Top 23 PHP Security Projects

• Matomo

  66 15,834 9.8 PHP

  Liberating Web Analytics. Star us on Github? +1. Matomo is the leading open alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. We love Pull Requests!

  

  Project mention: Selling Free Software | reddit.com/r/freesoftware | 2022-01-23

• labs

  1 10,510 0.0 PHP

  This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.

  

  Project mention: How to “dockerize” existing web apps (“php + mySQL” app, and “node.js + express + mongodb” app) | reddit.com/r/docker | 2021-03-11

  You can find some intro and tutorials to catch up on docker https://github.com/docker/labs

• Cloudways

  cloudways.com

  sponsored

  Managed Cloud Hosting Platform. Deploy PHP applications on Cloudways web hosting platform to get high uptime and optimized performance. Use the BFCM promo "BFCM2021" to get 40% FLAT discount for FOUR months straight.

  

• random_compat

  0 7,955 4.8 PHP

  PHP 5.x support for random_bytes() and random_int()

  

• DVWA

  16 5,798 7.5 PHP

  Damn Vulnerable Web Application (DVWA)

  Project mention: Help needed with ab assignment | reddit.com/r/netsecstudents | 2022-01-19

  Yes, the top 10 is a good place to start and pick a category from. For practice and demonstration you can use https://owasp.org/www-project-juice-shop/ or https://dvwa.co.uk/.

• awesome-appsec

  2 4,825 0.0 PHP

  A curated list of resources for learning about application security

  

  Project mention: Anyone in AppSec (Application Security)? | reddit.com/r/cybersecurity | 2021-12-07

  Come over to /r/devsecops to get more information about the field. Also, there are lots of good sources, you can get some from my blog, or Awesome AppSec, or Security Prince and other places.

• PHPSecLib

  3 4,646 9.0 PHP

  PHP Secure Communications Library

  

  Project mention: Trying to easily replace the depricated mcrypt_decrypt functionality. | reddit.com/r/PHPhelp | 2022-01-05

  You can also use phpseclib (PHP Secure Communications Library), which has all kinds of security-related functions, including functions for symmetric encryption. It uses a pure PHP implementation, so you don't need libraries like openssl or libsodium, but they will be used when installed (for speed).

• PrivateBin

  32 3,691 8.8 PHP

  A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

  

  Project mention: PrivateBin: NEW Data - star count:3702.0 | reddit.com/r/algoprojects | 2022-01-23

• Scout APM

  scoutapm.com

  sponsored

  Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  

• MISP

  8 3,525 9.9 PHP

  MISP (core software) - Open Source Threat Intelligence and Sharing Platform

  

  Project mention: Basic External IP investigating? | reddit.com/r/cybersecurity | 2021-11-25

  One thing you can do is run the IPs through various (opensource) threat feeds to see if the IPs have been observed by others in the past. AlienVault OTX and MISP are two free options that you could utilize.

• pfSense

  78 3,488 9.7 PHP

  Main repository for pfSense

  

  Project mention: [Bi-annual Repost] What's on your Linux server? | reddit.com/r/linux | 2022-01-22

  This one in particular yes.. big difference.. i built it for one.. check out https://www.pfsense.org

• PHP Encryption

  1 3,421 4.3 PHP

  Simple Encryption in PHP.

  Project mention: How I Documented, Encrypted, and Tested My First REST API | dev.to | 2021-02-17

  I encrypted my data using defuse/php-encryption. This library, claiming to be secure, unlike other libraries, did the encryption and decryption for me. To encrypt and decrypt, I needed my own key, which I generated by running

• Passbolt

  9 2,793 9.5 PHP

  Passbolt CE Backend, a JSON API written with Cakephp

  

  Project mention: Simple sharing of keepass keyfile between multiple users? | reddit.com/r/selfhosted | 2022-01-20

  Just take a look here: https://www.passbolt.com

• bouncer

  5 2,774 3.9 PHP

  Eloquent roles and abilities.

  Project mention: Implementing RBAC in Laravel Tutorial | dev.to | 2021-12-02

  In this tutorial, you'll learn how to implement RBAC in Laravel using Bouncer. Bouncer is a PHP package that lets you add roles and abilities to your Eloquent models.

• HTML Purifier

  7 2,414 4.4 PHP

  Standards compliant HTML filter written in PHP

  Project mention: How to use Laraberg on the client side and avoid XSS attacks? | reddit.com/r/laravel | 2022-01-19

• PHPGGC

  1 2,008 8.1 PHP

  PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

  

  Project mention: Insecure deserialization | reddit.com/r/AskNetsec | 2021-10-29

  To achieve RCE you’d need an unserialize “gadget” — PHPGGC might help.

• SensioLabs Security Check

  2 1,760 8.2 PHP

  A database of PHP security advisories

  

  Project mention: Is Laravel still simple? | reddit.com/r/laravel | 2021-10-31

• IniScan

  0 1,455 0.0 PHP

  A php.ini scanner for best security practices

  

• Sentinel

  0 1,380 0.0 PHP

  A framework agnostic authentication & authorization system. (by cartalyst)

  

• Optimus

  2 1,142 1.1 PHP

  🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

  Project mention: PostgreSQL UUID vs. Serial vs. Identity | news.ycombinator.com | 2021-05-31

  Yes, I completely forgot about it. I used it a few years ago, I tried also [1] which is integers instead of strings.

  [1] https://github.com/jenssegers/optimus

• wp2static

  11 1,124 9.0 PHP

  WordPress static site generator for security, performance and cost benefits

  Project mention: Over 90 WordPress themes, plugins backdoored in supply chain attack | news.ycombinator.com | 2022-01-22

• Halite

  4 1,013 3.7 PHP

  High-level cryptography interface powered by libsodium

  

  Project mention: Halite (usable cryptography library for PHP) version 5.0.0 released (Security Improvements within!) | reddit.com/r/PHP | 2022-01-18

• PHP-Auth

  1 844 3.4 PHP

  Authentication for PHP. Simple, lightweight and secure.

  

  Project mention: Alternatives for passwordless login like Magiclink? | reddit.com/r/PHP | 2022-01-05

• RandomLib

  0 821 0.0 PHP

  A library for generating random numbers and strings

• TwoFactorAuth

  0 804 6.5 PHP

  PHP library for Two Factor Authentication (TFA / 2FA) (by RobThree)

PHP Security related posts

• PrivateBin: NEW Data - star count:3702.0
  1 project | reddit.com/r/algoprojects | 23 Jan 2022
• Simple sharing of keepass keyfile between multiple users?
  1 project | reddit.com/r/selfhosted | 20 Jan 2022
• How to use Laraberg on the client side and avoid XSS attacks?
  1 project | reddit.com/r/laravel | 19 Jan 2022
• Website up again!
  1 project | reddit.com/r/helpcrack | 19 Jan 2022
• Help needed with ab assignment
  1 project | reddit.com/r/netsecstudents | 19 Jan 2022
• Halite (usable cryptography library for PHP) version 5.0.0 released (Security Improvements within!)
  1 project | reddit.com/r/PHP | 18 Jan 2022
• From php to hacking?
  1 project | reddit.com/r/HowToHack | 13 Jan 2022

Index

Sponsored

OPS - Build and Run Open Source Unikernels

Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.

github.com/nanovms

Get the trending PHP projects
with our weekly report!
» Subscribe «