Download the PHP package rafalmasiarek/threat-detector without Composer
On this page you can find all versions of the php package rafalmasiarek/threat-detector. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download rafalmasiarek/threat-detector
More information about rafalmasiarek/threat-detector
Files in rafalmasiarek/threat-detector
Package threat-detector
Short Description Heuristic, modular threat detection (signal-only) with weighted float scoring, predefined thresholds, and PSR-15 middleware for PSR-7 apps.
License MIT
Informations about the package threat-detector
rafalmasiarek/threat-detector
Heuristic, modular threat detection (signal-only) with weighted float scoring, predefined thresholds, and PSR-15 middleware for PSR-7 applications.
โ ๏ธ This library is a signal generator. It does not replace proper validation/sanitization/escaping, CSP, prepared statements, etc.
Features
- ๐งฉ Modular scanners โ each category (XSS, SQLi, SSRF, โฆ) in a separate class.
- โ๏ธ Weighted float scoring โ per-category weights; combine multiple signals.
- ๐๏ธ Predefined thresholds โ
LOW
,MEDIUM
,HIGH
(or custom floats). - ๐งต PSR-15 middleware โ scan query, body, headers, cookies; annotate request; optional header
X-Threat-Suspect
. - ๐ phpDocs & comments โ production-friendly code with clear docs.
- โ Unit tests โ a couple of quick checks to get you started.
- ๐ Examples โ basic HTML form + PSR-15 middleware demo.
Requirements
- PHP 8.1+
- ext-mbstring
Installation
Using Composer:
If you are using this repository locally (path repo):
Quick Start (Core)
Example output:
Quick Start (PSR-15 Middleware)
Example result:
Scoring
- Weights: per category (e.g.,
SQLI=2.0
,CMD_INJECTION=2.5
,CRLF=1.0
). -
Score formula:
- Threshold: request is suspect when
score โฅ threshold
.
Predefined thresholds
Name | Value | Sensitivity |
---|---|---|
LOW | 1.0 | Very sensitive |
MEDIUM | 2.5 | Balanced (default) |
HIGH | 5.0 | Strict |
Examples
-
<script>alert(1)</script>
Hits:XSS=[TAG_SCRIPT, HTML_TAGS]
Score:1.5 ร 2 = 3.0
โ suspect atMEDIUM
UNION SELECT password FROM users
Hits:SQLI=[UNION_SELECT]
Score:2.0 ร 1 = 2.0
โ not suspect atMEDIUM
, suspect atLOW
Categories & Scanners
- XSS โ inline event handlers,
<script>
,javascript:
URIs. - SQLI โ
UNION SELECT
,SLEEP()
,INFORMATION_SCHEMA
, etc. - CMD_INJECTION โ subshells,
;
,&&
,wget/curl
, redirects. - PATH_TRAVERSAL โ
../
, URL-encoded traversal,file://
, wrappers. - CRLF โ header injection sequences.
- SSRF โ URLs to
localhost
,127.0.0.1
,RFC1918
ranges. - XXE โ
<!DOCTYPE>
,<!ENTITY>
, external SYSTEM. - NOSQL โ Mongo-like operators
$where
,$regex
. - LDAP โ wildcards, null bytes.
- SERIALIZATION โ PHP serialized payload patterns.
Integration Ideas
- Add to Slim/Mezzio pipeline as PSR-15 middleware.
- Run against form input before sending mail (contact forms).
- Log suspect inputs into a security audit trail.
- Flag suspicious requests in rate-limiting / WAF logic.
Tests & Examples
- PHPUnit tests included (
tests/
):TruePositiveDetectionsTest.php
FalsePositiveHeuristicsTest.php
- Example apps in
examples/
:basic/
(HTML form demo)psr15/
(middleware demo)
Run tests:
Security Notice
This library generates signals only.
Always combine with:
- Prepared statements for SQL queries
- Proper HTML escaping and CSP
- Strong input validation
Folder Structure
License
MIT
All versions of threat-detector with dependencies
psr/http-message Version ^1.1 || ^2.0
psr/http-server-middleware Version ^1.0
psr/http-server-handler Version ^1.0