iniscan

LSE toolsLSE toolsiniscan (427)iniscan (427)

Tool and Usage

Project details
LicenseMIT
Programming languagePHP
AuthorChris Cornutt
Latest release3.6.5 []

Project health

60
This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Iniscan scans a given php.ini file and tests it against security best practices. It reports back the results by showing a Pass or Fail for each related test. As it is a command-line utility, it can be used in automated testing.

How it works

The tool works by pulling test rules from a JSON file. Each test includes a related setting and test condition. Each test will check for the presence of a setting, if the value equals a best practice, or if it differs. Based on the preferred value, it will show the Pass or Fail status for that test.

Usage and audience

iniscan is commonly used for configuration audit or security assessment. Target users for this tool are developers and security professionals.

Features

  • Command line interface

Example usage and output

Results for /private/etc/php.ini:
============
Status | Severity | PHP Version | Key | Description
----------------------------------------------------------------------
PASS | ERROR | | session.use_cookies | Accepts cookies to manage sessions
PASS | ERROR | 4.3.0 | session.use_only_cookies | Must use cookies to manage sessions, don't accept session-ids in a link

1 passing
2 failure(s)

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:

Strengths

  • + More than 25 contributors
  • + More than 1000 GitHub stars
  • + The source code of this software is available

Author and Maintainers

Iniscan is under development by Chris Cornutt.

Installation

Supported operating systems

Iniscan is known to work on Linux.

iniscan alternatives

Similar tools to iniscan:

85

Parse

Parse is a security scanner to perform static analysis on PHP code potential security-related issues. As it is a static scanner, no code is executed.

64

pcc

PHP Secure Configuration Checker, or pcc, is a security tool to test for potential security flaws in the PHP configuration. It can be used from the command-line or directly on the web server itself.

68

Cloud Security Suite

CS Suite is a security toolkit that allows scanning Amazon, Google, and Azure cloud platforms. Read how it works in this review.

All iniscan alternatives

Found an improvement? Help the community by submitting an update.

Related tool information

Categories

This tool is categorized as a configuration audit tool and PHP security scanner.