{"id":30738271,"url":"https://github.com/lazyexe/security-analyzer","last_synced_at":"2025-09-08T07:03:01.239Z","repository":{"id":312792052,"uuid":"1048375310","full_name":"lazyexe/security-analyzer","owner":"lazyexe","description":"Laravel Security Analyzer is a package to scan your Laravel project workspace and detect potential security issues.","archived":false,"fork":false,"pushed_at":"2025-09-02T01:50:40.000Z","size":26,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-02T03:37:15.963Z","etag":null,"topics":["laravel","packages","scanner","security"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lazyexe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-01T10:50:38.000Z","updated_at":"2025-09-02T01:50:44.000Z","dependencies_parsed_at":"2025-09-02T03:37:17.308Z","dependency_job_id":"17e4aae6-79b7-4073-8e2e-7edbb3392c5a","html_url":"https://github.com/lazyexe/security-analyzer","commit_stats":null,"previous_names":["lazyexe/security-analyzer"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/lazyexe/security-analyzer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazyexe%2Fsecurity-analyzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazyexe%2Fsecurity-analyzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazyexe%2Fsecurity-analyzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazyexe%2Fsecurity-analyzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lazyexe","download_url":"https://codeload.github.com/lazyexe/security-analyzer/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lazyexe%2Fsecurity-analyzer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273517419,"owners_count":25119767,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-03T02:00:09.631Z","response_time":76,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["laravel","packages","scanner","security"],"created_at":"2025-09-03T22:01:30.349Z","updated_at":"2025-09-03T22:03:05.620Z","avatar_url":"https://github.com/lazyexe.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🔒 Laravel Security Analyzer\n\n**Scan your Laravel project for security vulnerabilities in seconds!**\n\nDetects common security issues including:\n\n* 🗝️ Exposed `.env` files\n* 🐞 Debug mode enabled / Missing APP\\_KEY\n* 📂 Sensitive files exposed\n* 🔐 Unsafe folder permissions\n* 📦 Outdated packages with vulnerabilities\n* 💉 Potential SQL Injection \u0026 XSS\n* 🛡️ Missing CSRF protection\n* 🌐 Force HTTPS not enforced\n* 🚫 Insecure CORS policy\n* 🛠️ Route Middleware missing (admin/dashboard routes)\n* ⏱️ API Rate Limiting missing\n* ⚡ Global Throttle configuration missing\n* 🔑 Weak Password Hash Driver\n* 🏛️ Admin Panel exposure (`/telescope`, `/horizon`, `/administrator`, `/admin`)\n* 📁 Storage symlink invalid or misconfigured\n* 🔍 Directory index exposed\n* 💾 Backup files found in project root or public folder\n\n---\n\n## ⚡ Quick Installation\n\n**Option 1: Auto Installer (Recommended)**\n\n1. Copy the `security-analyzer` folder to your Laravel project root\n2. Run the installer:\n\n```bash\nphp security-analyzer/install.php\n```\n\n**That's it!** The installer will automatically:\n- Create the packages directory\n- Copy files to the right location\n- Update your composer.json\n- Registering SecurityAnalyzer\n- Run composer dump-autoload\n- Publish configuration files\n\n**Option 2: Manual Installation**\n\nIf you prefer manual setup:\n\n1. Create `packages` folder in your Laravel project root\n2. Copy `security-analyzer` folder into `packages/`\n3. Add to your `composer.json`:\n\n```json\n\"autoload\": {\n    \"psr-4\": {\n        \"SecurityAnalyzer\\\\\": \"packages/security-analyzer/src/\"\n    }\n}\n```\n\n4. Run:\n\n```bash\ncomposer dump-autoload\nphp artisan vendor:publish --provider=\"SecurityAnalyzer\\SecurityAnalyzerServiceProvider\" --tag=config\n```\n\n---\n\n## 🚀 Usage\n\n**Basic scan:**\n```bash\nphp artisan security:scan\n```\n\n**Advanced options:**\n```bash\n# Scan specific path\nphp artisan security:scan --path=/path/to/scan\n\n# Generate HTML report\nphp artisan security:scan --output=html\n\n# Generate all report formats\nphp artisan security:scan --output=all\n\n# Skip saving report files\nphp artisan security:scan --no-report\n```\n\n---\n\n## ⚙️ Configuration\n\nEdit `config/security-analyzer.php` to customize:\n\n```php\nreturn [\n    'report_path' =\u003e storage_path('security-report.json'),\n    'report_html' =\u003e storage_path('security-report.html'),\n\n    'checks' =\u003e [\n        'env_file'           =\u003e true,\n        'debug_and_key'      =\u003e true,\n        'sensitive_files'    =\u003e true,\n        'folder_permissions' =\u003e true,\n        'outdated_packages'  =\u003e false, // Disabled by default\n        'php_code_risks'     =\u003e true,\n        'csrf_check'         =\u003e true,\n\t\t'force_https'         =\u003e true,\n\t\t'cors_check'          =\u003e true,\n\t\t'route_middleware'    =\u003e true,\n\t\t'api_rate_limit'      =\u003e true,\n\t\t'global_throttle'     =\u003e true,\n\t\t'password_hash'       =\u003e true,\n\t\t'admin_panel'         =\u003e true,\n\t\t'storage_symlink'     =\u003e true,\n\t\t'directory_index'     =\u003e true,\n\t\t'backup_file'         =\u003e true,\n    ],\n\n    'exclude_dirs' =\u003e [\n        'bootstrap', 'node_modules', 'packages', 'tests', 'vendor',\n    ],\n\n    'exclude_files' =\u003e [\n        '*.log', '*.tmp',\n    ],\n];\n```\n\n---\n\n## 📊 Sample Output\n\n```\n🔒 Laravel Security Analyzer\n================================\n📁 Scanning path: /path/to/your/project\n\n🔍 Running security checks...\n████████████████████████████████████████ 100%\n\n⚠️  Found 3 security issue(s):\n\n🚨 Environment Issues (2 issue(s))\n   • .env file is publicly accessible\n     📄 File: .env\n     💡 Fix: Move .env file outside public directory\n\n   • Debug mode is enabled in production\n     📄 File: .env\n     💡 Fix: Set APP_DEBUG=false in production\n\n🚨 File Permissions (1 issue(s))\n   • Storage directory has unsafe permissions\n     📄 File: storage/\n     💡 Fix: Set permissions to 755\n\n💾 Saving reports...\n📄 Backup JSON report saved: /storage/security-report.json\n```\n\n---\n\n## 🎯 Features\n\n- **🚀 Zero Configuration**: Works out of the box with sensible defaults\n- **📱 Multiple Output Formats**: Console, JSON, and HTML reports\n- **🎨 Beautiful Reports**: Color-coded console output and styled HTML reports\n- **⚡ Fast Scanning**: Optimized for large Laravel projects\n- **🔧 Customizable**: Easily configure which checks to run\n- **📦 Laravel Integration**: Native Artisan command support\n- **🔄 Auto-Discovery**: Automatically registers with Laravel\n\n---\n\n## 🛠️ Requirements\n\n- PHP \u003e= 8.2\n- Laravel \u003e= 12.0\n\n---\n\n## 📝 License\n\nThis package is open-sourced software licensed under the [MIT license](LICENSE).\n\n---\n\n## 🤝 Contributing\n\nContributions are welcome! Please feel free to submit a Pull Request.\n\n---\n\n## 📞 Support\n\nIf you encounter any issues or have questions, please open an issue on the repository.\n\n**Happy securing! 🔒**","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flazyexe%2Fsecurity-analyzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flazyexe%2Fsecurity-analyzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flazyexe%2Fsecurity-analyzer/lists"}