Open Source PHP Security Software

RIPS is a static code analysis tool for the automated detection of security vulnerabilities in PHP applications. It was released 2010 during the Month of PHP Security (www.php-security.org). NOTE: RIPS 0.5 development is abandoned. A complete rewrite with OOP support and higher precision is available at https://www.ripstech.com/next-generation/

About GameOver: Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover XSS CSRF RFI & LFI BruteForce Authentication Directory/Path traversal Command execution SQL injection Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.

Peruggia is designed as a safe, legal environment to learn about and try common attacks on web applications. Peruggia looks similar to an image gallery, but contains several controlled vulnerabilities to practice on.

hprobe is a packet generator with a built-in sniffer (using libpcap). It can generate many types of network probes to scan hosts and networks and automatically analyses the responses. Written in C for Linux platform

You could be doing a better job of website security... If only there was a simple way to implement SSL with signed keys? PHP-CA is an easy to use and easy to administer Certificate Authority that runs in PHP.

AIM Sniff is a network sniffer specifically designed to pick up messages transmitted using the AIM or MSN clients and their derivatives. All information can be sent to STDOUT or a MySQL DB.

"No more clear text passwords" is a project to stop the nonsense regarding passwords used in the login protocols of most Web 2.0 projects: they are sent in the clear, shamelessly, with absolutely no care for privacy, and without warning the users.

github: https://github.com/samedog/phpmvs

openWallet is a single sign-on (SSO) solution for the internet. It differs from other SSO solutions (such as MS Passport) in that the user is in charge of their own data, rather that some centralized or third party repository.

Four-channel daemon of video observation for IP video servers Aviosys IP9100A (B, Plus). This program is intended for indemnification of hardware restrictions four-channel IP video servers Aviosys

What are the packets rejected by your Netfilter based firewall today ? How often this suspicious host try to connect to your box ? What are the most rejected domains ? Who is this strange host which scan your ports ? The responses are in the iptables log

This project aims to provide a method for listening on a serial port and decode incoming messages from a Galaxy security control panel. The messages are transmitted using the SIA DC-03-1990.01 (R2000.11) protocol. The decoded messages are stored in a database (MySQL) or forwarded by email using ssmtp. Besides just listening for messages openGalaxy can also be used to arm/disarm the panel and much more... This software is still in a testing (beta) phase but has been tested successfully with the following security control panels made by Microtech / Honeywell Security: - Galaxy 18 (Dutch firmware v1.25) with external RS232 box - Galaxy 60 (Dutch firmware v1.07) with external RS232 box - Galaxy G3-520 (Dutch firmware v5.50) (internal RS232)

ADC is a tool that helps security administrators to maintain policy compliance of configurations and policies on numerous systems. ADC is similar to OpenAudit or OCS, however ADC is designed to collect arbitrary data (not limited to PC inventory), thus it helps information security experts control configurations and policies on remote servers.

A Web Based Self Service Active Directory Password Reset Tool

AVirCAP is a system for manual and / or automated detection of CodeRed and Nimda type of hack attempts and virtually all other kinds of "logable" intrusion attempts. It can work stand alone or together with other additional AVirCAP machines in the LAN/W

Amnesia is a design-rich 'host-proof' web application that encrypts and remembers all sorts of personal information from passwords to private notes. Project now hosted at Google Code: https://code.google.com/p/amnesia-app/

ACID is a PHP-based analysis engine to search and process a database of security incidents generated by security-related software such as IDSes and firewalls (e.g. Snort, ipchains).

AIRT is an application for Computer Security Incident Response. The target audience of AIR is incident response groups which provide end-user support. AIRT is fully built using PHP4 on a Postgresql database.

Automated Security Tools (autosec) aims to provide automatic tools which network administrators may use to help check and test the security of their network.

BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities. Currently, the app contains the following types of vulnerabilities: *SQL Injection *XSS(includes Flash Based xss) *CSRF *Clickjacking *SSRF *File Inclusion * Code Execution *Insecure Direct Object Reference *Unrestricted File Upload vulnerability *Open URL Redirection *Server Side Includes(SSI) Injection and more... Java version of this application can be found here: https://sourceforge.net/p/javavulnerablelab/

You can encode your php files with this class

Bloppy Blowfish PHP (En/De)crypter can crypt, with a private key, text messages or files, send it via e-mail and decrypt it. You can inject a crypted message into any kind of file (like JPEG image) and send it via e-mail.

BookMage is a server side login mechanism to protect against phishing attacks which uses a login bookmark and an interactive custom image. The (PHP and javascript) code is short and simple is and can be easily integrated into any website.

Helper web application writen in PhP and Perl to mantain local Certificate Authority based on openssl. Provides ability to view issued certificates, issue new certificates, revoke compromised certificates.

A simple access control app that intends to replace declarative jaas security in web.xml for web applications deployed on Jboss app server and TOMCAT container. Also include an extension for PHP applications.