Open Source PHP Security Software

RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/

About GameOver: Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover XSS CSRF RFI & LFI BruteForce Authentication Directory/Path traversal Command execution SQL injection Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.

exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured

PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications.

Automated Security Tools (autosec) aims to provide automatic tools which network administrators may use to help check and test the security of their network.

The projects of ChiNvo Studio

You could be doing a better job of website security... If only there was a simple way to implement SSL with signed keys? PHP-CA is an easy to use and easy to administer Certificate Authority that runs in PHP.

BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities. Currently, the app contains the following types of vulnerabilities: *SQL Injection *XSS(includes Flash Based xss) *CSRF *Clickjacking *SSRF *File Inclusion * Code Execution *Insecure Direct Object Reference *Unrestricted File Upload vulnerability *Open URL Redirection *Server Side Includes(SSI) Injection and more... Java version of this application can be found here: https://sourceforge.net/p/javavulnerablelab/

** Guys I have built a much more powerful Fully Featured CMS system at: https://github.com/MacdonaldRobinson/FlexDotnetCMS Macs CMS is a Flat File ( XML and SQLite ) based AJAX Content Management System. It focuses mainly on the Edit In Place editing concept. It comes with a built in blog with moderation support, user manager section, roles manager section, SEO / SEF URL

This is where web developers can get tools that can make their life easier. Web technologies and languages used contain but are not limited to HTML, XHTML, CSS, JavaScript, PHP, and AJAX. All code is extremely slim, fast running, and is W3C compliant.

A toolkit of nitty-gritty classes from real-life projects. Contains generic snippets along with things like server-side DOM implementation or RSA or code generation tools.

phpPassSafe is a web based Tool for secure, rolebased password storage and management. The passwords are stored aes-256 encrypted. Now a random password generator is included.

ACID is a PHP-based analysis engine to search and process a database of security incidents generated by security-related software such as IDSes and firewalls (e.g. Snort, ipchains).

Copyright (C) 2016 Jonas Penno This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses.

Peruggia is designed as a safe, legal environment to learn about and try common attacks on web applications. Peruggia looks similar to an image gallery, but contains several controlled vulnerabilities to practice on.

Detect your web servers being scanned by brute force tools and vulnerability scanners.Helps you quickly identify probable probing by bad guys who's wanna dig possible security holes.

Vernash: Stream cipher based on the Vernam cipher and Variable-Length Hashes

This project is an attempt to redesign the snort database schema and to provide a new analysis frontend and associated tools.

This project aims to provide a method for listening on a serial port and decode incoming messages from a Galaxy security control panel. The messages are transmitted using the SIA DC-03-1990.01 (R2000.11) protocol. The decoded messages are stored in a database (MySQL) or forwarded by email using ssmtp. Besides just listening for messages openGalaxy can also be used to arm/disarm the panel and much more... This software is still in a testing (beta) phase but has been tested successfully with the following security control panels made by Microtech / Honeywell Security: - Galaxy 18 (Dutch firmware v1.25) with external RS232 box - Galaxy 60 (Dutch firmware v1.07) with external RS232 box - Galaxy G3-520 (Dutch firmware v5.50) (internal RS232)

ADC is a tool that helps security administrators to maintain policy compliance of configurations and policies on numerous systems. ADC is similar to OpenAudit or OCS, however ADC is designed to collect arbitrary data (not limited to PC inventory), thus it helps information security experts control configurations and policies on remote servers.

A Web Based Self Service Active Directory Password Reset Tool

AIM Sniff is a network sniffer specifically designed to pick up messages transmitted using the AIM or MSN clients and their derivatives. All information can be sent to STDOUT or a MySQL DB.

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

Amnesia is a design-rich 'host-proof' web application that encrypts and remembers all sorts of personal information from passwords to private notes. Project now hosted at Google Code: https://code.google.com/p/amnesia-app/

AIRT is an application for Computer Security Incident Response. The target audience of AIR is incident response groups which provide end-user support. AIRT is fully built using PHP4 on a Postgresql database.