Looking to hire Laravel developers? Try LaraJobs

laravel-securescan maintained by dhanikkeraliya

Description
A powerful security scanner for Laravel applications with CLI and web dashboard support to detect vulnerabilities like SQL Injection, XSS, secrets, and misconfigurations.
Author
Dhanik Keraliya
Last update
2026/04/19 09:20 (dev-main)
License
MIT
Links
Homepage - GitHub - Packagist
Downloads
1
Tags
php - security - laravel - scanner - xss - vulnerability - sql-injection - code-analysis

dev-main

Last update
2026/04/19 09:20
License
MIT
Require
  • php ^8.1
  • illuminate/console ^9.0|^10.0|^11.0|^12.0
  • illuminate/support ^9.0|^10.0|^11.0|^12.0
v1.0.1

Last update
2026/04/19 07:59
License
MIT
Require
  • php ^8.1
  • illuminate/console ^9.0|^10.0|^11.0|^12.0
  • illuminate/support ^9.0|^10.0|^11.0|^12.0
Comments
comments powered by Disqus

🔐 Laravel SecureScan - Security Scanner for Laravel Applications

Latest Version License PHP Version Laravel

🚀 Overview

Laravel SecureScan is a powerful security analysis tool for Laravel applications.

##🔥 Real-time Laravel security scanner with live dashboard (no queue required)

It scans your codebase to detect:

  • 🔴 Critical vulnerabilities (SQL Injection, XSS, Secrets)
  • 🟡 Security misconfigurations
  • 🟢 Best practice issues

It provides:

  • ⚡ CLI-based scanning
  • 📊 Real-time web dashboard
  • 📁 Detailed findings with fixes

🔥 Features

✅ CLI Scanner

  • Real-time progress bar
  • Colored severity output
  • Detailed issue + fix suggestions

✅ Web Dashboard

  • Live scanning (no queue required)
  • Progress tracking
  • Severity charts (High / Medium / Low)
  • Live logs (terminal-style)
  • Findings table

✅ Security Checks

🔴 High Severity

  • SQL Injection detection
  • XSS vulnerabilities
  • Hardcoded secrets
  • ENV exposure
  • Dangerous PHP functions
  • Sensitive data logging

🟡 Medium Severity

  • Missing authorization
  • Mass assignment issues
  • File upload risks
  • Open redirects
  • Rate limiting issues
  • Unvalidated input

🟢 Low Severity

  • Weak random usage
  • Hardcoded URLs

📦 Installation

composer require dhanikkeraliya/laravel-securescan

⚙️ Configuration

Publish config:

php artisan vendor:publish --tag=securescan-config

🔍 Usage

CLI Scan

php artisan security:scan

Web Dashboard

http://localhost:8000/_securescan

🚫 Ignore Rules (.securescan-ignore)

Laravel SecureScan allows you to ignore specific files, patterns, or rules using a .securescan-ignore file placed in the project root.

This helps reduce noise and avoid false positives in your scans.

📄 Example

Create a file:

.securescan-ignore

Add rules like:

# Ignore specific files
app/Models/Test.php

# Ignore by pattern
*/Seeder.php

# Ignore by rule
SQL Injection
XSS

🔍 Supported Ignore Types

1. Ignore Specific File

app/Models/Test.php

2. Ignore by Pattern

*/Seeder.php

3. Ignore by Rule Type

SQL Injection
XSS

⚙️ Usage

Run scan with ignore rules enabled:

php artisan security:scan --ignore

⚠️ Important Notes

  • Ignore rules are applied after scan results are generated

  • Rule matching is based on:

    • File path
    • Finding type (e.g., SQL Injection)

  • Keep rules minimal to avoid hiding real vulnerabilities

💡 Best Practice

Use ignore rules only when:

  • You have verified a false positive
  • The issue is intentionally handled in your code

Avoid blindly ignoring critical issues.

🖥️ Dashboard Preview

CLI Output

Why SecureScan?

Most Laravel security tools:

  • Only scan dependencies ❌
  • No UI ❌
  • No real-time feedback ❌

SecureScan provides:

  • Code-level scanning ✅
  • Real-time dashboard ✅
  • Developer-friendly output ✅

🤝 Contributing

Contributions are welcome!

Steps:

  1. Fork the repo
  2. Create feature branch
  3. Submit PR

🔐 Security

If you find any vulnerabilities, please check SECURITY.md.

📄 License

MIT License