PHPackages laravel-security/pentest-scanner - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. laravel-security/pentest-scanner ActiveLibrary[Security](/categories/security) laravel-security/pentest-scanner ================================ Penetration testing & OWASP vulnerability scanner for Laravel projects 02PHP Since Apr 30Pushed 1mo agoCompare [ Source](https://github.com/ralsofyani/laravel-pentest-scanner)[ Packagist](https://packagist.org/packages/laravel-security/pentest-scanner)[ RSS](/packages/laravel-security-pentest-scanner/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependenciesVersions (1)Used By (0) [![Laravel Pentest Scanner](art/logo.png)](art/logo.png) Laravel Pentest Scanner ======================= [](#laravel-pentest-scanner) Scan your Laravel project for real security vulnerabilities — [ ![Latest Version](https://camo.githubusercontent.com/9d7fe84e74884e89c2d81831dff58d7bb0c90492a3e761c93e474934f119a6f3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c61726176656c2d73656375726974792f70656e746573742d7363616e6e6572) ](https://packagist.org/packages/laravel-security/pentest-scanner) [ ![Total Downloads](https://camo.githubusercontent.com/b924414f5ae0f91ee941662ae2900520c009a09190f99d3b65004b200b2f3de9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6c61726176656c2d73656375726974792f70656e746573742d7363616e6e6572) ](https://packagist.org/packages/laravel-security/pentest-scanner) [![Laravel](https://camo.githubusercontent.com/cb438b46553b6a43dbbddb08f8ca77a243400ca92edd32aa7d498cd05b91ec55/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31302532307c25323031312532307c25323031322d726564)](https://camo.githubusercontent.com/cb438b46553b6a43dbbddb08f8ca77a243400ca92edd32aa7d498cd05b91ec55/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31302532307c25323031312532307c25323031322d726564) [![PHP](https://camo.githubusercontent.com/6351c44c5acd541a16e8505d9389a2576fb01528ebdbaf6a6b744ac49e401cae/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e312b2d626c7565)](https://camo.githubusercontent.com/6351c44c5acd541a16e8505d9389a2576fb01528ebdbaf6a6b744ac49e401cae/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e312b2d626c7565) [![License](https://camo.githubusercontent.com/f8df3091bbe1149f398a5369b2c39e896766f9f6efba3477c63e9b4aa940ef14/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e)](https://camo.githubusercontent.com/f8df3091bbe1149f398a5369b2c39e896766f9f6efba3477c63e9b4aa940ef14/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e) --- What is this? ------------- [](#what-is-this) Laravel Pentest Scanner is a static analysis tool that reads your **actual application code** and looks for security vulnerabilities Run it before your security audit. Fix what it finds. Go in confident. --- Installation ------------ [](#installation) ``` composer require --dev laravel-security/pentest-scanner ``` Usage ----- [](#usage) ``` php artisan pentest:scan ``` ### Options [](#options) ``` # Scan a specific path php artisan pentest:scan /path/to/project # Show only high severity findings php artisan pentest:scan --severity=high # Filter by vulnerability category php artisan pentest:scan --category="SQL Injection" # Export results php artisan pentest:scan --output=report.json php artisan pentest:scan --output=report.txt ``` --- What It Covers -------------- [](#what-it-covers) AreaVulnerabilitiesInjectionSQL, NoSQL, LDAP, Command, XSS, XXE, Template, Email, CRLFBroken Access ControlIDOR, Broken Authorization, Path Traversal, Open RedirectCryptographic FailuresWeak hashing, Hardcoded secrets & API keys, Insecure randomness, Timing attacksSecurity MisconfigurationCSRF bypass, CORS wildcard, Missing security headers, Insecure session configAuthenticationBroken auth patterns, Weak JWT, Weak password policy, Missing rate limitingSoftware IntegrityInsecure deserialization, Vulnerable components (composer.json audit)Logging & MonitoringMissing security logging, Sensitive data in responsesSSRFServer-Side Request Forgery via HTTP clientAPI SecurityBOLA, Unauthenticated routes, Mass data exposure, Missing throttleOtherClickjacking, Host Header Injection, Cache Poisoning, Zip Slip, Regex DoS, Business Logic, Webhook bypass--- Severity Levels --------------- [](#severity-levels) LevelMeaning🔴 **HIGH**Confirmed exploitable vulnerability🟡 **MEDIUM**Likely vulnerability — review recommended🔵 **LOW**Security hardening recommendation🟢 **NEEDS MANUAL CHECK**Cannot be auto-verified — human review required--- License ------- [](#license) MIT — Rawan Alsofyani ### Health Score 20 — LowBetter than 13% of packages Maintenance61 Regular maintenance activity Popularity3 Limited adoption so far Community6 Small or concentrated contributor base Maturity11 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/54c6a2a264028686b2a8b3c4eb8d576bc3bb6dc61c51eb6e6742e35cd2ce7627?d=identicon)[ralsofyani](/maintainers/ralsofyani) --- Top Contributors [![ralsofyani](https://avatars.githubusercontent.com/u/201691463?v=4)](https://github.com/ralsofyani "ralsofyani (4 commits)") ### Embed Badge ![Health badge](/badges/laravel-security-pentest-scanner/health.svg) ``` [![Health](https://phpackages.com/badges/laravel-security-pentest-scanner/health.svg)](https://phpackages.com/packages/laravel-security-pentest-scanner) ``` ### Alternatives [mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k18.0M133](/packages/mews-purifier)[paragonie/ecc PHP Elliptic Curve Cryptography library 24772.0k35](/packages/paragonie-ecc)[fof/recaptcha Increase your forum's security with Google reCAPTCHA 1436.9k](/packages/fof-recaptcha)[enupal/backup Fully integrated Backup solution for Craft CMS 1612.5k1](/packages/enupal-backup)[thomaswelton/laravel-mcrypt-faker Allows installation of Laravel where the PHP Mcrypt extension is not available. Provides encryption using OpenSSL, or by disabling encryption entierly. 114.0k](/packages/thomaswelton-laravel-mcrypt-faker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)