A comprehensive Laravel code auditor for detecting security vulnerabilities in Laravel applications.
- SQL Injection Detection: Scans for vulnerable database queries
- XSS Vulnerability Scanner: Detects potential cross-site scripting vulnerabilities
- CSRF Protection Checker: Verifies CSRF token implementation
- Authentication Security: Analyzes authentication and authorization patterns
- Input Validation Scanner: Checks for proper input sanitization
- File Upload Security: Detects unsafe file upload practices
- Configuration Security: Analyzes security-related configuration files
- Dependency Vulnerability Check: Scans composer dependencies for known vulnerabilities
- Route Security Analysis: Checks for exposed sensitive routes
- Environment Variable Security: Validates .env file security
# Clone the repository
git clone <repository-url>
cd sentinal
# Install dependencies
composer install
# Copy configuration
cp .env.example .env# Scan a Laravel project
php bin/auditor scan /path/to/laravel/project
# Scan current directory
php bin/auditor scan .# Generate detailed report
php bin/auditor scan . --report=detailed
# Export to JSON
php bin/auditor scan . --format=json --output=security-report.json
# Scan specific vulnerability types
php bin/auditor scan . --vulnerabilities=sql-injection,xss,csrf
# Exclude directories
php bin/auditor scan . --exclude=vendor,tests,storagescan: Perform security audit on Laravel projectcheck-dependencies: Check for vulnerable dependenciesgenerate-report: Generate security reportlist-vulnerabilities: List all supported vulnerability types
- SQL Injection vulnerabilities
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Authentication bypass
- File upload vulnerabilities
- Input validation issues
- Configuration security problems
- Route exposure risks
- Environment variable leaks
- Code quality issues
- Best practice violations
- Deprecated function usage
Create a .env file with the following options:
# Scan settings
SCAN_DEPTH=3
MAX_FILE_SIZE=1048576
EXCLUDE_PATTERNS=vendor,tests,storage
# Report settings
REPORT_FORMAT=html
REPORT_OUTPUT_DIR=reports/
# Security settings
ENABLE_DEPENDENCY_CHECK=true
ENABLE_CVE_CHECK=true- Console: Real-time output in terminal
- HTML: Detailed HTML report
- JSON: Machine-readable JSON format
- CSV: Comma-separated values for spreadsheet analysis
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
MIT License - see LICENSE file for details.
If you discover any security-related issues, please email [email protected] instead of using the issue tracker.