Framework-agnostic static security scanner for PHP. Detects SQLi, XSS, command injection, path traversal, insecure deserialization, weak crypto, hardcoded secrets, and more.

Go to Download

laramint/laravel-security-scanner

1 Favers
488 Downloads

Laravel-aware security rules for php-security-scanner. Detects Laravel SQL injection (DB::raw, whereRaw), mass assignment, debug/dd leaks, unsafe validators, CSRF bypass, insecure cookies, env exposure, Blade raw echo, open redirect, Http SSRF, Storage/File path traversal, file-upload validation gaps, Auth/Crypt/Artisan/Process/Config injection, view-name injection, session fixation, and Mail header injection.

Go to Download

andrewbreksa/mysql-escape-string-polyfill

9 Favers
101 Downloads

mysql-escape-string-polyfill is a very insecure `mysql_escape_string` implementation (PHP 7.1/7.2/8.0) for a very limited use case

Go to Download

ubient/laravel-pwned-passwords

67 Favers
17318 Downloads

A Laravel validation rule to determine whether a given password is pwned (insecure)

Go to Download

littlebizzy/force-https

26 Favers
14 Downloads

Redirects all HTTP requests to the HTTPS version and fixes insecure links and resources without altering the database (also works with CloudFlare).

Go to Download

schams-net/nagios-extensionlist

0 Favers
546 Downloads

Generates a list of insecure extensions for EXT:nagios based on the extension list in the current TYPO3 instance.

Go to Download

patrick-rose/laravel-shared-host

5 Favers
32 Downloads

An easy way for people on shared hosting without command line access to use laravel. It is likely insecure because of it

Go to Download

giantpeach/wp-sane-defaults

0 Favers
68 Downloads

WordPress mu-plugin that fixes common insecure and annoying defaults.

Go to Download

diegomagikal/laravel-password

1 Favers
48 Downloads

Protect your users from entering dumb and common passwords

Go to Download

Next >>