Coral Intrusion Detection and Prevention Platform

Coral Intrusion Detection and Prevention Platform

Cart 7 sales

Take back your peace of mind and take an active step to prevent the loss of resources and web security with Coral! Coral is a unique PHP-powered intrusion detection and prevention system designed to keep your website, web application, or blog safe from the dark exploits of people who are up to no good. It is designed to take some of the most powerful Linux security ideas and put them into a slick and easy to use web interface. Coral is powerful and feature rich and aims to keep your online assets safe.

You must have PHP version 7.2.5 or greater to use this application. I do not offer refunds for this. Please make sure you have the correct version of PHP installed before buying!

Webshell Analysis Screenshots

Download high quality screen shots of Coral in action! The scan results you see in these screens are of a very dangerous set of web shells from a repo maintained on Github for research purposes. These screen shots demonstrate all the things you would not want to find on your own website!

Download Screenshots


Coral is built on top of the light-weight Slim 3 PHP framework!

Easy 2-Step Installation

Installing Coral is just as easy as Wordpress! There are just two steps:

  1. Create your database.
  2. Navigate to the web installer and your done! No more editing configuration files!

Monitor your Site in Chunks

Coral works by creating “monitors” for directories on your web server. You can setup multiple monitors to keep an eye on specific areas of your site, such as a Wordpress blog, a Joomla! install, or you can just watch the entire thing. New in version 1.2.0 is the ability to create monitors using an absolute path on your server. This is useful if you run a bunch of websites using Apache’s virtual host configuration options.

Vigilant and Automated

You can configure Coral to run automatically on GNU/Linux based servers with unique cron api routes or the built in Command Line Interface. Each monitor can be run independently to maximize server performance. Coral was designed to have a small footprint, and has been clocked performing a comprehensive, line by line, scan of Drupal 8, which has over 12K files, at about 5 minutes (0.03s per/file). The benefit of the Command Line Interface is to squash memory and timeout problems for large monitors and get reporting data out of Coral in JSON format to use with other reporting applications or dashboards you might be using.

Easy to Understand Snapshots

Coral uses snapshots to let you know what’s going on with your site. It specializes in identifying unique threats for PHP websites and web applications. You don’t have to be a genius or programmer to understand when you need to take action. Depending on website’s file permissions, Coral can even be configured to handle certain threats automatically!

Keep an eye on all those files

Coral builds a safe duplicate of your files and securely stores them away as a safe-state when performing scans. Coral makes finding files by their extension type a breeze. You can easily find suspicious files without the hassle and can even search by filename to drill down through potentially thousands of files.

Zoom in and check stuff out at the file level

You can “zoom” in and take a look at each and every file that Coral monitors independently and get a specific threat assessment for that file. You can take action, all from within the dashboard, to correct a situation from a secure, safe-copy or repository of your monitor.

Independent options for fine control

Each monitor can be configured to behave differently. You can limit what files get placed in the repository, and configure Coral to try and “auto-magically” handle threats when it performs one of three routine scans.

Don’t Manage your website alone?

You can create multiple user accounts for your business. You can configure Coral to email every registered user after each scan is complete or when an important event is triggered. All Coral user accounts have the same access.

How to install

I have created an easy to follow screencast to help you get up and running! View installation screencast. There is also installation instructions in the ZIP file you get from CodeCanyon.

Video Demonstration

Unfortunately due to the security risks posed by demoing Coral, I offer a video demonstration showing off all of the features of the application to include how to install and set everything up. If you need more information, please contact me directly through the CodeCanyon marketplace.


Version 1.2.0, Build 29 July 2021
# Changes:
- Created new GUI-based config creator
- Refactored all routing into Controller classes
- Removed live scan functionality
- Numerous performance improvements to Scans
- Added JSON export functionality to Command Line Interface
- Added new monitor repository initialization and re-initialization options
Version 1.1.2, Build 10 December 2019
# Changes:
- Added new threat pattern signatures
- Enhanced scan profiling output readability
Version 1.1.1, Build 31 December 2017
# Bug Fixes:
- Fixed issue with new Live Scan Resolution
- Fixed issue with spider and monitor root detection to correctly identified already monitored subfolders
# Changes:
- Added ability to expand details on live scan pages to ease page length and enhance readability
- Added outdated information message to Live Scan review page to prevent changes which are based on old information (specifically, older than the last comprehensive scan)
- Changed actions on Single File view page to not allow updating a repository copy of the file from the live version if the live version and repo version are an exact match
Version 1.1.0, Build 26 December 2017
# Bug Fixes:
- Optimized scan routines by removing code duplication
- Fixed and optimized PHP regular expression definitions
# Changes:
- Added ability to profile security routines by adjusting a constant in the boot file
- Improved memory usage of routines by 30% through the use of generator statements
- Added PHP CLI support to avoid execution timeouts
- Added ability to select monitor using nested subfolder interface
- Added new interface enhancements to resolve changes and handle them without diving into the file menu for each file
- Added enhancement highlighting for all pattern matches by line and content
- Added more details on the single file page by showing the captured security match and added additional details to the notices found in the last scan
- Added new parser pattern definitions to detect common link injection patterns
- Added new email option where the application will email you when rogue files are discovered
- Updated composer / vendor dependencies
Version 1.0.2, Build 23 July 2017
# Bug Fixes:
- Fixed priority bug which allowed Coral to scan itself
- Fixed rogue file red indicator styling for toolbar on monitor options page
# Changes:
- Improved Coral memory consumption during routines by 51% on average
- Slight improvement to routine speed
- Added ability to set when email notifications are sent based on user-defined threat level
- Added improved PHP error logging instructions to boot sequence
- Tweaked notice levels for parser definitions
- Added HTML threat patterns to PHP parser
- Updated vendor dependencies
Version 1.0.1, Build 14 April 2017
# Bug Fixes:
- Fixed issue with RogueFiles not showing correct RWX parameters
- Fixed issue with QuarantineFiles not showing correct RWX parameters
- Fixed issued with undefined/unused offline information
- Fixed issue where adding multiple rogue files to repo caused 500 server error
- Fixed issue with Session passing incorrect value for user account
# Changes:
- Added middleware to redirect pages with a trailing slash to proper route
- Added constants for Coral version and build date in boot file
Version 1.0.0, Build 26 March 2017 – Original Release

Tell us what you think!

We'd like to ask you a few questions to help improve CodeCanyon.

Sure, take me to the survey