yunmengya

yunmengya / PHP_AUDIT_SKILLS

Public

PHP静态+动态+AI代码审计skills

11
0
100% credibility
Found Mar 04, 2026 at 11 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A Docker-based security auditing toolkit for PHP projects that performs static analysis, dynamic testing, AI verification, and generates Chinese reports with evidence.

How It Works

1
🔍 Find a PHP website checker

You hear about a helpful tool that scans websites for security weak spots, like a doctor checking for problems.

2
📁 Pick your project folder

Simply point it to the folder with your website's code, no complicated setup needed.

3
🚀 Start the full check

Hit go and watch it automatically explore routes, code paths, and test safely in a protected space.

4
🧪 Run safe tests

It tries real requests in a secure bubble to see if issues can actually happen.

5
🤖 AI double-checks

Smart AI reviews the tricky spots to confirm real risks with extra evidence.

📊 Get easy reports

Receive clear Chinese guides listing problems, proofs, and simple fixes to make your site safe.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 11 to 11 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is PHP_AUDIT_SKILLS?

PHP_AUDIT_SKILLS is a Python toolkit delivering static, dynamic, and AI-driven audits for PHP projects. It scans for common vulns like SQL injection, RCE, SSRF, and XSS, then verifies via Docker-isolated requests with full evidence traces and PoCs. Users get Chinese reports tying static alerts to dynamic proofs and AI confirmations, solving the "static-only noise" problem in PHP security reviews.

Why is it gaining traction?

It binds static findings to runtime evidence via phased Docker testing and AI deep dives, cutting false positives that plague tools like Semgrep alone. The Docker-only mode ensures safe, reproducible dynamic audits without local PHP setup hassles. Output focuses on actionable Chinese summaries with Burp templates, appealing to teams needing pentest-grade PHP skills fast.

Who should use this?

PHP backend devs auditing Laravel or raw PHP apps for production deploys. Security teams handling Chinese reports for compliance audits. Consultants verifying chains like auth bypass to RCE in client codebases.

Verdict

Grab it if you audit PHP regularly—its evidence-focused pipeline shines for dynamic+AI skills. Low 11 stars and 1.0% credibility signal early maturity; run on samples first to gauge fit before prod pipelines.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.