Penetration testing commands for Configuration Audit
Configuration auditing is the process of reviewing system and software settings to detect misconfigurations that could lead to security vulnerabilities. This area provides tools for auditing against standards and best practices.
| Name | Description | Price |
|---|---|---|
| CIS CAT Lite | Asses systems against CIS Benchmarks | Free |
| CIS CAT Pro | Asses systems against CIS Benchmarks | Paid |
| Iniscan | php.ini scanner for security best practices | Free |
| Local PHP Security Checker | CLI tool that checks if your PHP application depends on PHP packages with known security vulnerabilities | Free |
| Lynis | Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. | Free |
| Master librarian | Audit Unix/*BSD/Linux system libraries to find public security vulnerabilities | Free |
| Nipper Studio | Tool that parse router, switch, firewall configuration to discover vulnerabilities | Paid |
| Nipper-ng | Tool that parse router, switch, firewall configuration to discover vulnerabilities | Free |
| pcc | PHP Secure Configuration Checker; parse php.ini to find security misconfiguration | Free |
| PingCastle | Assess the Active Directory security level with a methodology based on risk assessment | Paid |
| YASAT | TYet Another Stupid Audit Tool; check general Linux system and common softwares configuration | Free |