DVWA VS PHPSecLib

There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop

I'd suggest you to download for example a VM of Damn Vulnerable Web Application (https://github.com/digininja/DVWA), learn and practice the attacks, and then try to protect the host from these attacks to prevent or limit access to the system.

I deployed a Damn Vulnerable Web Application (DVWA) for you, I DM'ed the url and creds. It's a controlled sandbox, intentionally vulnerable app for you to try out your hackerman skills. Go nuts, have fun dude.

For app security check out the damn vulnerable web app: https://github.com/digininja/DVWA

A fresh install laptop is probably going to be a frustrating first place to start as it is unlikely to be exposing any services for you to scan or test. You could install some vulnerable services, like the damn vulnerable web application here which has good setup instructions and many, many walkthroughs.

You could spin up a version of dvwa and scan that. https://github.com/digininja/DVWA

sudo git clone https://github.com/digininja/DVWA/git

DVWA is a pretty solid educational, training application that is meant for this purpose. There are a bunch of different modules, but one is bruteforcing passwords.

Damn Vulnerable Web App

I recommend using PHPSecLib which has a powerful SSH library that is far more versatile than the official PHP SSH extension.

I did a lot of research on how to perform this validation. In many blogs, I saw many people recommending using native functions like openssl_verify, openssl_get_publickey, or openssl_pkey_get_details, but unfortunately, they didn't work for what I needed (Remember, an SSH key is different from an SSL key, so these functions won't work). In other forums, I saw people suggesting using the package https://phpseclib.com/. But think about it, why install a package when you're only going to use one class and one of its methods?

ports: phpseclib 3.0.19[1]

PHP libraries that provide support for asymmetric encryption OpenSSL: https://www.php.net/manual/en/book.openssl.php phpseclib: https://github.com/phpseclib/phpseclib Sodium: https://www.php.net/manual/en/book.sodium.php

And also, another strategy is to look through the Unit tests on the project, so you can see how it's actually used. for example: https://github.com/phpseclib/phpseclib/blob/master/tests/Unit/Crypt/RSA/ModeTest.php

You can also use phpseclib (PHP Secure Communications Library), which has all kinds of security-related functions, including functions for symmetric encryption. It uses a pure PHP implementation, so you don't need libraries like openssl or libsodium, but they will be used when installed (for speed).