Tool and Usage
Why this tool?
Iniscan scans a given php.ini file and tests it against security best practices. It reports back the results by showing a Pass or Fail for each related test. As it is a command-line utility, it can be used in automated testing.
How it works
The tool works by pulling test rules from a JSON file. Each test includes a related setting and test condition. Each test will check for the presence of a setting, if the value equals a best practice, or if it differs. Based on the preferred value, it will show the Pass or Fail status for that test.
Usage and audience
iniscan is commonly used for configuration audit or security assessment. Target users for this tool are developers and security professionals.
- Command line interface
Example usage and output
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + More than 25 contributors
- + More than 1000 GitHub stars
- + The source code of this software is available
Supported operating systems
Iniscan is known to work on Linux.
Similar tools to iniscan:
Parse is a security scanner to perform static analysis on PHP code potential security-related issues. As it is a static scanner, no code is executed.
PHP Secure Configuration Checker, or pcc, is a security tool to test for potential security flaws in the PHP configuration. It can be used from the command-line or directly on the web server itself.
CS Suite is a security toolkit that allows scanning Amazon, Google, and Azure cloud platforms. Read how it works in this review.
This tool page was updated at . Found an improvement? Help the community by submitting an update.