PHPackages synceratech/laravel-web-terminal - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. synceratech/laravel-web-terminal ActiveLibrary synceratech/laravel-web-terminal ================================ A secure web terminal emulator for Laravel applications with comprehensive security features 00PHP Since Oct 5Pushed 7mo agoCompare [ Source](https://github.com/elmgdad/laravel-web-terminal)[ Packagist](https://packagist.org/packages/synceratech/laravel-web-terminal)[ RSS](/packages/synceratech-laravel-web-terminal/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Laravel Web Terminal ==================== [](#laravel-web-terminal) A secure, feature-rich web terminal emulator package for Laravel applications. Execute shell commands safely through a beautiful web interface with comprehensive security features. [![Laravel Web Terminal](https://camo.githubusercontent.com/d71132a489ec04e4fc8d7bca2adb17c578f12dc2818f1fa03933ad38d1fe842f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31312e7825323025374325323031302e78253230253743253230392e782d7265642e737667)](https://camo.githubusercontent.com/d71132a489ec04e4fc8d7bca2adb17c578f12dc2818f1fa03933ad38d1fe842f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31312e7825323025374325323031302e78253230253743253230392e782d7265642e737667)[![PHP Version](https://camo.githubusercontent.com/d4b5fa4adf514144779a7864904c5e15236c0e798635240c7f6ce9a455657b80/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e302532422d626c75652e737667)](https://camo.githubusercontent.com/d4b5fa4adf514144779a7864904c5e15236c0e798635240c7f6ce9a455657b80/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e302532422d626c75652e737667)[![License](https://camo.githubusercontent.com/8bb50fd2278f18fc326bf71f6e88ca8f884f72f179d3e555e20ed30157190d0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e2e737667)](https://camo.githubusercontent.com/8bb50fd2278f18fc326bf71f6e88ca8f884f72f179d3e555e20ed30157190d0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e2e737667) โœจ Features ---------- [](#-features) ### ๐Ÿ”’ Security First [](#-security-first) - **Access Key Authentication** - Secure key-based access control - **Command Blocking** - Comprehensive list of dangerous commands blocked by default - **Input Sanitization** - Prevents command injection attacks - **Rate Limiting** - Session-based request limiting - **IP Whitelisting** - Optional IP address restrictions - **Security Logging** - All security events logged with details ### ๐ŸŽจ Modern Interface [](#-modern-interface) - **Responsive Design** - Works on desktop and mobile devices - **Dark/Light Themes** - Customizable appearance - **Real-time Execution** - AJAX-powered command execution - **Command History** - Navigate through previous commands - **Auto-completion** - Tab completion for commands (coming soon) ### ๐Ÿ› ๏ธ Developer Friendly [](#๏ธ-developer-friendly) - **Laravel Integration** - Built specifically for Laravel - **Artisan Commands** - Easy key generation and management - **Configurable** - Extensive configuration options - **Middleware Support** - Custom middleware integration - **Event Logging** - Laravel logging integration ๐Ÿ“‹ Requirements -------------- [](#-requirements) - PHP 8.0 or higher - Laravel 9.x, 10.x, or 11.x - `shell_exec` function enabled - `proc_open` function enabled (recommended) ๐Ÿš€ Installation -------------- [](#-installation) ### 1. Install via Composer [](#1-install-via-composer) ``` composer require SynceraTech/laravel-web-terminal ``` ### 2. Publish Configuration [](#2-publish-configuration) ``` php artisan vendor:publish --tag=web-terminal-config ``` ### 3. Generate Access Key [](#3-generate-access-key) ``` php artisan web-terminal:generate-key ``` This will generate a secure access key and add it to your `.env` file. ### 4. Configure Environment [](#4-configure-environment) Add these variables to your `.env` file (automatically added by the generate-key command): ``` # Web Terminal Configuration WEB_TERMINAL_KEY=your_generated_secure_key_here WEB_TERMINAL_REQUIRE_KEY=true WEB_TERMINAL_MAX_REQUESTS=50 WEB_TERMINAL_RATE_WINDOW=600 WEB_TERMINAL_TIMEOUT=15 WEB_TERMINAL_MAX_LENGTH=500 WEB_TERMINAL_LOGGING=true ``` ### 5. Optional: Publish Views [](#5-optional-publish-views) If you want to customize the terminal interface: ``` php artisan vendor:publish --tag=web-terminal-views ``` ๐Ÿ”ง Configuration --------------- [](#-configuration) The configuration file `config/web-terminal.php` provides extensive customization options: ### Security Settings [](#security-settings) ``` 'access_key' => env('WEB_TERMINAL_KEY', null), 'require_key' => env('WEB_TERMINAL_REQUIRE_KEY', true), 'max_requests_per_session' => env('WEB_TERMINAL_MAX_REQUESTS', 50), 'rate_limit_window' => env('WEB_TERMINAL_RATE_WINDOW', 600), 'command_timeout' => env('WEB_TERMINAL_TIMEOUT', 15), 'max_command_length' => env('WEB_TERMINAL_MAX_LENGTH', 500), ``` ### IP Whitelisting [](#ip-whitelisting) ``` 'allowed_ips' => [ '192.168.1.0/24', // Local network '10.0.0.0/8', // Private network '127.0.0.1' // Localhost ], ``` ### Blocked Commands [](#blocked-commands) ``` 'blocked_commands' => [ 'rm', 'rmdir', 'sudo', 'chmod', 'chown', 'useradd', 'userdel', 'systemctl', 'reboot', // ... many more security-focused restrictions ], ``` ### Theme Customization [](#theme-customization) ``` 'view' => [ 'theme' => env('WEB_TERMINAL_THEME', 'dark'), // dark, light 'font_family' => env('WEB_TERMINAL_FONT', 'JetBrains Mono, Monaco, Consolas, monospace'), 'font_size' => env('WEB_TERMINAL_FONT_SIZE', '14px'), ], ``` ๐ŸŒ Usage ------- [](#-usage) ### Accessing the Terminal [](#accessing-the-terminal) Once installed and configured, access your web terminal at: ``` https://yourdomain.com/web-terminal?key=YOUR_GENERATED_KEY ``` The route prefix can be customized in the configuration file. ### Available Commands [](#available-commands) The terminal supports most standard Unix/Linux commands, except those blocked for security: - **Navigation**: `cd`, `pwd`, `ls` - **File Operations**: `cat`, `head`, `tail`, `find` - **System Info**: `whoami`, `hostname`, `uptime`, `ps` - **Text Processing**: `grep`, `sort`, `uniq`, `wc` - **Network**: `ping` (limited), `netstat` ### Built-in Commands [](#built-in-commands) - `clear` - Clear the terminal screen - `help` - Show available commands - `history` - Display command history ### Keyboard Shortcuts [](#keyboard-shortcuts) - **โ†‘/โ†“ Arrow Keys** - Navigate command history - **Tab** - Auto-complete commands (coming soon) - **Ctrl+C** - Interrupt running command - **Enter** - Execute command ๐Ÿ”’ Security Considerations ------------------------- [](#-security-considerations) ### Production Deployment Checklist [](#production-deployment-checklist) - **Use HTTPS** - Always serve over encrypted connections - **Strong Access Key** - Use the generated 64-character key - **IP Restrictions** - Configure IP whitelist if possible - **Regular Key Rotation** - Change access keys periodically - **Monitor Logs** - Check `storage/logs/web-terminal.log` regularly - **Limited User** - Run web server with minimal privileges - **Firewall Rules** - Restrict network access appropriately ### Security Features [](#security-features) 1. **Command Blocking**: 50+ dangerous commands blocked by default 2. **Input Sanitization**: Prevents command injection with pattern matching 3. **Rate Limiting**: Prevents abuse with configurable request limits 4. **Access Control**: Key-based authentication with optional IP whitelisting 5. **Audit Logging**: All commands and security events logged 6. **Timeout Protection**: Commands automatically terminated after timeout ### Recommended Server Configuration [](#recommended-server-configuration) ``` # Nginx configuration example location /web-terminal { # IP whitelist (optional) allow 192.168.1.0/24; allow 10.0.0.0/8; deny all; # Security headers add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; # Pass to PHP try_files $uri $uri/ /index.php?$query_string; } ``` ๐ŸŽจ Customization --------------- [](#-customization) ### Custom Commands [](#custom-commands) Add custom PHP commands to the terminal: ``` // In your service provider use SynceraTech\LaravelWebTerminal\Services\TerminalService; class AppServiceProvider extends ServiceProvider { public function boot() { TerminalService::macro('customCommand', function($args) { return 'Custom command output: ' . implode(' ', $args); }); } } ``` ### Custom Middleware [](#custom-middleware) Add additional security middleware: ``` // config/web-terminal.php 'route' => [ 'middleware' => ['web', 'web-terminal-auth', 'your-custom-middleware'], ], ``` ### Theme Customization [](#theme-customization-1) Override CSS variables in your published views: ``` :root { --background-color: #your-color; --terminal-bg: #your-terminal-bg; --text-color: #your-text-color; /* ... more customizations */ } ``` ๐Ÿ“Š Logging and Monitoring ------------------------ [](#-logging-and-monitoring) ### Log Files [](#log-files) - **Security Events**: `storage/logs/web-terminal.log` - **Laravel Logs**: Standard Laravel logging integration ### Example Log Entries [](#example-log-entries) ``` [2025-10-05 12:00:00] IP: 192.168.1.100 | UA: Mozilla/5.0... | Command executed: ls -la [2025-10-05 12:01:00] IP: 192.168.1.100 | UA: Mozilla/5.0... | Blocked command attempted: sudo su [2025-10-05 12:02:00] IP: 10.0.0.50 | UA: Mozilla/5.0... | Rate limit exceeded ``` ### Monitoring Commands [](#monitoring-commands) ``` # Watch logs in real-time tail -f storage/logs/web-terminal.log # Check for security incidents grep -i "blocked\|dangerous\|denied" storage/logs/web-terminal.log # Monitor command usage grep "Command executed" storage/logs/web-terminal.log | wc -l ``` ๐Ÿงช Testing --------- [](#-testing) Run the package tests: ``` composer test ``` ๐Ÿค Contributing -------------- [](#-contributing) Contributions are welcome! Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details. ### Development Setup [](#development-setup) 1. Fork the repository 2. Clone your fork 3. Install dependencies: `composer install` 4. Run tests: `composer test` 5. Create a feature branch 6. Make your changes 7. Submit a pull request ๐Ÿ“ Changelog ----------- [](#-changelog) See [CHANGELOG.md](CHANGELOG.md) for release notes and version history. ๐Ÿ› Security Issues ----------------- [](#-security-issues) If you discover a security vulnerability, please send an email to instead of using the issue tracker. ๐Ÿ“„ License --------- [](#-license) This package is open-sourced software licensed under the [MIT license](LICENSE). ๐Ÿ™ Credits --------- [](#-credits) - Original concept inspired by terminal.php - Built with โค๏ธ for the Laravel community - Icons and fonts from Google Fonts and various open-source projects ๐Ÿ“ž Support --------- [](#-support) - **Documentation**: [GitHub Wiki](https://github.com/elmgdad/laravel-web-terminal/wiki) - **Issues**: [GitHub Issues](https://github.com/elmgdad/laravel-web-terminal/issues) - **Discussions**: [GitHub Discussions](https://github.com/elmgdad/laravel-web-terminal/discussions) - **Email**: --- **โš ๏ธ Important Security Note**: This package provides shell access through a web interface. Only use in controlled environments with proper security measures. Never deploy without authentication and proper access controls. ### Health Score 16 โ€” LowBetter than 5% of packages Maintenance45 Moderate activity, may be stable Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity13 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/cb521edd75da63eb9673798cc7e616fddf600a841a27e7b3ac00e4e6dc9bc154?d=identicon)[elmgdad](/maintainers/elmgdad) --- Top Contributors [![elmgdad](https://avatars.githubusercontent.com/u/25180497?v=4)](https://github.com/elmgdad "elmgdad (6 commits)") ### Embed Badge ![Health badge](/badges/synceratech-laravel-web-terminal/health.svg) ``` [![Health](https://phpackages.com/badges/synceratech-laravel-web-terminal/health.svg)](https://phpackages.com/packages/synceratech-laravel-web-terminal) ``` PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)