dustyfresh/PHP-vulnerability-audit-cheatsheet external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

dustyfresh/PHP-vulnerability-audit-cheatsheet

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/dustyfresh/PHP-vulnerability-audit-cheatsheet)

Close

dustyfresh / PHP-vulnerability-audit-cheatsheetView on GitHubMore

• External links
• Readme badge

This will assist you in the finding of potentially vulnerable PHP code. Each type of grep command is categorized in the type of vulnerabilities you generally find with that function.

☆364Mar 6, 2025Updated last year

Alternatives and similar repositories for PHP-vulnerability-audit-cheatsheet

Users that are interested in PHP-vulnerability-audit-cheatsheet are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• teknogeek / ssrf-sheriff

  View on GitHub
  A simple SSRF-testing sheriff written in Go
  ☆337Oct 31, 2024Updated last year
• bilbomal / BB-Tips

  View on GitHub
  Collection of Bug Bounty Tips
  ☆65Dec 10, 2019Updated 6 years ago
• proabiral / inception

  View on GitHub
  A highly configurable Framework for easy automated web scanning
  ☆382Jul 13, 2020Updated 5 years ago
• j0bin / Pentest-Resources

  View on GitHub
  ☆122Mar 27, 2017Updated 9 years ago
• GoSecure / dtd-finder

  View on GitHub
  List DTDs and generate XXE payloads using those local DTDs.
  ☆655Feb 21, 2024Updated 2 years ago
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• clirimemini / Keye

  View on GitHub
  Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will m…
  ☆99Dec 30, 2019Updated 6 years ago
• Damian89 / extended-ssrf-search

  View on GitHub
  Smart ssrf scanner using different methods like parameter brute forcing in post and get...
  ☆279Feb 11, 2021Updated 5 years ago
• laconicwolf / cors-scanner

  View on GitHub
  A multi-threaded scanner that helps identify CORS flaws/misconfigurations
  ☆19Nov 18, 2019Updated 6 years ago
• projectzeroindia / CVE-2019-11510

  View on GitHub
  Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
  ☆364Jan 11, 2020Updated 6 years ago
• whitel1st / docem

  View on GitHub
  A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)
  ☆684Jan 28, 2024Updated 2 years ago
• subfinder / goaltdns

  View on GitHub
  A permutation generation tool written in golang
  ☆211Jul 15, 2019Updated 6 years ago
• dogangcr / vulnerable-sso

  View on GitHub
  vulnerable single sign on
  ☆150Aug 1, 2024Updated last year
• weev3 / LKWA

  View on GitHub
  Lesser Known Web Attack Lab
  ☆330Feb 7, 2020Updated 6 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,486Oct 12, 2024Updated last year
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• masatokinugawa / filterbypass

  View on GitHub
  Browser's XSS Filter Bypass Cheat Sheet
  ☆1,153May 6, 2017Updated 8 years ago
• securityidiots / CollabOzark

  View on GitHub
  CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.
  ☆136Sep 25, 2019Updated 6 years ago
• incogbyte / jsearch

  View on GitHub
  ☆31Apr 6, 2021Updated 5 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,792Apr 26, 2024Updated last year
• Regala / burp-scope-monitor

  View on GitHub
  Burp Suite Extension to monitor new scope
  ☆200Mar 31, 2021Updated 5 years ago
• nccgroup / tracy

  View on GitHub
  A tool designed to assist with finding all sinks and sources of a web application and display these results in a digestible manner.
  ☆557Mar 6, 2023Updated 3 years ago
• eur0pa / dirsearch-go

  View on GitHub
  A Go implementation of dirsearch.
  ☆43Mar 10, 2019Updated 7 years ago
• maK- / parameth

  View on GitHub
  This tool can be used to brute discover GET and POST parameters
  ☆1,395Aug 24, 2019Updated 6 years ago
• Plazmaz / leaky-repo

  View on GitHub
  Benchmarking repo for secrets scanning
  ☆244Aug 18, 2024Updated last year
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• arbazkiraak / certasset

  View on GitHub
  Takes ip range, Scan all open SSL Certs, Grab Cnames
  ☆113Sep 23, 2018Updated 7 years ago
• C-Sto / recursebuster

  View on GitHub
  rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
  ☆250Oct 15, 2019Updated 6 years ago
• cosmoscrew / gomassdns

  View on GitHub
  A better dns bruteforcer written in golang
  ☆13Nov 4, 2018Updated 7 years ago
• MilindPurswani / Syborg

  View on GitHub
  Recursive DNS Subdomain Enumerator with dead-end avoidance system (BETA)
  ☆146Apr 9, 2021Updated 5 years ago
• hahwul / can-i-protect-xss

  View on GitHub
  Everything about xss protection technology
  ☆14Oct 22, 2019Updated 6 years ago
• lc / hacks

  View on GitHub
  Repo of useful scripts
  ☆104Jun 30, 2020Updated 5 years ago
• 0xacb / viewgen

  View on GitHub
  Viewgen is a ViewState tool capable of generating both signed and encrypted payloads with leaked validation keys
  ☆660Feb 1, 2025Updated last year
• milo2012 / CVE-2018-13379

  View on GitHub
  CVE-2018-13379
  ☆254Aug 14, 2019Updated 6 years ago
• doyensec / burpdeveltraining

  View on GitHub
  Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
  ☆355Oct 14, 2020Updated 5 years ago
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• m6a-UdS / ssrf-lab

  View on GitHub
  Lab for exploring SSRF vulnerabilities
  ☆247May 30, 2021Updated 4 years ago
• lkorba / enumsh

  View on GitHub
  ☆10Oct 30, 2019Updated 6 years ago
• lc / brute53

  View on GitHub
  A tool to bruteforce nameservers when working with subdomain delegations to AWS.
  ☆58Aug 22, 2019Updated 6 years ago
• prodigysml / Dr.-Watson

  View on GitHub
  Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's yo…
  ☆216Oct 31, 2019Updated 6 years ago
• haccer / subjack

  View on GitHub
  DNS Takeover tool written in Go
  ☆2,044Mar 16, 2026Updated 3 weeks ago
• arbazkiraak / BurpBLH

  View on GitHub
  Broken Link Hijacking Burp Extension
  ☆57Sep 13, 2019Updated 6 years ago
• veracode-research / solr-injection

  View on GitHub
  Apache Solr Injection Research
  ☆581Jan 28, 2020Updated 6 years ago