Explore 31 curated tools and resources
Want your tool featured here?
Get maximum visibility with pinned placement
A PHP library that provides secure data encryption capabilities using keys or passwords, designed to minimize implementation errors.
A PHP library that provides secure data encryption capabilities using keys or passwords, designed to minimize implementation errors.
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
A PHP port of Rack::Honeypot, a spam trap that detects and blocks spambots
Comprehensive guide on best practices for PHP development.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A toolkit that transforms PHP applications into web-based high-interaction Honeypots for monitoring and analyzing attacks.
A JavaScript scanner built in PHP for scraping URLs and other information.
A JavaScript scanner built in PHP for scraping URLs and other information.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A project developed for pentesters to practice SQL Injection concepts in a controlled environment.
A set of PHP scripts for practicing LFI, RFI, and CMD injection vulnerabilities.
A set of PHP scripts for practicing LFI, RFI, and CMD injection vulnerabilities.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
A webshell manager via terminal for controlling web servers running PHP or MySQL.
TANNER is a remote data analysis service that evaluates HTTP requests and generates responses for SNARE honeypots while emulating application vulnerabilities.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
A series of vulnerable virtual machine images with documentation to teach Linux, Apache, PHP, MySQL security.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
XVWA is an intentionally vulnerable PHP/MySQL web application designed for security education, containing multiple common web vulnerabilities for hands-on learning and practice.
A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.
A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.
A blog about various cybersecurity-related topics, including home networking, compiler development, and security vulnerabilities.
A blog about various cybersecurity-related topics, including home networking, compiler development, and security vulnerabilities.
A library for forward compatibility with PHP password functions.
Python web application honeypot with vulnerability type emulation and modular design.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A WordPress plugin that logs failed login attempts to help monitor unauthorized access attempts on WordPress websites.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A dependency security scanner that identifies potential supply chain vulnerabilities by checking for available package namespace registrations across Python, JavaScript, PHP, and Maven repositories.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
CakeFuzzer is an automated vulnerability discovery tool specifically designed for identifying security issues in CakePHP web applications with minimal false positives.
A library of PHP unserialize() payloads and a tool to generate them.
A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.
A PHP 5.x polyfill for random_bytes() and random_int() created by Paragon Initiative Enterprises.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A deliberately vulnerable web application that uses WebSocket communication to provide a training environment for learning about WebSocket-related security vulnerabilities.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A web-based visualization tool that displays statistics and generates charts from Shockpot honeypot data stored in PostgreSQL databases.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A PHP-based command and control framework that maintains persistent web server access through polymorphic backdoors and HTTP header communication tunneling.
A portable public domain password hashing framework for PHP applications.
A portable public domain password hashing framework for PHP applications.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment.
A vulnerable web site for testing Sentinel features