25519 / Curve449, ECDSA / ECDH (with support for 66 curves), RSA (PKCS#1 v2.2 compliant), DSA / DH, DES / 3DES / RC4 / Rijndael / AES / Blowfish / Twofish / Salsa20 / ChaCha20, GCM / Poly1305. The only requirement that phpseclib 3.0 has is that you must be using PHP 5.6+. Using phpseclib2_compat will actually bring a few enhancements to your dependency. -
19
Netdeep Secure Firewall
Next Generation Open Source Firewall
Netdeep Secure is a Linux distribution with focus on network security. Is a Next Generation Open Source Firewall, which provides virtually all perimeter security features that your company may need. It offers Web content filters, ensuring better performance of the network, allowing users to use the service efficiently and securely, providing a deep control of the use of the Web access service, blocking access to unwanted websites, Virus, Spam, Applications and intrusion attempts. Its configuration is made entirely by the web interface. -
20
ZoneMinder is video and cctv surveillance and security application. It supports multiple video or IP cameras and a sophisticated motion detection system based around zones. Both live streams and historic events can be viewed via the web interface.
-
21
Fingerprint Pro Server API PHP SDK
PHP SDK for Fingerprint Pro Server API
Fingerprint Pro Server API allows you to get information about visitors and about individual events in a server environment. It can be used for data exports, decision-making, and data analysis scenarios. Server API is intended for server-side usage, it's not intended to be used from the client side, whether it's a browser or a mobile device. -
22
RIPS - PHP Security Analysis
Free Static Code Analysis Tool for PHP Applications
RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/ -
23
CSZ CMS
CSZ CMS is a open source content management system. With Codeigniter.
CSZ CMS is an open source web application that allows to manage all content and settings on the websites. CSZ CMS was built on the basis of Codeigniter and design the structure of Bootstrap, this should make your website fully responsive with ease. CSZ CMS is based on the server side script language PHP and uses a MySQL or MariaDB database for data storage. CSZ CMS is open-source Content Management System. And all is free under the Astian Develop Public License (ADPL). -
24
LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
-
25
Enlightn
Your performance & security consultant, an artisan command away
Enlightn scans your Laravel app code to provide you actionable recommendations on improving its performance, security & more. We'll perform over 100 checks against your application for common issues, and provide actionable feedback for fixing them. Think of Enlightn as your performance and security consultant. Enlightn will "review" your code and server configurations, and give you actionable recommendations on improving performance, security, and reliability! The Enlightn OSS (open source software) version has 64 automated checks that scan your application code, web server configurations, and routes to identify performance bottlenecks, possible security vulnerabilities, and code reliability issues. Enlightn Pro (commercial) is available for purchase on the Enlightn website and has an additional 64 automated checks (a total of 128 checks). Serving Assets: Minification, cache headers, CDN, and compression headers.
