Pharaoh - PHP Archive Verification Tool

"We care about our community, online and offline"

What is Pharaoh?

Pharaoh is a free software command line utility for comparing two PHP Archives and auditing any differences.

We use Pharaoh internally to verify that a .phar file can be reproduced byte-for-byte from its source code; and if not, analyze the .phar listed on the download page for possible malware.

Can we trust this .phar? Consult Pharaoh.

Why Pharaoh?

Pharaoh solves a different problem than a checksum or cryptographic signature.

Cryptographic signatures tell you that someone who possesses a secret key signed the deliverable. Checksums and cryptographic hashes tell you if they are identical.

Pharaoh explains the differences, rather than simply saying whether or not there is one.

How to Get Pharaoh

Source Information
Git git clone
Tarballs tar -xzvf pharaoh-latest.tar.gz

How to Use Pharaoh

Simply follow this simple three step process:

  1. Download the .phar you wish to audit
  2. Build the same .phar from its source code
  3. Run pharaoh builtFromSource.phar downloaded.phar

More information is available in the documentation.

Need Technology Consultants?

Will tomorrow bring costly and embarrassing data breaches? Or will it bring growth, success, and peace of mind?

Our team of technology consultants have extensive knowledge and experience with application security and web/application development.

We specialize in cryptography and secure PHP development.

Let's Work Together Towards Success

Our Security Newsletters

Want the latest from Paragon Initiative Enterprises delivered straight to your inbox? We have two newsletters to choose from.

The first mails quarterly and often showcases our behind-the-scenes projects.

The other is unscheduled and gives you a direct feed into the findings of our open source security research initiatives.

Quarterly Newsletter   Security Announcements