phpipam Icon

phpipam

phpipam open-source IP address management

4.9 Stars (41)
974 Downloads (This Week)
Last Update:
Download phpipam-1.2.1.tar
Browse All Files
BSD Mac Linux

Screenshots

Description

phpipam is an open-source web IP address management application (IPAM). Its goal is to provide light, modern and useful IP address management. It is php-based application with MySQL database backend, using jQuery libraries, ajax and some HTML5/CSS3 features.

phpipam Web Site

Features

  • demo: demo.phpipam.net
  • IPv4 / IPv6 address management
  • ICMP status updates, subnet scanning and status showing
  • Domain authentication (AD) / OpenLDAP authentication
  • Per-group permissions
  • Multiple level of nested subnets
  • Visual subnet display
  • IPv4 / IPv6 address calculator
  • VRF support
  • VLAN management
  • Device management
  • RIPE import
  • Import / export XLS files
  • User management
  • E-Mail notification with IP details
  • IP database search
  • IP request module
  • IP range adding / editing / deleting
  • Custom IP/subnet/userVLAN address fields

KEEP ME UPDATED

User Ratings

★★★★★
★★★★
★★★
★★
38
2
0
1
0
ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 4 / 5
Write a Review

User Reviews

  • 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5

    Our company stopped using PHPIPAM (1.0) after a third-party auditor reported that it contained a number of security vulnerabilities, including SQL injections. For example, in functions-common.php, the get_menu_html() function reads in "subnetId" directly from the REQUEST, which gets passed to getAllParents(), which calls getSubnetDetailsById() in functions-network.php, which appears to drop the raw subnetId data right into a querystring executed at normal phpipam DB permissions. (You can grep the PHP code for more "$query" instances and back out to the related REQUEST or POST variable population to see similar examples.) The application also encourages IT admins to put "domain admin" credentials in clear text into the adLDAP.php file for optional AD/LDAP integration; there are safer ways to store these! (Using just MD5 for local user passwords also makes me nervous since a lot of the passwords stored here might be those of admins using the same password across multiple systems...) All in all, I think the project would benefit from a switch to PHP prepared statements and better credential protection. The functionality seems solid, but it could use better security (e.g., there appears to be some sanitization happening with parameters like username, but it's not universal), even if the app is normally only installed "behind the firewall."

    Posted 11/11/2014
Read more reviews

Additional Project Details

Languages

French, Dutch, Slovene, Brazilian Portuguese, German

Intended Audience

Information Technology, Telecommunications Industry, System Administrators

User Interface

Web-based

Programming Language

Perl, PHP, JavaScript

Registered

2011-06-10

Thanks for helping keep SourceForge clean.

Screenshot instructions:
Windows
Mac
Red Hat Linux   Ubuntu

Click URL instructions:
Right-click on ad, choose "Copy Link", then paste here →
(This may not be possible with some types of ads)

More information about our ad policies
X

Briefly describe the problem (required):

Upload screenshot of ad (required):
Select a file, or drag & drop file here.

Please provide the ad click URL, if possible:

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks
Screenshots can attract more users to your project.
Features can attract more users to your project.