pentest-scanner maintained by laravel-security
What is this?
Laravel Pentest Scanner is a static analysis tool that reads your actual application code and looks for security vulnerabilities
Run it before your security audit. Fix what it finds. Go in confident.
Installation
composer require --dev laravel-security/pentest-scanner
Usage
php artisan pentest:scan
Options
# Scan a specific path
php artisan pentest:scan /path/to/project
# Show only high severity findings
php artisan pentest:scan --severity=high
# Filter by vulnerability category
php artisan pentest:scan --category="SQL Injection"
# Export results
php artisan pentest:scan --output=report.json
php artisan pentest:scan --output=report.txt
What It Covers
| Area | Vulnerabilities |
|---|---|
| Injection | SQL, NoSQL, LDAP, Command, XSS, XXE, Template, Email, CRLF |
| Broken Access Control | IDOR, Broken Authorization, Path Traversal, Open Redirect |
| Cryptographic Failures | Weak hashing, Hardcoded secrets & API keys, Insecure randomness, Timing attacks |
| Security Misconfiguration | CSRF bypass, CORS wildcard, Missing security headers, Insecure session config |
| Authentication | Broken auth patterns, Weak JWT, Weak password policy, Missing rate limiting |
| Software Integrity | Insecure deserialization, Vulnerable components (composer.json audit) |
| Logging & Monitoring | Missing security logging, Sensitive data in responses |
| SSRF | Server-Side Request Forgery via HTTP client |
| API Security | BOLA, Unauthenticated routes, Mass data exposure, Missing throttle |
| Other | Clickjacking, Host Header Injection, Cache Poisoning, Zip Slip, Regex DoS, Business Logic, Webhook bypass |
Severity Levels
| Level | Meaning |
|---|---|
| 🔴 HIGH | Confirmed exploitable vulnerability |
| 🟡 MEDIUM | Likely vulnerability — review recommended |
| 🔵 LOW | Security hardening recommendation |
| 🟢 NEEDS MANUAL CHECK | Cannot be auto-verified — human review required |
License
MIT — Rawan Alsofyani