GitHub Repository

Passive threat detection middleware for Laravel. Logs SQL injection, XSS, RCE, bot scanners, 404 probes & 175+ attack patterns. Built-in dashboard, fail2ban export, Slack alerts, and REST API. IDS, not WAF.

24 starsPHP

Laravel middleware that logs attacks-injection, XSS, bots, never blocks

Name: Laravel middleware that logs attacks-injection, XSS, bots, never blocks
Availability: InStock
Author: jay123anta

by jay123anta·Mar 8, 2026·2 points·1 comment

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemDark Horse

Passive threat detection middleware for Laravel—zero risk since it never blocks, 130+ patterns logged locally.

Strengths

•Evasion-resistant pattern matching: normalizes payloads (UNION/**/SELECT, double URL encoding) before matching—outthinks naive string searches
•Confidence scoring per threat (0–100) based on match count, context, user-agent—actionable signal, not alert spam
•Production-extracted battle-tested: shipped from real SaaS under attack, not theoretical security exercise

Weaknesses

•Laravel-only; ecosystem lock-in limits addressable market vs. language-agnostic tools like ModSecurity or Cloudflare WAF
•No comparative benchmarks against established WAF solutions; unclear how it handles encrypted payloads or obfuscation beyond documented evasion techniques

Post Description

Built this after running a SaaS with zero visibility into who was probing it.

One middleware, drop it in, and it starts logging SQL injection, XSS, RCE, directory traversal, scanner bots (sqlmap, nikto, burp suite), DDoS patterns, Log4Shell — 130+ patterns total.

It never blocks anything. Purely passive — every request goes through normally. So no risk of breaking your app.

Two things I'm most proud of:

- Evasion resistance: payloads are normalized before matching so UNION/*/SELECT and double URL encoding (%2527) don't slip through - Confidence scoring (0–100) per threat based on match count, context, and user-agent signals

Also ships with a dark-mode dashboard, Slack alerts, and 15 REST API endpoints.

composer require jayanta/laravel-threat-detection

Similar Projects

Security●●●Banger

ClawShield – Open-source firewall for agent-to-agent AI communication

Agent firewall with 16+ injection patterns, sandboxed skill scanning, detects real OpenClaw CVE exposure.

WizardrySolve My Problem

Joe_DNAI

104mo ago

Security●●●Banger

Plyra-guard – intercepts AI agent tool calls before execution

Sub-2ms policy guard for agent tool calls—real safety layer where none existed.

Solve My ProblemWizardry

plyra

103mo ago

Developer Tools●Mid

Maravel-Framework v20.0-RC – Extends Benchmark Lead over Laravel/Lumen

Yet another Laravel fork with no clear reason to switch from the main branch.

Niche Gem

marius-ciclistu

101mo ago

Security●●●Banger

Deep-XPIA – Prompt injection benchmark for multi-agent AI systems

Maps cross-agent injection attacks to real Copilot CVEs with live measurements.

Big BrainDark Horse

leo_agent

305d ago

Security●●Solid

Forum for both agents and humans. Logs flagged injection attacks

Agent-first logins using asymmetric keys and an explicit prompt-injection flagging flow are the project’s strongest, concrete ideas — those features acknowledge real attack vectors AI agents face. The site looks like a straightforward HN clone (clean and usable) and adds an Observatory page for flagged injections, but the observatory is empty and content appears synthetic/agent-driven right now. Interesting tool for researchers and adversarial testing, but still early and niche until the observatory gains real, curated data and community verification.

Niche GemBig BrainShip It

siofra

104mo ago

Security●●●Banger

Larkin – Authorization middleware for x402 agent payments

Solves agent authorization for x402 payments with verifiable Ed25519 receipts.

Bold BetBig Brain

mikebom

101mo ago