INISCAN, The PHP ini scanner for best security practices


Since the PHPSecInfo is no longer updated, there is a similar tool which is recent, updated and could provides you with common security best practices for your PHP installations. Written by Chris Cornutt of website, INISCAN is a command line tool designed to scan the given php.ini file for common security practices and report back results.

A Sample scan of your PHP.ini could be done using :

$iniscan scan --path=/path/to/php.ini

Results for /path/to/php.ini:
Status | Severity | PHP Version | Key | Description
PASS | ERROR | | session.use_cookies | Accepts cookies to manage sessions
PASS | ERROR | 4.3.0 | session.use_only_cookies | Must use cookies to manage sessions, don't accept session-ids in a link

1 passing
2 failure(s)

The tool display failures in red and yellow depending on the severity of the issue, and passed tests are displayed in green.

You can install iniscan using Composer :

composer requires psecio/iniscan

Pretty simple to use and could provides you with the basic common security issues that you can fix in your own PHP installations.