Manage VirtualBox with PHP

Jan 4, 2020 by Thibault Debatty | 3297 views


phpVirtualBox is a well known web interface for managing virtual machines. There is however another less known library that allows to manage virtual machines from your own PHP applications : php-vbox-api. The API allows you to do stuff like:

$vbox = new VBox($username, $password);

// a single .ova may contain multiple machines
$vms = $vbox->import("/path/to/image.ova");
$vm = $vms[0];

$vm->setMemorySize(512); // MB

$adapter = $vm->getNetworkAdapter(0);



The library itself is best installed using composer:

composer require cylab/php-vbox-api

VirtualBox Web Service

You will of course have to download and install VirtualBox.

In VirtualBox, each virtual machine is a separate user process. So it is usually best to create a dedicated user for running your VM's :

sudo adduser vbox

Then add this new user to the vbox group so it will be allowed to run virtual machines :

sudo adduser vbox vbox

Finally, you have to activate the VirtualBox Web Service.

Therefore, you have to create the file /etc/default/virtualbox and indicate which user should be used to run your machines:


You can now start the VirtualBox Web Service:

sudo service vboxweb-service restart

By default the web service will be listening on port 18083 :


Connecting to VirtualBox

$vbox = new VBox("vbox", "passord-of-vbox-user");

List all machines

$vms = $vbox->allVMs();
foreach ($vms as $vm) {
  echo $vm->getName() . "
  echo $vm->getUUID() . "

Modify a VM

$vm = $vbox->findVM("name or UUID");

// do a clean shutdown

// do a hard shutdown

// destroy the VM

You can find more examples on

This blog post is licensed under CC BY-SA 4.0

Fully customizable emails using Laravel 9
With the release of Laravel 9, the Swift Mailer (that is no longer maintained) has been replaced by the Symfony Mailer. You can already find some useful information about this change along all the other ones in the Upgrade Guide from Laravel 8.x to 9.0. However this guide does not contain enough information if you want to send fully customized emails. This blog post proposes you a solution coming directly from the Symfony documentation!
SQL injection with SQLMap
Code injection is one of the most critical web application vulnerabilities. Indeed, the consequences of code injection can be dramatic (impact). Moreover, still today a lot of web applications are vulnerable to code injection (frequency). Finally, some tools like SQLMap allow to automatically detect and use these vulnerabilities (exploitation). For this reason, the vulnerability is listed in the top 10 published by the Open Web Application Security Project (OWASP) [1]. In this blog post, we will present one type of code injection, called SQL injection, and we will show how to perform a SQL injection attack with SQLMap.
Filter USB devices with udev (and some PHP code)
USB devices can be a liability : they can be used to exfiltrate data from a computer or server, to plug a hardware keylogger, or to plant a malware. Hence on a managed computer, USB devices should be filtered and whitelisted. In this blog post we show how this can be achieved thanks to udev, and some PHP code.
This website uses cookies. More information about the use of cookies is available in the cookies policy.