laravel-rebel-auth
by padosoft
Meta-package for the padosoft/laravel-rebel-* enterprise authentication control plane: passwordless email-OTP, passkey-first, risk-based step-up with PSD2/SCA, channels, sessions, recovery, anomaly detection and a web admin panel — installs and ties the whole suite together.
laravel-rebel-ai-guard
by padosoft
Anomaly detection + AI security copilot for Laravel Rebel: deterministic rules detect anomaly cases; the optional AI only explains/suggests (sanitized prompts, no PII/OTP, human review). Part of padosoft/laravel-rebel-*.
laravel-rebel-recovery
by padosoft
High-assurance account recovery for Laravel Rebel: single-use HMAC-hashed recovery (backup) codes, generated once at enrolment, with anti-ATO checks. Part of padosoft/laravel-rebel-*.
laravel-rebel-sessions
by padosoft
Device/session registry for Laravel Rebel: session/device tracking, logout-everywhere, refresh-token rotation with reuse detection, and device trust. Part of padosoft/laravel-rebel-*.
laravel-rebel-admin-api
by padosoft
Control-plane JSON API for Laravel Rebel: security metrics, audit-event explorer, OTP/step-up funnels, provider health, with permission-gated and tenant-scoped read models. Part of padosoft/laravel-rebel-*.
laravel-rebel-channels
by padosoft
Channel/provider abstraction (SMS/WhatsApp/voice) for Laravel Rebel: verification routing with fallback, cooldown, multi-dimensional rate limiting, and anti toll-fraud/IRSF defences. Part of padosoft/laravel-rebel-*.
laravel-rebel-admin
by padosoft
Web Admin Panel (Blade + AJAX + vanilla JS) for Laravel Rebel: a security operations dashboard over the Rebel Admin API. Part of padosoft/laravel-rebel-*.
laravel-rebel-core
by padosoft
Core primitives, value objects and contracts for Laravel Rebel: the enterprise authentication control plane (AAL/AMR assurance, security context, audit, Sanctum tokens, rate-limiting). The entry point of the padosoft/laravel-rebel-* ecosystem.
laravel-doctor
Auditor determinista para codebases Laravel: seguridad, performance, Eloquent y arquitectura.
laravel-secure-bridge
by irfanokr
Signed, timestamped, replay-protected and optionally AES-256-GCM-encrypted request/response bridge between a JavaScript front-end (SPA or Blade + AJAX) and a Laravel API. Framework-agnostic JS client. Works on Laravel 5.5 through 12 and PHP 7.1+.
laravel-device-sessions
by kirchdev
Device-bound login sessions for Laravel: per-device remember-me tokens, a "where am I signed in" device list, and revoke/rename — privacy-respecting and Fortify-agnostic.
laravel-package-doctor
by satheez
Audit a Laravel project's Composer dependencies for upgrade safety, security, and Laravel compatibility.
laravel-encrypted-route-params
by imran
Encrypt sensitive Laravel route parameters with Crypt and decrypt them before implicit binding.
laravel-security-scanner
by laramint
Laravel-aware security rules for php-security-scanner. Detects Laravel SQL injection (DB::raw, whereRaw), mass assignment, debug/dd leaks, unsafe validators, CSRF bypass, insecure cookies, env exposure, Blade raw echo, open redirect, Http SSRF, Storage/File path traversal, file-upload validation gaps, Auth/Crypt/Artisan/Process/Config injection, view-name injection, session fixation, and Mail header injection.
antibot-laravel
Sistema de detecção e bloqueio de bots, proxies e VPNs para Laravel
laravel-sdk
by soc-warden
SOCWarden security observability SDK for Laravel — detect brute force, impossible travel, credential spray, and more from one API call.
laravel-superadmin
by codenzia
Protected super admin account for Laravel. Zero-config authorization via Gate::before, defense-in-depth Eloquent observer, optional Filament v4 plugin, vendor-only CLI commands with friction controls. Designed for vendor-deployed applications where customer admins must not accidentally delete the vendor's support account.
laravel-shield
by shieldapp
A Laravel package for website health monitoring, IP threat detection, traffic analysis and auto-banning.
health-laravel
Kanbino Health endpoint for Laravel — emits stack profile + extensible probes for uptime + security advisory matching
laravel-anti-xss
by ricventu
Laravel wrapper for voku/anti-xss — Facade, service, validation rule, middleware and Blade directive to sanitize XSS in strings.
laravel-security
by make-dev
Modern security headers for Laravel — turn-key. Strict CSP with per-request nonces and 'strict-dynamic', Subresource Integrity with smart noise filtering, HSTS, Permissions-Policy. An interactive setup wizard asks which third parties you use (GTM, HubSpot, Stripe, reCAPTCHA, and a dozen more) and wires the right directives automatically. First-party violation reporting endpoints, Filament + Livewire + Vite friendly, Vapor-ready. Laravel 11, 12, 13 on PHP 8.2+.
laravel-privilege-manager
by stt196
A robust, security-hardened, and performance-optimized privilege/permission management system for Laravel applications with menu-based access control.
laravel-csw
by paulohps
A Laravel package to monitor Composer dependencies for security vulnerabilities
laravel-securescan
A powerful security scanner for Laravel applications with CLI and web dashboard support to detect vulnerabilities like SQL Injection, XSS, secrets, and misconfigurations.
laravel-bot-guardian
by febryntara
Lightweight Laravel bot protection middleware that detects and blocks automated attacks based on velocity, honeypots, header anomalies, and behavioral patterns.
laravel-secure-baseline
by ind4skylivey
Laravel Secure Baseline – Automated security checks for your Laravel app.
laravel-fingerprint
by panchodp
Laravel Session theft protection via client fingerprinting — auto-invalidates sessions used from unrecognized devices.
laravel-guarddog
by jaydeep
Laravel GuardDog — Scan your Laravel project for common security vulnerabilities and generate beautiful HTML reports.
laravel-feature-policy
by codebar-ag
Permissions-Policy (Feature-Policy) header builder and middleware for Laravel
laravel-hybrid-encryption
by jjoek
Laravel package for hybrid encryption (RSA-OAEP + AES-256-GCM) for secure API request handling
laravel-guardian
by datalogix
Extensible Laravel authentication package providing actions for login, logout, sign-up, password reset, email verification and related security features.
laravel-ai-aegis
by mrpunyapal
A native, local-first security middleware for the Laravel AI SDK with bidirectional pseudonymization, prompt injection defense, and real-time Pulse telemetry.
laravel-user-is-admin
by lvlup-dev
Laravel package that adds an is_admin column to the users table and provides a middleware to protect admin-only routes.
laravel-cybershield
Enterprise-grade Laravel security package providing WAF firewall protection, rate limiting, bot detection, honeypot traps, IP geo-blocking, CSRF/XSS/SQLi defence, API gateway security, real-time threat monitoring, malware scanning, and a built-in security dashboard — all configurable via a single config file.
laravel-ip-capture
by jeremykenedy
A Laravel package to automatically capture and track IP addresses on Eloquent model actions such as signup, login, update, and deletion.
laravel-security
by salehye
🔥 Advanced Security Package for Laravel 12 - The most comprehensive security solution for Laravel applications
laravel-ai-guard
by jayanta
Protect your Laravel app from AI scrapers, LLM crawlers, and prompt injection attacks
laravel-obfuscator
by smhtet
Reversible identifier obfuscation for Laravel projects (obfuscate locally, deobfuscate on trusted server with same key).
cli
Static analysis CLI and MCP server for Laravel projects — zero dependencies, pure PHP 8.2+
laravel-hack-auditor
by mahdisphp
AI-powered security auditor & CTF generator for Laravel. Watch AI hack your app in 15 seconds.
laravel-threat-detection
by jayanta
Real-time threat detection and security logging for Laravel applications. Detects SQL injection, XSS, DDoS, scanner bots, and more.
laravel-security-headers
Laravel middleware for comprehensive security headers including CSP with nonce support, HSTS, and Permissions-Policy