Open Source PHP Tunneling Software

Zphisher is an advanced open-source phishing tool for educational and penetration testing purposes. It provides a simple interface for launching phishing attacks by cloning login pages of popular websites. Built in Bash, Zphisher automates server deployment using tunneling services like Ngrok, Localhost.run, and others. It is intended for ethical hacking and security research to demonstrate how phishing attacks work and how to defend against them.

Seeker is an open source project that demonstrates how to obtain precise location information from devices using social engineering and web-based techniques. The tool sets up a phishing page that asks for location permissions, allowing GPS and other device data to be shared if the user consents. It can capture latitude, longitude, accuracy, altitude, direction, and even speed, with results displayed in a terminal. The project supports both manual deployment and tunneling services like Ngrok for external access. While primarily intended as an educational resource on security awareness, it highlights the risks of exposing geolocation data online. Its simplicity and effectiveness have made it a popular project in cybersecurity learning circles.

Sing-box is a shell-script-based deployment project for setting up multi-protocol sing-box proxy environments across different hosting platforms and VPS scenarios. It is built around quick, automated installation rather than manual configuration, making it useful for users who want a bundled setup process. The project supports several proxy protocols, including VLESS Reality, VMess over WebSocket and TLS, Hysteria2, and Tuic. It also includes optional Nezha monitoring integration, which can help users observe node status from a monitoring panel. The scripts reference support for platforms such as Serv00, CT8, Hostuno, VPS environments, and Alpine-based systems. Overall, it functions as an automation toolkit for deploying and managing sing-box-based proxy nodes with multiple protocol options.

Expose is an open source tunneling service that allows developers to securely share locally running web applications with the public internet through temporary public URLs. The project functions as an alternative to tools like ngrok by creating encrypted tunnels that route incoming requests from a publicly accessible server directly to a developer’s local machine. This makes it possible to test webhooks, demonstrate applications, or collaborate with teammates without deploying the project to a staging server. Expose is written in PHP and can be self-hosted, giving developers full control over their infrastructure, domains, and traffic while avoiding reliance on third-party tunneling services. The system includes both a client and server component, where the client runs locally and the server manages incoming connections and tunnel routing. It can bypass common restrictions such as firewalls or VPN limitations by establishing an outbound connection from the local machine to the tunnel s

Enables tunneling of network connections through restrictive HTTP proxies. Features: Portmapping, SOCKS4, SOCKS5, web-based admin interface, possibility to use standalone server (perl) or hosted server (PHP), optional authorization from LDAP or MySQL

ASProxyWing is a handy, easy to use client / server desktop distributed proxy, which works as a HTTP-tunnel for clients. Provides high secure, easy to integrate proxy servers.

A HTTP tunnel for POP and SMTP access via a proxy.

HTTP tunneling is a method for connecting to a MySQL server that uses the same protocol (http://) and the same port (port 80) as a webserver does. MySQLTunnel implements an HTTP tunneling to MySQL in a fast and secure way. Written in PHP can be installed in any webserver or hosting with the LAMP or WAMP stack available, to allow access to internal MySQL server. The script will utilize mysqli or mysql extensions, and mcrypt to perform decryption on the request and encryption on the result if needed. You can also choose whether to expose its functionality upon calling the script with a Web Browser or not. The script is highly configurable, and maintains log files if needed.