Configuration audit tools

Tools

iniscan (PHP configuration scanner)

Iniscan is a security tool to parse the configuration of PHP and provide guidance on best practices. It provides a pass/fail type of output.

» Iniscan review and details

Kube-Bench (security benchmark testing for Kubernetes)

Kube-Bench is a security tool to perform a configuration audit of Kubernetes installations. It can be used to find flaws and improve system hardening.

» Kube-Bench review and details

SSHsec (SSH configuration scanner)

SSHsec scans a system running the SSH protocol and retrieves its configuration, host keys, and Diffie-Hellman groups.

» SSHsec review and details

sysechk (system auditing tool)

System Security Checker, or sysechk, is a tool to perform a system audit against a set of best practices. It uses a modular approach to test the system.

» Sysechk review and details

testssl.sh (TLS/SSL configuration scanner)

testssl.sh is a command line tool which checks a system on any port for the support of TLS/SSL ciphers, protocols, as well as some cryptographic flaws.

» Testssl.sh review and details

VHostScan (virtual host scanner)

VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.

» VHostScan review and details