Top 23 PHP Security Projects

Security

• Add a project

1. Matomo

   1 156 20,422 9.8 PHP

   Empowering People Ethically 🚀 — Matomo is hiring! Join us → https://matomo.org/jobs Matomo is the leading open-source alternative to Google Analytics, giving you complete control and built-in privacy. Easily collect, visualise, and analyse data from websites & apps. Star us on GitHub ⭐️ – Pull Requests welcome!

   

   Project mention: 10 of the Best Web Analytics Tools for React Websites | dev.to | 2025-03-20

   As an open-source cloud and on-premise tool, Matomo gives users complete control over their data, allowing them to host it on their servers and comply with privacy regulations such as GDPR.

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. DVWA

   2 40 11,055 8.9 PHP

   Damn Vulnerable Web Application (DVWA)

   

   Project mention: Cybersecurity Beginner's Guide: Build Your Own Vulnerable Lab in 5 Minutes (DVWA + More) | dev.to | 2025-04-17

   Step 2: Deploy DVWA (Damn Vulnerable Web App) DVWA is a classi learning platform containing common vulnerabilities like XSS, SQLi, CSRF, and file upload flaws. ✓Installation Steps:https://github.com/digininja/DVWA.git 1.Move DVWA into ServBay’s root directory (/Applications/ServBay/www/) Then modify the config.inc.php.dist file suffix to config.inc.php, and modify the database user name and password. Other configurations do not need to be changed.

4. random_compat

   3 0 8,176 3.1 PHP

   PHP 5.x support for random_bytes() and random_int()

   

5. PrivateBin

   4 162 7,081 9.6 PHP

   A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES.

   

   Project mention: We build Dropbud, place to upload files without uploading | news.ycombinator.com | 2025-02-23

6. awesome-appsec

   5 6 6,496 3.4 PHP

   A curated list of resources for learning about application security

   

7. MISP

   6 30 5,639 9.9 PHP

   MISP (core software) - Open Source Threat Intelligence and Sharing Platform

   

   Project mention: Cradle – Open-Source Collaborative Threat Intelligence Hub | news.ycombinator.com | 2025-03-15

8. PHPSecLib

   7 12 5,457 9.1 PHP

   PHP Secure Communications Library

   

9. InfluxDB

   influxdata.com featured

   InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.

   

10. pfSense

    8 187 5,184 9.7 PHP

    Main repository for pfSense

    

    Project mention: US Weighs Banning TP-Link Routers | news.ycombinator.com | 2024-12-18

    >I'm currently upgrading my home network, trying various options, and one of the headaches is provenance of the equipment.

    If you're concerned about provenance (or even if you're not), I suggest using a general purpose device and rolling your own ala pfSense[0]/OPNSense[1], etc, or just use one of the BSDs or Linux and use native tools or one of the many router/firewall distros[2]

    [0] https://www.pfsense.org/

    [1] https://opnsense.org/

    [2] https://en.wikipedia.org/wiki/List_of_router_and_firewall_di...

11. Passbolt

    9 40 4,960 9.8 PHP

    Passbolt Community Edition (CE) API. The JSON API for the open source password manager for teams!

    

12. PHP Encryption

    10 3 3,823 5.6 PHP

    Simple Encryption in PHP.

    

13. bouncer

    11 12 3,507 3.7 PHP

    Laravel Eloquent roles and abilities.

    

14. PHPGGC

    12 4 3,431 8.3 PHP

    PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.

    

    Project mention: PHAR Deserialization in Monolog 2.7 | dev.to | 2025-03-10

    Once we verify that the application uses this library in this specific version (usually through the composer.json file), we can test for insecure deserialization in an image upload route, for example. But first we need to create the gadget with the PHPGGC collection:

15. HTML Purifier

    13 13 3,152 6.3 PHP

    Standards compliant HTML filter written in PHP

    

16. SensioLabs Security Check

    14 4 2,073 7.5 PHP

    A database of PHP security advisories

    

17. Sentinel

    15 1 1,523 3.8 PHP

    A framework agnostic authentication & authorization system. (by cartalyst)

    

18. IniScan

    16 0 1,482 0.0 PHP

    A php.ini scanner for best security practices

    

19. wp2static

    17 22 1,432 3.3 PHP

    WordPress static site generator for security, performance and cost benefits

    

20. mutillidae

    18 5 1,337 9.8 PHP

    OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

    

21. Optimus

    19 2 1,268 2.4 PHP

    🤖 Id obfuscation based on Knuth's multiplicative hashing method for PHP.

    

22. Latte

    20 10 1,179 7.2 PHP

    ☕ Latte: the safest & truly intuitive templates for PHP. Engine for those who want the most secure PHP sites.

    

23. PHP-Auth

    21 9 1,152 6.5 PHP

    Authentication for PHP. Simple, lightweight and secure.

    

24. Halite

    22 7 1,133 7.3 PHP

    High-level cryptography interface powered by libsodium

    

25. TwoFactorAuth

    23 0 1,119 4.5 PHP

    PHP library for Two Factor Authentication (TFA / 2FA) (by RobThree)

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

PHP Security related posts

• Cybersecurity Beginner's Guide: Build Your Own Vulnerable Lab in 5 Minutes (DVWA + More)

  1 project | dev.to | 17 Apr 2025

• Build a Cyber Range in 5 Minutes: Unlock Your First Step to Becoming a Hacking Pro! (Save This Guide)

  1 project | dev.to | 27 Mar 2025

• Montando um laboratório de Pentest com um celular Android e Kali Linux

  1 project | dev.to | 20 Mar 2025

• Setting up a pentest lab with an Android Phone and Kali Linux

  1 project | dev.to | 20 Mar 2025

• PHAR Deserialization in Monolog 2.7

  1 project | dev.to | 10 Mar 2025

• We build Dropbud, place to upload files without uploading

  1 project | news.ycombinator.com | 23 Feb 2025

• PrivateBin – OSS pastebin where the server has zero knowledge of pasted data

  1 project | news.ycombinator.com | 18 Nov 2024
• A note from our sponsor - SaaSHub
  www.saashub.com | 22 Apr 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

CodeRabbit: AI Code Reviews for Developers

Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

coderabbit.ai

Do not miss the trending PHP projects with our weekly report!