Download the PHP package mohamedhekal/laravel-vulnerability-audit without Composer

🔐 Laravel Vulnerability Audit Package

A comprehensive security audit package for Laravel applications that scans for vulnerabilities, weak configurations, and security best practices. This package helps developers and teams ensure their Laravel projects follow security best practices before deployment.

🎯 Features

🔑 Password Strength Scanner

• Scans user passwords against known weak password lists
• Supports both hashed and plain text password checking
• Configurable password strength requirements

⚙️ Environment Configuration Checker

• Detects if APP_DEBUG is enabled in production
• Validates APP_ENV settings
• Checks session driver security
• Verifies HTTPS enforcement

🧑‍💻 User Role & Permissions Analyzer

• Identifies admin roles with excessive permissions
• Warns about unrestricted access patterns
• Analyzes role hierarchy and privilege escalation risks

🗃️ Database Schema Analyzer

• Scans for missing timestamps (created_at, updated_at)
• Checks for soft delete support (deleted_at)
• Validates primary key presence
• Analyzes table indexing and security layers

📦 Composer Package Version Checker

• Detects outdated packages from composer.lock
• Compares versions with Packagist API
• Alerts for critical security updates

🧾 File Permissions Scanner

• Checks .env, storage, and logs folder permissions
• Validates file accessibility and writability
• Identifies potential security vulnerabilities

🔍 Additional Security Checks

• CSRF and CORS configuration validation
• Laravel Sanctum/Passport token policies
• Hardcoded secrets detection
• Debug route exposure scanning

📦 Installation

Via Composer

Publish Configuration

🚀 Quick Start

Basic Security Scan

Generate Detailed Report

Scheduled Security Audits

📋 Configuration

The configuration file config/vulnerability-audit.php allows you to customize:

🛠️ Usage Examples

Command Line Interface

Programmatic Usage

Web Dashboard

Access the security dashboard at /security-audit (if enabled):

📊 Report Formats

Console Output

HTML Report

Generates a beautiful, interactive HTML report with:

• Color-coded severity levels
• Detailed recommendations
• Actionable security fixes
• Historical audit comparison

PDF Report

Professional PDF reports suitable for:

• Security compliance documentation
• Client security audits
• Team security reviews

🔧 Custom Scanners

Create custom security scanners:

Register in configuration:

🚨 Notifications

Configure notifications for security issues:

🧪 Testing

📈 Security Score Calculation

The package calculates an overall security score based on:

• Critical Issues (40%): Immediate security threats
• High Issues (30%): Significant security risks
• Medium Issues (20%): Moderate security concerns
• Low Issues (10%): Minor security improvements

🔄 Scheduled Audits

Add to your Laravel scheduler:

🤝 Contributing

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📝 Changelog

Please see CHANGELOG for more information on what has changed recently.

🔒 Security

If you discover any security-related issues, please email [email protected] instead of using the issue tracker.

📄 License

The MIT License (MIT). Please see License File for more information.

🙏 Acknowledgments

• Laravel community for the amazing framework
• Security researchers and contributors
• All package users and feedback providers

📞 Support

• Documentation: GitHub Wiki
• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Email: [email protected]

Made with ❤️ by Mohamed Hamad